last executing test programs: 4.506787925s ago: executing program 0 (id=1562): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x20}}, 0x0) 4.3282973s ago: executing program 1 (id=1566): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x8, 0x6, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) 4.254469769s ago: executing program 1 (id=1567): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1feffe}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)=""/131, 0x83}, {&(0x7f0000000340)=""/218, 0xda}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/104, 0x68}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) 4.160343777s ago: executing program 1 (id=1570): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newnexthop={0x1c, 0x68, 0x162ceceb15c17209, 0x3, 0x25dfdbfb, {0x0, 0x0, 0x1}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20008090) r1 = socket$unix(0x1, 0x2, 0x0) sendmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=ANY=[@ANYBLOB="880000000000000006000000ffffffffff4846433e69b26eef04f9b7e3d94be89bb28a1145a6e9f463c160c6753347003862bcc01f630aee90e7954160278d4d6e138f95c0a426b3cc98ebbbe6586429a3048f9b1d1c56d8b612fa05932d16bc7e04d10719f3ebf946f5fd6399bd7ffe1101aab1a50f0bc692a5ef77fd39983c510beb9c439d8a9070000000000000000b01000004000000b5d6580de37aa2f80304bac25710bf891b995bd31ecfebbe2b576e97a4fd1685f4b9bd68becc2255f1e53be44794c5c0f25edd9fbc59a94cbb6b5e7266559bae1873ec493ddf8ef3ff69b04be162b016158ad9ce414c7e46b400000000000000101000000000000002010000feffffff63b71ca7e9a131b7049ab4067710a6110864f81875a85a95ec208f8b912de055933f1bd26e2c2c5db931ce1c100c8fad34b75a62459bcbf1a5d50461103a9734e380d3580cc17a6cbf43567e4aa5c30f2dee16f0047f2654feb31d41a6a273951ba54c58be7196f4e39f16cd61442bbd9f301ca835d42de3a1b577b39c84ad23870b7603f42aa9991f405ac1ec2306812f40ff721146e40e7ce7aacc2a72d2c6f340da45c4193f87ba2da83efc6d9900dcb4293809018ab31898e1d0ca57d7dc722d6f255b766d02b872df20ccb1d123c66221e42e554b4a77702149612daed21de9bba9f1bb9591cd1e7456325217651c40484d3af62ccc92445209eca14265cae7124d98306db302bf16afa5367f48da29105cd383685f827f084434cd935a87571e5814b837aafa524f6a8a7f5e56cd72ea01eda4b6cc5885f00eb79488bde4ca40abc7e09cbd4e6210ca357f776db996664a6d1678480535933e99eda18402128045d09097b3fb4f10d471dd56a63f642240f8e91f956ce3e75c119faede2c8e35155f18ad78cb3c6801c4e12b9617ebccd6c9695ef19a57a217810b861070c02794b4716d715cebfb3a62eb17f87ac0d8c501ab71a3b15d3138da1a8af0d892c6243e9c2fa06f979db2d8e44bc2d6b8236c88f533ec00ca7389d272c1ddea5908115c2c8fe486c87b0de5a5cb3962bd1ca7dc578634ef29772a2c8a60fbdfbf384c52f5b884dc52cd6ea247756034b6a53da507c712b018440a68629e3d14fd7f02410f68aff44840fba2116c50b330a4d9c4732b9dff960068dd77c89c355c66ea6a9eef972e089b06999162ca096310f5595f698771f66ffb323875db24d63e50eb9fce7ce3b93b0a4e3fffaae9fa2bf6ee2a2583d48adaa1025132e9e55a37906c2546d8c73b00f868a04ce39586f17ab12b0a534ed09d783c5b160e17ea43d99843d61d34f0d6ecbd451bb4ff87b02c13dbc66b25792ca1dcd581339ec6189737979f5543c82b927d06d82a21f53bfcf86b80d056e74a39368507d2cd4cbc1797328f522c5b8b60acd8f4f01de9cb1a57403b0bcc3195a680b76bbe793d03e1c11cdf416298687498c68b3daf09f8424ddca8d01dbe2297c67a24e78ea3dc01b412097f848f3911bc3a8665a035e1ad578c5adf201691a12951e38a396fda95945904f9bb74ec32bbf5dde5dc7eaaa0e0976a82dc811287a8dbf62db21bb0a925c7126c4687a61531b1814f05343211d354ff51fbecfd6fd8e29a860107523fae25d420d524f4652161a7005bd05b243422f19f5db74ab78cf15e31add631b85b4de958b65e9ad3f7b4c8d0a57d34b1ef108cdb52c72e6fda5ec91dc77fcc80bcab8ec2bb354e9d7e327bc097c0071080562d0c392a243d322be404b8560a9b14a6e44c0cbee90f1b611c1ebe9a228581f52329aacf720d6c33e965b1457d808bc4b297f6c76cf89198b0e67e5102048c33c0909f93d1428f23b663d0762e36df7c7d1868bb70fa7b113cfaa0b11065f6e8ff0a49f8180b847d1770bea9463edae670e1a89b247647f48a46485516b7ec1b8ef422339f19bd1cf0bda415cafc96991c47d5a9f0b4cf1d3c2be4575955b0edd9c2858b920f77d0ef954c843773213c04f3993be79f8144324db6a6e016b3d9c2d4b6d68cd2dce9fddd5cc2bbc6c324ba20a8f9bee349efbc6794becc8b17c4d45a4f265acc0c6d8feca6e3cd2050bd8c6f948ed27dafd908b217f275baabe22f634c95d650efb11c611acf517335c72ef54839238ddd7f0f798aa9d0bcc71ffa321caa37256b327033080173bbc95713581980bc2f5287e8e8ec6172915b5230d711236848cd13cb4eac96e8399c2c880358ca264e48674dd8590c7227a2604cd3ffb2f5a78082e30a465cc8a897853a2c65d558c5e4796e35598ac39d7f16f23c123d42a42eb3b303834b37d7d3cc5df18c8aa837e04859a0c69c5718d93e693a05f741b62ff305cacec0590d68b96d5d52be9d4f49fd358fca2e328fff7b1b240a2add11f064cf6cbc913b7570b7d27e49a30948c7bacfda5c06639c5d2da796a1ba8166bf3f1d6e834567f25229301be2f63b8b7e8dbc9421d9f5a1744f0e885b92feaa5f49600ab96a3224e08003058741faf8b197b1783176f3859627668cad92f1b07f3bb0bd50bc622b09b078b091b77d2fd9340215b03db263cb5532661f48f0968e1ca5af67b9e22e3dea14eb0c5fc1e77b49d3630fb4a76990c939c22e7d08597a2d6c062e64a787cd86ac5992e8c211089ca1a1a469e1499dbbaee5fcd7e2c4f9cddf1f7ad70a4f6131ade9037f36d43dde993255864fc30a945cfc855dcd375b97ac2a17f5d236945656d1f576f2bdc76beea57bdf254ff568c3b6566bca22cd616ef438116c0c76705cc3c02ea124067bab17c2d3482891ffabf5b1e9bdc664b87773ef2602f9357a747c40926f5083fb6a01c5dd9a18df2becb5a67506b35c6d220818594c16dd7843a8c343327fef919717b09a81e5fef6d48caf51283acaaf750e3aed3cb6aa51470e866b753a9f3ba3447b1c4779efde0bc8d6ec83899c6921a9f87d5d032058c5c7f5f1c5a07097cebda2dd748d116c4e6180e3b0b09997abee326027dc30bfbe81fb520be5d889a6f7b0ff206ea6c8b9c903ca0e2d4379cfaaa31824aba0b113c866b807354ce1b5cb81ec6966a19108bf0c6cc804e7092d46c93dbfecef9398b5c7abab159fa86f05368a1c7596e12a5684ea1d7340ab7535014487bdd53094298cae30ae9b3c96c87efcaeeb2368ac6f0102d3cfd8b97e2f63f9ab1bf4eef0387f59209d0fbd583e0f463edb379eb47a7482489e4488c639c21feb03d14c893f7444c450b192fded364ae84c92f89d4ed2a15423e4befe54a8ec10f19dd1219e5de45cdb91b089d1149d899ae451e8e9c807d13479bda9278ae30e9aa320faedbe1277011659fd4382ee1ed1532fe02159f39b25ead1a18828d402540d1472d5a37adb61484b10dd6426e6be03974b6b14ec028a218846f7b3122a2a1e1f784b8081fae862458e7fe7557cf000d3173311574f9551f1911d84631ba651b67d151fce54434dba6c3cfa70a74fb52855c732cf0426420bae9d69dd11e9fb433bbd3f47fb260fe14d1a9ee38e2579841691016f722a7b7a5c119f894b101dd151b0ee37d711ae71ecd3b5b2bcb5b050eb75964c917c34bce76f33e27dd3328e70aaf0673f0f09322e4219e86ee06b9503dfaa3e6691b11f8635fea3575ebceebc5d7c73c65b9e90d6c027f014a1f149c6d3871aabc094092479f71796be1558ce297b37575530e4be6f0424fbedc590d6a062c4c5d36f3962169ccf04fb4a96d7a3658c738ab782e85223a9ba00f762ce4deab752bc11bd594acaa1dd91104ba6d2d78a26a2c5c5cdc213fb8c1a0829e74f37040b975183ef87fc44599c48c69a0d25d7f8c02c1faf34fbf9f12c139f18fdf8cf7eeedbf9a99e9d224dd80f74aa51193db5dcafe9025e9d894bb8b2b50c3f874d743f9fde8bf033c38f2ed68d4d7d4908a4be0c3146ddfe08efeca226905e1db63cbe1adbb7b511759fac494805b32142623024a3c11df94f5813b45ce4f5940eda7fba7e683086a0a5441100bf8f8edbec02ce48e70431ad8f7ac6695ebd6050439e151cc039b9d20c088fe181452da8b7bb7eec4734c036f2cd5dc9d342abc3d59cddf61e818eef28cd394fcf4ae5271476666c269961841b96f4e7e5aa45baaf5849b5d6903e339b57d119012b324693e36d9b8e6de7533cc1e2f8346fd9a8bfa05f6fec57a621952f3b0217a562af0621f04fc671751b16accc28e8f401c1fce292cea8d708fd4dfe408575bb78d331c739ebd60ec584e1516f5ae0be3d1bc8d665f6e0b670c7b36ad72b018dc08236d7852e5e7246afb39002eec05ed4999ef5b09d4fcb411aaf41a31f3baf2c71fa8a798618b226b8c554d59f0f38822668a53bd2412bfb0b395356f019243c9034e9610799071314c61fc82891c0fe0005687c2a5a868e7dbeac4c18194df53761f10f01f075ec7688bc597b571792be24ec77665c7b173d09255bce73c4a9ebd3dfcf0b383769fdd094633d2f7a884bb9c696eca2243cb9e2d885b045611e0b154de81f75fd8152d48ca098ec8946de0727ed921486847d12511ab022b0a631feef841edff17ca10f5bc011a3796a2883755b526663407a166143a4cc4d80744cb3657a20cb81c3fe45610fd35f73ca9042849236a0afa215f19c152db74864bd8d9c32b9f4b1fce2bc94be7b3892cb19885a74b65bb79f4cfc569dfbe636cc5acb1560d14ac43346c2e0bc1d347eab5fd6832225b5d47490d4c980f029753803178e3e31deb547c4eb09632fa171b1d0d4c8edf8cccaa3439dac16a5dbc9a2bf1199c307588f7e6960d3dc77370431f57bcdc7b701eb8b22d2055f2e7859f4ee498f398456cb6f51be8140c408d2836b8d5e373cbfd80f41e29422ccbe55754d870f7df1d4d2cc34a941e46ea5b161a92a6aa8582ed08d5b646e22de1a31fe9a851435c6d4bc774b701aedf3cd737ccddbe6a39f6de0a46f49ab8f5c88a17f9fe9e181ebc8e75c110b49284e120730cd95693b0b5ffe1c1ad05f623b05a606aefedd13ff1df4ec63f8ead184066007041dfd888a5f15462c1dbfab64dde798ed09d821e62c76ce4c18253e91fca732afec9abe38da481232874856779607b07299c25931ea3ab6c5002faa3e2e443d0f680e6ff4a2a669b29b160af1f024a888550326603e7b7e33458b6d747974689870afe98e49723fbf0d800f8ca4a9febc6f02e57adebab1e0f8711497b19fc2992a1cd0657f6204c3a8ae9b640099076dcc95f73e50d39f2e0a0a26e2cbbf5bddcab169047f51907980c15b3164dc1353b92b5b1e44a4584ab4e0c53a70d856ea11eb70b0dd12c69ca73e8eb19cb8465c9ce71fda096bb139d286da09e5d45a4635d583a62881ca3497bb8e8a6c1d1d7eb6b4de398db2d3a8bb684beb81e4ad2d9b90f199849b073d7da80c812b385ef7893bdc79060125a2ec2f6225cf056a0d485c3e8426a68d2f90bcf28c1271f3e61466bb89b99d465893961bb5eb6098f2f72bf8fae18c4fa762155d62879202cbab9bc763a69f8825465a914283bb3d30e3c9b98117dec87b89e38753ab46ce33aed08134537cb902a0c99e430b4f09d43f91279b4e524a86a978623d0de9a2da28694daf1ac626f0cc0bde3dd6b269db35ba8dc409f3173cda20af02ac6e7e6d778db8c294fdbbf14c5d39923596d18e2081e35d0ad0c72a4f140e3e9465c79f7a4b6fc77b4d63841ee80297832024d4bad424deb318ad93cdf453985f5a21e155b2c75778f4b673757b2a333ccec747e85f0d0d091a0d3817de47661d807e3341d057c655fce777586b9cd9f5a8063add2cda4a5aab706e4d7c8bebc64ea454eeca48066b83b89878b80b0494433e884f50721a88d5b817b7f6d2215bf10f96cf0a2b16eecdf04791339a64c28e971fc934252779edcba5e5f2bf6f2a1ca9470804afe5f8e62be0a0c87584faddf5bbcd6c085c7c65ae414af641344abbc2a29798c312d505174bb654b690824bf90be8985def558378c107d6fdce617f3abfde5c1acc4087265dc7489529771406ef1c601c0235d3bdc8725be9dd3c3452419105fbc117bcb0bf9c64abbfde56fff2bb4bb0ef2980100b33ba4c03318b8df069b11274b25246b79ef4d71e57bb38ec92beb646a8086d3635d1ad8e0f4f218073447e52b16265c218dc18b73e746a901eb28135d938000000000000000d010000d40000008670bf2194d9297170708836b74f5406427821b1c1f53d2e89ffcc5c7e738003e25305091faa270010100000000000000100000001"], 0x2260}}], 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000a80), r6) sendmsg$DEVLINK_CMD_PORT_SET(r6, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x44, r7, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x3}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc850}, 0x440c0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r8}, 0x10) r9 = socket$unix(0x1, 0x1, 0x0) write$tun(r3, &(0x7f00000015c0)={@val={0x0, 0x18}, @void, @x25={0x2, 0x1, 0xfb, "e34f3b75cd21d75f3edb81c7ee06a16a8ea43a54961c1fd7ed4265d14ad8a7af4fca5514c5e2dd853bea1dbd0fe4e1ac03c3b70be772683b92842aa616f5c2b15fa0165cfc729b4304f1f108a2c91450f31dd1aa8904ae36b2c1e99995066636e3b8aa0da74fae3105bc2800500d5a2b6cb42437f9b8cfe4458c08eedb765688745f19185fd44a13e28ea6bd880241ab6b12a740a47269e3da6e42"}}, 0xa2) r10 = socket(0x2, 0x1, 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0x2, @local, 0x10}], 0x1c) bind$unix(r9, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r9, 0x0) r11 = accept(r9, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r4) sendto$inet6(r11, 0x0, 0x0, 0x40895, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000740)="8bf9c333442d145a6a694ddaf5187a9516cf6edf46a03edb22e9", 0x1a}], 0x2) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000f4ffffff00"/27], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000400)=@framed={{0x18, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x88}}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) 3.929574688s ago: executing program 4 (id=1573): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0xb9}, @exit], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) socket(0x5, 0xa, 0x4) socket$netlink(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000200)={r1, r1, 0x2, 0x0, 0x0, 0x42, 0xfa, 0x0, 0x5886, 0x61, 0x3, 0x3, 'syz1\x00'}) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0xfffffffc}, 0x1c) listen(0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) socket$nl_generic(0x10, 0x3, 0x10) 3.255367297s ago: executing program 0 (id=1577): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x8, 0x6, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) 3.100137299s ago: executing program 4 (id=1578): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000280)=0x14) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x76, &(0x7f0000000000), 0x4) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000370400"/20, @ANYRES32=r3, @ANYBLOB="8304050000000000280012800800387c2bef197cac0c028008000600ac1414bb06000e0001abdaf0b400000006000f00"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000480)=0x6, 0x4) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000001c0)=0x14) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x54, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x80}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xe6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfff}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x401}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c010}, 0x40484) 3.099371745s ago: executing program 0 (id=1579): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="05000000000021000000077400060800020000000000080003"], 0x30}, 0x1, 0xffffffff00000003, 0x0, 0x4000001}, 0x0) 2.881769442s ago: executing program 0 (id=1582): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r0) sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x127, 0x234, {}, [@NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x20}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x60}]}, 0x2c}}, 0x24000040) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000000540)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x10, 0x8, 0x62cf, 0x3, {{0x5, 0x4, 0x3, 0x6, 0x14, 0x0, 0x0, 0x5, 0x4, 0x0, @private=0xa010100, @local}}}}) r4 = socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r6, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x8084) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x0, 0x1, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x34, r11, 0x1, 0x0, 0x20002, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8}]}, 0x34}}, 0x4000) sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x54, r11, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0xffffffff}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x800}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x3ff}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x7d0f}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0xb}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x40048080}, 0x40088d5) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="68ffffff00000000df000000000000000000000000ac1414aa000000000100210010000000000000004e2300000000000000000000000000000000000000000001a5bbac2f0e9fbd135c963948eec43cd0b8093255639b33bd7e7a2e8914354eea7524c6191124191df81b351d4be736114dda41b6f7", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000c000800a4fe0800000000000c0015000000000000000000"], 0xae}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071121e000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r13 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)={0x40, r12, 0x8, 0x0, 0x1, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000054}, 0x4040000) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x1fffa2}], 0x1) 2.655771073s ago: executing program 3 (id=1585): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f00000004c0)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xe}, @device_b, @device_a, @initial, {0x3, 0x7}}, 0x0, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004) 2.573932263s ago: executing program 2 (id=1586): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xb, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a000000000000611177000000002895"], &(0x7f0000000000)='GPL\x00'}, 0x94) 2.435844742s ago: executing program 2 (id=1587): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x20}}, 0x0) 1.164671464s ago: executing program 3 (id=1588): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000c00)={@in6={{0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x34}, 0x5}}, 0x0, 0x0, 0x14, 0x0, "2518244b0b132bb1ec0d0c3a28d605c01f9100c9f9b9fc6d1bc6406a8b7db8def46961cb0b39597778d4598af10fa5e662d1da951d46844de156f7d261899444f91bac640083c841b4814e8063c1360e"}, 0xd8) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB], 0x6f4}}, 0x0) 1.150019699s ago: executing program 0 (id=1589): socket$kcm(0x2b, 0x1, 0x0) (async) r0 = socket$kcm(0x2b, 0x1, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180900000023"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x24) close(r0) accept(r0, &(0x7f00000001c0)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0x80) (async) r1 = accept(r0, &(0x7f00000001c0)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0x80) sendmsg$key(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x2, 0x15, 0x7, 0x2, 0xe, 0x0, 0x70bd2b, 0x25dfdbfd, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e20}, @sadb_spirange={0x2, 0x10, 0x4d3, 0x4d3}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@dev={0xfe, 0x80, '\x00', 0x24}, 0x15, 0x10, 0x4}, @sadb_x_nat_t_type={0x1, 0x14, 0x1}, @sadb_x_nat_t_type={0x1, 0x14, 0x6}, @sadb_x_sa2={0x2, 0x13, 0x7, 0x0, 0x0, 0x70bd2a, 0x3504}]}, 0x70}}, 0x4810) 1.100024214s ago: executing program 4 (id=1590): r0 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x200, 0x8, 0x6, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) 1.019519766s ago: executing program 1 (id=1591): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') socket(0x10, 0x803, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) pipe(&(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000f1400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 953.889844ms ago: executing program 2 (id=1592): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0900000000000000000902000000140001800500020001"], 0x28}}, 0x0) 950.212548ms ago: executing program 4 (id=1593): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}, 0x1, 0x3000000}, 0x0) 895.972768ms ago: executing program 0 (id=1594): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000080)={0x0, 0xffff, 0xe2}, 0x8) 885.942387ms ago: executing program 3 (id=1595): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003540)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004) 791.724781ms ago: executing program 1 (id=1596): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={r0, 0x6749, 0x8, 0x8000000000000}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d80)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a300000000020000000030a01010000000000000000010000000900010073797a30000000007c000000060a010400000000000000000100000008000b400000000054000480340001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002205000200070000001c0001800c00010062697477697365000c00028008000240000000120900010073797a3000000000140000001100010000000000000000000700000a2e8479ceb182941e3633a24ffe6600d38378f5187e2741cfd4b406dcd6e155ec452c3b1ebfebd864012450be45a90673ff05ef5292045e20b27662fa56ebb90f6bcaf2035031067024f44a7d68ed2ce174b950d254a002fd71f086d36b549ed3debfd79a2b0ee5b9cb6e0efab227dbfcbc250c66408959cd"], 