last executing test programs: 9.252368683s ago: executing program 1 (id=2489): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xf0b, 0xfffffffd, 0x203, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x800000003b9aca00}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x44040) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40050) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x181000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101}) unshare(0x4000600) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x300, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40901}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r10 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r10, &(0x7f00000003c0)={0xa, 0x4e24, 0x20f, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x1ff}, 0x1c) r11 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'geneve1\x00', 0x0}) sendto$packet(r11, &(0x7f0000000000)="3f03fe7fd877140006001e0089e9", 0xe, 0x40800, &(0x7f0000000080)={0xc9, 0x86dd, r12, 0x1, 0xfc}, 0x14) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x2, 0xa}, {}, {0xffff}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x20, 0x2, [@TCA_CGROUP_EMATCHES={0x1c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x1, 0x9, 0x6}}}]}, @TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x400c080}, 0x4800) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) r13 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$packet_int(r13, 0x107, 0x13, 0x0, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=@hopopts={0x73, 0x3, '\x00', [@hao={0xc9, 0x10, @mcast1}, @jumbo={0xc2, 0x4, 0x80}, @pad1]}, 0x28) 5.750019695s ago: executing program 1 (id=2541): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @initr0, @alu={0x6, 0x0, 0x3, 0xa, 0x8, 0x2}, @printk={@lx, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x94) 5.605138745s ago: executing program 1 (id=2544): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3}, 0x18) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 5.133478291s ago: executing program 1 (id=2549): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x40020000) close(0x3) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0xfffe}], 0x1}, 0x0) 4.800255586s ago: executing program 1 (id=2554): read(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) unshare(0x62040200) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000080)={'nat\x00', 0x0, [0x5a2, 0x3, 0x7, 0xa0, 0xdc63]}, &(0x7f0000000000)=0x54) 2.218178246s ago: executing program 2 (id=2573): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) 2.187102076s ago: executing program 0 (id=2574): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x40}}, 0x0) 2.069894084s ago: executing program 2 (id=2575): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000001000050700bbc0000000010007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001800120008000100736974000c0002000800020006"], 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000100001042dbd70000000000000000000", @ANYRES32=r4, @ANYBLOB="00000000000000001800128008000100736974000c00028006000f0002f10000cfd84f449d945c7834f58c3ac91c264556a9b30e094e34eed16361eb6b4c1be1a040d13a436d642a9a1b8fc6f49b57d38d9b9ca7b53b53e454e8f10ba2250380966bd03808e6294642a605e57d7568ff0ff0e80cd43947144431305a926992c623fd13a9d65fccd9cddda39fca47dcf8c9f43b5c5f4975786adcbf18b72a333406fd"], 0x38}}, 0x0) 1.858253465s ago: executing program 2 (id=2579): socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) unshare(0x28000600) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) read(r2, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r4}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='signal_deliver\x00', r4, 0x0, 0x81}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="54001e0020af8e22ef9ee083da47c14ac7c7313467e80664fc624b25954e67", @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564703a73797a3200000000"], 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a"], 0x34}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e24, 0x2, @mcast2, 0x4}}, [0x4e00000000000000, 0x9, 0x7ff, 0xddfa, 0x7594c29c, 0x1, 0xff, 0x0, 0x7, 0xff, 0x5, 0x9, 0x287a, 0x1, 0xe]}, &(0x7f0000000340)=0x100) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, &(0x7f0000000440)={r6, @in={{0x2, 0x4e21, @loopback}}}, 0x84) 1.857927356s ago: executing program 4 (id=2580): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x0) 1.805880011s ago: executing program 3 (id=2581): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000060006000300000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.702009644s ago: executing program 0 (id=2582): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b701000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a001f"], 0x54}, 0x1, 0x0, 0x0, 0x8080}, 0x0) 747.534857ms ago: executing program 0 (id=2583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1200000024000000040000000200000000000000", @ANYRES32, @ANYBLOB="000000000100"], 0x48) 739.936424ms ago: executing program 4 (id=2584): bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8000802}, 0x10) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="640100004a00010200000000000000000a"], 0x164}, 0x1, 0x0, 0x0, 0x804}, 0x0) 673.994065ms ago: executing program 3 (id=2585): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 671.014898ms ago: executing program 2 (id=2586): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="0000000040800000180012800800010073697400"], 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) 591.749115ms ago: executing program 0 (id=2587): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0xe, 0x5c, &(0x7f0000000100)="e0857f9f582f0300000000001000", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 538.602882ms ago: executing program 3 (id=2588): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_newroute={0x28, 0x19, 0x1, 0x0, 0x0, {0xa, 0x14, 0x0, 0x0, 0x0, 0x4, 0xfe}, [@RTA_MULTIPATH={0xc, 0x9, {0x8, 0x8, 0xdf}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x84) 477.79834ms ago: executing program 4 (id=2589): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x18) listen(r1, 0x3) 426.659068ms ago: executing program 2 (id=2590): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"}) 341.470695ms ago: executing program 3 (id=2591): r0 = socket$inet(0x2, 0xa, 0x6) ioctl$sock_inet_SIOCDELRT(r0, 0x8919, 0x0) 297.799861ms ago: executing program 4 (id=2592): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000980)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@struct={0x8, 0x0, 0x0, 0xf, 0x0, 0x10005}]}, {0x0, [0x30, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f00000001c0)=""/257, 0x2e, 0x101, 0x6}, 0x28) 293.493397ms ago: executing program 0 (id=2593): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, r1, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x6, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x4}]}]}]}, 0x38}}, 0x0) 199.24117ms ago: executing program 3 (id=2594): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0xfffc}}}}}}, 0x0) 122.00574ms ago: executing program 4 (id=2595): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x20}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}]}}, 0x0, 0x42}, 0x28) 121.545184ms ago: executing program 2 (id=2596): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)={0x3c, r1, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x40844) 112.788057ms ago: executing program 0 (id=2597): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)={0x20, r5, 0x1, 0x0, 0x0, {0x16}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}]}, 0x20}}, 0x0) 71.936895ms ago: executing program 4 (id=2598): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x240) 647.709µs ago: executing program 1 (id=2599): bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10) listen(0xffffffffffffffff, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, 0x0, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000680)="68c8e4", 0x3}], 0x1) r1 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvfrom$unix(r1, &(0x7f00000002c0)=""/236, 0xec, 0x10120, 0x0, 0x0) 0s ago: executing program 3 (id=2600): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r3) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(r3) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) kernel console output (not intermixed with test programs): existing node found! [ 248.147939][ T1159] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.157665][ T1159] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.181616][ T1159] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.258468][T11098] IPv6: NLM_F_REPLACE set, but no existing node found! [ 248.533631][T11117] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1469'. [ 248.651042][T11120] lo speed is unknown, defaulting to 1000 [ 249.025278][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1473'. [ 249.110194][T11133] xt_CT: No such helper "snmp" [ 249.334769][T11153] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1478'. [ 249.357074][T11154] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1478'. [ 249.496089][T11159] xt_hashlimit: size too large, truncated to 1048576 [ 249.891942][T11124] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1470'. [ 251.231104][T11137] lo speed is unknown, defaulting to 1000 [ 251.314129][T11176] veth0: entered promiscuous mode [ 251.319392][T11177] veth0: left promiscuous mode [ 251.407896][T11186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1485'. [ 251.440663][T11186] bridge0: port 3(macvlan3) entered blocking state [ 251.488255][T11186] bridge0: port 3(macvlan3) entered disabled state [ 251.529372][T11186] macvlan3: entered allmulticast mode [ 251.550957][T11186] bridge0: entered allmulticast mode [ 251.566712][T11186] macvlan3: left allmulticast mode [ 251.579707][T11186] bridge0: left allmulticast mode [ 251.819458][T11203] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 252.064560][T11213] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1493'. [ 252.077756][T11213] netlink: 'syz.3.1493': attribute type 15 has an invalid length. [ 252.086285][T11213] netlink: 'syz.3.1493': attribute type 7 has an invalid length. [ 252.423031][T11222] __nla_validate_parse: 1 callbacks suppressed [ 252.423052][T11222] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1496'. [ 252.478182][T11225] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 252.748753][T11235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1503'. [ 253.048815][T11246] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1508'. [ 253.067805][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1508'. [ 253.078087][T11246] netlink: 'syz.2.1508': attribute type 21 has an invalid length. [ 253.093258][T11249] netlink: 'syz.2.1508': attribute type 21 has an invalid length. [ 253.118608][T11255] netlink: 30956 bytes leftover after parsing attributes in process `syz.1.1510'. [ 253.144337][T11255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1510'. [ 