0xe4}}, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x8, [@struct={0xa, 0x1, 0x0, 0x4, 0x0, 0x2, [{0xc, 0x2, 0x4}]}, @fwd={0x5}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0x7}, {0xb, 0x2}, {0x3}, {0x7, 0x2}, {0xf, 0x2}, {0x4, 0x1}, {0x3, 0x3}]}, @restrict={0x1}]}, {0x0, [0x4f, 0x0, 0x5f, 0x0, 0x5f, 0x61]}}, &(0x7f00000004c0)=""/87, 0x94, 0x57, 0x0, 0x9}, 0x28) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x3, 0x8, 0x2}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r6, &(0x7f0000000700), 0x0}, 0x20) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000a00)='blkio.bfq.time\x00', 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0x1, 0x114}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r8, @ANYBLOB="0000000000000000690300000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a40)={0xffffffffffffffff, 0x0, 0x10}, 0xc) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x1f, 0x6, 0x7, 0x6, 0x28001, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x1}, 0x50) r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x800, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x3}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000cc0)={0x6, 0x1c, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x217}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x6, 0x1, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff}, @generic={0x2, 0x6, 0x2, 0x4, 0x10001}, @call={0x85, 0x0, 0x0, 0x47}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x4, 0xb4, &(0x7f0000000340)=""/180, 0x41100, 0x38, '\x00', 0x0, 0x25, r5, 0x8, &(0x7f0000000980)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x8, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b00)=[r6, r7, r8, r9, 0xffffffffffffffff, r10, r11], 0x0, 0x10, 0x4b7e}, 0x94) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000780)=""/245, 0xf5}, {&(0x7f0000003380)=""/235, 0xeb}, {&(0x7f0000000880)=""/221, 0xdd}, {&(0x7f0000000680)=""/203, 0xcb}, {&(0x7f0000000000)=""/120, 0x78}, {&(0x7f0000002100)=""/4090, 0xffa}, {&(0x7f0000000b40)=""/203, 0xcb}, {&(0x7f0000000540)=""/211, 0xd3}], 0x8}, 0x40012100) 700.837558ms ago: executing program 4 (id=1597): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r1, 0x501, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0xffffffff, 0x3, 0x0, 0x40e}}}}, 0x30}, 0x1, 0xfcffffffffffffff, 0x0, 0x1}, 0x4098) 700.475931ms ago: executing program 3 (id=1598): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17", 0xb6) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x68, 0x10, 0x1, 0x70bd2f, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x8, 0x143, 0x80, 0x88a8}}, {0x14, 0x1, {0x3912, 0xf31, 0x7f, 0x8100}}]}]}]}]}, 0x68}}, 0x24040800) 700.194775ms ago: executing program 2 (id=1599): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f00000004c0)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004) (fail_nth: 8) 527.201166ms ago: executing program 4 (id=1600): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f0000000680)="170000000200010000ffbe8c5ee17688a2006c000301000a000002a2576e5ed9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000fc0607bdca67a622c45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c56835382e9d969ba5149e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded241482cfe17c3778a", 0xb8) syz_emit_ethernet(0x36, &(0x7f0000001600)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @timestamp={0xd, 0x0, 0x0, 0x3, 0x7ff, 0xfffffffa, 0x9, 0x98}}}}}, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0005000000000000000000000000000000000000da552e2bf54c3499eeffdc3bcb9dc59ecf0000000000000000"], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x34, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x10001}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0x34}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, &(0x7f00000000c0)=0x401, 0x4) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r4, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x0, 0x10}, 0xc) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000080)=@newtaction={0x14, 0x30, 0x9}, 0x14}}, 0x80800) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000050001a804c000a801400"], 0x78}}, 0x0) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="18600098962a65ca73f46c1d245d00000000000000009792", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r1]}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r7, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x8, 0x0, 0x0}}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000004c000000090a01010000000000000000070000000900020073797a3100001600090001007379713000000000080005400000001c08000a4000000000080003400000004008000f40000000063c0000000c0a01030000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002140000001000010000000000000000000084000a"], 0xd0}}, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001700)=@newtaction={0x4c, 0x1e, 0x109, 0x0, 0x0, {}, [{0x38, 0x1, [@m_police={0x34, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x6, 0x6, "9aaa"}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}}, 0x0) setsockopt$MRT_ADD_VIF(r9, 0x0, 0xca, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @dev}, 0x10) 526.72624ms ago: executing program 3 (id=1601): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x2, 0x9, 0x0, 0x0, 0x0, 0xfd, 0x5}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000002300)=[@in={0x2, 0x4e22, @remote}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r1}, 0x8) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0xfffffcb7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0x88}}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000100)={r1, 0x4, 0x9}, 0x8) 263.968309ms ago: executing program 1 (id=1602): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000100)={0x0, 0x7530}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001340)={0x1c, 0x3f, 0x9, 0x3, 0xfffffffd, {0x3}, [@generic="8a3c45723c"]}, 0x1c}}, 0x4000010) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'udp\x00'}, @NFTA_MATCH_INFO={0xe, 0x3, "7acc6338a90000b03bd9"}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_FLAGS={0x8}]}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x48, 0x2, 0x8, 0x3, 0x0, 0x0, {0x4, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8848}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8884}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4010}, 0x4008000) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="d52a99295b2f"}, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRESHEX=r7, @ANYRES16=r6, @ANYRES8=r1, @ANYRES32=r7, @ANYBLOB="08002600b409000008002700b0"], 0x3c}}, 0x44000) sendmsg$netlink(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1000000010"], 0x10}], 0x1}, 0x24000000) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000800) 230.106189ms ago: executing program 2 (id=1603): r0 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x200, 0x8, 0x6, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) 156.550671ms ago: executing program 2 (id=1604): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0x6d}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff}, @exit]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34}, 0x90) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1}, {{@in=@empty, 0x1, 0x32}, 0x2, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x0, 0x0, 0x2, 0x0, {0xa, 0xb6a4, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3c2}}}, 0x32) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x23}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 0s ago: executing program 3 (id=1605): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000c00)={@in6={{0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x34}, 0x5}}, 0x0, 0x0, 0x14, 0x0, "2518244b0b132bb1ec0d0c3a28d605c01f9100c9f9b9fc6d1bc6406a8b7db8def46961cb0b39597778d4598af10fa5e662d1da951d46844de156f7d261899444f91bac640083c841b4814e8063c1360e"}, 0xd8) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): as an invalid length. [ 120.903440][ T6604] netlink: 3 bytes leftover after parsing attributes in process `syz.0.200'. [ 121.246206][ T6622] geneve2: entered promiscuous mode [ 121.299945][ T6622] geneve2: entered allmulticast mode [ 121.341388][ T1155] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 121.365379][ T1155] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 121.383770][ T1155] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 121.411231][ T1155] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 121.797773][ T6647] IPv6: Can't replace route, no match found [ 121.811154][ T6647] netlink: 'syz.1.215': attribute type 1 has an invalid length. [ 121.824661][ T6647] netlink: 224 bytes leftover after parsing attributes in process `syz.1.215'. [ 121.860313][ T6639] tipc: Started in network mode [ 121.866031][ T6639] tipc: Node identity 0e3c34a17eb8, cluster identity 4711 [ 121.890018][ T6639] tipc: Enabled bearer , priority 0 [ 121.934386][ T6649] syzkaller0: entered promiscuous mode [ 121.939923][ T6649] syzkaller0: entered allmulticast mode [ 121.986690][ T6639] tipc: Resetting bearer [ 121.996510][ T6655] FAULT_INJECTION: forcing a failure. [ 121.996510][ T6655] name failslab, interval 1, probability 0, space 0, times 0 [ 122.030233][ T6638] tipc: Resetting bearer [ 122.031481][ T6655] CPU: 1 UID: 0 PID: 6655 Comm: syz.3.218 Not tainted syzkaller #0 PREEMPT(full) [ 122.031510][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 122.031525][ T6655] Call Trace: [ 122.031534][ T6655] [ 122.031544][ T6655] dump_stack_lvl+0x189/0x250 [ 122.031577][ T6655] ? __pfx____ratelimit+0x10/0x10 [ 122.031616][ T6655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.031644][ T6655] ? __pfx__printk+0x10/0x10 [ 122.031679][ T6655] ? __pfx___might_resched+0x10/0x10 [ 122.031701][ T6655] ? fs_reclaim_acquire+0x7d/0x100 [ 122.031742][ T6655] should_fail_ex+0x414/0x560 [ 122.031781][ T6655] should_failslab+0xa8/0x100 [ 122.031818][ T6655] __kmalloc_noprof+0xcb/0x4f0 [ 122.031848][ T6655] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 122.031886][ T6655] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 122.031925][ T6655] genl_family_rcv_msg_doit+0xb8/0x300 [ 122.031962][ T6655] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 122.032000][ T6655] ? apparmor_capable+0x137/0x1b0 [ 122.032040][ T6655] ? bpf_lsm_capable+0x9/0x20 [ 122.032070][ T6655] ? security_capable+0x7e/0x2e0 [ 122.032113][ T6655] genl_rcv_msg+0x60e/0x790 [ 122.032149][ T6655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.032173][ T6655] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 122.032198][ T6655] ? __pfx_nl80211_tdls_channel_switch+0x10/0x10 [ 122.032221][ T6655] ? __pfx_nl80211_post_doit+0x10/0x10 [ 122.032251][ T6655] ? __asan_memcpy+0x40/0x70 [ 122.032274][ T6655] ? __pfx_ref_tracker_free+0x10/0x10 [ 122.032316][ T6655] netlink_rcv_skb+0x208/0x470 [ 122.032348][ T6655] ? __lock_acquire+0xab9/0xd20 [ 122.032381][ T6655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.032410][ T6655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 122.032468][ T6655] ? down_read+0x1ad/0x2e0 [ 122.032494][ T6655] genl_rcv+0x28/0x40 [ 122.032519][ T6655] netlink_unicast+0x82f/0x9e0 [ 122.032562][ T6655] ? __pfx_netlink_unicast+0x10/0x10 [ 122.032595][ T6655] ? netlink_sendmsg+0x642/0xb30 [ 122.032613][ T6655] ? skb_put+0x11b/0x210 [ 122.032641][ T6655] netlink_sendmsg+0x805/0xb30 [ 122.032674][ T6655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.032700][ T6655] ? aa_sock_msg_perm+0xf1/0x1d0 [ 122.032723][ T6655] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 122.032748][ T6655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.032770][ T6655] __sock_sendmsg+0x219/0x270 [ 122.032805][ T6655] ____sys_sendmsg+0x505/0x830 [ 122.032839][ T6655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.032876][ T6655] ? import_iovec+0x74/0xa0 [ 122.032907][ T6655] ___sys_sendmsg+0x21f/0x2a0 [ 122.032935][ T6655] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.033007][ T6655] ? __fget_files+0x2a/0x420 [ 122.033045][ T6655] ? __fget_files+0x3a0/0x420 [ 122.033094][ T6655] __x64_sys_sendmsg+0x19b/0x260 [ 122.033123][ T6655] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 122.033161][ T6655] ? __pfx_ksys_write+0x10/0x10 [ 122.033189][ T6655] ? rcu_is_watching+0x15/0xb0 [ 122.033219][ T6655] ? do_syscall_64+0xbe/0x3b0 [ 122.033247][ T6655] do_syscall_64+0xfa/0x3b0 [ 122.033266][ T6655] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.033297][ T6655] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.033319][ T6655] ? clear_bhb_loop+0x60/0xb0 [ 122.033347][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.033368][ T6655] RIP: 0033:0x7f33da98ebe9 [ 122.033390][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.033409][ T6655] RSP: 002b:00007f33db73b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.033431][ T6655] RAX: ffffffffffffffda RBX: 00007f33dabc5fa0 RCX: 00007f33da98ebe9 [ 122.033448][ T6655] RDX: 0000000000000004 RSI: 00002000000007c0 RDI: 0000000000000003 [ 122.033461][ T6655] RBP: 00007f33db73b090 R08: 0000000000000000 R09: 0000000000000000 [ 122.033475][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.033488][ T6655] R13: 00007f33dabc6038 R14: 00007f33dabc5fa0 R15: 00007ffcbfe40038 [ 122.033525][ T6655] [ 122.529882][ T6638] tipc: Disabling bearer [ 122.739253][ T6673] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 122.801278][ T6675] netlink: 'syz.4.222': attribute type 11 has an invalid length. [ 122.861212][ T6675] netlink: 224 bytes leftover after parsing attributes in process `syz.4.222'. [ 122.929119][ T6675] netlink: 'syz.4.222': attribute type 26 has an invalid length. [ 122.937446][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.222'. [ 122.947758][ T6681] netlink: 20 bytes leftover after parsing attributes in process `syz.3.225'. [ 123.058603][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'. [ 123.095797][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'. [ 123.166230][ T6692] netlink: 'syz.2.230': attribute type 8 has an invalid length. [ 123.210905][ T6696] netlink: 'syz.0.232': attribute type 1 has an invalid length. [ 123.229879][ T6696] netlink: 224 bytes leftover after parsing attributes in process `syz.0.232'. [ 123.255856][ T6697] netlink: 'syz.2.230': attribute type 8 has an invalid length. [ 123.369189][ T6704] netlink: 12 bytes leftover after parsing attributes in process `syz.4.236'. [ 123.589026][ T6714] lo: entered promiscuous mode [ 123.613449][ T6714] tunl0: entered promiscuous mode [ 123.649493][ T6714] gre0: entered promiscuous mode [ 123.656292][ T6718] netlink: 24 bytes leftover after parsing attributes in process `syz.2.238'. [ 123.772728][ T6714] gretap0: entered promiscuous mode [ 123.817168][ T6725] netlink: 'syz.4.239': attribute type 46 has an invalid length. [ 123.829846][ T6714] erspan0: entered promiscuous mode [ 123.851202][ T6725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.239'. [ 123.886307][ T6714] ip_vti0: entered promiscuous mode [ 124.719731][ T6751] netlink: 'syz.1.249': attribute type 1 has an invalid length. [ 124.891055][ T6763] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 124.939198][ T6766] FAULT_INJECTION: forcing a failure. [ 124.939198][ T6766] name failslab, interval 1, probability 0, space 0, times 0 [ 124.989895][ T6770] netlink: 'syz.2.257': attribute type 2 has an invalid length. [ 125.001476][ T6766] CPU: 1 UID: 0 PID: 6766 Comm: syz.0.255 Not tainted syzkaller #0 PREEMPT(full) [ 125.001505][ T6766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.001517][ T6766] Call Trace: [ 125.001525][ T6766] [ 125.001534][ T6766] dump_stack_lvl+0x189/0x250 [ 125.001563][ T6766] ? __pfx____ratelimit+0x10/0x10 [ 125.001594][ T6766] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.001621][ T6766] ? __pfx__printk+0x10/0x10 [ 125.001656][ T6766] ? __pfx___might_resched+0x10/0x10 [ 125.001673][ T6766] ? fs_reclaim_acquire+0x7d/0x100 [ 125.001709][ T6766] should_fail_ex+0x414/0x560 [ 125.001749][ T6766] should_failslab+0xa8/0x100 [ 125.001780][ T6766] __kmalloc_cache_noprof+0x70/0x3d0 [ 125.001806][ T6766] ? __rdma_create_id+0x66/0x640 [ 125.001827][ T6766] ? __pfx_rds_rdma_cm_event_handler+0x10/0x10 [ 125.001854][ T6766] __rdma_create_id+0x66/0x640 [ 125.001876][ T6766] ? __pfx_rds_rdma_cm_event_handler+0x10/0x10 [ 125.001898][ T6766] __rdma_create_kernel_id+0x3c/0x80 [ 125.001925][ T6766] rds_ib_laddr_check+0xe5/0x470 [ 125.001951][ T6766] ? rds_trans_get_preferred+0x133/0x3c0 [ 125.001973][ T6766] ? __pfx_rds_ib_laddr_check+0x10/0x10 [ 125.002001][ T6766] ? kfree+0x18e/0x440 [ 125.002030][ T6766] ? down_read+0x1ad/0x2e0 [ 125.002053][ T6766] rds_trans_get_preferred+0x176/0x3c0 [ 125.002081][ T6766] __rds_conn_create+0xa41/0x2060 [ 125.002104][ T6766] ? __rds_conn_create+0x2e3/0x2060 [ 125.002145][ T6766] ? __pfx___rds_conn_create+0x10/0x10 [ 125.002180][ T6766] ? __raw_spin_lock_init+0x45/0x100 [ 125.002217][ T6766] rds_conn_create_outgoing+0x43/0x60 [ 125.002248][ T6766] rds_sendmsg+0x1001/0x1f00 [ 125.002299][ T6766] ? __pfx_rds_sendmsg+0x10/0x10 [ 125.002326][ T6766] ? aa_sk_perm+0x81e/0x950 [ 125.002362][ T6766] ? __pfx_aa_sk_perm+0x10/0x10 [ 125.002390][ T6766] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 125.002419][ T6766] ? aa_sock_msg_perm+0xf1/0x1d0 [ 125.002440][ T6766] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 125.002462][ T6766] ? __pfx_rds_sendmsg+0x10/0x10 [ 125.002493][ T6766] __sock_sendmsg+0x219/0x270 [ 125.002525][ T6766] ____sys_sendmsg+0x505/0x830 [ 125.002554][ T6766] ? __pfx_____sys_sendmsg+0x10/0x10 [ 125.002588][ T6766] ? import_iovec+0x74/0xa0 [ 125.002615][ T6766] ___sys_sendmsg+0x21f/0x2a0 [ 125.002641][ T6766] ? __pfx____sys_sendmsg+0x10/0x10 [ 125.002704][ T6766] ? __fget_files+0x2a/0x420 [ 125.002733][ T6766] ? __fget_files+0x3a0/0x420 [ 125.002784][ T6766] __x64_sys_sendmsg+0x19b/0x260 [ 125.002810][ T6766] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 125.002844][ T6766] ? __pfx_ksys_write+0x10/0x10 [ 125.002868][ T6766] ? rcu_is_watching+0x15/0xb0 [ 125.002895][ T6766] ? do_syscall_64+0xbe/0x3b0 [ 125.002919][ T6766] do_syscall_64+0xfa/0x3b0 [ 125.002935][ T6766] ? lockdep_hardirqs_on+0x9c/0x150 [ 125.002965][ T6766] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.002985][ T6766] ? clear_bhb_loop+0x60/0xb0 [ 125.003010][ T6766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.003030][ T6766] RIP: 0033:0x7f9d1898ebe9 [ 125.003048][ T6766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.003065][ T6766] RSP: 002b:00007f9d198a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.003086][ T6766] RAX: ffffffffffffffda