253.159501][T11255] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1510'. [ 253.371022][T11275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1513'. [ 253.701301][T11284] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1518'. [ 253.762381][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 253.887446][T11288] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1521'. [ 253.921531][T11297] netlink: 'syz.0.1524': attribute type 1 has an invalid length. [ 254.015740][T11302] erspan0: entered promiscuous mode [ 254.035690][T11302] macvlan0: entered promiscuous mode [ 254.051387][T11302] macvlan0: entered allmulticast mode [ 254.069595][T11302] erspan0: entered allmulticast mode [ 254.097578][T11308] netlink: 'syz.4.1526': attribute type 15 has an invalid length. [ 254.858568][T11341] lo speed is unknown, defaulting to 1000 [ 255.451479][T11364] xt_nfacct: accounting object `syz1' does not exists [ 255.504105][T11366] team0: Port device macvlan0 removed [ 255.687375][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.694250][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.865881][T11379] netlink: 'syz.3.1551': attribute type 12 has an invalid length. [ 256.081802][T11386] netlink: 'syz.1.1553': attribute type 1 has an invalid length. [ 256.157936][T11392] FAULT_INJECTION: forcing a failure. [ 256.157936][T11392] name failslab, interval 1, probability 0, space 0, times 0 [ 256.170644][T11392] CPU: 0 UID: 0 PID: 11392 Comm: syz.3.1555 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 256.170669][T11392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 256.170680][T11392] Call Trace: [ 256.170688][T11392] [ 256.170696][T11392] dump_stack_lvl+0x189/0x250 [ 256.170729][T11392] ? __pfx____ratelimit+0x10/0x10 [ 256.170749][T11392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.170775][T11392] ? __pfx__printk+0x10/0x10 [ 256.170795][T11392] ? rcu_is_watching+0x15/0xb0 [ 256.170846][T11392] should_fail_ex+0x414/0x560 [ 256.170872][T11392] should_failslab+0xa8/0x100 [ 256.170893][T11392] kmem_cache_alloc_noprof+0x73/0x3c0 [ 256.170931][T11392] ? skb_clone+0x212/0x3a0 [ 256.170963][T11392] skb_clone+0x212/0x3a0 [ 256.170991][T11392] bpf_clone_redirect+0xad/0x3d0 [ 256.171017][T11392] bpf_prog_973cd02a7a0e8181+0x5f/0x68 [ 256.171037][T11392] ? preempt_schedule+0xae/0xc0 [ 256.171053][T11392] ? bpf_test_run+0x205/0x830 [ 256.171072][T11392] ? preempt_schedule_common+0x83/0xd0 [ 256.171090][T11392] ? preempt_schedule+0xae/0xc0 [ 256.171106][T11392] ? __pfx_preempt_schedule+0x10/0x10 [ 256.171121][T11392] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 256.171141][T11392] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 256.171172][T11392] ? __local_bh_disable_ip+0xf1/0x190 [ 256.171197][T11392] ? __pfx___cant_migrate+0x10/0x10 [ 256.171221][T11392] ? __local_bh_enable_ip+0x12d/0x1c0 [ 256.171244][T11392] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 256.171272][T11392] ? bpf_test_timer_continue+0x136/0x350 [ 256.171315][T11392] bpf_test_run+0x38b/0x830 [ 256.171345][T11392] ? bpf_test_run+0x205/0x830 [ 256.171372][T11392] ? __pfx_bpf_test_run+0x10/0x10 [ 256.171414][T11392] ? slab_build_skb+0x273/0x3e0 [ 256.171435][T11392] ? convert___skb_to_skb+0x3d/0x590 [ 256.171458][T11392] bpf_prog_test_run_skb+0xb30/0x1560 [ 256.171497][T11392] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 256.171521][T11392] bpf_prog_test_run+0x2c4/0x340 [ 256.171553][T11392] __sys_bpf+0x4a4/0x860 [ 256.171596][T11392] ? __pfx___sys_bpf+0x10/0x10 [ 256.171629][T11392] ? ksys_write+0x22a/0x250 [ 256.171656][T11392] ? __pfx_ksys_write+0x10/0x10 [ 256.171678][T11392] ? rcu_is_watching+0x15/0xb0 [ 256.171710][T11392] __x64_sys_bpf+0x7c/0x90 [ 256.171730][T11392] do_syscall_64+0xfa/0x3b0 [ 256.171748][T11392] ? lockdep_hardirqs_on+0x9c/0x150 [ 256.171766][T11392] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.171782][T11392] ? clear_bhb_loop+0x60/0xb0 [ 256.171801][T11392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.171816][T11392] RIP: 0033:0x7ff51378e929 [ 256.171831][T11392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.171847][T11392] RSP: 002b:00007ff51463f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 256.171864][T11392] RAX: ffffffffffffffda RBX: 00007ff5139b5fa0 RCX: 00007ff51378e929 [ 256.171877][T11392] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 256.171887][T11392] RBP: 00007ff51463f090 R08: 0000000000000000 R09: 0000000000000000 [ 256.171897][T11392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 256.171907][T11392] R13: 0000000000000000 R14: 00007ff5139b5fa0 R15: 00007ffd0448c5d8 [ 256.171933][T11392] [ 256.927398][T11408] netlink: 'syz.3.1559': attribute type 3 has an invalid length. [ 257.180343][T11418] lo speed is unknown, defaulting to 1000 [ 257.608617][T11445] No such timeout policy "syz0" [ 257.907362][T11421] netlink: 'syz.4.1563': attribute type 4 has an invalid length. [ 258.226933][T11441] lo speed is unknown, defaulting to 1000 [ 258.675750][T11442] lo speed is unknown, defaulting to 1000 [ 259.230899][T11466] __nla_validate_parse: 14 callbacks suppressed [ 259.230918][T11466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1578'. [ 259.682266][T11471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1579'. [ 260.197475][T11481] bond0: (slave syz_tun): Releasing backup interface [ 260.272712][T11484] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1582'. [ 260.294897][T11481] bridge_slave_0: left allmulticast mode [ 260.300582][T11481] bridge_slave_0: left promiscuous mode [ 260.347581][T11481] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.373653][T11481] bridge_slave_1: left allmulticast mode [ 260.374703][T11451] infiniband syz2: set down [ 260.379322][T11481] bridge_slave_1: left promiscuous mode [ 260.379582][T11481] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.405102][T11451] infiniband syz2: added veth0_to_bridge [ 260.427581][T11451] syz2: rxe_create_cq: returned err = -12 [ 260.436918][T11451] infiniband syz2: Couldn't create ib_mad CQ [ 260.444610][T11451] infiniband syz2: Couldn't open port 1 [ 260.461147][T11481] bond0: (slave bond_slave_0): Releasing backup interface [ 260.483783][T11451] RDS/IB: syz2: added [ 260.488140][T11451] smc: adding ib device syz2 with port count 1 [ 260.494725][T11451] smc: ib device syz2 port 1 has pnetid [ 260.504903][T11481] bond0: (slave bond_slave_1): Releasing backup interface [ 260.525460][T11481] team0: Port device team_slave_0 removed [ 260.540030][T11481] team0: Port device team_slave_1 removed [ 260.547754][T11481] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.563983][T11481] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.614541][T11490] can: request_module (can-proto-0) failed. [ 260.973757][T11505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1585'. [ 261.037525][T11508] sch_fq: defrate 0 ignored. [ 261.858928][T11525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1592'. [ 261.892110][T11525] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1592'. [ 261.907948][T11527] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1593'. [ 261.909174][T11525] batadv2: entered promiscuous mode [ 262.112177][T11525] batadv2: entered allmulticast mode [ 262.209925][T11537] 8021q: VLANs not supported on wg0 [ 262.544247][T11550] lo speed is unknown, defaulting to 1000 [ 262.840709][ T1147] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.911303][ T1147] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.936294][ T1147] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.936782][T11562] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1602'. [ 262.956280][ T1147] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.002601][T11562] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1602'. [ 263.360034][T11572] netlink: 'syz.0.1606': attribute type 13 has an invalid length. [ 263.374230][T11572] netlink: 'syz.0.1606': attribute type 17 has an invalid length. [ 263.425946][T11545] mpoa:mpoad_close: () going down [ 263.464966][T11572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.477942][T11572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 263.487978][T11576] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1605'. [ 263.520043][T11575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.539393][T11572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.544184][T11575] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 263.607124][T11578] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.610934][T11574] lo speed is unknown, defaulting to 1000 [ 264.289133][T11593] netlink: 'syz.1.1611': attribute type 39 has an invalid length. [ 264.497626][T11596] netlink: 'syz.1.1612': attribute type 3 has an invalid length. [ 264.893434][T11610] __nla_validate_parse: 3 callbacks suppressed [ 264.893454][T11610] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1616'. [ 265.174940][T11616] sctp: [Deprecated]: syz.1.1619 (pid 11616) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.174940][T11616] Use struct sctp_sack_info instead [ 265.212890][T11616] sctp: [Deprecated]: syz.1.1619 (pid 11616) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.212890][T11616] Use struct sctp_sack_info instead [ 265.763320][T11639] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1627'. [ 265.991895][T11648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1629'. [ 266.166907][T11666] netlink: 26 bytes leftover after parsing attributes in process `syz.2.1634'. [ 266.186690][T11669] netlink: 26 bytes leftover after parsing attributes in process `syz.2.1634'. [ 266.317692][T11677] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1636'. [ 266.329196][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1636'. [ 266.381947][T11683] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1639'. [ 266.791804][T11695] netlink: 'syz.4.1643': attribute type 1 has an invalid length. [ 266.801720][T11695] netlink: 784 bytes leftover after parsing attributes in process `syz.4.1643'. [ 267.040583][T11708] x_tables: duplicate underflow at hook 3 [ 267.282431][T11719] netlink: 'syz.4.1650': attribute type 10 has an invalid length. [ 267.666252][T11744] bond1: (slave ip6gretap1): Releasing backup interface [ 267.722433][T11744] xt_hashlimit: max too large, truncated to 1048576 [ 267.776418][T11753] netlink: 'syz.4.1663': attribute type 3 has an invalid length. [ 267.902519][T11753] syz_tun (unregistering): left promiscuous mode [ 267.993127][T11764] vlan0: entered promiscuous mode [ 267.998203][T11764] bridge0: entered promiscuous mode [ 268.692572][T11806] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1677'. [ 270.118359][T11825] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.1683'. [ 270.249739][T11824] lo speed is unknown, defaulting to 1000 [ 270.258108][T11831] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1686'. [ 270.298006][T11831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1686'. [ 270.342942][T11831] netlink: 'syz.4.1686': attribute type 5 has an invalid length. [ 