RBX: 00007f9d18bc5fa0 RCX: 00007f9d1898ebe9 [ 125.003101][ T6766] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 125.003113][ T6766] RBP: 00007f9d198a1090 R08: 0000000000000000 R09: 0000000000000000 [ 125.003125][ T6766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 125.003136][ T6766] R13: 00007f9d18bc6038 R14: 00007f9d18bc5fa0 R15: 00007ffef1c46238 [ 125.003170][ T6766] [ 125.533793][ T6778] netlink: 'syz.0.260': attribute type 10 has an invalid length. [ 125.546684][ T6778] team0: Device hsr_slave_0 failed to register rx_handler [ 125.658007][ T6783] netlink: 'syz.2.262': attribute type 64 has an invalid length. [ 126.322797][ T6812] tipc: Enabled bearer , priority 0 [ 126.356004][ T6812] syzkaller0: entered promiscuous mode [ 126.364289][ T6812] syzkaller0: entered allmulticast mode [ 126.662608][ T6820] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 126.877184][ T6847] tipc: Resetting bearer [ 126.893123][ T6852] validate_nla: 3 callbacks suppressed [ 126.893143][ T6852] netlink: 'syz.1.274': attribute type 1 has an invalid length. [ 126.909007][ T6810] tipc: Resetting bearer [ 126.915080][ T6852] __nla_validate_parse: 6 callbacks suppressed [ 126.928805][ T6852] netlink: 224 bytes leftover after parsing attributes in process `syz.1.274'. [ 126.955841][ T6810] tipc: Disabling bearer [ 126.975990][ T6854] netlink: 'syz.3.275': attribute type 1 has an invalid length. [ 126.993153][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.3.275'. [ 127.156892][ T6860] netlink: 12 bytes leftover after parsing attributes in process `syz.2.277'. [ 127.856277][ T6885] tipc: Enabled bearer , priority 0 [ 127.870765][ T6885] syzkaller0: entered promiscuous mode [ 127.885646][ T6885] syzkaller0: entered allmulticast mode [ 127.939994][ T6885] tipc: Resetting bearer [ 127.974078][ T6884] tipc: Resetting bearer [ 128.035293][ T6884] tipc: Disabling bearer [ 128.073745][ T6893] netlink: 20 bytes leftover after parsing attributes in process `syz.4.292'. [ 128.101104][ T6893] netlink: 20 bytes leftover after parsing attributes in process `syz.4.292'. [ 128.145212][ T6897] delete_channel: no stack [ 128.283374][ T6902] tipc: Enabled bearer , priority 0 [ 128.307161][ T6903] syzkaller0: entered promiscuous mode [ 128.335132][ T6903] syzkaller0: entered allmulticast mode [ 128.348732][ T6907] netlink: 'syz.0.296': attribute type 1 has an invalid length. [ 128.375355][ T6907] netlink: 224 bytes leftover after parsing attributes in process `syz.0.296'. [ 128.392059][ T6901] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 128.608667][ T6901] tipc: Resetting bearer [ 128.662916][ T6920] FAULT_INJECTION: forcing a failure. [ 128.662916][ T6920] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 128.698706][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: syz.0.301 Not tainted syzkaller #0 PREEMPT(full) [ 128.698733][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 128.698745][ T6920] Call Trace: [ 128.698752][ T6920] [ 128.698761][ T6920] dump_stack_lvl+0x189/0x250 [ 128.698792][ T6920] ? __pfx____ratelimit+0x10/0x10 [ 128.698821][ T6920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.698846][ T6920] ? __pfx__printk+0x10/0x10 [ 128.698877][ T6920] ? fs_reclaim_acquire+0x7d/0x100 [ 128.698921][ T6920] should_fail_ex+0x414/0x560 [ 128.698954][ T6920] prepare_alloc_pages+0x213/0x610 [ 128.698983][ T6920] __alloc_frozen_pages_noprof+0x123/0x370 [ 128.699009][ T6920] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 128.699041][ T6920] ? policy_nodemask+0x27c/0x720 [ 128.699076][ T6920] alloc_pages_mpol+0x232/0x4a0 [ 128.699110][ T6920] vma_alloc_folio_noprof+0xe4/0x200 [ 128.699142][ T6920] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 128.699184][ T6920] folio_prealloc+0x30/0x180 [ 128.699216][ T6920] do_wp_page+0x1231/0x5800 [ 128.699265][ T6920] ? __pfx_do_wp_page+0x10/0x10 [ 128.699287][ T6920] ? do_raw_spin_lock+0x121/0x290 [ 128.699314][ T6920] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.699351][ T6920] __handle_mm_fault+0x1033/0x5440 [ 128.699405][ T6920] ? __pfx___handle_mm_fault+0x10/0x10 [ 128.699445][ T6920] ? follow_page_pte+0xd03/0x13e0 [ 128.699481][ T6920] handle_mm_fault+0x40a/0x8e0 [ 128.699518][ T6920] __get_user_pages+0x1699/0x2ce0 [ 128.699583][ T6920] __gup_longterm_locked+0x3dc/0x1660 [ 128.699628][ T6920] ? gup_fast_fallback+0x195f/0x2010 [ 128.699658][ T6920] gup_fast_fallback+0x1e6a/0x2010 [ 128.699719][ T6920] ? __pfx_gup_fast_fallback+0x10/0x10 [ 128.699752][ T6920] ? __kasan_kmalloc+0x93/0xb0 [ 128.699778][ T6920] ? is_valid_gup_args+0x11f/0x200 [ 128.699805][ T6920] ? pin_user_pages_fast+0x4d/0xb0 [ 128.699833][ T6920] rds_cmsg_rdma_args+0x8f4/0x1240 [ 128.699892][ T6920] rds_cmsg_send+0x33d/0x5c0 [ 128.699940][ T6920] rds_sendmsg+0x1129/0x1f00 [ 128.699989][ T6920] ? __pfx_rds_sendmsg+0x10/0x10 [ 128.700017][ T6920] ? aa_sk_perm+0x81e/0x950 [ 128.700052][ T6920] ? __pfx_aa_sk_perm+0x10/0x10 [ 128.700079][ T6920] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 128.700109][ T6920] ? aa_sock_msg_perm+0xf1/0x1d0 [ 128.700130][ T6920] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 128.700153][ T6920] ? __pfx_rds_sendmsg+0x10/0x10 [ 128.700184][ T6920] __sock_sendmsg+0x219/0x270 [ 128.700215][ T6920] ____sys_sendmsg+0x505/0x830 [ 128.700244][ T6920] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.700278][ T6920] ? import_iovec+0x74/0xa0 [ 128.700305][ T6920] ___sys_sendmsg+0x21f/0x2a0 [ 128.700330][ T6920] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.700404][ T6920] ? __fget_files+0x2a/0x420 [ 128.700434][ T6920] ? __fget_files+0x3a0/0x420 [ 128.700476][ T6920] __x64_sys_sendmsg+0x19b/0x260 [ 128.700502][ T6920] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 128.700536][ T6920] ? __pfx_ksys_write+0x10/0x10 [ 128.700560][ T6920] ? rcu_is_watching+0x15/0xb0 [ 128.700587][ T6920] ? do_syscall_64+0xbe/0x3b0 [ 128.700610][ T6920] do_syscall_64+0xfa/0x3b0 [ 128.700626][ T6920] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.700656][ T6920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.700676][ T6920] ? clear_bhb_loop+0x60/0xb0 [ 128.700701][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.700721][ T6920] RIP: 0033:0x7f9d1898ebe9 [ 128.700740][ T6920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.700756][ T6920] RSP: 002b:00007f9d198a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.700777][ T6920] RAX: ffffffffffffffda RBX: 00007f9d18bc5fa0 RCX: 00007f9d1898ebe9 [ 128.700791][ T6920] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 128.700803][ T6920] RBP: 00007f9d198a1090 R08: 0000000000000000 R09: 0000000000000000 [ 128.700814][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 128.700826][ T6920] R13: 00007f9d18bc6038 R14: 00007f9d18bc5fa0 R15: 00007ffef1c46238 [ 128.700858][ T6920] [ 129.129328][ T6901] tipc: Disabling bearer [ 129.236061][ T6922] netlink: 'syz.4.302': attribute type 12 has an invalid length. [ 129.287666][ T6922] netlink: 'syz.4.302': attribute type 29 has an invalid length. [ 129.323201][ T6922] netlink: 148 bytes leftover after parsing attributes in process `syz.4.302'. [ 129.383493][ T6922] netlink: 59 bytes leftover after parsing attributes in process `syz.4.302'. [ 129.801484][ T6949] netlink: 28 bytes leftover after parsing attributes in process `syz.3.312'. [ 130.370562][ T6969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.319'. [ 130.424272][ T6969] netlink: 'syz.0.319': attribute type 8 has an invalid length. [ 130.787374][ T6991] FAULT_INJECTION: forcing a failure. [ 130.787374][ T6991] name failslab, interval 1, probability 0, space 0, times 0 [ 130.810840][ T6992] openvswitch: netlink: Missing key (keys=40, expected=100) [ 130.821519][ T6991] CPU: 1 UID: 0 PID: 6991 Comm: syz.0.328 Not tainted syzkaller #0 PREEMPT(full) [ 130.821546][ T6991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 130.821558][ T6991] Call Trace: [ 130.821566][ T6991] [ 130.821576][ T6991] dump_stack_lvl+0x189/0x250 [ 130.821609][ T6991] ? __pfx____ratelimit+0x10/0x10 [ 130.821639][ T6991] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.821663][ T6991] ? __pfx__printk+0x10/0x10 [ 130.821693][ T6991] ? __lock_acquire+0xab9/0xd20 [ 130.821733][ T6991] should_fail_ex+0x414/0x560 [ 130.821766][ T6991] should_failslab+0xa8/0x100 [ 130.821796][ T6991] kmem_cache_alloc_noprof+0x73/0x3c0 [ 130.821822][ T6991] ? skb_clone+0x212/0x3a0 [ 130.821850][ T6991] skb_clone+0x212/0x3a0 [ 130.821877][ T6991] __netlink_deliver_tap+0x404/0x850 [ 130.821923][ T6991] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.821955][ T6991] netlink_deliver_tap+0x19c/0x1b0 [ 130.821987][ T6991] netlink_unicast+0x7fa/0x9e0 [ 130.822024][ T6991] ? __pfx_netlink_unicast+0x10/0x10 [ 130.822055][ T6991] ? netlink_sendmsg+0x642/0xb30 [ 130.822070][ T6991] ? skb_put+0x11b/0x210 [ 130.822094][ T6991] netlink_sendmsg+0x805/0xb30 [ 130.822124][ T6991] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.822158][ T6991] ? aa_sock_msg_perm+0xf1/0x1d0 [ 130.822180][ T6991] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 130.822201][ T6991] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.822221][ T6991] __sock_sendmsg+0x219/0x270 [ 130.822252][ T6991] ____sys_sendmsg+0x52d/0x830 [ 130.822281][ T6991] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.822314][ T6991] ? import_iovec+0x74/0xa0 [ 130.822342][ T6991] ___sys_sendmsg+0x21f/0x2a0 [ 130.822367][ T6991] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.822431][ T6991] ? __fget_files+0x2a/0x420 [ 130.822460][ T6991] ? __fget_files+0x3a0/0x420 [ 130.822502][ T6991] __sys_sendmmsg+0x227/0x430 [ 130.822531][ T6991] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.822549][ T6991] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 130.822611][ T6991] ? ksys_write+0x22a/0x250 [ 130.822642][ T6991] ? __pfx_ksys_write+0x10/0x10 [ 130.822666][ T6991] ? rcu_is_watching+0x15/0xb0 [ 130.822694][ T6991] __x64_sys_sendmmsg+0xa0/0xc0 [ 130.822719][ T6991] do_syscall_64+0xfa/0x3b0 [ 130.822736][ T6991] ? lockdep_hardirqs_on+0x9c/0x150 [ 130.822763][ T6991] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.822783][ T6991] ? clear_bhb_loop+0x60/0xb0 [ 130.822809][ T6991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.822828][ T6991] RIP: 0033:0x7f9d1898ebe9 [ 130.822846][ T6991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.822862][ T6991] RSP: 002b:00007f9d198a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 130.822882][ T6991] RAX: ffffffffffffffda RBX: 00007f9d18bc5fa0 RCX: 00007f9d1898ebe9 [ 130.822896][ T6991] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 130.822909][ T6991] RBP: 00007f9d198a1090 R08: 0000000000000000 R09: 0000000000000000 [ 130.822920][ T6991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.822931][ T6991] R13: 00007f9d18bc6038 R14: 00007f9d18bc5fa0 R15: 00007ffef1c46238 [ 130.822964][ T6991] [ 131.168856][ T6993] netlink: 'syz.2.327': attribute type 3 has an invalid length. [ 131.917561][ T7017] netlink: 'syz.3.336': attribute type 1 has an invalid length. [ 131.964978][ T7017] __nla_validate_parse: 7 callbacks suppressed [ 131.964999][ T7017] netlink: 224 bytes leftover after parsing attributes in process `syz.3.336'. [ 132.107592][ T7019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.338'. [ 132.425484][ T7034] tipc: Enabled bearer , priority 0 [ 132.546253][ T7038] 0ªî{X¹¦: left allmulticast mode [ 132.694857][ T7054] netlink: 300 bytes leftover after parsing attributes in process `syz.4.347'. [ 132.746864][ T7038] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.754828][ T7038] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.770258][ T7058] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'. [ 132.885630][ T7065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'. [ 132.978867][ T7038] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 133.004894][ T7039] syzkaller0: entered promiscuous mode [ 133.010618][ T7039] syzkaller0: entered allmulticast mode [ 133.123675][ T7039] tipc: Resetting bearer [ 133.176598][ T7039] tipc: Disabling bearer [ 133.207173][ T7074] netlink: 44 bytes leftover after parsing attributes in process `syz.1.351'. [ 133.228248][ T7074] netlink: 43 bytes leftover after parsing attributes in process `syz.1.351'. [ 133.264572][ T7074] netlink: 'syz.1.351': attribute type 5 has an invalid length. [ 133.304892][ T7079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.351'. [ 133.321707][ T7074] netlink: 43 bytes leftover after parsing attributes in process `syz.1.351'. [ 133.739577][ T7102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.357'. [ 133.904418][ T7107] tipc: Enabled bearer , priority 10 [ 133.921951][ T7109] netlink: 'syz.0.359': attribute type 32 has an invalid length. [ 133.936736][ T7110] tipc: Enabling of bearer rejected, failed to enable media [ 133.956267][ T7109] (unnamed net_device) (uninitialized): option coupled_control: invalid value (29) [ 133.974342][ T7107] tipc: Enabling of bearer rejected, failed to enable media [ 134.009031][ T7114] tipc: Enabled bearer , priority 0 [ 134.018190][ T7114] syzkaller0: entered promiscuous mode [ 134.027326][ T7114] syzkaller0: entered allmulticast mode [ 134.095309][ T7113] tipc: Resetting bearer [ 134.157789][ T7113] tipc: Disabling bearer [ 134.363970][ T7124] openvswitch: netlink: Flow key attr not present in new flow. [ 134.742325][ T7139] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 135.031956][ T7052] tipc: Node number set to 1887712417 [ 135.078827][ T7153] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 135.226851][ T7158] netlink: 'syz.2.378': attribute type 1 has an invalid length. [ 136.258324][ T7206] tipc: Enabled bearer , priority 0 [ 136.269983][ T7206] syzkaller0: entered promiscuous mode [ 136.276719][ T7206] syzkaller0: entered allmulticast mode [ 136.291065][ T7206] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 136.329078][ T7206] tipc: Resetting bearer [ 136.371859][ T7203] tipc: Resetting bearer [ 136.445441][ T7203] tipc: Disabling bearer [ 136.716675][ T7227] netlink: 'syz.1.404': attribute type 1 has an invalid length. [ 137.413820][ T7259] __nla_validate_parse: 17 callbacks suppressed [ 137.413841][ T7259] netlink: 80 bytes leftover after parsing attributes in process `syz.0.416'. [ 137.873362][ T7277] tipc: Enabled bearer , priority 0 [ 137.915459][ T7277] syzkaller0: entered promiscuous mode [ 137.921087][ T7277] syzkaller0: entered allmulticast mode [ 138.051144][ T7288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.426'. [ 138.073492][ T7277] geneve0: mtu greater than device maximum [ 138.099327][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.100906][ T7290] netlink: 'syz.4.427': attribute type 1 has an invalid length. [ 138.123284][ T7276] tipc: Resetting bearer [ 138.156379][ T7290] netlink: 224 bytes leftover after parsing attributes in process `syz.4.427'. [ 138.170011][ T7276] tipc: Disabling bearer [ 138.506998][ T7304] netlink: 172 bytes leftover after parsing attributes in process `syz.0.433'. [ 138.534076][ T7306] netlink: 28 bytes leftover after parsing attributes in process `syz.4.434'. [ 138.592124][ T7306] netlink: 28 bytes leftover after parsing attributes in process `syz.4.434'. [ 138.731837][ T7313] netlink: 'syz.0.436': attribute type 1 has an invalid length. [ 138.739620][ T7313] netlink: 224 bytes leftover after parsing attributes in process `syz.0.436'. [ 138.879079][ T7315] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 139.085662][ T7328] netlink: 28 bytes leftover after parsing attributes in process `syz.4.442'. [ 139.123018][ T7328] FAULT_INJECTION: forcing a failure. [ 139.123018][ T7328] name failslab, interval 1, probability 0, space 0, times 0 [ 139.174851][ T7334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.444'. [ 139.181057][ T7328] CPU: 0 UID: 0 PID: 7328 Comm: syz.4.442 Not tainted syzkaller #0 PREEMPT(full) [ 139.181091][ T7328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 139.181106][ T7328] Call Trace: [ 139.181115][ T7328] [ 139.181126][ T7328] dump_stack_lvl+0x189/0x250 [ 139.181161][ T7328] ? __pfx____ratelimit+0x10/0x10 [ 139.181196][ T7328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.181232][ T7328] ? __pfx__printk+0x10/0x10 [ 139.181266][ T7328] ? __lock_acquire+0xab9/0xd20 [ 139.181311][ T7328] should_fail_ex+0x414/0x560 [ 139.181349][ T7328] should_failslab+0xa8/0x100 [ 139.181383][ T7328] kmem_cache_alloc_noprof+0x73/0x3c0 [ 139.181415][ T7328] ? skb_clone+0x212/0x3a0 [ 139.181446][ T7328] skb_clone+0x212/0x3a0 [ 139.181477][ T7328] __netlink_deliver_tap+0x404/0x850 [ 139.181529][ T7328] ? netlink_deliver_tap+0x2e/0x1b0 [ 139.181565][ T7328] netlink_deliver_tap+0x19c/0x1b0 [ 139.181606][ T7328] netlink_unicast+0x7fa/0x9e0 [ 139.181649][ T7328] ? __pfx_netlink_unicast+0x10/0x10 [ 139.181683][ T7328] ? netlink_sendmsg+0x642/0xb30 [ 139.181702][ T7328] ? skb_put+0x11b/0x210 [ 139.181727][ T7328] netlink_sendmsg+0x805/0xb30 [ 139.181761][ T7328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.181787][ T7328] ? aa_sock_msg_perm+0xf1/0x1d0 [ 139.181812][ T7328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 139.181836][ T7328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.181859][ T7328] __sock_sendmsg+0x219/0x270 [ 139.181893][ T7328] ____sys_sendmsg+0x52d/0x830 [ 139.181926][ T7328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 139.181962][ T7328] ? import_iovec+0x74/0xa0 [ 139.181997][ T7328] ___sys_sendmsg+0x21f/0x2a0 [ 139.182025][ T7328] ? __pfx____sys_sendmsg+0x10/0x10 [ 139.182108][ T7328] ? __might_fault+0xb0/0x130 [ 139.182145][ T7328] __sys_sendmmsg+0x227/0x430 [ 139.182178][ T7328] ? __pfx___sys_sendmmsg+0x10/0x10 [ 139.182199][ T7328] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 139.182276][ T7328] ? ksys_write+0x22a/0x250 [ 139.182310][ T7328] ? __pfx_ksys_write+0x10/0x10 [ 139.182337][ T7328] ? rcu_is_watching+0x15/0xb0 [ 139.182367][ T7328] __x64_sys_sendmmsg+0xa0/0xc0 [ 139.182395][ T7328] do_syscall_64+0xfa/0x3b0 [ 139.182414][ T7328] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.182445][ T7328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.182467][ T7328] ? clear_bhb_loop+0x60/0xb0 [ 139.182495][ T7328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.182518][ T7328] RIP: 0033:0x7fe4c3f8ebe9 [ 139.182538][ T7328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.182556][ T7328] RSP: 002b:00007fe4c4e21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 139.182581][ T7328] RAX: ffffffffffffffda RBX: 00007fe4c41c5fa0 RCX: 00007fe4c3f8ebe9 [ 139.182596][ T7328] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 139.182612][ T7328] RBP: 00007fe4c4e21090 R08: 0000000000000000 R09: 0000000000000000 [ 139.182624][ T7328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 