270.409950][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806e863800: rx timeout, send abort [ 270.421892][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806e860800: rx timeout, send abort [ 270.541691][T11844] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 270.574085][T11845] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 270.762988][T11851] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 270.831260][T11836] nbd: must specify a size in bytes for the device [ 270.836195][T11851] bond4: entered promiscuous mode [ 270.838264][T11854] nbd: must specify a size in bytes for the device [ 270.848872][T11851] bond4: entered allmulticast mode [ 270.859175][T11851] 8021q: adding VLAN 0 to HW filter on device bond4 [ 270.867010][T11834] lo speed is unknown, defaulting to 1000 [ 270.918301][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806e863800: abort rx timeout. Force session deactivation [ 270.930126][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806e860800: abort rx timeout. Force session deactivation [ 271.662122][T11849] lo speed is unknown, defaulting to 1000 [ 271.846511][T11879] DRBG: could not allocate digest TFM handle: hmac(sha384) [ 272.396078][T11900] IPVS: length: 40 != 24 [ 272.748297][T11907] netlink: del zone limit has 4 unknown bytes [ 273.083405][T11916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1704'. [ 273.169783][T11914] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 273.343388][T11922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1706'. [ 273.499726][T11929] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1709'. [ 273.522716][T11929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1709'. [ 273.563618][T11929] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 273.582532][T11929] netlink: 'syz.1.1709': attribute type 10 has an invalid length. [ 274.359721][T11961] lo speed is unknown, defaulting to 1000 [ 274.477573][T11963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1719'. [ 275.167012][T12001] netlink: 'syz.3.1730': attribute type 1 has an invalid length. [ 275.201652][T12001] netlink: 'syz.3.1730': attribute type 2 has an invalid length. [ 275.235092][T12002] netlink: 'syz.3.1730': attribute type 1 has an invalid length. [ 275.253114][T12002] netlink: 'syz.3.1730': attribute type 2 has an invalid length. [ 275.405501][T12010] netlink: 'syz.1.1731': attribute type 21 has an invalid length. [ 275.431092][T12010] netlink: 'syz.1.1731': attribute type 6 has an invalid length. [ 275.441542][T12010] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1731'. [ 275.469026][T12006] lo speed is unknown, defaulting to 1000 [ 275.544543][T12010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1731'. [ 275.811762][T12008] lo speed is unknown, defaulting to 1000 [ 275.961226][T12009] lo speed is unknown, defaulting to 1000 [ 276.369012][T12035] netlink: 'syz.3.1740': attribute type 1 has an invalid length. [ 276.556916][T12040] netlink: 'syz.3.1742': attribute type 29 has an invalid length. [ 276.580627][T12040] netlink: 'syz.3.1742': attribute type 29 has an invalid length. [ 276.591915][T12040] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1742'. [ 276.622939][T12040] sctp: [Deprecated]: syz.3.1742 (pid 12040) Use of struct sctp_assoc_value in delayed_ack socket option. [ 276.622939][T12040] Use struct sctp_sack_info instead [ 276.755365][T12042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1743'. [ 276.780611][T12044] netlink: 'syz.3.1744': attribute type 21 has an invalid length. [ 277.782675][T12062] IPVS: Error connecting to the multicast addr [ 278.168937][T12066] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1749'. [ 278.257561][T12066] batadv1: entered promiscuous mode [ 278.282686][T12066] batadv1: entered allmulticast mode [ 278.315323][T12071] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1749'. [ 278.931001][T12077] syzkaller0: entered promiscuous mode [ 278.937885][T12077] syzkaller0: entered allmulticast mode [ 278.971968][T12080] netlink: 'syz.2.1753': attribute type 11 has an invalid length. [ 279.139521][T12084] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1754'. [ 279.158838][T12084] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1754'. [ 279.184612][T12084] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1754'. [ 279.204564][T12084] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1754'. [ 279.524824][T12099] sctp: [Deprecated]: syz.3.1758 (pid 12099) Use of struct sctp_assoc_value in delayed_ack socket option. [ 279.524824][T12099] Use struct sctp_sack_info instead [ 279.701897][T12105] netlink: 'syz.3.1759': attribute type 11 has an invalid length. [ 281.044707][T12126] __nla_validate_parse: 2 callbacks suppressed [ 281.044727][T12126] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1760'. [ 281.053107][T12132] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1765'. [ 281.077439][T12132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1765'. [ 281.310405][T12116] veth1_macvtap: left allmulticast mode [ 281.317242][T12116] macsec0: left promiscuous mode [ 281.322311][T12116] macsec0: left allmulticast mode [ 281.362614][T12116] gretap2: left allmulticast mode [ 281.594246][ T36] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 281.616213][ T36] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 281.632307][ T1209] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 281.756849][T12154] lo speed is unknown, defaulting to 1000 [ 281.925097][T12162] netlink: 'syz.4.1770': attribute type 3 has an invalid length. [ 281.933011][T12162] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1770'. [ 282.092617][ T5909] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 282.114704][ T5909] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 282.241619][T12174] netlink: 'syz.3.1771': attribute type 4 has an invalid length. [ 282.261558][T12174] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1771'. [ 282.265260][T12178] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1775'. [ 282.356254][T12185] FAULT_INJECTION: forcing a failure. [ 282.356254][T12185] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 282.385663][T12174] lo speed is unknown, defaulting to 1000 [ 282.418818][T12185] CPU: 1 UID: 0 PID: 12185 Comm: syz.1.1776 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 282.418846][T12185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.418857][T12185] Call Trace: [ 282.418865][T12185] [ 282.418873][T12185] dump_stack_lvl+0x189/0x250 [ 282.418906][T12185] ? __pfx____ratelimit+0x10/0x10 [ 282.418928][T12185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.418972][T12185] ? __pfx__printk+0x10/0x10 [ 282.418994][T12185] ? __might_fault+0xb0/0x130 [ 282.419037][T12185] should_fail_ex+0x414/0x560 [ 282.419067][T12185] _copy_from_user+0x2d/0xb0 [ 282.419086][T12185] ___sys_sendmsg+0x158/0x2a0 [ 282.419126][T12185] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.419194][T12185] ? __fget_files+0x2a/0x420 [ 282.419226][T12185] ? __fget_files+0x3a0/0x420 [ 282.419273][T12185] __x64_sys_sendmsg+0x19b/0x260 [ 282.419304][T12185] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 282.419344][T12185] ? __pfx_ksys_write+0x10/0x10 [ 282.419372][T12185] ? rcu_is_watching+0x15/0xb0 [ 282.419407][T12185] ? do_syscall_64+0xbe/0x3b0 [ 282.419433][T12185] do_syscall_64+0xfa/0x3b0 [ 282.419453][T12185] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.419473][T12185] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.419492][T12185] ? clear_bhb_loop+0x60/0xb0 [ 282.419516][T12185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.419534][T12185] RIP: 0033:0x7f122f98e929 [ 282.419550][T12185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.419567][T12185] RSP: 002b:00007f12307ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.419587][T12185] RAX: ffffffffffffffda RBX: 00007f122fbb5fa0 RCX: 00007f122f98e929 [ 282.419600][T12185] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003 [ 282.419613][T12185] RBP: 00007f12307ae090 R08: 0000000000000000 R09: 0000000000000000 [ 282.419626][T12185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.419637][T12185] R13: 0000000000000000 R14: 00007f122fbb5fa0 R15: 00007ffc4a411888 [ 282.419667][T12185] [ 283.468146][T12220] xt_l2tp: v2 sid > 0xffff: 4294901760 [ 283.655112][T12232] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1786'. [ 283.752101][T12225] lo speed is unknown, defaulting to 1000 [ 283.807723][T12236] FAULT_INJECTION: forcing a failure. [ 283.807723][T12236] name failslab, interval 1, probability 0, space 0, times 0 [ 283.827111][T12236] CPU: 1 UID: 0 PID: 12236 Comm: syz.1.1788 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 283.827136][T12236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.827148][T12236] Call Trace: [ 283.827155][T12236] [ 283.827162][T12236] dump_stack_lvl+0x189/0x250 [ 283.827196][T12236] ? __pfx____ratelimit+0x10/0x10 [ 283.827218][T12236] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.827246][T12236] ? __pfx__printk+0x10/0x10 [ 283.827270][T12236] ? __pfx___might_resched+0x10/0x10 [ 283.827302][T12236] should_fail_ex+0x414/0x560 [ 283.827329][T12236] should_failslab+0xa8/0x100 [ 283.827349][T12236] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 283.827379][T12236] ? __alloc_skb+0x112/0x2d0 [ 283.827406][T12236] __alloc_skb+0x112/0x2d0 [ 283.827433][T12236] netlink_sendmsg+0x5c6/0xb30 [ 283.827468][T12236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 283.827494][T12236] ? aa_sock_msg_perm+0x94/0x160 [ 283.827518][T12236] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 283.827540][T12236] ? __pfx_netlink_sendmsg+0x10/0x10 [ 283.827563][T12236] __sock_sendmsg+0x219/0x270 [ 283.827585][T12236] ____sys_sendmsg+0x505/0x830 [ 283.827616][T12236] ? __pfx_____sys_sendmsg+0x10/0x10 [ 283.827649][T12236] ? import_iovec+0x74/0xa0 [ 283.827670][T12236] ___sys_sendmsg+0x21f/0x2a0 [ 283.827698][T12236] ? __pfx____sys_sendmsg+0x10/0x10 [ 283.827758][T12236] ? __fget_files+0x2a/0x420 [ 283.827777][T12236] ? __fget_files+0x3a0/0x420 [ 283.827806][T12236] __x64_sys_sendmsg+0x19b/0x260 [ 283.827835][T12236] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 283.827871][T12236] ? __pfx_ksys_write+0x10/0x10 [ 283.827896][T12236] ? rcu_is_watching+0x15/0xb0 [ 283.827938][T12236] ? do_syscall_64+0xbe/0x3b0 [ 283.827963][T12236] do_syscall_64+0xfa/0x3b0 [ 283.827982][T12236] ? lockdep_hardirqs_on+0x9c/0x150 [ 283.828001][T12236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.828016][T12236] ? clear_bhb_loop+0x60/0xb0 [ 283.828037][T12236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.828055][T12236] RIP: 0033:0x7f122f98e929 [ 283.828070][T12236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.828086][T12236] RSP: 002b:00007f12307ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 283.828105][T12236] RAX: ffffffffffffffda RBX: 00007f122fbb5fa0 RCX: 00007f122f98e929 [ 283.828118][T12236] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003 [ 283.828130][T12236] RBP: 00007f12307ae090 R08: 0000000000000000 R09: 0000000000000000 [ 283.828140][T12236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.828151][T12236] R13: 0000000000000000 R14: 00007f122fbb5fa0 R15: 00007ffc4a411888 [ 283.828179][T12236] [ 284.392992][T12241] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1791'. [ 284.711405][T12221] lo speed is unknown, defaulting to 1000 [ 284.839103][T12257] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1794'. [ 285.043678][T12265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1797'. [ 285.479564][T12255] lo speed is unknown, defaulting to 1000 [ 285.781175][T12267] lo speed is unknown, defaulting to 1000 [ 285.922244][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 286.354411][T12283] xt_CT: You must specify a L4 protocol and not use inversions on it [ 286.536951][T12285] pim6reg1: entered promiscuous mode [ 286.552643][T12285] pim6reg1: entered allmulticast mode [ 286.860101][T12295] unsupported nla_type 52263 [ 287.070962][T12305] __nla_validate_parse: 3 callbacks suppressed [ 287.071119][T12305] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1808'. [ 287.302864][T12308] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1809'. [ 287.441574][T12310] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1810'. [ 287.456787][T12310] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) ! [ 287.944503][T12320] netlink: 'syz.2.1814': attribute type 5 has an invalid length. [ 288.020145][T12323] netlink: 'syz.4.1815': attribute type 1 has an invalid length. [ 288.683872][T12330] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1817'. [ 288.719866][T12329] _Z`Ԁ@: entered promiscuous mode [ 289.251143][T12339] vxcan0: entered promiscuous mode [ 289.302909][T12340] netlink: 'syz.4.1820': attribute type 4 has an invalid length. [ 289.310830][T12340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1820'. [ 289.827149][T12365] netlink: 'syz.3.1827': attribute type 39 has an invalid length. [ 289.846986][T12364] FAULT_INJECTION: forcing a failure. [ 289.846986][T12364] name failslab, interval 1, probability 0, space 0, times 0 [ 289.875493][T12362] syz_tun: entered promiscuous mode [ 289.884631][T12364] CPU: 0 UID: 0 PID: 12364 Comm: syz.0.1826 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 289.884659][T12364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.884672][T12364] Call Trace: [ 289.884679][T12364] [ 289.884688][T12364] dump_stack_lvl+0x189/0x250 [ 289.884723][T12364] ? __pfx____ratelimit+0x10/0x10 [ 289.884745][T12364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.884776][T12364] ? __pfx__printk+0x10/0x10 [ 289.884803][T12364] ? ref_tracker_alloc+0x318/0x460 [ 289.884832][T12364] should_fail_ex+0x414/0x560 [ 289.884861][T12364] should_failslab+0xa8/0x100 [ 289.884884][T12364] kmem_cache_alloc_noprof+0x73/0x3c0 [ 289.884914][T12364] ? skb_clone+0x212/0x3a0 [ 289.884947][T12364] skb_clone+0x212/0x3a0 [ 289.884979][T12364] __netlink_deliver_tap+0x404/0x850 [ 289.885016][T12364] ? netlink_deliver_tap+0x2e/0x1b0 [ 289.885041][T12364] netlink_deliver_tap+0x19c/0x1b0 [ 289.885065][T12364] netlink_unicast+0x72f/0x8d0 [ 289.885097][T12364] netlink_sendmsg+0x805/0xb30 [ 289.885130][T12364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 289.885158][T12364] ? aa_sock_msg_perm+0x94/0x160 [ 289.885184][T12364] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 289.885208][T12364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 289.885233][T12364] __sock_sendmsg+0x219/0x270 [ 289.885256][T12364] ____sys_sendmsg+0x505/0x830 [ 289.885289][T12364] ? __pfx_____sys_sendmsg+0x10/0x10 [ 289.885326][T12364] ? import_iovec+0x74/0xa0 [ 289.885347][T12364] ___sys_sendmsg+0x21f/0x2a0 [ 289.885377][T12364] ? __pfx____sys_sendmsg+0x10/0x10 [ 289.885472][T12364] ? __fget_files+0x2a/0x420 [ 289.885494][T12364] ? __fget_files+0x3a0/0x420 [ 289.885547][T12364] __x64_sys_sendmsg+0x19b/0x260 [ 289.885581][T12364] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 289.885622][T12364] ? __pfx_ksys_write+0x10/0x10 [ 289.885652][T12364] ? rcu_is_watching+0x15/0xb0 [ 289.885692][T12364] ? do_syscall_64+0xbe/0x3b0 [ 289.885723][T12364] do_syscall_64+0xfa/0x3b0 [ 289.885746][T12364] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.885769][T12364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.885790][T12364] ? clear_bhb_loop+0x60/0xb0 [ 289.885816][T12364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.885837][T12364] RIP: 0033:0x7ffbc1b8e929 [ 289.885856][T12364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.885874][T12364] RSP: 002b:00007ffbbf9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 289.885897][T12364] RAX: ffffffffffffffda RBX: 00007ffbc1db5fa0 RCX: 00007ffbc1b8e929 [ 289.885913][T12364] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003 [ 289.885927][T12364] RBP: 00007ffbbf9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 289.885940][T12364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.885953][T12364] R13: 0000000000000000 R14: 00007ffbc1db5fa0 R15: 00007ffd82eecc48 [ 289.885987][T12364] [ 290.232704][T12362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.248917][T12362] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.290885][T12362] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 290.352632][T12370] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 290.415175][ T5909] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 290.651491][T12390] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1835'. [ 290.667508][ T4535] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 290.841318][T12397] vlan2: entered allmulticast mode [ 290.850565][T12397] bond0: entered allmulticast mode [ 290.851695][T12408] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 290.929794][T12401] lo speed is unknown, defaulting to 1000 [ 291.044528][ T1209] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 291.114404][T12413] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1839'. [ 291.128241][T12413] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 291.147375][T12413] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 291.430152][T12421] lo speed is unknown, defaulting to 1000 [ 291.687227][ T36] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 291.708138][ T36] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 291.810631][T12431] can: request_module (can-proto-0) failed. [ 291.912763][T12436] netlink: 9280 bytes leftover after parsing attributes in process `syz.1.1846'. [ 291.994405][T12413] lo speed is unknown, defaulting to 1000 [ 292.240202][T12445] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 292.263157][ T1209] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 292.319094][T12447] netem: change failed [ 292.367999][T12447] netem: change failed [ 292.414112][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.423304][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.432443][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.441399][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.494042][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.542475][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.551441][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.622697][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.631763][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.682585][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1848'. [ 292.745726][T12445] lo speed is unknown, defaulting to 1000 [ 293.949378][T12486] Cannot find del_set index 0 as target [ 294.058651][T12487] IPVS: length: 209 != 8 [ 294.722153][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 294.972514][T12503] SET target dimension over the limit! [ 295.550708][T12529] netlink: 'syz.2.1872': attribute type 10 has an invalid length. [ 295.580140][ T30] audit: type=1800 audit(1751181783.684:3): pid=12532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1873" name=14 dev="tmpfs" ino=1947 res=0 errno=0 [ 295.610988][T12529] openvswitch: netlink: Flow key attr not present in new flow. [ 295.617777][T12536] sctp: [Deprecated]: syz.2.1872 (pid 12536) Use of int in max_burst socket option deprecated. [ 295.617777][T12536] Use struct sctp_assoc_value instead [ 295.628633][ T30] audit: type=1800 audit(1751181783.684:4): pid=12528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1873" name=14 dev="tmpfs" ino=1947 res=0 errno=0 [ 295.773999][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 296.307305][T12547] syz.0.1877: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 296.368313][T12547] CPU: 1 UID: 0 PID: 12547 Comm: syz.0.1877 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 296.368345][T12547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.368359][T12547] Call Trace: [ 296.368367][T12547] [ 296.368376][T12547] dump_stack_lvl+0x189/0x250 [ 296.368417][T12547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.368449][T12547] ? __pfx__printk+0x10/0x10 [ 296.368472][T12547] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 296.368496][T12547] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 296.368521][T12547] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 296.368547][T12547] warn_alloc+0x214/0x310 [ 296.368578][T12547] ? __pfx_warn_alloc+0x10/0x10 [ 296.368612][T12547] ? __get_vm_area_node+0x28f/0x300 [ 296.368635][T12547] ? xskq_create+0xbf/0x170 [ 296.368661][T12547] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 296.368717][T12547] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 296.368747][T12547] ? __kasan_kmalloc+0x93/0xb0 [ 296.368770][T12547] vmalloc_user_noprof+0xad/0xf0 [ 296.368793][T12547] ? xskq_create+0xbf/0x170 [ 296.368816][T12547] xskq_create+0xbf/0x170 [ 296.368841][T12547] xsk_init_queue+0xb0/0x110 [ 296.368866][T12547] xsk_setsockopt+0x4de/0x710 [ 296.368889][T12547] ? __pfx_xsk_setsockopt+0x10/0x10 [ 296.368929][T12547] ? aa_sock_opt_perm+0x74/0x110 [ 296.368956][T12547] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 296.368980][T12547] ? __pfx_xsk_setsockopt+0x10/0x10 [ 296.369012][T12547] do_sock_setsockopt+0x25a/0x3e0 [ 296.369043][T12547] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 296.369075][T12547] ? __fget_files+0x2a/0x420 [ 296.369123][T12547] __x64_sys_setsockopt+0x18b/0x220 [ 296.369166][T12547] do_syscall_64+0xfa/0x3b0 [ 296.369189][T12547] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.369212][T12547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.369232][T12547] ? clear_bhb_loop+0x60/0xb0 [ 296.369258][T12547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.369278][T12547] RIP: 0033:0x7ffbc1b8e929 [ 296.369298][T12547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.369317][T12547] RSP: 002b:00007ffbbf9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 296.369339][T12547] RAX: ffffffffffffffda RBX: 00007ffbc1db5fa0 RCX: 00007ffbc1b8e929 [ 296.369355][T12547] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003 [ 296.369379][T12547] RBP: 00007ffbc1c10b39 R08: 0000000000000004 R09: 0000000000000000 [ 