139.182638][ T7328] R13: 00007fe4c41c6038 R14: 00007fe4c41c5fa0 R15: 00007fff5a1761d8 [ 139.182675][ T7328] [ 139.204346][ T7328] netlink: 28 bytes leftover after parsing attributes in process `syz.4.442'. [ 140.067483][ T7344] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 140.152449][ T7355] tipc: Enabled bearer , priority 0 [ 140.165616][ T7365] netlink: 'syz.2.449': attribute type 1 has an invalid length. [ 140.196129][ T7357] syzkaller0: entered promiscuous mode [ 140.216752][ T7357] syzkaller0: entered allmulticast mode [ 140.303748][ T7350] tipc: Resetting bearer [ 140.330056][ T7347] tipc: Resetting bearer [ 140.412779][ T7347] tipc: Disabling bearer [ 140.575662][ T7383] trusted_key: syz.1.459 sent an empty control message without MSG_MORE. [ 141.421535][ T7422] FAULT_INJECTION: forcing a failure. [ 141.421535][ T7422] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.440942][ T7422] CPU: 1 UID: 0 PID: 7422 Comm: syz.0.476 Not tainted syzkaller #0 PREEMPT(full) [ 141.440972][ T7422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 141.440984][ T7422] Call Trace: [ 141.441000][ T7422] [ 141.441009][ T7422] dump_stack_lvl+0x189/0x250 [ 141.441038][ T7422] ? __pfx____ratelimit+0x10/0x10 [ 141.441069][ T7422] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.441093][ T7422] ? __pfx__printk+0x10/0x10 [ 141.441123][ T7422] ? fs_reclaim_acquire+0x7d/0x100 [ 141.441164][ T7422] should_fail_ex+0x414/0x560 [ 141.441197][ T7422] prepare_alloc_pages+0x213/0x610 [ 141.441226][ T7422] __alloc_frozen_pages_noprof+0x123/0x370 [ 141.441250][ T7422] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.441281][ T7422] ? policy_nodemask+0x27c/0x720 [ 141.441315][ T7422] alloc_pages_mpol+0x232/0x4a0 [ 141.441351][ T7422] vma_alloc_folio_noprof+0xe4/0x200 [ 141.441384][ T7422] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 141.441427][ T7422] folio_prealloc+0x30/0x180 [ 141.441458][ T7422] do_wp_page+0x1231/0x5800 [ 141.441507][ T7422] ? __pfx_do_wp_page+0x10/0x10 [ 141.441528][ T7422] ? do_raw_spin_lock+0x121/0x290 [ 141.441556][ T7422] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 141.441596][ T7422] __handle_mm_fault+0x1033/0x5440 [ 141.441641][ T7422] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.441683][ T7422] ? follow_page_pte+0xd03/0x13e0 [ 141.441721][ T7422] handle_mm_fault+0x40a/0x8e0 [ 141.441759][ T7422] __get_user_pages+0x1699/0x2ce0 [ 141.441822][ T7422] __gup_longterm_locked+0x3dc/0x1660 [ 141.441866][ T7422] ? gup_fast_fallback+0x195f/0x2010 [ 141.441895][ T7422] gup_fast_fallback+0x1e6a/0x2010 [ 141.441957][ T7422] ? __pfx_gup_fast_fallback+0x10/0x10 [ 141.441998][ T7422] ? __kasan_kmalloc+0x93/0xb0 [ 141.442024][ T7422] ? is_valid_gup_args+0x11f/0x200 [ 141.442052][ T7422] ? pin_user_pages_fast+0x4d/0xb0 [ 141.442079][ T7422] rds_cmsg_rdma_args+0x8f4/0x1240 [ 141.442140][ T7422] rds_cmsg_send+0x33d/0x5c0 [ 141.442185][ T7422] rds_sendmsg+0x1129/0x1f00 [ 141.442233][ T7422] ? __pfx_rds_sendmsg+0x10/0x10 [ 141.442261][ T7422] ? aa_sk_perm+0x81e/0x950 [ 141.442298][ T7422] ? __pfx_aa_sk_perm+0x10/0x10 [ 141.442325][ T7422] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 141.442354][ T7422] ? aa_sock_msg_perm+0xf1/0x1d0 [ 141.442375][ T7422] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 141.442398][ T7422] ? __pfx_rds_sendmsg+0x10/0x10 [ 141.442429][ T7422] __sock_sendmsg+0x219/0x270 [ 141.442461][ T7422] ____sys_sendmsg+0x505/0x830 [ 141.442489][ T7422] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.442522][ T7422] ? import_iovec+0x74/0xa0 [ 141.442551][ T7422] ___sys_sendmsg+0x21f/0x2a0 [ 141.442576][ T7422] ? __pfx____sys_sendmsg+0x10/0x10 [ 141.442640][ T7422] ? __fget_files+0x2a/0x420 [ 141.442669][ T7422] ? __fget_files+0x3a0/0x420 [ 141.442710][ T7422] __x64_sys_sendmsg+0x19b/0x260 [ 141.442736][ T7422] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 141.442767][ T7422] ? __pfx_ksys_write+0x10/0x10 [ 141.442792][ T7422] ? rcu_is_watching+0x15/0xb0 [ 141.442817][ T7422] ? do_syscall_64+0xbe/0x3b0 [ 141.442841][ T7422] do_syscall_64+0xfa/0x3b0 [ 141.442857][ T7422] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.442886][ T7422] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.442905][ T7422] ? clear_bhb_loop+0x60/0xb0 [ 141.442930][ T7422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.442949][ T7422] RIP: 0033:0x7f9d1898ebe9 [ 141.442968][ T7422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.442984][ T7422] RSP: 002b:00007f9d198a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.443014][ T7422] RAX: ffffffffffffffda RBX: 00007f9d18bc5fa0 RCX: 00007f9d1898ebe9 [ 141.443029][ T7422] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 141.443041][ T7422] RBP: 00007f9d198a1090 R08: 0000000000000000 R09: 0000000000000000 [ 141.443052][ T7422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 141.443064][ T7422] R13: 00007f9d18bc6038 R14: 00007f9d18bc5fa0 R15: 00007ffef1c46238 [ 141.443097][ T7422] [ 141.918188][ T7418] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.926083][ T7418] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.135046][ T7418] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check. [ 142.327477][ T7437] tipc: Enabled bearer , priority 0 [ 142.392284][ T7444] syzkaller0: entered promiscuous mode [ 142.415657][ T7444] syzkaller0: entered allmulticast mode [ 142.426430][ T7449] netlink: 'syz.2.486': attribute type 1 has an invalid length. [ 142.440309][ T7450] __nla_validate_parse: 13 callbacks suppressed [ 142.440328][ T7450] netlink: 44 bytes leftover after parsing attributes in process `syz.3.484'. [ 142.499625][ T7452] netlink: 28 bytes leftover after parsing attributes in process `syz.0.487'. [ 142.514516][ T7452] netlink: 28 bytes leftover after parsing attributes in process `syz.0.487'. [ 142.530585][ T7449] netlink: 224 bytes leftover after parsing attributes in process `syz.2.486'. [ 142.544545][ T7450] netlink: 44 bytes leftover after parsing attributes in process `syz.3.484'. [ 142.568118][ T7455] netlink: 12 bytes leftover after parsing attributes in process `syz.1.488'. [ 142.581972][ T7437] syzkaller0: mtu greater than device maximum [ 142.687352][ T7436] tipc: Resetting bearer [ 142.780449][ T5959] IPVS: starting estimator thread 0... [ 142.793893][ T7436] tipc: Disabling bearer [ 142.846912][ T7470] netlink: 40 bytes leftover after parsing attributes in process `syz.3.494'. [ 142.882182][ T7464] IPVS: using max 27 ests per chain, 64800 per kthread [ 142.907729][ T7472] FAULT_INJECTION: forcing a failure. [ 142.907729][ T7472] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 142.928915][ T7472] CPU: 1 UID: 0 PID: 7472 Comm: syz.0.493 Not tainted syzkaller #0 PREEMPT(full) [ 142.928943][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 142.928955][ T7472] Call Trace: [ 142.928963][ T7472] [ 142.928973][ T7472] dump_stack_lvl+0x189/0x250 [ 142.929002][ T7472] ? __pfx____ratelimit+0x10/0x10 [ 142.929033][ T7472] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.929057][ T7472] ? __pfx__printk+0x10/0x10 [ 142.929088][ T7472] ? fs_reclaim_acquire+0x7d/0x100 [ 142.929130][ T7472] should_fail_ex+0x414/0x560 [ 142.929164][ T7472] prepare_alloc_pages+0x213/0x610 [ 142.929200][ T7472] __alloc_frozen_pages_noprof+0x123/0x370 [ 142.929227][ T7472] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 142.929259][ T7472] ? policy_nodemask+0x27c/0x720 [ 142.929294][ T7472] alloc_pages_mpol+0x232/0x4a0 [ 142.929329][ T7472] vma_alloc_folio_noprof+0xe4/0x200 [ 142.929362][ T7472] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 142.929406][ T7472] folio_prealloc+0x30/0x180 [ 142.929438][ T7472] do_wp_page+0x1231/0x5800 [ 142.929490][ T7472] ? __pfx_do_wp_page+0x10/0x10 [ 142.929512][ T7472] ? do_raw_spin_lock+0x121/0x290 [ 142.929541][ T7472] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 142.929578][ T7472] __handle_mm_fault+0x1033/0x5440 [ 142.929624][ T7472] ? __pfx___handle_mm_fault+0x10/0x10 [ 142.929667][ T7472] ? follow_page_pte+0xd03/0x13e0 [ 142.929706][ T7472] handle_mm_fault+0x40a/0x8e0 [ 142.929746][ T7472] __get_user_pages+0x1699/0x2ce0 [ 142.929812][ T7472] __gup_longterm_locked+0x3dc/0x1660 [ 142.929860][ T7472] ? gup_fast_fallback+0x195f/0x2010 [ 142.929890][ T7472] gup_fast_fallback+0x1e6a/0x2010 [ 142.929958][ T7472] ? __pfx_gup_fast_fallback+0x10/0x10 [ 142.929993][ T7472] ? __kasan_kmalloc+0x93/0xb0 [ 142.930020][ T7472] ? is_valid_gup_args+0x11f/0x200 [ 142.930048][ T7472] ? pin_user_pages_fast+0x4d/0xb0 [ 142.930076][ T7472] rds_cmsg_rdma_args+0x8f4/0x1240 [ 142.930136][ T7472] rds_cmsg_send+0x33d/0x5c0 [ 142.930190][ T7472] rds_sendmsg+0x1129/0x1f00 [ 142.930241][ T7472] ? __pfx_rds_sendmsg+0x10/0x10 [ 142.930269][ T7472] ? aa_sk_perm+0x81e/0x950 [ 142.930305][ T7472] ? __pfx_aa_sk_perm+0x10/0x10 [ 142.930333][ T7472] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 142.930362][ T7472] ? aa_sock_msg_perm+0xf1/0x1d0 [ 142.930384][ T7472] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 142.930405][ T7472] ? __pfx_rds_sendmsg+0x10/0x10 [ 142.930437][ T7472] __sock_sendmsg+0x219/0x270 [ 142.930469][ T7472] ____sys_sendmsg+0x505/0x830 [ 142.930498][ T7472] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.930532][ T7472] ? import_iovec+0x74/0xa0 [ 142.930560][ T7472] ___sys_sendmsg+0x21f/0x2a0 [ 142.930586][ T7472] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.930650][ T7472] ? __fget_files+0x2a/0x420 [ 142.930679][ T7472] ? __fget_files+0x3a0/0x420 [ 142.930722][ T7472] __x64_sys_sendmsg+0x19b/0x260 [ 142.930748][ T7472] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 142.930782][ T7472] ? __pfx_ksys_write+0x10/0x10 [ 142.930806][ T7472] ? rcu_is_watching+0x15/0xb0 [ 142.930833][ T7472] ? do_syscall_64+0xbe/0x3b0 [ 142.930857][ T7472] do_syscall_64+0xfa/0x3b0 [ 142.930874][ T7472] ? lockdep_hardirqs_on+0x9c/0x150 [ 142.930903][ T7472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.930923][ T7472] ? clear_bhb_loop+0x60/0xb0 [ 142.930948][ T7472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.930967][ T7472] RIP: 0033:0x7f9d1898ebe9 [ 142.930986][ T7472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.931002][ T7472] RSP: 002b:00007f9d198a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.931023][ T7472] RAX: ffffffffffffffda RBX: 00007f9d18bc5fa0 RCX: 00007f9d1898ebe9 [ 142.931037][ T7472] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 142.931049][ T7472] RBP: 00007f9d198a1090 R08: 0000000000000000 R09: 0000000000000000 [ 142.931061][ T7472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 142.931072][ T7472] R13: 00007f9d18bc6038 R14: 00007f9d18bc5fa0 R15: 00007ffef1c46238 [ 142.931105][ T7472] [ 143.804613][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.503'. [ 144.540597][ T7534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.516'. [ 144.577915][ T7534] netlink: 'syz.0.516': attribute type 1 has an invalid length. [ 144.597810][ T7534] netlink: 'syz.0.516': attribute type 2 has an invalid length. [ 144.913722][ T7548] netlink: 8 bytes leftover after parsing attributes in process `syz.1.522'. [ 145.260099][ T7564] netlink: 'syz.2.527': attribute type 2 has an invalid length. [ 145.428252][ T7568] netlink: 'syz.4.528': attribute type 8 has an invalid length. [ 145.801422][ T7582] wg2: entered promiscuous mode [ 145.824856][ T7582] wg2: entered allmulticast mode [ 145.885654][ T7568] infiniband syz!: set active [ 145.891288][ T7568] infiniband syz!: added team_slave_0 [ 145.962899][ T7568] RDS/IB: syz!: added [ 145.973228][ T7568] smc: adding ib device syz! with port count 1 [ 145.996262][ T7568] smc: ib device syz! port 1 has pnetid [ 146.695438][ T7614] FAULT_INJECTION: forcing a failure. [ 146.695438][ T7614] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 146.747188][ T7614] CPU: 0 UID: 0 PID: 7614 Comm: syz.2.546 Not tainted syzkaller #0 PREEMPT(full) [ 146.747217][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 146.747230][ T7614] Call Trace: [ 146.747238][ T7614] [ 146.747248][ T7614] dump_stack_lvl+0x189/0x250 [ 146.747278][ T7614] ? __pfx____ratelimit+0x10/0x10 [ 146.747308][ T7614] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.747331][ T7614] ? __pfx__printk+0x10/0x10 [ 146.747362][ T7614] ? fs_reclaim_acquire+0x7d/0x100 [ 146.747404][ T7614] should_fail_ex+0x414/0x560 [ 146.747437][ T7614] prepare_alloc_pages+0x213/0x610 [ 146.747466][ T7614] __alloc_frozen_pages_noprof+0x123/0x370 [ 146.747492][ T7614] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 146.747524][ T7614] ? policy_nodemask+0x27c/0x720 [ 146.747560][ T7614] alloc_pages_mpol+0x232/0x4a0 [ 146.747595][ T7614] vma_alloc_folio_noprof+0xe4/0x200 [ 146.747629][ T7614] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 146.747672][ T7614] folio_prealloc+0x30/0x180 [ 146.747704][ T7614] do_wp_page+0x1231/0x5800 [ 146.747755][ T7614] ? __pfx_do_wp_page+0x10/0x10 [ 146.747785][ T7614] ? do_raw_spin_lock+0x121/0x290 [ 146.747814][ T7614] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 146.747852][ T7614] __handle_mm_fault+0x1033/0x5440 [ 146.747897][ T7614] ? __pfx___handle_mm_fault+0x10/0x10 [ 146.747939][ T7614] ? follow_page_pte+0xd03/0x13e0 [ 146.747977][ T7614] handle_mm_fault+0x40a/0x8e0 [ 146.748015][ T7614] __get_user_pages+0x1699/0x2ce0 [ 146.748080][ T7614] __gup_longterm_locked+0x3dc/0x1660 [ 146.748126][ T7614] ? gup_fast_fallback+0x195f/0x2010 [ 146.748154][ T7614] gup_fast_fallback+0x1e6a/0x2010 [ 146.748216][ T7614] ? __pfx_gup_fast_fallback+0x10/0x10 [ 146.748249][ T7614] ? __kasan_kmalloc+0x93/0xb0 [ 146.748273][ T7614] ? is_valid_gup_args+0x11f/0x200 [ 146.748300][ T7614] ? pin_user_pages_fast+0x4d/0xb0 [ 146.748327][ T7614] rds_cmsg_rdma_args+0x8f4/0x1240 [ 146.748387][ T7614] rds_cmsg_send+0x33d/0x5c0 [ 146.748431][ T7614] rds_sendmsg+0x1129/0x1f00 [ 146.748479][ T7614] ? __pfx_rds_sendmsg+0x10/0x10 [ 146.748506][ T7614] ? aa_sk_perm+0x81e/0x950 [ 146.748541][ T7614] ? __pfx_aa_sk_perm+0x10/0x10 [ 146.748568][ T7614] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 146.748596][ T7614] ? aa_sock_msg_perm+0xf1/0x1d0 [ 146.748616][ T7614] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 146.748638][ T7614] ? __pfx_rds_sendmsg+0x10/0x10 [ 146.748668][ T7614] __sock_sendmsg+0x219/0x270 [ 146.748700][ T7614] ____sys_sendmsg+0x505/0x830 [ 146.748728][ T7614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 146.748760][ T7614] ? import_iovec+0x74/0xa0 [ 146.748792][ T7614] ___sys_sendmsg+0x21f/0x2a0 [ 146.748814][ T7614] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.748873][ T7614] ? __fget_files+0x2a/0x420 [ 146.748899][ T7614] ? __fget_files+0x3a0/0x420 [ 146.748937][ T7614] __x64_sys_sendmsg+0x19b/0x260 [ 146.748960][ T7614] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 146.748991][ T7614] ? __pfx_ksys_write+0x10/0x10 [ 146.749012][ T7614] ? rcu_is_watching+0x15/0xb0 [ 146.749036][ T7614] ? do_syscall_64+0xbe/0x3b0 [ 146.749056][ T7614] do_syscall_64+0xfa/0x3b0 [ 146.749071][ T7614] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.749095][ T7614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.749112][ T7614] ? clear_bhb_loop+0x60/0xb0 [ 146.749134][ T7614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.749153][ T7614] RIP: 0033:0x7fb5e6f8ebe9 [ 146.749170][ T7614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.749185][ T7614] RSP: 002b:00007fb5e7eb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.749205][ T7614] RAX: ffffffffffffffda RBX: 00007fb5e71c5fa0 RCX: 00007fb5e6f8ebe9 [ 146.749218][ T7614] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 146.749229][ T7614] RBP: 00007fb5e7eb5090 R08: 0000000000000000 R09: 0000000000000000 [ 146.749239][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 146.749250][ T7614] R13: 00007fb5e71c6038 R14: 00007fb5e71c5fa0 R15: 00007fff8704f598 [ 146.749280][ T7614] [ 148.236745][ T7645] __nla_validate_parse: 5 callbacks suppressed [ 148.236765][ T7645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.556'. [ 148.286991][ T7645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.556'. [ 148.553910][ T7652] netlink: 156 bytes leftover after parsing attributes in process `syz.2.559'. [ 148.579364][ T7652] netlink: 156 bytes leftover after parsing attributes in process `syz.2.559'. [ 148.968453][ T7661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.562'. [ 149.107571][ T7667] openvswitch: netlink: Message has 8 unknown bytes. [ 149.377000][ T7673] tipc: Enabled bearer , priority 0 [ 149.396419][ T7673] syzkaller0: entered promiscuous mode [ 149.411752][ T7673] syzkaller0: entered allmulticast mode [ 149.506079][ T7678] syzkaller0: mtu greater than device maximum [ 149.543278][ T7670] tipc: Resetting bearer [ 149.640503][ T7670] tipc: Disabling bearer [ 149.893756][ T7694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.575'. [ 149.972210][ T7692] tipc: Enabled bearer , priority 0 [ 150.014914][ T7692] syzkaller0: entered promiscuous mode [ 150.020465][ T7692] syzkaller0: entered allmulticast mode [ 150.094670][ T7692] tipc: Resetting bearer [ 150.119013][ T7700] geneve2: entered promiscuous mode [ 150.128517][ T7700] geneve2: entered allmulticast mode [ 150.158794][ T7689] tipc: Resetting bearer [ 150.196178][ T7689] tipc: Disabling bearer [ 150.345566][ T7705] tls_set_device_offload: netdev not found [ 150.409647][ T7709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'. [ 150.849951][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.590'. [ 150.878688][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.590'. [ 151.030078][ T7734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.594'. [ 151.963206][ T7775] tipc: Enabled bearer , priority 0 [ 151.984410][ T7775] syzkaller0: entered promiscuous mode [ 152.001485][ T7775] syzkaller0: entered allmulticast mode [ 152.015309][ T7775] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 152.049303][ T7775] tipc: Resetting bearer [ 152.060319][ T7772] tipc: Resetting bearer [ 152.076830][ T7772] tipc: Disabling bearer [ 152.252575][ T7788] FAULT_INJECTION: forcing a failure. [ 152.252575][ T7788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.266466][ T7788] CPU: 0 UID: 0 PID: 7788 Comm: syz.1.614 Not tainted syzkaller #0 PREEMPT(full) [ 152.266494][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 152.266506][ T7788] Call Trace: [ 152.266514][ T7788] [ 152.266522][ T7788] dump_stack_lvl+0x189/0x250 [ 152.266552][ T7788] ? __pfx____ratelimit+0x10/0x10 [ 152.266582][ T7788] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.266607][ T7788] ? __pfx__printk+0x10/0x10 [ 152.266636][ T7788] ? __might_fault+0xb0/0x130 [ 152.266676][ T7788] should_fail_ex+0x414/0x560 [ 152.266710][ T7788] _copy_from_user+0x2d/0xb0 [ 152.266735][ T7788] ___sys_sendmsg+0x158/0x2a0 [ 152.266761][ T7788] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.266824][ T7788] ? __fget_files+0x2a/0x420 [ 152.266854][ T7788] ? __fget_files+0x3a0/0x420 [ 152.266896][ T7788] __x64_sys_sendmsg+0x19b/0x260 [ 152.266922][ T7788] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 152.266964][ T7788] ? __pfx_ksys_write+0x10/0x10 [ 152.266989][ T7788] ? rcu_is_watching+0x15/0xb0 [ 152.267015][ T7788] ? do_syscall_64+0xbe/0x3b0 [ 152.267044][ T7788] do_syscall_64+0xfa/0x3b0 [ 152.267061][ T7788] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.267090][ T7788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.267109][ T7788] ? clear_bhb_loop+0x60/0xb0 [ 152.267134][ T7788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.267154][ T7788] RIP: 0033:0x7f8f4118ebe9 [ 152.267172][ T7788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.267188][ T7788] RSP: 002b:00007f8f41f44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.267210][ T7788] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118ebe9 [ 152.267225][ T7788] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 152.267237][ T7788] RBP: 00007f8f41f44090 R08: 0000000000000000 R09: 0000000000000000 [ 152.267248][ T7788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.267259][ T7788] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 152.267293][ T7788] [ 152.772296][ T7796] syzkaller1: entered promiscuous mode [ 152.790172][ T7796] syzkaller1: entered allmulticast mode [ 152.944637][ T7810] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 152.969168][ T7805] tc_dump_action: action bad kind [ 153.617759][ T7832] tipc: Enabled bearer , priority 0 [ 153.639026][ T7832] syzkaller0: entered promiscuous mode [ 153.646506][ T7832] syzkaller0: entered allmulticast mode [ 153.657076][ T7832] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 153.662892][ T7834] openvswitch: netlink: IPv4 tun info is not correct [ 153.688367][ T7832] tipc: Resetting bearer [ 153.697345][ T7831] tipc: Resetting bearer [ 153.714834][ T7831] tipc: Disabling bearer [ 153.831256][ T7842] FAULT_INJECTION: forcing a failure. [ 153.831256][ T7842] name failslab, interval 1, probability 0, space 0, times 0 [ 153.855594][ T7842] CPU: 0 UID: 0 PID: 7842 Comm: syz.1.635 Not tainted syzkaller #0 PREEMPT(full) [ 153.855622][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 153.855635][ T7842] Call Trace: [ 153.855643][ T7842] [ 153.855651][ T7842] dump_stack_lvl+0x189/0x250 [ 153.855680][ T7842] ? __pfx____ratelimit+0x10/0x10 [ 153.855740][ T7842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.855766][ T7842] ? __pfx__printk+0x10/0x10 [ 153.855800][ T7842] ? __pfx___might_resched+0x10/0x10 [ 153.855824][ T7842] should_fail_ex+0x414/0x560 [ 153.855856][ T7842] should_failslab+0xa8/0x100 [ 153.855887][ T7842] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 153.855915][ T7842] ? __alloc_skb+0x112/0x2d0 [ 153.855937][ T7842] __alloc_skb+0x112/0x2d0 [ 153.855960][ T7842] netlink_sendmsg+0x5c6/0xb30 [ 153.855991][ T7842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.856013][ T7842] ? aa_sock_msg_perm+0xf1/0x1d0 [ 153.856034][ T7842] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 153.856055][ T7842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.856075][ T7842] __sock_sendmsg+0x219/0x270 [ 153.856105][ T7842] ____sys_sendmsg+0x505/0x830 [ 153.856132][ T7842] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.856164][ T7842] ? import_iovec+0x74/0xa0 [ 153.856191][ T7842] ___sys_sendmsg+0x21f/0x2a0 [ 153.856215][ T7842] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.856276][ T7842] ? __fget_files+0x2a/0x420 [ 153.856304][ T7842] ? __fget_files+0x3a0/0x420 [ 153.856345][ T7842] __x64_sys_sendmsg+0x19b/0x260 [ 153.856370][ T7842] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.856402][ T7842] ? __pfx_ksys_write+0x10/0x10 [ 153.856435][ T7842] ? do_syscall_64+0xbe/0x3b0 [ 153.856456][ T7842] do_syscall_64+0xfa/0x3b0 [ 153.856473][ T7842] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.856501][ T7842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.856519][ T7842] ? clear_bhb_loop+0x60/0xb0 [ 153.856544][ T7842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.856563][ T7842] RIP: 0033:0x7f8f4118ebe9 [ 153.856581][ T7842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.856597][ T7842] RSP: 002b:00007f8f41f44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.856616][ T7842] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118ebe9 [ 153.856631][ T7842] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 153.856643][ T7842] RBP: 00007f8f41f44090 R08: 0000000000000000 R09: 0000000000000000 [ 153.856655][ T7842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.856667][ T7842] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 153.856699][ T7842] [ 153.859343][ T7840] __nla_validate_parse: 3 callbacks suppressed [ 153.859366][ T7840] netlink: 32 bytes leftover after parsing attributes in process `syz.3.636'. [ 154.008445][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.637'. [ 154.148945][ T7850] netlink: 6 bytes leftover after parsing attributes in process `syz.1.637'. [ 154.162335][ T7846] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 154.164446][ T7850] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 154.183456][ T7846] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 154.504962][ T7864] IPVS: sync thread started: state = BACKUP, mcast_ifn = erspan0, syncid = 0, id = 0 [ 154.984142][ T7883] netlink: 156 bytes leftover after parsing attributes in process `syz.3.649'. [ 155.012408][ T7883] netlink: 156 bytes leftover after parsing attributes in process `syz.3.649'. [ 155.031274][ T7889] netlink: 'syz.1.652': attribute type 1 has an invalid length. [ 155.040997][ T7889] netlink: 224 bytes leftover after parsing attributes in process `syz.1.652'. [ 155.281516][ T7902] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 155.319792][ T7904] sctp: [Deprecated]: syz.3.657 (pid 7904) Use of struct sctp_assoc_value in delayed_ack socket option. [ 155.319792][ T7904] Use struct sctp_sack_info instead [ 155.560415][ T7918] netlink: 28 bytes leftover after parsing attributes in process `syz.1.662'. [ 155.726675][ T7925] netlink: 'syz.1.665': attribute type 5 has an invalid length. [ 155.937495][ T7929] FAULT_INJECTION: forcing a failure. [ 155.937495][ T7929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.994295][ T7929] CPU: 0 UID: 0 PID: 7929 Comm: syz.4.667 Not tainted syzkaller #0 PREEMPT(full) [ 155.994325][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 155.994338][ T7929] Call Trace: [ 155.994346][ T7929] [ 155.994355][ T7929] dump_stack_lvl+0x189/0x250 [ 155.994386][ T7929] ? __pfx____ratelimit+0x10/0x10 [ 155.994417][ T7929] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.994442][ T7929] ? __pfx__printk+0x10/0x10 [ 155.994471][ T7929] ? __might_fault+0xb0/0x130 [ 155.994512][ T7929] should_fail_ex+0x414/0x560 [ 155.994552][ T7929] _copy_from_iter+0x1de/0x1790 [ 155.994582][ T7929] ? rcu_is_watching+0x15/0xb0 [ 155.994605][ T7929] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 155.994635][ T7929] ? __pfx__copy_from_iter+0x10/0x10 [ 155.994659][ T7929] ? __build_skb_around+0x257/0x3e0 [ 155.994683][ T7929] ? netlink_sendmsg+0x642/0xb30 [ 155.994701][ T7929] ? skb_put+0x11b/0x210 [ 155.994725][ T7929] netlink_sendmsg+0x6b2/0xb30 [ 155.994756][ T7929] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.994779][ T7929] ? aa_sock_msg_perm+0xf1/0x1d0 [ 155.994800][ T7929] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 155.994822][ T7929] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.994843][ T7929] __sock_sendmsg+0x219/0x270 [ 155.994875][ T7929] ____sys_sendmsg+0x505/0x830 [ 155.994903][ T7929] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.994935][ T7929] ? import_iovec+0x74/0xa0 [ 155.994960][ T7929] ___sys_sendmsg+0x21f/0x2a0 [ 155.994983][ T7929] ? __pfx____sys_sendmsg+0x10/0x10 [ 155.995044][ T7929] ? __fget_files+0x2a/0x420 [ 155.995074][ T7929] ? __fget_files+0x3a0/0x420 [ 155.995116][ T7929] __x64_sys_sendmsg+0x19b/0x260 [ 155.995140][ T7929] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 155.995174][ T7929] ? __pfx_ksys_write+0x10/0x10 [ 155.995197][ T7929] ? rcu_is_watching+0x15/0xb0 [ 155.995224][ T7929] ? do_syscall_64+0xbe/0x3b0 [ 155.995247][ T7929] do_syscall_64+0xfa/0x3b0 [ 155.995264][ T7929] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.995292][ T7929] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.995317][ T7929] ? clear_bhb_loop+0x60/0xb0 [ 155.995342][ T7929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.995361][ T7929] RIP: 0033:0x7fe4c3f8ebe9 [ 155.995379][ T7929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.995396][ T7929] RSP: 002b:00007fe4c4e21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.995417][ T7929] RAX: ffffffffffffffda RBX: 00007fe4c41c5fa0 RCX: 00007fe4c3f8ebe9 [ 155.995433][ T7929] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 155.995445][ T7929] RBP: 00007fe4c4e21090 R08: 0000000000000000 R09: 0000000000000000 [ 155.995458][ T7929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.995469][ T7929] R13: 00007fe4c41c6038 R14: 00007fe4c41c5fa0 R15: 00007fff5a1761d8 [ 155.995525][ T7929] [ 156.332427][ T7937] netlink: 88 bytes leftover after parsing attributes in process `syz.2.670'. [ 156.551385][ T7944] openvswitch: netlink: Key type 64 is out of range max 32 [ 156.723846][ T7950] netlink: 'syz.3.675': attribute type 29 has an invalid length. [ 156.748522][ T7950] netlink: 'syz.3.675': attribute type 29 has an invalid length. [ 156.767276][ T7950] netlink: 500 bytes leftover after parsing attributes in process `syz.3.675'. [ 157.138236][ T7967] tipc: Enabled bearer , priority 0 [ 157.173176][ T7967] syzkaller0: entered promiscuous mode [ 157.190014][ T7967] syzkaller0: entered allmulticast mode [ 157.217749][ T7967] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 157.262659][ T7973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.685'. [ 157.287603][ T7974] tipc: Resetting bearer [ 157.342830][ T7966] tipc: Resetting bearer [ 157.412339][ T7966] tipc: Disabling bearer [ 157.534482][ T7982] netlink: 'syz.0.691': attribute type 49 has an invalid length. [ 157.739593][ T7987] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 157.970253][ T7999] netlink: 'syz.0.696': attribute type 1 has an invalid length. [ 158.017934][ T7999] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 158.047346][ T7999] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 158.583608][ T8020] tipc: Enabled bearer , priority 0 [ 158.602817][ T8020] syzkaller0: entered promiscuous mode [ 158.615057][ T8020] syzkaller0: entered allmulticast mode [ 158.637420][ T8020] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 158.671444][ T8027] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 158.768363][ T8029] tipc: Resetting bearer [ 158.827247][ T8019] tipc: Resetting bearer [ 158.902144][ T8038] __nla_validate_parse: 5 callbacks suppressed [ 158.902163][ T8038] netlink: 28 bytes leftover after parsing attributes in process `syz.1.707'. [ 158.926274][ T8019] tipc: Disabling bearer [ 158.965805][ T8042] netlink: 'syz.0.709': attribute type 10 has an invalid length. [ 159.018526][ T8044] netlink: 16 bytes leftover after parsing attributes in process `syz.0.709'. [ 159.116456][ T8042] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 159.371529][ T8064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.713'. [ 159.674504][ T8080] netlink: 'syz.3.719': attribute type 1 has an invalid length. [ 160.203226][ T8086] tipc: Enabled bearer , priority 0 [ 160.210955][ T8086] syzkaller0: entered promiscuous mode [ 160.231724][ T8086] syzkaller0: entered allmulticast mode [ 160.265526][ T8094] netlink: 'syz.0.723': attribute type 1 has an invalid length. [ 160.274623][ T8086] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 160.302377][ T8094] netlink: 224 bytes leftover after parsing attributes in process `syz.0.723'. [ 160.411000][ T8095] tipc: Resetting bearer [ 160.474741][ T8085] tipc: Resetting bearer [ 160.551011][ T8085] tipc: Disabling bearer [ 160.876737][ T8121] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 160.928974][ T8123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.733'. [ 161.338016][ T8138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.738'. [ 161.356471][ T8143] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 161.641205][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.746'. [ 161.676542][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.746'. [ 162.791314][ T8212] netlink: 28 bytes leftover after parsing attributes in process `syz.4.765'. [ 162.838267][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.765'. [ 162.913622][ T8212] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 163.714970][ T8244] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 164.029175][ T8255] __nla_validate_parse: 1 callbacks suppressed [ 164.029198][ T8255] netlink: 156 bytes leftover after parsing attributes in process `syz.4.781'. [ 164.072379][ T8255] netlink: 156 bytes leftover after parsing attributes in process `syz.4.781'. [ 164.858242][ T8280] tipc: Enabled bearer , priority 0 [ 164.901433][ T8280] syzkaller0: entered promiscuous mode [ 164.925379][ T8280] syzkaller0: entered allmulticast mode [ 165.012519][ T8280] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 165.070469][ T8285] tipc: Resetting bearer [ 165.145836][ T8279] tipc: Resetting bearer [ 165.204442][ T8279] tipc: Disabling bearer [ 165.350739][ T8301] netlink: 156 bytes leftover after parsing attributes in process `syz.1.795'. [ 165.390043][ T8301] netlink: 156 bytes leftover after parsing attributes in process `syz.1.795'. [ 165.904453][ T8328] netlink: 'syz.4.803': attribute type 21 has an invalid length. [ 165.912512][ T8328] netlink: 128 bytes leftover after parsing attributes in process `syz.4.803'. [ 165.934106][ T8328] netlink: 'syz.4.803': attribute type 4 has an invalid length. [ 165.957871][ T8328] netlink: 'syz.4.803': attribute type 5 has an invalid length. [ 165.966106][ T8328] netlink: 3 bytes leftover after parsing attributes in process `syz.4.803'. [ 165.982793][ T8323] netlink: 'syz.4.803': attribute type 21 has an invalid length. [ 166.012444][ T8323] netlink: 128 bytes leftover after parsing attributes in process `syz.4.803'. [ 166.100374][ T8323] netlink: 'syz.4.803': attribute type 4 has an invalid length. [ 166.164687][ T8323] netlink: 'syz.4.803': attribute type 5 has an invalid length. [ 166.239609][ T8323] netlink: 3 bytes leftover after parsing attributes in process `syz.4.803'. [ 166.294392][ T8328] netlink: 'syz.4.803': attribute type 4 has an invalid length. [ 166.382494][ T8321] netlink: 'syz.4.803': attribute type 4 has an invalid length. [ 166.918129][ T8358] netlink: 156 bytes leftover after parsing attributes in process `syz.4.815'. [ 166.965736][ T8364] openvswitch: netlink: Key type 8454 is out of range max 32 [ 166.966693][ T8358] netlink: 156 bytes leftover after parsing attributes in process `syz.4.815'. [ 168.035036][ T8405] tipc: Enabled bearer , priority 0 [ 168.113572][ T8405] syzkaller0: entered promiscuous mode [ 168.119279][ T8405] syzkaller0: entered allmulticast mode [ 168.179920][ T8405] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 168.255987][ T8405] tipc: Resetting bearer [ 168.367781][ T8403] tipc: Resetting bearer [ 168.442920][ T8403] tipc: Disabling bearer [ 168.456603][ T8413] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 169.696655][ T8459] __nla_validate_parse: 4 callbacks suppressed [ 169.696677][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.850'. [ 170.074415][ T8473] sctp: [Deprecated]: syz.0.856 (pid 8473) Use of int in max_burst socket option deprecated. [ 170.074415][ T8473] Use struct sctp_assoc_value instead [ 170.457608][ T8493] netlink: 'syz.1.863': attribute type 1 has an invalid length. [ 170.466477][ T8493] netlink: 224 bytes leftover after parsing attributes in process `syz.1.863'. [ 170.499042][ T8494] netlink: 20 bytes leftover after parsing attributes in process `syz.2.862'. [ 170.709726][ T8504] netlink: 64 bytes leftover after parsing attributes in process `syz.2.869'. [ 170.962613][ T8517] netlink: 24 bytes leftover after parsing attributes in process `syz.2.870'. [ 172.362945][ T8569] batman_adv: batadv0: Adding interface: dummy0 [ 172.389682][ T8569] batman_adv: batadv0: The MTU of interface dummy0 is too small (1536) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1596 would solve the problem. [ 172.429544][ T8569] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 172.503063][ T8571] tipc: Enabled bearer , priority 0 [ 172.517566][ T8571] syzkaller0: entered promiscuous mode [ 172.534529][ T8571] syzkaller0: entered allmulticast mode [ 172.555529][ T8571] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 172.579132][ T8573] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.601427][ T8573] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.608857][ T8573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.632969][ T8571] tipc: Resetting bearer [ 172.657732][ T8570] tipc: Resetting bearer [ 172.693228][ T8570] tipc: Disabling bearer [ 172.746422][ T8579] netlink: 64 bytes leftover after parsing attributes in process `syz.0.894'. [ 172.918028][ T8584] netlink: 'syz.1.896': attribute type 12 has an invalid length. [ 172.951904][ T8584] netlink: 'syz.1.896': attribute type 29 has an invalid length. [ 172.987770][ T8584] netlink: 148 bytes leftover after parsing attributes in process `syz.1.896'. [ 173.017479][ T8584] netlink: 59 bytes leftover after parsing attributes in process `syz.1.896'. [ 173.058141][ T8593] netlink: 164348 bytes leftover after parsing attributes in process `syz.1.896'. [ 173.097794][ T8593] netlink: zone id is out of range [ 173.123312][ T8593] netlink: zone id is out of range [ 173.152361][ T8593] netlink: zone id is out of range [ 173.186009][ T8593] netlink: zone id is out of range [ 173.210723][ T8598] tipc: Enabled bearer , priority 0 [ 173.220387][ T8593] netlink: zone id is out of range [ 173.228427][ T8593] netlink: zone id is out of range [ 173.236045][ T8593] netlink: zone id is out of range [ 173.256154][ T8593] netlink: zone id is out of range [ 173.263107][ T8598] syzkaller0: entered promiscuous mode [ 173.271229][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.901'. [ 173.283279][ T8598] syzkaller0: entered allmulticast mode [ 173.293504][ T8593] netlink: zone id is out of range [ 173.303293][ T8593] netlink: zone id is out of range [ 173.344739][ T8597] tipc: Resetting bearer [ 173.420451][ T8597] tipc: Disabling bearer [ 173.901841][ T8624] netlink: 'syz.1.911': attribute type 1 has an invalid length. [ 174.037751][ T8630] FAULT_INJECTION: forcing a failure. [ 174.037751][ T8630] name failslab, interval 1, probability 0, space 0, times 0 [ 174.103109][ T8630] CPU: 1 UID: 0 PID: 8630 Comm: syz.2.914 Not tainted syzkaller #0 PREEMPT(full) [ 174.103137][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.103150][ T8630] Call Trace: [ 174.103158][ T8630] [ 174.103167][ T8630] dump_stack_lvl+0x189/0x250 [ 174.103196][ T8630] ? __pfx____ratelimit+0x10/0x10 [ 174.103227][ T8630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.103251][ T8630] ? __pfx__printk+0x10/0x10 [ 174.103282][ T8630] ? __pfx___might_resched+0x10/0x10 [ 174.103302][ T8630] ? fs_reclaim_acquire+0x7d/0x100 [ 174.103339][ T8630] should_fail_ex+0x414/0x560 [ 174.103371][ T8630] should_failslab+0xa8/0x100 [ 174.103402][ T8630] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 174.103432][ T8630] ? __request_module+0x2d1/0x5e0 [ 174.103469][ T8630] kstrdup+0x42/0x100 [ 174.103492][ T8630] __request_module+0x2d1/0x5e0 [ 174.103526][ T8630] ? rtnl_link_ops_get+0x23/0x250 [ 174.103547][ T8630] ? __pfx___request_module+0x10/0x10 [ 174.103591][ T8630] ? rtnl_link_ops_get+0x23/0x250 [ 174.103609][ T8630] ? rtnl_link_ops_get+0x23/0x250 [ 174.103630][ T8630] ? rtnl_link_ops_get+0x215/0x250 [ 174.103654][ T8630] rtnl_newlink+0x64f/0x1c70 [ 174.103697][ T8630] ? __pfx_rtnl_newlink+0x10/0x10 [ 174.103747][ T8630] ? is_bpf_text_address+0x26/0x2b0 [ 174.103786][ T8630] ? __lock_acquire+0xab9/0xd20 [ 174.103830][ T8630] ? __lock_acquire+0xab9/0xd20 [ 174.103882][ T8630] ? is_bpf_text_address+0x26/0x2b0 [ 174.103916][ T8630] ? is_bpf_text_address+0x292/0x2b0 [ 174.103946][ T8630] ? is_bpf_text_address+0x26/0x2b0 [ 174.103986][ T8630] ? __lock_acquire+0xab9/0xd20 [ 174.104044][ T8630] ? __pfx_rtnl_newlink+0x10/0x10 [ 174.104075][ T8630] rtnetlink_rcv_msg+0x7cf/0xb70 [ 174.104105][ T8630] ? __lock_acquire+0xab9/0xd20 [ 174.104135][ T8630] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 174.104166][ T8630] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 174.104217][ T8630] netlink_rcv_skb+0x208/0x470 [ 174.104246][ T8630] ? __lock_acquire+0xab9/0xd20 [ 174.104276][ T8630] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 174.104310][ T8630] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 174.104351][ T8630] ? netlink_deliver_tap+0x2e/0x1b0 [ 174.104392][ T8630] netlink_unicast+0x82f/0x9e0 [ 174.104431][ T8630] ? __pfx_netlink_unicast+0x10/0x10 [ 174.104461][ T8630] ? netlink_sendmsg+0x642/0xb30 [ 174.104477][ T8630] ? skb_put+0x11b/0x210 [ 174.104502][ T8630] netlink_sendmsg+0x805/0xb30 [ 174.104532][ T8630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.104554][ T8630] ? aa_sock_msg_perm+0xf1/0x1d0 [ 174.104576][ T8630] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 174.104597][ T8630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.104617][ T8630] __sock_sendmsg+0x219/0x270 [ 174.104650][ T8630] ____sys_sendmsg+0x505/0x830 [ 174.104679][ T8630] ? __pfx_____sys_sendmsg+0x10/0x10 [ 174.104719][ T8630] ? import_iovec+0x74/0xa0 [ 174.104747][ T8630] ___sys_sendmsg+0x21f/0x2a0 [ 174.104772][ T8630] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.104836][ T8630] ? __fget_files+0x2a/0x420 [ 174.104866][ T8630] ? __fget_files+0x3a0/0x420 [ 174.104908][ T8630] __x64_sys_sendmsg+0x19b/0x260 [ 174.104934][ T8630] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 174.104966][ T8630] ? __pfx_ksys_write+0x10/0x10 [ 174.104990][ T8630] ? rcu_is_watching+0x15/0xb0 [ 174.105017][ T8630] ? do_syscall_64+0xbe/0x3b0 [ 174.105040][ T8630] do_syscall_64+0xfa/0x3b0 [ 174.105057][ T8630] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.105086][ T8630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.105106][ T8630] ? clear_bhb_loop+0x60/0xb0 [ 174.105130][ T8630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.105150][ T8630] RIP: 0033:0x7fb5e6f8ebe9 [ 174.105169][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.105185][ T8630] RSP: 002b:00007fb5e7eb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 174.105208][ T8630] RAX: ffffffffffffffda RBX: 00007fb5e71c5fa0 RCX: 00007fb5e6f8ebe9 [ 174.105223][ T8630] RDX: 0000000020000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 174.105235][ T8630] RBP: 00007fb5e7eb5090 R08: 0000000000000000 R09: 0000000000000000 [ 174.105247][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.105259][ T8630] R13: 00007fb5e71c6038 R14: 00007fb5e71c5fa0 R15: 00007fff8704f598 [ 174.105292][ T8630] [ 174.105420][ T8630] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.866103][ T8652] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 176.084698][ T8707] __nla_validate_parse: 2 callbacks suppressed [ 176.084719][ T8707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.942'. [ 176.630374][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 176.655577][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 176.693120][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 176.831377][ T8726] netlink: 5 bytes leftover after parsing attributes in process `syz.1.947'. [ 176.869789][ T8726] 0ªî{X¹¦: renamed from gretap0 [ 176.964109][ T8726] 0ªî{X¹¦: entered allmulticast mode [ 176.969984][ T8731] netlink: 28 bytes leftover after parsing attributes in process `syz.4.946'. [ 177.391543][ T8742] netlink: 156 bytes leftover after parsing attributes in process `syz.3.952'. [ 177.419503][ T8742] netlink: 156 bytes leftover after parsing attributes in process `syz.3.952'. [ 177.572229][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.954'. [ 177.584711][ T7051] vxcan1 speed is unknown, defaulting to 1000 [ 177.594393][ T8719] infiniband syz2: set active [ 177.599226][ T8719] infiniband syz2: added vxcan1 [ 177.610030][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.954'. [ 177.616641][ T8719] syz2: rxe_create_cq: returned err = -12 [ 177.639955][ T8719] infiniband syz2: Couldn't create ib_mad CQ [ 177.669428][ T8719] infiniband syz2: Couldn't open port 1 [ 177.760798][ T8751] netlink: 4 bytes leftover after parsing attributes in process `syz.3.955'. [ 177.865130][ T8719] RDS/IB: syz2: added [ 177.888722][ T8719] smc: adding ib device syz2 with port count 1 [ 177.933211][ T8719] smc: ib device syz2 port 1 has pnetid [ 177.958388][ T9] vxcan1 speed is unknown, defaulting to 1000 [ 178.009720][ T8761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.957'. [ 178.088375][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 179.095410][ T8785] netlink: 156 bytes leftover after parsing attributes in process `syz.1.965'. [ 179.138748][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 179.548176][ T8805] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 180.344058][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 180.541076][ T8843] tipc: Enabled bearer , priority 0 [ 180.590964][ T8843] syzkaller0: entered promiscuous mode [ 180.599430][ T8843] syzkaller0: entered allmulticast mode [ 180.611083][ T8843] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 180.664879][ T8843] sch_tbf: peakrate 2049 is lower than or equals to rate 2245122589299638733 ! [ 180.693721][ T8843] tipc: Resetting bearer [ 180.735429][ T8842] tipc: Resetting bearer [ 180.796759][ T8842] tipc: Disabling bearer [ 181.026122][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 181.111831][ T8860] __nla_validate_parse: 74 callbacks suppressed [ 181.111853][ T8860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.991'. [ 181.170344][ T8860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.991'. [ 181.412487][ T8874] netlink: 28 bytes leftover after parsing attributes in process `syz.4.997'. [ 181.497760][ T8874] netlink: 28 bytes leftover after parsing attributes in process `syz.4.997'. [ 181.810675][ T8886] team0: Device gtp0 is of different type [ 181.892747][ T8719] vxcan1 speed is unknown, defaulting to 1000 [ 182.106334][ T8899] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1009'. [ 182.504157][ T8909] tipc: Enabled bearer , priority 0 [ 182.526683][ T8909] syzkaller0: entered promiscuous mode [ 182.547852][ T8909] syzkaller0: entered allmulticast mode [ 182.604520][ T8909] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 182.720072][ T8909] tipc: Resetting bearer [ 182.771008][ T8908] tipc: Resetting bearer [ 182.913384][ T8908] tipc: Disabling bearer [ 182.998293][ T8923] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1019'. [ 183.024985][ T8927] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1021'. [ 183.503271][ T8948] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1029'. [ 183.545635][ T8949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1030'. [ 183.557930][ T8955] FAULT_INJECTION: forcing a failure. [ 183.557930][ T8955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.566546][ T8945] netlink: 232 bytes leftover after parsing attributes in process `syz.4.1029'. [ 183.590341][ T8955] CPU: 0 UID: 0 PID: 8955 Comm: syz.1.1032 Not tainted syzkaller #0 PREEMPT(full) [ 183.590386][ T8955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.590407][ T8955] Call Trace: [ 183.590421][ T8955] [ 183.590437][ T8955] dump_stack_lvl+0x189/0x250 [ 183.590482][ T8955] ? __pfx____ratelimit+0x10/0x10 [ 183.590533][ T8955] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.590577][ T8955] ? __pfx__printk+0x10/0x10 [ 183.590618][ T8955] ? __might_fault+0xb0/0x130 [ 183.590660][ T8955] should_fail_ex+0x414/0x560 [ 183.590693][ T8955] _copy_from_iter+0x1de/0x1790 [ 183.590712][ T8955] ? __lock_acquire+0xab9/0xd20 [ 183.590745][ T8955] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 183.590776][ T8955] ? policy_nodemask+0x27c/0x720 [ 183.590804][ T8955] ? __pfx__copy_from_iter+0x10/0x10 [ 183.590833][ T8955] ? set_page_refcounted+0xa0/0x1e0 [ 183.590861][ T8955] ? page_copy_sane+0x4e/0x280 [ 183.590885][ T8955] copy_page_from_iter+0xdd/0x170 [ 183.590912][ T8955] tun_get_user+0x1d7b/0x3e20 [ 183.590951][ T8955] ? tun_get_user+0x6f6/0x3e20 [ 183.590981][ T8955] ? aa_file_perm+0x44d/0x1550 [ 183.591002][ T8955] ? __pfx_tun_get_user+0x10/0x10 [ 183.591021][ T8955] ? _parse_integer_limit+0x1ae/0x1f0 [ 183.591063][ T8955] ? __lock_acquire+0xab9/0xd20 [ 183.591100][ T8955] ? ref_tracker_alloc+0x318/0x460 [ 183.591126][ T8955] ? __lock_acquire+0xab9/0xd20 [ 183.591158][ T8955] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 183.591195][ T8955] ? tun_get+0x1c/0x2f0 [ 183.591221][ T8955] ? tun_get+0x1c/0x2f0 [ 183.591240][ T8955] ? tun_get+0x1c/0x2f0 [ 183.591265][ T8955] tun_chr_write_iter+0x113/0x200 [ 183.591289][ T8955] vfs_write+0x5c9/0xb30 [ 183.591321][ T8955] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 183.591342][ T8955] ? __pfx_vfs_write+0x10/0x10 [ 183.591381][ T8955] ? __fget_files+0x2a/0x420 [ 183.591422][ T8955] ksys_write+0x145/0x250 [ 183.591451][ T8955] ? __pfx_ksys_write+0x10/0x10 [ 183.591474][ T8955] ? rcu_is_watching+0x15/0xb0 [ 183.591500][ T8955] ? do_syscall_64+0xbe/0x3b0 [ 183.591532][ T8955] do_syscall_64+0xfa/0x3b0 [ 183.591549][ T8955] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.591583][ T8955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.591601][ T8955] ? clear_bhb_loop+0x60/0xb0 [ 183.591626][ T8955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.591645][ T8955] RIP: 0033:0x7f8f4118d69f [ 183.591664][ T8955] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 183.591681][ T8955] RSP: 002b:00007f8f41f44000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 183.591702][ T8955] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118d69f [ 183.591716][ T8955] RDX: 000000000000004c RSI: 0000200000000140 RDI: 00000000000000c8 [ 183.591728][ T8955] RBP: 00007f8f41f44090 R08: 0000000000000000 R09: 0000000000000000 [ 183.591740][ T8955] R10: 000000000000004c R11: 0000000000000293 R12: 0000000000000001 [ 183.591751][ T8955] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 183.591785][ T8955] [ 184.615125][ T8989] tipc: Enabled bearer , priority 0 [ 184.708505][ T8993] syzkaller0: entered promiscuous mode [ 184.732938][ T8993] syzkaller0: entered allmulticast mode [ 184.799587][ T9000] syz.4.1052: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 184.833120][ T9000] CPU: 0 UID: 0 PID: 9000 Comm: syz.4.1052 Not tainted syzkaller #0 PREEMPT(full) [ 184.833150][ T9000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 184.833164][ T9000] Call Trace: [ 184.833172][ T9000] [ 184.833182][ T9000] dump_stack_lvl+0x189/0x250 [ 184.833218][ T9000] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.833244][ T9000] ? __pfx__printk+0x10/0x10 [ 184.833274][ T9000] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 184.833299][ T9000] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 184.833326][ T9000] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 184.833354][ T9000] warn_alloc+0x214/0x310 [ 184.833388][ T9000] ? stack_depot_save_flags+0x40/0x860 [ 184.833419][ T9000] ? __pfx_warn_alloc+0x10/0x10 [ 184.833453][ T9000] ? kasan_save_track+0x4f/0x80 [ 184.833480][ T9000] ? xskq_create+0x56/0x170 [ 184.833508][ T9000] ? xsk_init_queue+0xb0/0x110 [ 184.833534][ T9000] ? xsk_setsockopt+0x4dc/0x8d0 [ 184.833559][ T9000] ? do_sock_setsockopt+0x179/0x1b0 [ 184.833577][ T9000] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 184.833607][ T9000] ? do_syscall_64+0xfa/0x3b0 [ 184.833625][ T9000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.833656][ T9000] __vmalloc_node_range_noprof+0x125/0x12f0 [ 184.833723][ T9000] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 184.833761][ T9000] ? __kasan_kmalloc+0x93/0xb0 [ 184.833793][ T9000] vmalloc_user_noprof+0xad/0xf0 [ 184.833823][ T9000] ? xskq_create+0xbf/0x170 [ 184.833853][ T9000] xskq_create+0xbf/0x170 [ 184.833887][ T9000] xsk_init_queue+0xb0/0x110 [ 184.833918][ T9000] xsk_setsockopt+0x4dc/0x8d0 [ 184.833950][ T9000] ? __pfx_xsk_setsockopt+0x10/0x10 [ 184.833977][ T9000] ? __pfx_aa_sk_perm+0x10/0x10 [ 184.834013][ T9000] ? aa_sock_opt_perm+0xff/0x1b0 [ 184.834036][ T9000] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 184.834058][ T9000] ? __pfx_xsk_setsockopt+0x10/0x10 [ 184.834087][ T9000] do_sock_setsockopt+0x179/0x1b0 [ 184.834115][ T9000] __x64_sys_setsockopt+0x13f/0x1b0 [ 184.834143][ T9000] do_syscall_64+0xfa/0x3b0 [ 184.834160][ T9000] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.834189][ T9000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.834209][ T9000] ? clear_bhb_loop+0x60/0xb0 [ 184.834235][ T9000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.834255][ T9000] RIP: 0033:0x7fe4c3f8ebe9 [ 184.834275][ T9000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.834292][ T9000] RSP: 002b:00007fe4c4e21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 184.834314][ T9000] RAX: ffffffffffffffda RBX: 00007fe4c41c5fa0 RCX: 00007fe4c3f8ebe9 [ 184.834329][ T9000] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 184.834342][ T9000] RBP: 00007fe4c4011e19 R08: 0000000000000004 R09: 0000000000000000 [ 184.834354][ T9000] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.834367][ T9000] R13: 00007fe4c41c6038 R14: 00007fe4c41c5fa0 R15: 00007fff5a1761d8 [ 184.834403][ T9000] [ 184.834425][ T9000] Mem-Info: [ 185.247575][ T9000] active_anon:4948 inactive_anon:0 isolated_anon:0 [ 185.247575][ T9000] active_file:3444 inactive_file:39882 isolated_file:0 [ 185.247575][ T9000] unevictable:768 dirty:150 writeback:0 [ 185.247575][ T9000] slab_reclaimable:10950 slab_unreclaimable:101990 [ 185.247575][ T9000] mapped:30548 shmem:1361 pagetables:1109 [ 185.247575][ T9000] sec_pagetables:0 bounce:0 [ 185.247575][ T9000] kernel_misc_reclaimable:0 [ 185.247575][ T9000] free:1323108 free_pcp:14713 free_cma:0 [ 185.304096][ T9000] Node 0 active_anon:19992kB inactive_anon:0kB active_file:13776kB inactive_file:159324kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122192kB dirty:600kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12552kB pagetables:4384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 185.406466][ T9000] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 185.479111][ T9000] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 185.572172][ T8988] tipc: Resetting bearer [ 185.588834][ T9000] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 185.646248][ T8988] tipc: Disabling bearer [ 185.672020][ T9000] Node 0 DMA32 free:1389960kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20044kB inactive_anon:0kB active_file:13776kB inactive_file:157748kB unevictable:1536kB writepending:600kB present:3129332kB managed:2557452kB mlocked:0kB bounce:0kB free_pcp:37944kB local_pcp:21020kB free_cma:0kB [ 185.788203][ T9000] lowmem_reserve[]: 0 0 1 1 1 [ 185.818071][ T9000] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 185.958976][ T9000] lowmem_reserve[]: 0 0 0 0 0 [ 185.968889][ T9000] Node 1 Normal free:3890428kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21440kB local_pcp:11328kB free_cma:0kB [ 186.104630][ T9000] lowmem_reserve[]: 0 0 0 0 0 [ 186.121511][ T9000] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 186.176539][ T9000] Node 0 DMA32: 875*4kB (UME) 211*8kB (UM) 81*16kB (UM) 64*32kB (UME) 27*64kB (UME) 8*128kB (UM) 2*256kB (UM) 6*512kB (UME) 3*1024kB (UM) 5*2048kB (UME) 333*4096kB (UM) = 1392148kB [ 186.238773][ T9000] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 186.301644][ T9000] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 37*16kB (UME) 64*32kB (UME) 24*64kB (UME) 10*128kB (UME) 5*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 946*4096kB (M) = 3890428kB [ 186.333172][ T9043] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 186.431250][ T9000] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 186.489897][ T9000] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 186.546671][ T9000] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 186.592587][ T9000] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 186.616397][ T9000] 44686 total pagecache pages [ 186.629615][ T9000] 0 pages in swap cache [ 186.637366][ T9000] Free swap = 124996kB [ 186.647464][ T9000] Total swap = 124996kB [ 186.677516][ T9000] 2097051 pages RAM [ 186.702051][ T9000] 0 pages HighMem/MovableOnly [ 186.708824][ T9000] 425662 pages reserved [ 186.721771][ T9000] 0 pages cma reserved [ 186.754053][ T9058] __nla_validate_parse: 5 callbacks suppressed [ 186.754077][ T9058] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1069'. [ 186.812678][ T9058] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1069'. [ 186.873100][ T9062] tipc: Enabled bearer , priority 0 [ 186.889656][ T9062] syzkaller0: entered promiscuous mode [ 186.910771][ T9062] syzkaller0: entered allmulticast mode [ 186.979296][ T9067] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 187.081905][ T9055] tipc: Resetting bearer [ 187.275489][ T9055] tipc: Disabling bearer [ 188.060609][ T9094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1081'. [ 188.072340][ T9094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1081'. [ 188.145923][ T9086] dvmrp0: entered allmulticast mode [ 188.848009][ T9122] siw: device registration error -23 [ 189.599886][ T9150] tipc: Enabled bearer , priority 0 [ 189.616580][ T9150] syzkaller0: entered promiscuous mode [ 189.626414][ T9150] syzkaller0: entered allmulticast mode [ 189.639227][ T9150] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 189.695768][ T9150] tipc: Resetting bearer [ 189.710347][ T9148] tipc: Resetting bearer [ 189.753119][ T9148] tipc: Disabling bearer [ 189.802878][ T9155] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1104'. [ 189.973959][ T9158] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 190.288358][ T9176] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 190.498552][ T9180] batadv1: entered allmulticast mode [ 192.143392][ T9239] : renamed from hsr0 (while UP) [ 192.310743][ T9253] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 194.159991][ T9317] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1158'. [ 194.691414][ T9329] 8021q: VLANs not supported on ip6gre0 [ 194.727310][ T9331] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 195.302753][ T9347] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1170'. [ 195.336400][ T9349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1165'. [ 195.380082][ T9350] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 195.388619][ T9349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1165'. [ 195.424705][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.439044][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.456683][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.498045][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.540552][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.571840][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.648008][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.674903][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.684843][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.696756][ T9354] netlink: 'syz.3.1172': attribute type 3 has an invalid length. [ 195.747316][ T9365] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1175'. [ 196.174748][ T9385] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1184'. [ 196.275331][ T9387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1185'. [ 196.387987][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1187'. [ 196.420299][ T9391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1187'. [ 196.600547][ T9401] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 197.024591][ T9415] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1196'. [ 197.611320][ T9442] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 198.448730][ T9473] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 198.706231][ T9481] syz!: rxe_newlink: already configured on team_slave_0 [ 198.987318][ T9497] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 198.995238][ T9497] IPv6: NLM_F_CREATE should be set when creating new route [ 199.425786][ T9514] __nla_validate_parse: 4 callbacks suppressed [ 199.425807][ T9514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'. [ 199.456578][ T9514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'. [ 199.487376][ T9517] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1241'. [ 199.527579][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.980680][ T9535] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.1248'. [ 200.045261][ T9535] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1248'. [ 200.069821][ T9535] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 200.148576][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1251'. [ 200.307988][ T9541] syz.2.1251 (9541) used greatest stack depth: 17864 bytes left [ 200.718818][ T9548] syzkaller0: entered promiscuous mode [ 200.754383][ T9548] syzkaller0: entered allmulticast mode [ 200.796629][ T13] syzkaller0: tun_net_xmit 48 [ 200.823888][ T9549] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 200.830032][ T9549] syzkaller0: Linktype set failed because interface is up [ 200.884100][ T9563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'. [ 200.927520][ T9563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'. [ 200.971905][ T9560] validate_nla: 19 callbacks suppressed [ 200.971927][ T9560] netlink: 'syz.2.1258': attribute type 6 has an invalid length. [ 201.002057][ T9560] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1258'. [ 202.551325][ T9567] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 203.011541][ T9592] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1271'. [ 204.279559][ T9635] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.299548][ T9642] FAULT_INJECTION: forcing a failure. [ 204.299548][ T9642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 204.323227][ T9635] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.331064][ T9635] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.346590][ T9642] CPU: 1 UID: 0 PID: 9642 Comm: syz.2.1292 Not tainted syzkaller #0 PREEMPT(full) [ 204.346619][ T9642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 204.346632][ T9642] Call Trace: [ 204.346640][ T9642] [ 204.346649][ T9642] dump_stack_lvl+0x189/0x250 [ 204.346680][ T9642] ? __pfx____ratelimit+0x10/0x10 [ 204.346711][ T9642] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.346736][ T9642] ? __pfx__printk+0x10/0x10 [ 204.346789][ T9642] should_fail_ex+0x414/0x560 [ 204.346823][ T9642] _copy_to_user+0x31/0xb0 [ 204.346850][ T9642] simple_read_from_buffer+0xe1/0x170 [ 204.346885][ T9642] proc_fail_nth_read+0x1b3/0x220 [ 204.346917][ T9642] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 204.346944][ T9642] ? rw_verify_area+0x2a6/0x4d0 [ 204.346969][ T9642] ? __lock_acquire+0xab9/0xd20 [ 204.346997][ T9642] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 204.347022][ T9642] vfs_read+0x1fd/0xa30 [ 204.347047][ T9642] ? fdget_pos+0x247/0x320 [ 204.347070][ T9642] ? __pfx___mutex_lock+0x10/0x10 [ 204.347089][ T9642] ? __pfx_vfs_read+0x10/0x10 [ 204.347117][ T9642] ? __fget_files+0x2a/0x420 [ 204.347157][ T9642] ? __fget_files+0x3a0/0x420 [ 204.347187][ T9642] ? __fget_files+0x2a/0x420 [ 204.347228][ T9642] ksys_read+0x145/0x250 [ 204.347257][ T9642] ? __pfx_ksys_read+0x10/0x10 [ 204.347280][ T9642] ? rcu_is_watching+0x15/0xb0 [ 204.347307][ T9642] ? do_syscall_64+0xbe/0x3b0 [ 204.347330][ T9642] do_syscall_64+0xfa/0x3b0 [ 204.347347][ T9642] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.347375][ T9642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.347393][ T9642] ? clear_bhb_loop+0x60/0xb0 [ 204.347416][ T9642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.347434][ T9642] RIP: 0033:0x7fb5e6f8d5fc [ 204.347452][ T9642] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 204.347469][ T9642] RSP: 002b:00007fb5e7eb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 204.347489][ T9642] RAX: ffffffffffffffda RBX: 00007fb5e71c5fa0 RCX: 00007fb5e6f8d5fc [ 204.347503][ T9642] RDX: 000000000000000f RSI: 00007fb5e7eb50a0 RDI: 0000000000000005 [ 204.347515][ T9642] RBP: 00007fb5e7eb5090 R08: 0000000000000000 R09: 0000000000000000 [ 204.347527][ T9642] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001 [ 204.347539][ T9642] R13: 00007fb5e71c6038 R14: 00007fb5e71c5fa0 R15: 00007fff8704f598 [ 204.347572][ T9642] [ 204.700520][ T9645] netdevsim netdevsim4: Firmware load for './file0/../file0' refused, path contains '..' component [ 204.739372][ T9647] Bluetooth: MGMT ver 1.23 [ 204.803254][ T9649] net_ratelimit: 12 callbacks suppressed [ 204.803273][ T9649] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 205.088478][ T9659] bridge_slave_0: left allmulticast mode [ 205.116010][ T9659] bridge_slave_0: left promiscuous mode [ 205.152900][ T9659] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.180889][ T9663] FAULT_INJECTION: forcing a failure. [ 205.180889][ T9663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.223361][ T9659] bridge_slave_1: left allmulticast mode [ 205.234080][ T9663] CPU: 1 UID: 0 PID: 9663 Comm: syz.4.1301 Not tainted syzkaller #0 PREEMPT(full) [ 205.234111][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 205.234125][ T9663] Call Trace: [ 205.234133][ T9663] [ 205.234143][ T9663] dump_stack_lvl+0x189/0x250 [ 205.234176][ T9663] ? __pfx____ratelimit+0x10/0x10 [ 205.234209][ T9663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.234244][ T9663] ? __pfx__printk+0x10/0x10 [ 205.234276][ T9663] ? __might_fault+0xb0/0x130 [ 205.234320][ T9663] should_fail_ex+0x414/0x560 [ 205.234366][ T9663] _copy_from_user+0x2d/0xb0 [ 205.234394][ T9663] ___sys_sendmsg+0x158/0x2a0 [ 205.234425][ T9663] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.234497][ T9663] ? __fget_files+0x2a/0x420 [ 205.234529][ T9663] ? __fget_files+0x3a0/0x420 [ 205.234576][ T9663] __x64_sys_sendmsg+0x19b/0x260 [ 205.234605][ T9663] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 205.234643][ T9663] ? __pfx_ksys_write+0x10/0x10 [ 205.234669][ T9663] ? rcu_is_watching+0x15/0xb0 [ 205.234700][ T9663] ? do_syscall_64+0xbe/0x3b0 [ 205.234726][ T9663] do_syscall_64+0xfa/0x3b0 [ 205.234773][ T9663] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.234805][ T9663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.234828][ T9663] ? clear_bhb_loop+0x60/0xb0 [ 205.234856][ T9663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.234879][ T9663] RIP: 0033:0x7fe4c3f8ebe9 [ 205.234899][ T9663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.234919][ T9663] RSP: 002b:00007fe4c4e21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.234954][ T9663] RAX: ffffffffffffffda RBX: 00007fe4c41c5fa0 RCX: 00007fe4c3f8ebe9 [ 205.234971][ T9663] RDX: 0000000028008004 RSI: 0000200000003740 RDI: 0000000000000003 [ 205.234986][ T9663] RBP: 00007fe4c4e21090 R08: 0000000000000000 R09: 0000000000000000 [ 205.235000][ T9663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.235014][ T9663] R13: 00007fe4c41c6038 R14: 00007fe4c41c5fa0 R15: 00007fff5a1761d8 [ 205.235052][ T9663] [ 205.567736][ T9659] bridge_slave_1: left promiscuous mode [ 205.579722][ T9659] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.713322][ T9677] __nla_validate_parse: 5 callbacks suppressed [ 205.713354][ T9677] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1302'. [ 205.752675][ T9659] bond0: (slave bond_slave_0): Releasing backup interface [ 205.777228][ T9677] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1302'. [ 205.814528][ T9659] bond0: (slave bond_slave_1): Releasing backup interface [ 205.836751][ T9659] team0: Port device team_slave_0 removed [ 205.849144][ T9683] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1308'. [ 205.869048][ T9659] team0: Port device team_slave_1 removed [ 205.887527][ T9659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.911693][ T9659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.934102][ T9659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.946728][ T9659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.464349][ T9700] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 206.628172][ T9707] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 206.740891][ T9711] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1320'. [ 207.051430][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 207.064922][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 207.560937][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1334'. [ 207.987293][ T9747] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.025490][ T9747] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.034427][ T9747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.195282][ T9765] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1343'. [ 208.478110][ T9776] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.1348'. [ 208.489664][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1347'. [ 209.313422][ T9798] FAULT_INJECTION: forcing a failure. [ 209.313422][ T9798] name failslab, interval 1, probability 0, space 0, times 0 [ 209.380473][ T9798] CPU: 0 UID: 0 PID: 9798 Comm: syz.1.1357 Not tainted syzkaller #0 PREEMPT(full) [ 209.380502][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 209.380515][ T9798] Call Trace: [ 209.380523][ T9798] [ 209.380532][ T9798] dump_stack_lvl+0x189/0x250 [ 209.380562][ T9798] ? __pfx____ratelimit+0x10/0x10 [ 209.380594][ T9798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.380618][ T9798] ? __pfx__printk+0x10/0x10 [ 209.380654][ T9798] ? __pfx___might_resched+0x10/0x10 [ 209.380679][ T9798] should_fail_ex+0x414/0x560 [ 209.380713][ T9798] should_failslab+0xa8/0x100 [ 209.380745][ T9798] __kmalloc_noprof+0xcb/0x4f0 [ 209.380772][ T9798] ? sctp_auth_set_key+0x299/0x930 [ 209.380807][ T9798] sctp_auth_set_key+0x299/0x930 [ 209.380844][ T9798] ? __local_bh_enable_ip+0x12d/0x1c0 [ 209.380869][ T9798] sctp_setsockopt_auth_key+0x399/0x640 [ 209.380902][ T9798] sctp_setsockopt+0x506/0x1200 [ 209.380922][ T9798] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 209.380956][ T9798] do_sock_setsockopt+0x179/0x1b0 [ 209.380985][ T9798] __x64_sys_setsockopt+0x13f/0x1b0 [ 209.381013][ T9798] do_syscall_64+0xfa/0x3b0 [ 209.381031][ T9798] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.381060][ T9798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.381091][ T9798] ? clear_bhb_loop+0x60/0xb0 [ 209.381116][ T9798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.381135][ T9798] RIP: 0033:0x7f8f4118ebe9 [ 209.381154][ T9798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.381171][ T9798] RSP: 002b:00007f8f41f44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 209.381192][ T9798] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118ebe9 [ 209.381207][ T9798] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003 [ 209.381219][ T9798] RBP: 00007f8f41f44090 R08: 0000000000000009 R09: 0000000000000000 [ 209.381232][ T9798] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 209.381244][ T9798] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 209.381277][ T9798] [ 209.881886][ T9815] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 210.132182][ T9819] ipvlan0: entered promiscuous mode [ 210.186399][ T9819] ipvlan0: entered allmulticast mode [ 210.872522][ T9849] FAULT_INJECTION: forcing a failure. [ 210.872522][ T9849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.896269][ T9849] CPU: 0 UID: 0 PID: 9849 Comm: syz.1.1377 Not tainted syzkaller #0 PREEMPT(full) [ 210.896298][ T9849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.896310][ T9849] Call Trace: [ 210.896318][ T9849] [ 210.896328][ T9849] dump_stack_lvl+0x189/0x250 [ 210.896358][ T9849] ? __pfx____ratelimit+0x10/0x10 [ 210.896389][ T9849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.896414][ T9849] ? __pfx__printk+0x10/0x10 [ 210.896457][ T9849] should_fail_ex+0x414/0x560 [ 210.896492][ T9849] _copy_to_user+0x31/0xb0 [ 210.896520][ T9849] simple_read_from_buffer+0xe1/0x170 [ 210.896555][ T9849] proc_fail_nth_read+0x1b3/0x220 [ 210.896582][ T9849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.896610][ T9849] ? rw_verify_area+0x2a6/0x4d0 [ 210.896635][ T9849] ? __lock_acquire+0xab9/0xd20 [ 210.896664][ T9849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.896689][ T9849] vfs_read+0x1fd/0xa30 [ 210.896714][ T9849] ? fdget_pos+0x247/0x320 [ 210.896735][ T9849] ? __pfx___mutex_lock+0x10/0x10 [ 210.896754][ T9849] ? __pfx_vfs_read+0x10/0x10 [ 210.896782][ T9849] ? __fget_files+0x2a/0x420 [ 210.896817][ T9849] ? __fget_files+0x3a0/0x420 [ 210.896846][ T9849] ? __fget_files+0x2a/0x420 [ 210.896886][ T9849] ksys_read+0x145/0x250 [ 210.896924][ T9849] ? __pfx_ksys_read+0x10/0x10 [ 210.896957][ T9849] ? do_syscall_64+0xbe/0x3b0 [ 210.896981][ T9849] do_syscall_64+0xfa/0x3b0 [ 210.896999][ T9849] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.897028][ T9849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.897048][ T9849] ? clear_bhb_loop+0x60/0xb0 [ 210.897074][ T9849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.897094][ T9849] RIP: 0033:0x7f8f4118d5fc [ 210.897111][ T9849] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 210.897129][ T9849] RSP: 002b:00007f8f41f44030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 210.897149][ T9849] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118d5fc [ 210.897165][ T9849] RDX: 000000000000000f RSI: 00007f8f41f440a0 RDI: 0000000000000004 [ 210.897177][ T9849] RBP: 00007f8f41f44090 R08: 0000000000000000 R09: 0000000000000000 [ 210.897188][ T9849] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 210.897200][ T9849] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 210.897235][ T9849] [ 211.194225][ T9853] __nla_validate_parse: 5 callbacks suppressed [ 211.194247][ T9853] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1378'. [ 211.255508][ T9857] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 211.367366][ T9859] openvswitch: netlink: Flow actions attr not present in new flow. [ 211.413865][ T9863] netlink: 'syz.4.1382': attribute type 3 has an invalid length. [ 211.774095][ T9878] netlink: 212388 bytes leftover after parsing attributes in process `syz.1.1389'. [ 211.844017][ T9878] openvswitch: netlink: Message has 5 unknown bytes. [ 212.039942][ T9891] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 212.184669][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1398'. [ 212.222610][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1398'. [ 212.236602][ T9900] openvswitch: netlink: Flow actions attr not present in new flow. [ 212.270062][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1398'. [ 212.330265][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1398'. [ 212.384406][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1398'. [ 212.480238][ T9909] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1401'. [ 212.743184][ T9922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1407'. [ 212.771769][ T9922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1407'. [ 212.898876][ T9926] netlink: 'syz.3.1408': attribute type 1 has an invalid length. [ 212.931008][ T9928] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 213.196822][ T9930] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 213.210341][ T9930] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 213.268221][ T9934] gretap0: entered promiscuous mode [ 213.287461][ T9934] bond2: (slave gretap0): making interface the new active one [ 213.300225][ T9934] bond2: (slave gretap0): Enslaving as an active interface with an up link [ 214.928048][T10000] openvswitch: netlink: Message has 5 unknown bytes. [ 215.560706][T10004] C: renamed from team_slave_0 (while UP) [ 215.570391][T10004] netlink: 'syz.4.1438': attribute type 1 has an invalid length. [ 215.608395][T10004] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 215.817805][T10036] netlink: 'syz.2.1451': attribute type 29 has an invalid length. [ 215.883198][T10037] rdma_rxe: rxe_newlink: failed to add bond0 [ 215.913788][T10036] bridge_slave_1 (unregistering): left allmulticast mode [ 215.935120][T10036] bridge_slave_1 (unregistering): left promiscuous mode [ 215.959758][T10036] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.424468][T10059] netlink: 'syz.2.1459': attribute type 1 has an invalid length. [ 216.458322][T10059] __nla_validate_parse: 7 callbacks suppressed [ 216.458348][T10059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1459'. [ 216.506294][T10062] netlink: 'syz.2.1459': attribute type 1 has an invalid length. [ 216.514624][T10062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1459'. [ 216.553668][T10070] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1462'. [ 216.597721][T10058] pim6reg527: entered allmulticast mode [ 216.870873][T10083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1468'. [ 216.967192][ T5882] Bluetooth: hci3: command 0x0406 tx timeout [ 216.970920][ T5870] Bluetooth: hci1: command 0x0406 tx timeout [ 216.980657][ T5881] Bluetooth: hci0: command 0x0406 tx timeout [ 216.980718][ T5881] Bluetooth: hci2: command 0x0406 tx timeout [ 217.155857][T10079] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.174780][T10079] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.184501][T10079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.908109][T10123] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1482'. [ 218.017495][T10131] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1484'. [ 218.642760][T10155] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 218.690837][T10161] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1495'. [ 218.884641][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'. [ 218.904103][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'. [ 219.105845][T10184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1503'. [ 219.617856][T10203] unknown channel width for channel at 909000KHz? [ 219.641254][T10203] unknown channel width for channel at 909000KHz? [ 219.674290][T10203] unknown channel width for channel at 909000KHz? [ 219.998595][T10219] 8021q: VLANs not supported on gre0 [ 220.145251][T10225] netlink: 'syz.4.1526': attribute type 1 has an invalid length. [ 220.183220][T10225] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 220.368122][T10232] team0: Device ip6gre1 is of different type [ 220.790277][T10253] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 220.834195][T10254] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12 [ 221.266050][T10272] bond2: entered promiscuous mode [ 221.271321][T10272] bond2: entered allmulticast mode [ 221.278812][T10272] 8021q: adding VLAN 0 to HW filter on device bond2 [ 221.469161][T10272] bond2 (unregistering): Released all slaves [ 221.611368][T10287] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 222.153942][T10310] FAULT_INJECTION: forcing a failure. [ 222.153942][T10310] name failslab, interval 1, probability 0, space 0, times 0 [ 222.169038][T10310] CPU: 0 UID: 0 PID: 10310 Comm: syz.1.1560 Not tainted syzkaller #0 PREEMPT(full) [ 222.169066][T10310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 222.169080][T10310] Call Trace: [ 222.169089][T10310] [ 222.169097][T10310] dump_stack_lvl+0x189/0x250 [ 222.169128][T10310] ? __pfx____ratelimit+0x10/0x10 [ 222.169159][T10310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.169184][T10310] ? __pfx__printk+0x10/0x10 [ 222.169215][T10310] ? __lock_acquire+0xab9/0xd20 [ 222.169258][T10310] should_fail_ex+0x414/0x560 [ 222.169292][T10310] should_failslab+0xa8/0x100 [ 222.169325][T10310] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 222.169354][T10310] ? __alloc_skb+0x112/0x2d0 [ 222.169379][T10310] __alloc_skb+0x112/0x2d0 [ 222.169404][T10310] skb_copy+0x188/0x800 [ 222.169443][T10310] mac80211_hwsim_tx_frame_no_nl+0xcd3/0x11c0 [ 222.169487][T10310] ? __pfx_mac80211_hwsim_tx_frame_no_nl+0x10/0x10 [ 222.169542][T10310] ? mac80211_hwsim_monitor_rx+0x1d7/0x880 [ 222.169570][T10310] mac80211_hwsim_tx+0x1855/0x25d0 [ 222.169604][T10310] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 222.169633][T10310] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 222.169675][T10310] ieee80211_tx_frags+0x3de/0x8b0 [ 222.169714][T10310] ? __pfx_ieee80211_tx_frags+0x10/0x10 [ 222.169759][T10310] __ieee80211_tx+0x23f/0x570 [ 222.169793][T10310] ieee80211_tx+0x2e7/0x420 [ 222.169817][T10310] ? __pfx_ieee80211_tx+0x10/0x10 [ 222.169873][T10310] ? ieee80211_xmit+0x315/0x400 [ 222.169897][T10310] ? __ieee80211_tx_skb_tid_band+0x4cb/0x680 [ 222.169921][T10310] __ieee80211_tx_skb_tid_band+0x50f/0x680 [ 222.169947][T10310] ? ieee80211_tx_skb_tid+0x2f/0x420 [ 222.169973][T10310] ieee80211_tx_skb_tid+0x266/0x420 [ 222.170002][T10310] ieee80211_mgmt_tx+0x1c25/0x21d0 [ 222.170042][T10310] ? ieee80211_mgmt_tx+0xab0/0x21d0 [ 222.170083][T10310] cfg80211_mlme_mgmt_tx+0x7b9/0x1420 [ 222.170126][T10310] nl80211_tx_mgmt+0x9fd/0xd50 [ 222.170173][T10310] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 222.170204][T10310] ? __pfx_netdev_run_todo+0x10/0x10 [ 222.170234][T10310] ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10 [ 222.170275][T10310] ? nl80211_pre_doit+0x4f1/0x930 [ 222.170307][T10310] genl_family_rcv_msg_doit+0x212/0x300 [ 222.170342][T10310] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 222.170384][T10310] ? bpf_lsm_capable+0x9/0x20 [ 222.170411][T10310] ? security_capable+0x7e/0x2e0 [ 222.170451][T10310] genl_rcv_msg+0x60e/0x790 [ 222.170483][T10310] ? __pfx_genl_rcv_msg+0x10/0x10 [ 222.170506][T10310] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 222.170526][T10310] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 222.170554][T10310] ? __pfx_nl80211_post_doit+0x10/0x10 [ 222.170596][T10310] netlink_rcv_skb+0x208/0x470 [ 222.170625][T10310] ? __lock_acquire+0xab9/0xd20 [ 222.170654][T10310] ? __pfx_genl_rcv_msg+0x10/0x10 [ 222.170680][T10310] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 222.170736][T10310] ? down_read+0x1ad/0x2e0 [ 222.170766][T10310] genl_rcv+0x28/0x40 [ 222.170788][T10310] netlink_unicast+0x82f/0x9e0 [ 222.170827][T10310] ? __pfx_netlink_unicast+0x10/0x10 [ 222.170858][T10310] ? netlink_sendmsg+0x642/0xb30 [ 222.170874][T10310] ? skb_put+0x11b/0x210 [ 222.170899][T10310] netlink_sendmsg+0x805/0xb30 [ 222.170949][T10310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.170973][T10310] ? aa_sock_msg_perm+0xf1/0x1d0 [ 222.170995][T10310] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 222.171017][T10310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.171037][T10310] __sock_sendmsg+0x219/0x270 [ 222.171070][T10310] ____sys_sendmsg+0x505/0x830 [ 222.171100][T10310] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.171134][T10310] ? import_iovec+0x74/0xa0 [ 222.171164][T10310] ___sys_sendmsg+0x21f/0x2a0 [ 222.171189][T10310] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.171259][T10310] ? __fget_files+0x2a/0x420 [ 222.171288][T10310] ? __fget_files+0x3a0/0x420 [ 222.171332][T10310] __x64_sys_sendmsg+0x19b/0x260 [ 222.171358][T10310] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 222.171394][T10310] ? __pfx_ksys_write+0x10/0x10 [ 222.171428][T10310] ? do_syscall_64+0xbe/0x3b0 [ 222.171452][T10310] do_syscall_64+0xfa/0x3b0 [ 222.171469][T10310] ? lockdep_hardirqs_on+0x9c/0x150 [ 222.171498][T10310] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.171519][T10310] ? clear_bhb_loop+0x60/0xb0 [ 222.171544][T10310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.171567][T10310] RIP: 0033:0x7f8f4118ebe9 [ 222.171587][T10310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.171604][T10310] RSP: 002b:00007f8f41f44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.171624][T10310] RAX: ffffffffffffffda RBX: 00007f8f413c5fa0 RCX: 00007f8f4118ebe9 [ 222.171639][T10310] RDX: 0000000028008004 RSI: 0000200000003740 RDI: 0000000000000003 [ 222.171652][T10310] RBP: 00007f8f41f44090 R08: 0000000000000000 R09: 0000000000000000 [ 222.171665][T10310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.171677][T10310] R13: 00007f8f413c6038 R14: 00007f8f413c5fa0 R15: 00007fff8ec61ea8 [ 222.171711][T10310] [ 222.922698][T10326] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 222.977513][T10329] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 223.378863][T10343] tipc: Enabled bearer , priority 0 [ 223.716381][T10343] syzkaller0: entered promiscuous mode [ 223.724001][T10343] syzkaller0: entered allmulticast mode [ 223.735086][T10343] tipc: Resetting bearer [ 224.000361][T10359] syz2: rxe_newlink: already configured on vxcan1 [ 224.011507][T10331] tipc: Resetting bearer [ 224.020196][T10360] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 224.189284][T10365] __nla_validate_parse: 3 callbacks suppressed [ 224.189305][T10365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1579'. [ 224.294171][T10369] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1578'. [ 224.447900][ T5959] tipc: Node number set to 157470574 [ 225.980364][T10331] tipc: Disabling bearer [ 226.137469][T10389] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1588'. [ 226.178158][T10393] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 226.398725][T10400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1592'. [ 226.431315][T10400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1592'. [ 226.517565][T10406] netlink: 'syz.1.1596': attribute type 12 has an invalid length. [ 226.525692][T10406] netlink: 'syz.1.1596': attribute type 29 has an invalid length. [ 226.551675][T10406] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1596'. [ 226.560836][T10406] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1596'. [ 226.604868][T10406] netlink: 'syz.1.1596': attribute type 29 has an invalid length. [ 226.641326][T10413] FAULT_INJECTION: forcing a failure. [ 226.641326][T10413] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.652354][T10406] netlink: 'syz.1.1596': attribute type 29 has an invalid length. [ 226.698007][T10413] CPU: 0 UID: 0 PID: 10413 Comm: syz.2.1599 Not tainted syzkaller #0 PREEMPT(full) [ 226.698038][T10413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.698051][T10413] Call Trace: [ 226.698060][T10413] [ 226.698068][T10413] dump_stack_lvl+0x189/0x250 [ 226.698099][T10413] ? __pfx____ratelimit+0x10/0x10 [ 226.698129][T10413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.698154][T10413] ? __pfx__printk+0x10/0x10 [ 226.698198][T10413] should_fail_ex+0x414/0x560 [ 226.698231][T10413] _copy_to_user+0x31/0xb0 [ 226.698259][T10413] simple_read_from_buffer+0xe1/0x170 [ 226.698295][T10413] proc_fail_nth_read+0x1b3/0x220 [ 226.698322][T10413] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.698349][T10413] ? rw_verify_area+0x2a6/0x4d0 [ 226.698374][T10413] ? __lock_acquire+0xab9/0xd20 [ 226.698401][T10413] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.698427][T10413] vfs_read+0x1fd/0xa30 [ 226.698452][T10413] ? fdget_pos+0x247/0x320 [ 226.698521][T10413] ? __pfx___mutex_lock+0x10/0x10 [ 226.698542][T10413] ? __pfx_vfs_read+0x10/0x10 [ 226.698571][T10413] ? __fget_files+0x2a/0x420 [ 226.698607][T10413] ? __fget_files+0x3a0/0x420 [ 226.698637][T10413] ? __fget_files+0x2a/0x420 [ 226.698685][T10413] ksys_read+0x145/0x250 [ 226.698715][T10413] ? __pfx_ksys_read+0x10/0x10 [ 226.698738][T10413] ? rcu_is_watching+0x15/0xb0 [ 226.698766][T10413] ? do_syscall_64+0xbe/0x3b0 [ 226.698790][T10413] do_syscall_64+0xfa/0x3b0 [ 226.698807][T10413] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.698837][T10413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.698857][T10413] ? clear_bhb_loop+0x60/0xb0 [ 226.698884][T10413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.698904][T10413] RIP: 0033:0x7fb5e6f8d5fc [ 226.698922][T10413] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 226.698940][T10413] RSP: 002b:00007fb5e7eb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 226.698963][T10413] RAX: ffffffffffffffda RBX: 00007fb5e71c5fa0 RCX: 00007fb5e6f8d5fc [ 226.698978][T10413] RDX: 000000000000000f RSI: 00007fb5e7eb50a0 RDI: 0000000000000004 [ 226.698991][T10413] RBP: 00007fb5e7eb5090 R08: 0000000000000000 R09: 0000000000000000 [ 226.699004][T10413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.699016][T10413] R13: 00007fb5e71c6038 R14: 00007fb5e71c5fa0 R15: 00007fff8704f598 [ 226.699051][T10413] [ 227.032981][T10417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1602'. [ 227.076606][T10416] netlink: 'syz.4.1600': attribute type 7 has an invalid length. [ 227.100073][T10416] netlink: 'syz.4.1600': attribute type 8 has an invalid length. [ 227.191120][T10423] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 227.204070][T10423] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 227.212706][T10423] CPU: 1 UID: 0 PID: 10423 Comm: syz.2.1604 Not tainted syzkaller #0 PREEMPT(full) [ 227.222532][T10423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 227.232994][T10423] RIP: 0010:xfrm_state_find+0x4c9b/0x5400 [ 227.238753][T10423] Code: 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ff e8 79 36 02 f8 49 8b 1f 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 47 37 02 f8 4c 89 23 48 b8 00 00 00 [ 227.258945][T10423] RSP: 0018:ffffc9001c61f400 EFLAGS: 00010246 [ 227.265676][T10423] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 227.273688][T10423] RDX: ffffc9000c34c000 RSI: 0000000000000928 RDI: 0000000000000929 [ 227.281851][T10423] RBP: ffffc9001c61f620 R08: ffff888078f35a00 R09: 0000000000000002 [ 227.290373][T10423] R10: 000000000000000a R11: 0000000000000002 R12: ffff888058f86ee8 [ 227.298474][T10423] R13: ffff888058f86ec0 R14: ffff888058f848a8 R15: ffff888058f86ef0 [ 227.306495][T10423] FS: 00007fb5e7eb56c0(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000 [ 227.315494][T10423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 227.322105][T10423] CR2: 000000110c33fd27 CR3: 000000005bf0c000 CR4: 00000000003526f0 [ 227.330181][T10423] Call Trace: [ 227.333832][T10423] [ 227.336784][T10423] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 227.343140][T10423] ? xfrm_state_find+0x1da/0x5400 [ 227.348211][T10423] ? __pfx_xfrm_state_find+0x10/0x10 [ 227.353525][T10423] ? kasan_save_stack+0x4d/0x60 [ 227.358437][T10423] ? kasan_save_stack+0x3e/0x60 [ 227.363414][T10423] ? kasan_record_aux_stack+0xbd/0xd0 [ 227.369064][T10423] ? ip_route_output_key_hash_rcu+0x196a/0x23e0 [ 227.375322][T10423] ? ip_route_output_key_hash+0x1b9/0x2e0 [ 227.381165][T10423] ? __ip4_datagram_connect+0x8f4/0x1270 [ 227.387021][T10423] ? __ip6_datagram_connect+0x9f0/0x1150 [ 227.393143][T10423] ? ip6_datagram_connect_v6_only+0x63/0xa0 [ 227.399075][T10423] ? __x64_sys_connect+0x7a/0x90 [ 227.404069][T10423] ? do_syscall_64+0xfa/0x3b0 [ 227.409229][T10423] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.415329][T10423] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 227.421525][T10423] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 227.428152][T10423] ? __lock_acquire+0xab9/0xd20 [ 227.433129][T10423] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 227.438524][T10423] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 227.444004][T10423] ? xfrm_expand_policies+0x41f/0x6a0 [ 227.449487][T10423] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 227.454885][T10423] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 227.461413][T10423] ? rcuref_put+0x1b7/0x210 [ 227.465946][T10423] ? __pfx_rcuref_put+0x10/0x10 [ 227.470820][T10423] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 227.476446][T10423] xfrm_lookup_route+0x3c/0x1c0 [ 227.481495][T10423] __ip4_datagram_connect+0x9a5/0x1270 [ 227.486983][T10423] __ip6_datagram_connect+0x9f0/0x1150 [ 227.492473][T10423] ? __pfx___ip6_datagram_connect+0x10/0x10 [ 227.498384][T10423] ? __local_bh_enable_ip+0x12d/0x1c0 [ 227.503948][T10423] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 227.509698][T10423] ip6_datagram_connect_v6_only+0x63/0xa0 [ 227.515735][T10423] __sys_connect+0x313/0x440 [ 227.520462][T10423] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 227.526483][T10423] ? __pfx___sys_connect+0x10/0x10 [ 227.531726][T10423] __x64_sys_connect+0x7a/0x90 [ 227.536528][T10423] do_syscall_64+0xfa/0x3b0 [ 227.541141][T10423] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.546506][T10423] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.553730][T10423] ? clear_bhb_loop+0x60/0xb0 [ 227.558495][T10423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.566573][T10423] RIP: 0033:0x7fb5e6f8ebe9 [ 227.572162][T10423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.593118][T10423] RSP: 002b:00007fb5e7eb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 227.602349][T10423] RAX: ffffffffffffffda RBX: 00007fb5e71c5fa0 RCX: 00007fb5e6f8ebe9 [ 227.611051][T10423] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 227.619090][T10423] RBP: 00007fb5e7011e19 R08: 0000000000000000 R09: 0000000000000000 [ 227.627303][T10423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.635695][T10423] R13: 00007fb5e71c6038 R14: 00007fb5e71c5fa0 R15: 00007fff8704f598 [ 227.644053][T10423] [ 227.647204][T10423] Modules linked in: [ 227.651432][T10423] ---[ end trace 0000000000000000 ]--- [ 227.657311][T10423] RIP: 0010:xfrm_state_find+0x4c9b/0x5400 [ 227.663386][T10423] Code: 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ff e8 79 36 02 f8 49 8b 1f 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 47 37 02 f8 4c 89 23 48 b8 00 00 00 [ 227.683972][T10423] RSP: 0018:ffffc9001c61f400 EFLAGS: 00010246 [ 227.690927][T10423] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 227.699455][T10423] RDX: ffffc9000c34c000 RSI: 0000000000000928 RDI: 0000000000000929 [ 227.706659][T10424] pimreg: entered allmulticast mode [ 227.708263][T10423] RBP: ffffc9001c61f620 R08: ffff888078f35a00 R09: 0000000000000002 [ 227.722366][T10423] R10: 000000000000000a R11: 0000000000000002 R12: ffff888058f86ee8 [ 227.730868][T10423] R13: ffff888058f86ec0 R14: ffff888058f848a8 R15: ffff888058f86ef0 [ 227.739457][T10423] FS: 00007fb5e7eb56c0(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000 [ 227.749476][T10423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 227.752088][T10427] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1605'. [ 227.756481][T10423] CR2: 000000110c33fd27 CR3: 000000005bf0c000 CR4: 00000000003526f0 [ 227.774646][T10423] Kernel panic - not syncing: Fatal exception in interrupt [ 227.782724][T10423] Kernel Offset: disabled [ 227.787353][T10423] Rebooting in 86400 seconds..