296.369392][T12547] R10: 0000200000001780 R11: 0000000000000246 R12: 0000000000000000 [ 296.369404][T12547] R13: 0000000000000000 R14: 00007ffbc1db5fa0 R15: 00007ffd82eecc48 [ 296.369435][T12547] [ 296.369443][T12547] Mem-Info: [ 296.702552][T12547] active_anon:3587 inactive_anon:0 isolated_anon:0 [ 296.702552][T12547] active_file:1636 inactive_file:39915 isolated_file:0 [ 296.702552][T12547] unevictable:768 dirty:191 writeback:0 [ 296.702552][T12547] slab_reclaimable:12323 slab_unreclaimable:154704 [ 296.702552][T12547] mapped:29095 shmem:1373 pagetables:953 [ 296.702552][T12547] sec_pagetables:0 bounce:0 [ 296.702552][T12547] kernel_misc_reclaimable:0 [ 296.702552][T12547] free:1264218 free_pcp:14166 free_cma:0 [ 296.751797][T12547] Node 0 active_anon:14348kB inactive_anon:0kB active_file:6544kB inactive_file:159460kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116380kB dirty:760kB writeback:0kB shmem:3956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12364kB pagetables:3660kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 296.787821][T12547] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 296.882141][T12547] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 296.942086][T12547] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 296.947895][T12547] Node 0 DMA32 free:1128564kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14224kB inactive_anon:0kB active_file:6544kB inactive_file:157624kB unevictable:1536kB writepending:764kB present:3129332kB managed:2560932kB mlocked:0kB bounce:0kB free_pcp:51880kB local_pcp:32764kB free_cma:0kB [ 297.022255][T12547] lowmem_reserve[]: 0 0 1 1 1 [ 297.027020][T12547] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1836kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 297.089404][T12547] lowmem_reserve[]: 0 0 0 0 0 [ 297.094346][T12547] Node 1 Normal free:3903384kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18016kB local_pcp:6496kB free_cma:0kB [ 297.149187][T12564] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 297.184687][T12547] lowmem_reserve[]: 0 0 0 0 0 [ 297.222507][T12547] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 297.245402][T12547] Node 0 DMA32: 700*4kB (UM) 195*8kB (ME) 238*16kB (M) 145*32kB (M) 70*64kB (UM) 42*128kB (UME) 108*256kB (UME) 43*512kB (UM) 42*1024kB (UME) 6*2048kB (UM) 244*4096kB (M) = 1127048kB [ 297.312998][T12547] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 297.328630][T12547] Node 1 Normal: 196*4kB (UME) 45*8kB (UME) 42*16kB (UME) 132*32kB (UME) 46*64kB (UME) 7*128kB (UME) 3*256kB (ME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (UM) = 3903384kB [ 297.350886][T12547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 297.360882][T12547] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 297.442471][T12547] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 297.456542][T12547] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 297.471978][T12547] 42923 total pagecache pages [ 297.477028][T12547] 0 pages in swap cache [ 297.481296][T12547] Free swap = 124996kB [ 297.490510][T12547] Total swap = 124996kB [ 297.495413][T12547] 2097051 pages RAM [ 297.499359][T12547] 0 pages HighMem/MovableOnly [ 297.508845][T12547] 424712 pages reserved [ 297.513609][T12547] 0 pages cma reserved [ 298.010102][ T5848] block nbd0: Receive control failed (result -32) [ 298.053820][T12586] __nla_validate_parse: 29 callbacks suppressed [ 298.053856][T12586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1886'. [ 298.143650][T12589] dvmrp1: entered allmulticast mode [ 298.163493][T12586] dvmrp1: left allmulticast mode [ 298.737578][T12616] Bluetooth: MGMT ver 1.23 [ 298.864219][T12620] FAULT_INJECTION: forcing a failure. [ 298.864219][T12620] name failslab, interval 1, probability 0, space 0, times 0 [ 298.881457][T12620] CPU: 0 UID: 0 PID: 12620 Comm: syz.3.1897 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 298.881484][T12620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.881496][T12620] Call Trace: [ 298.881503][T12620] [ 298.881511][T12620] dump_stack_lvl+0x189/0x250 [ 298.881544][T12620] ? __pfx____ratelimit+0x10/0x10 [ 298.881565][T12620] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.881614][T12620] ? __pfx__printk+0x10/0x10 [ 298.881642][T12620] ? __pfx___might_resched+0x10/0x10 [ 298.881670][T12620] ? fs_reclaim_acquire+0x7d/0x100 [ 298.881698][T12620] should_fail_ex+0x414/0x560 [ 298.881725][T12620] ? __pfx_sock_alloc_inode+0x10/0x10 [ 298.881745][T12620] should_failslab+0xa8/0x100 [ 298.881766][T12620] ? __pfx_sock_alloc_inode+0x10/0x10 [ 298.881784][T12620] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 298.881814][T12620] ? sock_alloc_inode+0x28/0xc0 [ 298.881838][T12620] ? __pfx_sock_alloc_inode+0x10/0x10 [ 298.881862][T12620] sock_alloc_inode+0x28/0xc0 [ 298.881881][T12620] alloc_inode+0x67/0x1b0 [ 298.881902][T12620] __sock_create+0x12d/0x9f0 [ 298.881934][T12620] mptcp_subflow_create_socket+0xfd/0xb40 [ 298.881962][T12620] ? look_up_lock_class+0x74/0x170 [ 298.881990][T12620] ? register_lock_class+0x51/0x320 [ 298.882020][T12620] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 298.882048][T12620] ? __lock_acquire+0xab9/0xd20 [ 298.882082][T12620] __mptcp_nmpc_sk+0x150/0x720 [ 298.882113][T12620] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 298.882137][T12620] ? __local_bh_enable_ip+0x12d/0x1c0 [ 298.882165][T12620] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.882187][T12620] ? __local_bh_enable_ip+0x12d/0x1c0 [ 298.882218][T12620] mptcp_sendmsg_fastopen+0xd4/0x580 [ 298.882252][T12620] mptcp_sendmsg+0x176c/0x1970 [ 298.882274][T12620] ? __pfx___might_resched+0x10/0x10 [ 298.882301][T12620] ? __lock_acquire+0xab9/0xd20 [ 298.882345][T12620] ? aa_sk_perm+0x81e/0x950 [ 298.882366][T12620] ? is_bpf_text_address+0x26/0x2b0 [ 298.882398][T12620] ? __pfx_aa_sk_perm+0x10/0x10 [ 298.882419][T12620] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 298.882470][T12620] ? inet6_sendmsg+0x101/0x120 [ 298.882496][T12620] __sock_sendmsg+0xe5/0x270 [ 298.882522][T12620] ____sys_sendmsg+0x505/0x830 [ 298.882558][T12620] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.882599][T12620] ? import_iovec+0x74/0xa0 [ 298.882623][T12620] ___sys_sendmsg+0x21f/0x2a0 [ 298.882656][T12620] ? __pfx____sys_sendmsg+0x10/0x10 [ 298.882745][T12620] ? __fget_files+0x2a/0x420 [ 298.882767][T12620] ? __fget_files+0x3a0/0x420 [ 298.882803][T12620] __x64_sys_sendmsg+0x19b/0x260 [ 298.882836][T12620] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 298.882922][T12620] ? __pfx_ksys_write+0x10/0x10 [ 298.882952][T12620] ? rcu_is_watching+0x15/0xb0 [ 298.882991][T12620] ? do_syscall_64+0xbe/0x3b0 [ 298.883021][T12620] do_syscall_64+0xfa/0x3b0 [ 298.883045][T12620] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.883068][T12620] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.883089][T12620] ? clear_bhb_loop+0x60/0xb0 [ 298.883115][T12620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.883135][T12620] RIP: 0033:0x7ff51378e929 [ 298.883154][T12620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.883172][T12620] RSP: 002b:00007ff51463f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.883195][T12620] RAX: ffffffffffffffda RBX: 00007ff5139b5fa0 RCX: 00007ff51378e929 [ 298.883211][T12620] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 298.883225][T12620] RBP: 00007ff51463f090 R08: 0000000000000000 R09: 0000000000000000 [ 298.883238][T12620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.883250][T12620] R13: 0000000000000000 R14: 00007ff5139b5fa0 R15: 00007ffd0448c5d8 [ 298.883285][T12620] [ 298.897280][T12617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1896'. [ 298.924049][T12620] socket: no more sockets [ 299.307788][T12617] ip6gretap0: entered promiscuous mode [ 299.333937][T12628] lo speed is unknown, defaulting to 1000 [ 299.548808][T12634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 299.578929][T12634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1901'. [ 300.769663][T12655] netlink: 'syz.3.1908': attribute type 1 has an invalid length. [ 300.861719][T12656] 8021q: adding VLAN 0 to HW filter on device bond2 [ 300.871509][T12656] bond1: (slave bond2): making interface the new active one [ 300.879958][T12656] bond1: (slave bond2): Enslaving as an active interface with an up link [ 300.945360][T12660] 8021q: adding VLAN 0 to HW filter on device bond3 [ 300.954938][T12660] bond1: (slave bond3): Enslaving as a backup interface with an up link [ 300.976128][T12655] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 300.985309][T12665] netlink: 'syz.0.1910': attribute type 29 has an invalid length. [ 300.994691][T12666] netlink: 'syz.0.1910': attribute type 29 has an invalid length. [ 301.023694][T12665] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1910'. [ 301.526481][T12677] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1914'. [ 301.806936][T12682] batadv_slave_1: entered promiscuous mode [ 301.817755][T12682] batadv_slave_1: left promiscuous mode [ 302.227388][T12692] ipvlan2: entered promiscuous mode [ 302.250318][T12692] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 302.273909][T12692] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 302.411654][T12696] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1919'. [ 302.534752][T12700] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1920'. [ 302.678877][T12704] rdma_op ffff88807debd9f0 conn xmit_rdma 0000000000000000 [ 302.699136][T12704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1922'. [ 302.749146][T12706] netlink: 476 bytes leftover after parsing attributes in process `syz.4.1923'. [ 302.758736][T12706] bond_slave_0: entered promiscuous mode [ 302.764993][T12706] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 303.084574][T12723] netlink: 'syz.4.1927': attribute type 1 has an invalid length. [ 303.102352][T12724] xt_hashlimit: max too large, truncated to 1048576 [ 303.152770][T12724] No such timeout policy "syz1" [ 303.240717][T12726] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 303.285950][T12728] __nla_validate_parse: 1 callbacks suppressed [ 303.285968][T12728] netlink: 200 bytes leftover after parsing attributes in process `syz.0.1930'. [ 303.349255][T12730] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1930'. [ 303.825287][T12748] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1936'. [ 303.896757][T12753] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma? [ 303.958003][T12522] Set syz1 is full, maxelem 65536 reached [ 304.206474][T12772] bridge0: port 4(gretap0) entered blocking state [ 304.228131][T12777] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1945'. [ 304.232380][T12772] bridge0: port 4(gretap0) entered disabled state [ 304.253818][T12772] gretap0: entered allmulticast mode [ 304.261247][T12772] gretap0: entered promiscuous mode [ 304.269573][T12777] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1945'. [ 304.322476][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 305.128916][T12825] FAULT_INJECTION: forcing a failure. [ 305.128916][T12825] name failslab, interval 1, probability 0, space 0, times 0 [ 305.151612][T12825] CPU: 0 UID: 0 PID: 12825 Comm: syz.4.1960 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 305.151639][T12825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.151664][T12825] Call Trace: [ 305.151671][T12825] [ 305.151679][T12825] dump_stack_lvl+0x189/0x250 [ 305.151712][T12825] ? __pfx____ratelimit+0x10/0x10 [ 305.151733][T12825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.151761][T12825] ? __pfx__printk+0x10/0x10 [ 305.151787][T12825] ? __pfx___might_resched+0x10/0x10 [ 305.151819][T12825] should_fail_ex+0x414/0x560 [ 305.151847][T12825] should_failslab+0xa8/0x100 [ 305.151868][T12825] __kmalloc_cache_noprof+0x70/0x3d0 [ 305.151886][T12825] ? subflow_ulp_init+0xd0/0x5c0 [ 305.151917][T12825] subflow_ulp_init+0xd0/0x5c0 [ 305.151942][T12825] ? tcp_set_ulp+0xb1/0x5f0 [ 305.151973][T12825] tcp_set_ulp+0x53c/0x5f0 [ 305.151999][T12825] mptcp_subflow_create_socket+0x5c5/0xb40 [ 305.152024][T12825] ? look_up_lock_class+0x74/0x170 [ 305.152047][T12825] ? register_lock_class+0x51/0x320 [ 305.152084][T12825] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 305.152111][T12825] ? __lock_acquire+0xab9/0xd20 [ 305.152142][T12825] __mptcp_nmpc_sk+0x150/0x720 [ 305.152170][T12825] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 305.152194][T12825] ? __local_bh_enable_ip+0x12d/0x1c0 [ 305.152221][T12825] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.152242][T12825] ? __local_bh_enable_ip+0x12d/0x1c0 [ 305.152272][T12825] mptcp_sendmsg_fastopen+0xd4/0x580 [ 305.152303][T12825] mptcp_sendmsg+0x176c/0x1970 [ 305.152330][T12825] ? __pfx___might_resched+0x10/0x10 [ 305.152356][T12825] ? __lock_acquire+0xab9/0xd20 [ 305.152396][T12825] ? aa_sk_perm+0x81e/0x950 [ 305.152417][T12825] ? is_bpf_text_address+0x26/0x2b0 [ 305.152447][T12825] ? __pfx_aa_sk_perm+0x10/0x10 [ 305.152467][T12825] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 305.152497][T12825] ? inet6_sendmsg+0x101/0x120 [ 305.152518][T12825] __sock_sendmsg+0xe5/0x270 [ 305.152542][T12825] ____sys_sendmsg+0x505/0x830 [ 305.152573][T12825] ? __pfx_____sys_sendmsg+0x10/0x10 [ 305.152609][T12825] ? import_iovec+0x74/0xa0 [ 305.152630][T12825] ___sys_sendmsg+0x21f/0x2a0 [ 305.152659][T12825] ? __pfx____sys_sendmsg+0x10/0x10 [ 305.152721][T12825] ? __fget_files+0x2a/0x420 [ 305.152741][T12825] ? __fget_files+0x3a0/0x420 [ 305.152771][T12825] __x64_sys_sendmsg+0x19b/0x260 [ 305.152800][T12825] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 305.152837][T12825] ? __pfx_ksys_write+0x10/0x10 [ 305.152862][T12825] ? rcu_is_watching+0x15/0xb0 [ 305.152895][T12825] ? do_syscall_64+0xbe/0x3b0 [ 305.152921][T12825] do_syscall_64+0xfa/0x3b0 [ 305.152940][T12825] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.152960][T12825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.152978][T12825] ? clear_bhb_loop+0x60/0xb0 [ 305.153000][T12825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.153018][T12825] RIP: 0033:0x7fb21558e929 [ 305.153034][T12825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.153050][T12825] RSP: 002b:00007fb2163ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 305.153076][T12825] RAX: ffffffffffffffda RBX: 00007fb2157b5fa0 RCX: 00007fb21558e929 [ 305.153089][T12825] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 305.153102][T12825] RBP: 00007fb2163ff090 R08: 0000000000000000 R09: 0000000000000000 [ 305.153113][T12825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.153124][T12825] R13: 0000000000000000 R14: 00007fb2157b5fa0 R15: 00007ffc2408b8d8 [ 305.153152][T12825] [ 305.581270][T12829] lo speed is unknown, defaulting to 1000 [ 305.591638][T12831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.711787][T12842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.813845][T12831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.856615][T12853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1965'. [ 305.874849][T12853] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1965'. [ 306.200663][T12860] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1967'. [ 306.254755][T12839] lo speed is unknown, defaulting to 1000 [ 306.266828][T12862] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1969'. [ 306.634548][T12873] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1972'. [ 306.972764][T12881] FAULT_INJECTION: forcing a failure. [ 306.972764][T12881] name failslab, interval 1, probability 0, space 0, times 0 [ 306.986739][T12881] CPU: 0 UID: 0 PID: 12881 Comm: syz.1.1974 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 306.986765][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.986777][T12881] Call Trace: [ 306.986785][T12881] [ 306.986793][T12881] dump_stack_lvl+0x189/0x250 [ 306.986828][T12881] ? __pfx____ratelimit+0x10/0x10 [ 306.986851][T12881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.986880][T12881] ? __pfx__printk+0x10/0x10 [ 306.986907][T12881] ? __pfx___might_resched+0x10/0x10 [ 306.986935][T12881] ? fs_reclaim_acquire+0x7d/0x100 [ 306.986963][T12881] should_fail_ex+0x414/0x560 [ 306.986992][T12881] should_failslab+0xa8/0x100 [ 306.987014][T12881] __kmalloc_cache_noprof+0x70/0x3d0 [ 306.987033][T12881] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 306.987058][T12881] tcp_sendmsg_fastopen+0x1de/0x5e0 [ 306.987086][T12881] mptcp_sendmsg_fastopen+0x17d/0x580 [ 306.987119][T12881] mptcp_sendmsg+0x176c/0x1970 [ 306.987141][T12881] ? __pfx___might_resched+0x10/0x10 [ 306.987169][T12881] ? __lock_acquire+0xab9/0xd20 [ 306.987213][T12881] ? aa_sk_perm+0x81e/0x950 [ 306.987243][T12881] ? is_bpf_text_address+0x26/0x2b0 [ 306.987274][T12881] ? __pfx_aa_sk_perm+0x10/0x10 [ 306.987295][T12881] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 306.987326][T12881] ? inet6_sendmsg+0x101/0x120 [ 306.987361][T12881] __sock_sendmsg+0xe5/0x270 [ 306.987384][T12881] ____sys_sendmsg+0x505/0x830 [ 306.987415][T12881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.987450][T12881] ? import_iovec+0x74/0xa0 [ 306.987470][T12881] ___sys_sendmsg+0x21f/0x2a0 [ 306.987498][T12881] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.987560][T12881] ? __fget_files+0x2a/0x420 [ 306.987579][T12881] ? __fget_files+0x3a0/0x420 [ 306.987609][T12881] __x64_sys_sendmsg+0x19b/0x260 [ 306.987637][T12881] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 306.987673][T12881] ? __pfx_ksys_write+0x10/0x10 [ 306.987698][T12881] ? rcu_is_watching+0x15/0xb0 [ 306.987732][T12881] ? do_syscall_64+0xbe/0x3b0 [ 306.987757][T12881] do_syscall_64+0xfa/0x3b0 [ 306.987776][T12881] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.987795][T12881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.987813][T12881] ? clear_bhb_loop+0x60/0xb0 [ 306.987836][T12881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.987852][T12881] RIP: 0033:0x7f122f98e929 [ 306.987868][T12881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.987883][T12881] RSP: 002b:00007f12307ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 306.987903][T12881] RAX: ffffffffffffffda RBX: 00007f122fbb5fa0 RCX: 00007f122f98e929 [ 306.987916][T12881] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 306.987928][T12881] RBP: 00007f12307ae090 R08: 0000000000000000 R09: 0000000000000000 [ 306.987939][T12881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.987950][T12881] R13: 0000000000000000 R14: 00007f122fbb5fa0 R15: 00007ffc4a411888 [ 306.987978][T12881] [ 307.906031][T12897] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 307.925903][T12897] netlink: 'syz.0.1979': attribute type 10 has an invalid length. [ 307.985663][T12899] !: renamed from dummy0 (while UP) [ 308.495559][T12914] __nla_validate_parse: 7 callbacks suppressed [ 308.495583][T12914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1983'. [ 308.542950][T12914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1983'. [ 308.570475][T12914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1983'. [ 308.697971][T12917] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 308.765979][T12919] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1984'. [ 308.777687][T12920] openvswitch: netlink: IPv4 tunnel dst address is zero [ 308.962271][T12924] FAULT_INJECTION: forcing a failure. [ 308.962271][T12924] name failslab, interval 1, probability 0, space 0, times 0 [ 308.975343][T12924] CPU: 0 UID: 0 PID: 12924 Comm: syz.3.1986 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 308.975373][T12924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.975386][T12924] Call Trace: [ 308.975395][T12924] [ 308.975409][T12924] dump_stack_lvl+0x189/0x250 [ 308.975446][T12924] ? __pfx____ratelimit+0x10/0x10 [ 308.975472][T12924] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.975505][T12924] ? __pfx__printk+0x10/0x10 [ 308.975531][T12924] ? __lock_acquire+0xab9/0xd20 [ 308.975571][T12924] should_fail_ex+0x414/0x560 [ 308.975603][T12924] should_failslab+0xa8/0x100 [ 308.975627][T12924] kmem_cache_alloc_noprof+0x73/0x3c0 [ 308.975660][T12924] ? __inet_hash_connect+0xdcc/0x2310 [ 308.975693][T12924] __inet_hash_connect+0xdcc/0x2310 [ 308.975724][T12924] ? __pfx___inet6_check_established+0x10/0x10 [ 308.975762][T12924] ? __inet_hash_connect+0x4fa/0x2310 [ 308.975805][T12924] ? __pfx___inet_hash_connect+0x10/0x10 [ 308.975833][T12924] ? sk_setup_caps+0x850/0xac0 [ 308.975870][T12924] ? inet6_hash_connect+0xd8/0x170 [ 308.975900][T12924] tcp_v6_connect+0xf24/0x1870 [ 308.975939][T12924] ? __pfx_tcp_v6_connect+0x10/0x10 [ 308.975964][T12924] ? __local_bh_enable_ip+0x12d/0x1c0 [ 308.976004][T12924] ? mptcp_token_new_connect+0x55d/0x7b0 [ 308.976028][T12924] ? mptcp_token_new_connect+0x5f6/0x7b0 [ 308.976065][T12924] mptcp_connect+0x745/0xc10 [ 308.976096][T12924] __inet_stream_connect+0x295/0xf10 [ 308.976133][T12924] ? __pfx___inet_stream_connect+0x10/0x10 [ 308.976159][T12924] ? __kasan_kmalloc+0x93/0xb0 [ 308.976180][T12924] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 308.976199][T12924] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 308.976228][T12924] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 308.976259][T12924] mptcp_sendmsg_fastopen+0x17d/0x580 [ 308.976296][T12924] mptcp_sendmsg+0x176c/0x1970 [ 308.976320][T12924] ? __pfx___might_resched+0x10/0x10 [ 308.976351][T12924] ? __lock_acquire+0xab9/0xd20 [ 308.976399][T12924] ? aa_sk_perm+0x81e/0x950 [ 308.976423][T12924] ? is_bpf_text_address+0x26/0x2b0 [ 308.976457][T12924] ? __pfx_aa_sk_perm+0x10/0x10 [ 308.976480][T12924] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 308.976514][T12924] ? inet6_sendmsg+0x101/0x120 [ 308.976540][T12924] __sock_sendmsg+0xe5/0x270 [ 308.976566][T12924] ____sys_sendmsg+0x505/0x830 [ 308.976613][T12924] ? __pfx_____sys_sendmsg+0x10/0x10 [ 308.976659][T12924] ? import_iovec+0x74/0xa0 [ 308.976680][T12924] ___sys_sendmsg+0x21f/0x2a0 [ 308.976708][T12924] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.976771][T12924] ? __fget_files+0x2a/0x420 [ 308.976795][T12924] ? __fget_files+0x3a0/0x420 [ 308.976825][T12924] __x64_sys_sendmsg+0x19b/0x260 [ 308.976853][T12924] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 308.976889][T12924] ? __pfx_ksys_write+0x10/0x10 [ 308.976914][T12924] ? rcu_is_watching+0x15/0xb0 [ 308.976946][T12924] ? do_syscall_64+0xbe/0x3b0 [ 308.976971][T12924] do_syscall_64+0xfa/0x3b0 [ 308.976990][T12924] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.977010][T12924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.977027][T12924] ? clear_bhb_loop+0x60/0xb0 [ 308.977050][T12924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.977067][T12924] RIP: 0033:0x7ff51378e929 [ 308.977083][T12924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.977099][T12924] RSP: 002b:00007ff51463f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 308.977118][T12924] RAX: ffffffffffffffda RBX: 00007ff5139b5fa0 RCX: 00007ff51378e929 [ 308.977131][T12924] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 308.977143][T12924] RBP: 00007ff51463f090 R08: 0000000000000000 R09: 0000000000000000 [ 308.977154][T12924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.977165][T12924] R13: 0000000000000000 R14: 00007ff5139b5fa0 R15: 00007ffd0448c5d8 [ 308.977194][T12924] [ 309.629121][T12928] lo speed is unknown, defaulting to 1000 [ 310.048245][T12956] netlink: 'syz.2.1994': attribute type 1 has an invalid length. [ 310.061230][T12956] netlink: 'syz.2.1994': attribute type 4 has an invalid length. [ 310.069626][T12956] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1994'. [ 310.079037][T12956] NCSI netlink: No device for ifindex 458760 [ 310.227803][T12945] lo speed is unknown, defaulting to 1000 [ 310.307407][T12965] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1996'. [ 310.390438][T12969] netlink: 'syz.2.1998': attribute type 1 has an invalid length. [ 310.479178][T12971] FAULT_INJECTION: forcing a failure. [ 310.479178][T12971] name failslab, interval 1, probability 0, space 0, times 0 [ 310.492279][T12971] CPU: 1 UID: 0 PID: 12971 Comm: syz.4.1999 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 310.492308][T12971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 310.492320][T12971] Call Trace: [ 310.492328][T12971] [ 310.492338][T12971] dump_stack_lvl+0x189/0x250 [ 310.492376][T12971] ? __pfx____ratelimit+0x10/0x10 [ 310.492400][T12971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.492433][T12971] ? __pfx__printk+0x10/0x10 [ 310.492460][T12971] ? __lock_acquire+0xab9/0xd20 [ 310.492500][T12971] should_fail_ex+0x414/0x560 [ 310.492531][T12971] should_failslab+0xa8/0x100 [ 310.492556][T12971] kmem_cache_alloc_noprof+0x73/0x3c0 [ 310.492588][T12971] ? __inet_hash_connect+0x151e/0x2310 [ 310.492629][T12971] __inet_hash_connect+0x151e/0x2310 [ 310.492675][T12971] ? __inet_hash_connect+0x4fa/0x2310 [ 310.492713][T12971] ? __pfx___inet_hash_connect+0x10/0x10 [ 310.492739][T12971] ? sk_setup_caps+0x850/0xac0 [ 310.492775][T12971] ? inet6_hash_connect+0xd8/0x170 [ 310.492806][T12971] tcp_v6_connect+0xf24/0x1870 [ 310.492846][T12971] ? __pfx_tcp_v6_connect+0x10/0x10 [ 310.492871][T12971] ? __local_bh_enable_ip+0x12d/0x1c0 [ 310.492912][T12971] ? mptcp_token_new_connect+0x55d/0x7b0 [ 310.492935][T12971] ? mptcp_token_new_connect+0x5f6/0x7b0 [ 310.492972][T12971] mptcp_connect+0x745/0xc10 [ 310.493003][T12971] __inet_stream_connect+0x295/0xf10 [ 310.493041][T12971] ? __pfx___inet_stream_connect+0x10/0x10 [ 310.493061][T12971] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 310.493086][T12971] ? __kasan_kmalloc+0x93/0xb0 [ 310.493107][T12971] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 310.493137][T12971] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 310.493163][T12971] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 310.493210][T12971] mptcp_sendmsg_fastopen+0x17d/0x580 [ 310.493246][T12971] mptcp_sendmsg+0x176c/0x1970 [ 310.493271][T12971] ? __pfx___might_resched+0x10/0x10 [ 310.493301][T12971] ? __lock_acquire+0xab9/0xd20 [ 310.493349][T12971] ? aa_sk_perm+0x81e/0x950 [ 310.493374][T12971] ? is_bpf_text_address+0x26/0x2b0 [ 310.493408][T12971] ? __pfx_aa_sk_perm+0x10/0x10 [ 310.493431][T12971] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 310.493466][T12971] ? inet6_sendmsg+0x101/0x120 [ 310.493492][T12971] __sock_sendmsg+0xe5/0x270 [ 310.493519][T12971] ____sys_sendmsg+0x505/0x830 [ 310.493555][T12971] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.493603][T12971] ? import_iovec+0x74/0xa0 [ 310.493628][T12971] ___sys_sendmsg+0x21f/0x2a0 [ 310.493662][T12971] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.493737][T12971] ? __fget_files+0x2a/0x420 [ 310.493758][T12971] ? __fget_files+0x3a0/0x420 [ 310.493794][T12971] __x64_sys_sendmsg+0x19b/0x260 [ 310.493828][T12971] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 310.493871][T12971] ? __pfx_ksys_write+0x10/0x10 [ 310.493900][T12971] ? rcu_is_watching+0x15/0xb0 [ 310.493939][T12971] ? do_syscall_64+0xbe/0x3b0 [ 310.493968][T12971] do_syscall_64+0xfa/0x3b0 [ 310.493991][T12971] ? lockdep_hardirqs_on+0x9c/0x150 [ 310.494014][T12971] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.494034][T12971] ? clear_bhb_loop+0x60/0xb0 [ 310.494061][T12971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.494081][T12971] RIP: 0033:0x7fb21558e929 [ 310.494099][T12971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.494117][T12971] RSP: 002b:00007fb2163ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.494139][T12971] RAX: ffffffffffffffda RBX: 00007fb2157b5fa0 RCX: 00007fb21558e929 [ 310.494154][T12971] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 310.494168][T12971] RBP: 00007fb2163ff090 R08: 0000000000000000 R09: 0000000000000000 [ 310.494180][T12971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 310.494192][T12971] R13: 0000000000000000 R14: 00007fb2157b5fa0 R15: 00007ffc2408b8d8 [ 310.494227][T12971] [ 310.659219][T12948] lo speed is unknown, defaulting to 1000 [ 311.659783][T12994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2004'. [ 311.659887][T12978] lo speed is unknown, defaulting to 1000 [ 312.002258][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 312.143044][T13001] lo speed is unknown, defaulting to 1000 [ 313.139858][T13018] FAULT_INJECTION: forcing a failure. [ 313.139858][T13018] name failslab, interval 1, probability 0, space 0, times 0 [ 313.162005][T13018] CPU: 0 UID: 0 PID: 13018 Comm: syz.0.2011 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 313.162032][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.162043][T13018] Call Trace: [ 313.162051][T13018] [ 313.162059][T13018] dump_stack_lvl+0x189/0x250 [ 313.162093][T13018] ? __pfx____ratelimit+0x10/0x10 [ 313.162114][T13018] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.162143][T13018] ? __pfx__printk+0x10/0x10 [ 313.162186][T13018] ? __pfx___might_resched+0x10/0x10 [ 313.162214][T13018] ? fs_reclaim_acquire+0x7d/0x100 [ 313.162242][T13018] should_fail_ex+0x414/0x560 [ 313.162271][T13018] should_failslab+0xa8/0x100 [ 313.162293][T13018] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 313.162325][T13018] ? __alloc_skb+0x112/0x2d0 [ 313.162354][T13018] __alloc_skb+0x112/0x2d0 [ 313.162383][T13018] tcp_stream_alloc_skb+0x3d/0x340 [ 313.162408][T13018] tcp_connect+0x1087/0x46f0 [ 313.162446][T13018] ? tcp_fastopen_defer_connect+0xf0/0x370 [ 313.162493][T13018] tcp_v6_connect+0x11f7/0x1870 [ 313.162528][T13018] ? __pfx_tcp_v6_connect+0x10/0x10 [ 313.162568][T13018] ? __local_bh_enable_ip+0x12d/0x1c0 [ 313.162613][T13018] ? mptcp_token_new_connect+0x55d/0x7b0 [ 313.162636][T13018] ? mptcp_token_new_connect+0x5f6/0x7b0 [ 313.162670][T13018] mptcp_connect+0x745/0xc10 [ 313.162700][T13018] __inet_stream_connect+0x295/0xf10 [ 313.162736][T13018] ? __pfx___inet_stream_connect+0x10/0x10 [ 313.162761][T13018] ? __kasan_kmalloc+0x93/0xb0 [ 313.162782][T13018] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 313.162801][T13018] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 313.162827][T13018] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 313.162857][T13018] mptcp_sendmsg_fastopen+0x17d/0x580 [ 313.162891][T13018] mptcp_sendmsg+0x176c/0x1970 [ 313.162915][T13018] ? __pfx___might_resched+0x10/0x10 [ 313.162945][T13018] ? __lock_acquire+0xab9/0xd20 [ 313.162992][T13018] ? aa_sk_perm+0x81e/0x950 [ 313.163016][T13018] ? is_bpf_text_address+0x26/0x2b0 [ 313.163051][T13018] ? __pfx_aa_sk_perm+0x10/0x10 [ 313.163072][T13018] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 313.163105][T13018] ? inet6_sendmsg+0x101/0x120 [ 313.163131][T13018] __sock_sendmsg+0xe5/0x270 [ 313.163157][T13018] ____sys_sendmsg+0x505/0x830 [ 313.163193][T13018] ? __pfx_____sys_sendmsg+0x10/0x10 [ 313.163233][T13018] ? import_iovec+0x74/0xa0 [ 313.163257][T13018] ___sys_sendmsg+0x21f/0x2a0 [ 313.163289][T13018] ? __pfx____sys_sendmsg+0x10/0x10 [ 313.163361][T13018] ? __fget_files+0x2a/0x420 [ 313.163383][T13018] ? __fget_files+0x3a0/0x420 [ 313.163418][T13018] __x64_sys_sendmsg+0x19b/0x260 [ 313.163451][T13018] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 313.163492][T13018] ? __pfx_ksys_write+0x10/0x10 [ 313.163521][T13018] ? rcu_is_watching+0x15/0xb0 [ 313.163558][T13018] ? do_syscall_64+0xbe/0x3b0 [ 313.163586][T13018] do_syscall_64+0xfa/0x3b0 [ 313.163615][T13018] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.163638][T13018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.163659][T13018] ? clear_bhb_loop+0x60/0xb0 [ 313.163684][T13018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.163704][T13018] RIP: 0033:0x7ffbc1b8e929 [ 313.163723][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.163741][T13018] RSP: 002b:00007ffbbf9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 313.163763][T13018] RAX: ffffffffffffffda RBX: 00007ffbc1db5fa0 RCX: 00007ffbc1b8e929 [ 313.163778][T13018] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 313.163792][T13018] RBP: 00007ffbbf9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 313.163805][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 313.163817][T13018] R13: 0000000000000000 R14: 00007ffbc1db5fa0 R15: 00007ffd82eecc48 [ 313.163850][T13018] [ 314.102926][T13031] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 314.864553][T13040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2016'. [ 315.428560][T13049] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2019'. [ 315.642983][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2020'. [ 315.751901][T13053] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2021'. [ 315.823427][T13053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2021'. [ 315.907039][T13057] FAULT_INJECTION: forcing a failure. [ 315.907039][T13057] name failslab, interval 1, probability 0, space 0, times 0 [ 315.982338][T13057] CPU: 1 UID: 0 PID: 13057 Comm: syz.3.2023 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 315.982368][T13057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.982382][T13057] Call Trace: [ 315.982390][T13057] [ 315.982400][T13057] dump_stack_lvl+0x189/0x250 [ 315.982437][T13057] ? __pfx____ratelimit+0x10/0x10 [ 315.982459][T13057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.982490][T13057] ? __pfx__printk+0x10/0x10 [ 315.982519][T13057] ? __pfx___might_resched+0x10/0x10 [ 315.982561][T13057] ? fs_reclaim_acquire+0x7d/0x100 [ 315.982590][T13057] should_fail_ex+0x414/0x560 [ 315.982619][T13057] should_failslab+0xa8/0x100 [ 315.982641][T13057] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 315.982672][T13057] ? __alloc_skb+0x112/0x2d0 [ 315.982702][T13057] __alloc_skb+0x112/0x2d0 [ 315.982730][T13057] tcp_stream_alloc_skb+0x3d/0x340 [ 315.982753][T13057] tcp_connect+0x1087/0x46f0 [ 315.982792][T13057] ? tcp_fastopen_defer_connect+0xf0/0x370 [ 315.982842][T13057] tcp_v6_connect+0x11f7/0x1870 [ 315.982879][T13057] ? __pfx_tcp_v6_connect+0x10/0x10 [ 315.982902][T13057] ? __local_bh_enable_ip+0x12d/0x1c0 [ 315.982940][T13057] ? mptcp_token_new_connect+0x55d/0x7b0 [ 315.982963][T13057] ? mptcp_token_new_connect+0x5f6/0x7b0 [ 315.982996][T13057] mptcp_connect+0x745/0xc10 [ 315.983024][T13057] __inet_stream_connect+0x295/0xf10 [ 315.983056][T13057] ? __pfx___inet_stream_connect+0x10/0x10 [ 315.983080][T13057] ? __kasan_kmalloc+0x93/0xb0 [ 315.983097][T13057] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 315.983114][T13057] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 315.983138][T13057] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 315.983173][T13057] mptcp_sendmsg_fastopen+0x17d/0x580 [ 315.983205][T13057] mptcp_sendmsg+0x176c/0x1970 [ 315.983227][T13057] ? __pfx___might_resched+0x10/0x10 [ 315.983255][T13057] ? trace_event_raw_event_bpf_trace_printk+0x187/0x260 [ 315.983286][T13057] ? __pfx_trace_event_raw_event_bpf_trace_printk+0x10/0x10 [ 315.983332][T13057] ? aa_sk_perm+0x81e/0x950 [ 315.983355][T13057] ? bpf_bprintf_cleanup+0x9f/0xd0 [ 315.983381][T13057] ? __pfx_aa_sk_perm+0x10/0x10 [ 315.983402][T13057] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 315.983433][T13057] ? inet6_sendmsg+0x101/0x120 [ 315.983457][T13057] __sock_sendmsg+0xe5/0x270 [ 315.983480][T13057] ____sys_sendmsg+0x505/0x830 [ 315.983513][T13057] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.983551][T13057] ? import_iovec+0x74/0xa0 [ 315.983574][T13057] ___sys_sendmsg+0x21f/0x2a0 [ 315.983604][T13057] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.983672][T13057] ? __fget_files+0x2a/0x420 [ 315.983692][T13057] ? __fget_files+0x3a0/0x420 [ 315.983724][T13057] __x64_sys_sendmsg+0x19b/0x260 [ 315.983755][T13057] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 315.983794][T13057] ? __pfx_ksys_write+0x10/0x10 [ 315.983821][T13057] ? rcu_is_watching+0x15/0xb0 [ 315.983856][T13057] ? do_syscall_64+0xbe/0x3b0 [ 315.983883][T13057] do_syscall_64+0xfa/0x3b0 [ 315.983904][T13057] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.983925][T13057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.983943][T13057] ? clear_bhb_loop+0x60/0xb0 [ 315.983967][T13057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.983986][T13057] RIP: 0033:0x7ff51378e929 [ 315.984003][T13057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.984021][T13057] RSP: 002b:00007ff51463f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.984059][T13057] RAX: ffffffffffffffda RBX: 00007ff5139b5fa0 RCX: 00007ff51378e929 [ 315.984074][T13057] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 315.984088][T13057] RBP: 00007ff51463f090 R08: 0000000000000000 R09: 0000000000000000 [ 315.984101][T13057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 315.984113][T13057] R13: 0000000000000000 R14: 00007ff5139b5fa0 R15: 00007ffd0448c5d8 [ 315.984153][T13057] [ 316.528660][T13061] netlink: 'syz.3.2024': attribute type 13 has an invalid length. [ 316.922102][T13071] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2026'. [ 316.968220][T13066] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2026'. [ 317.054942][T13078] bridge_slave_0: entered promiscuous mode [ 317.077590][T13076] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2027'. [ 317.132897][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.139221][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.174198][T13089] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2029'. [ 317.183962][T13090] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2029'. [ 317.192946][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.192964][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.294963][T13092] batadv_slave_1: entered promiscuous mode [ 317.460425][T13091] batadv_slave_1: left promiscuous mode [ 318.543440][T13120] lo speed is unknown, defaulting to 1000 [ 318.644751][T13125] FAULT_INJECTION: forcing a failure. [ 318.644751][T13125] name failslab, interval 1, probability 0, space 0, times 0 [ 318.692195][T13125] CPU: 1 UID: 0 PID: 13125 Comm: syz.2.2039 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 318.692225][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 318.692238][T13125] Call Trace: [ 318.692245][T13125] [ 318.692254][T13125] dump_stack_lvl+0x189/0x250 [ 318.692289][T13125] ? __pfx____ratelimit+0x10/0x10 [ 318.692312][T13125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.692342][T13125] ? __pfx__printk+0x10/0x10 [ 318.692369][T13125] ? __pfx___might_resched+0x10/0x10 [ 318.692398][T13125] ? fs_reclaim_acquire+0x7d/0x100 [ 318.692425][T13125] should_fail_ex+0x414/0x560 [ 318.692454][T13125] should_failslab+0xa8/0x100 [ 318.692477][T13125] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 318.692508][T13125] ? __alloc_skb+0x112/0x2d0 [ 318.692538][T13125] __alloc_skb+0x112/0x2d0 [ 318.692567][T13125] tcp_stream_alloc_skb+0x3d/0x340 [ 318.692592][T13125] tcp_connect+0x1087/0x46f0 [ 318.692630][T13125] ? tcp_fastopen_defer_connect+0xf0/0x370 [ 318.692678][T13125] tcp_v6_connect+0x11f7/0x1870 [ 318.692714][T13125] ? __pfx_tcp_v6_connect+0x10/0x10 [ 318.692737][T13125] ? __local_bh_enable_ip+0x12d/0x1c0 [ 318.692774][T13125] ? mptcp_token_new_connect+0x55d/0x7b0 [ 318.692796][T13125] ? mptcp_token_new_connect+0x5f6/0x7b0 [ 318.692828][T13125] mptcp_connect+0x745/0xc10 [ 318.692856][T13125] __inet_stream_connect+0x295/0xf10 [ 318.692891][T13125] ? __pfx___inet_stream_connect+0x10/0x10 [ 318.692914][T13125] ? __kasan_kmalloc+0x93/0xb0 [ 318.692934][T13125] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 318.692951][T13125] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 318.692976][T13125] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 318.693010][T13125] mptcp_sendmsg_fastopen+0x17d/0x580 [ 318.693044][T13125] mptcp_sendmsg+0x176c/0x1970 [ 318.693067][T13125] ? __pfx___might_resched+0x10/0x10 [ 318.693094][T13125] ? __lock_acquire+0xab9/0xd20 [ 318.693139][T13125] ? aa_sk_perm+0x81e/0x950 [ 318.693160][T13125] ? is_bpf_text_address+0x26/0x2b0 [ 318.693194][T13125] ? __pfx_aa_sk_perm+0x10/0x10 [ 318.693215][T13125] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 318.693266][T13125] ? inet6_sendmsg+0x101/0x120 [ 318.693290][T13125] __sock_sendmsg+0xe5/0x270 [ 318.693317][T13125] ____sys_sendmsg+0x505/0x830 [ 318.693353][T13125] ? __pfx_____sys_sendmsg+0x10/0x10 [ 318.693393][T13125] ? import_iovec+0x74/0xa0 [ 318.693417][T13125] ___sys_sendmsg+0x21f/0x2a0 [ 318.693450][T13125] ? __pfx____sys_sendmsg+0x10/0x10 [ 318.693520][T13125] ? __fget_files+0x2a/0x420 [ 318.693542][T13125] ? __fget_files+0x3a0/0x420 [ 318.693577][T13125] __x64_sys_sendmsg+0x19b/0x260 [ 318.693610][T13125] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 318.693652][T13125] ? __pfx_ksys_write+0x10/0x10 [ 318.693680][T13125] ? rcu_is_watching+0x15/0xb0 [ 318.693718][T13125] ? do_syscall_64+0xbe/0x3b0 [ 318.693747][T13125] do_syscall_64+0xfa/0x3b0 [ 318.693770][T13125] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.693791][T13125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.693812][T13125] ? clear_bhb_loop+0x60/0xb0 [ 318.693838][T13125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.693858][T13125] RIP: 0033:0x7f7bd3f8e929 [ 318.693890][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.693927][T13125] RSP: 002b:00007f7bd4e3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 318.693950][T13125] RAX: ffffffffffffffda RBX: 00007f7bd41b5fa0 RCX: 00007f7bd3f8e929 [ 318.693965][T13125] RDX: 0000000020008055 RSI: 0000200000000780 RDI: 0000000000000003 [ 318.693979][T13125] RBP: 00007f7bd4e3b090 R08: 0000000000000000 R09: 0000000000000000 [ 318.694001][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 318.694014][T13125] R13: 0000000000000000 R14: 00007f7bd41b5fa0 R15: 00007ffe9daf9da8 [ 318.694048][T13125] [ 319.279366][T13131] netlink: 'syz.2.2042': attribute type 2 has an invalid length. [ 319.302533][T13131] netlink: 'syz.2.2042': attribute type 1 has an invalid length. [ 319.635603][T13141] vxcan0: entered promiscuous mode [ 319.717647][T13143] erspan0: entered promiscuous mode [ 319.729213][T13143] macvlan3: entered promiscuous mode [ 319.740537][T13143] macvlan3: entered allmulticast mode [ 319.755150][T13143] erspan0: entered allmulticast mode [ 319.877261][T13155] __nla_validate_parse: 7 callbacks suppressed [ 319.877280][T13155] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2047'. [ 320.072752][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2048'. [ 320.112536][T13160] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2048'. [ 320.361592][T13164] lo speed is unknown, defaulting to 1000 [ 320.479737][T13165] xt_CT: No such helper "syz1" [ 320.780620][T13178] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 320.972150][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 320.991396][T13182] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2055'. [ 321.821649][T13204] netlink: 'syz.2.2063': attribute type 1 has an invalid length. [ 322.057996][T13213] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2067'. [ 322.107175][T13217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2068'. [ 322.213289][T13219] lo speed is unknown, defaulting to 1000 [ 322.435634][T13235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2072'. [ 322.480937][T13235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2072'. [ 322.515397][T13235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2072'. [ 322.568574][T13241] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2072'. [ 322.677793][T13243] pim6reg: entered allmulticast mode [ 322.695043][T13243] pim6reg: left allmulticast mode [ 323.083499][T13262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 323.692819][T13272] syz.4.2082: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 323.742257][T13272] CPU: 1 UID: 0 PID: 13272 Comm: syz.4.2082 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 323.742290][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.742305][T13272] Call Trace: [ 323.742314][T13272] [ 323.742323][T13272] dump_stack_lvl+0x189/0x250 [ 323.742367][T13272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.742402][T13272] ? __pfx__printk+0x10/0x10 [ 323.742428][T13272] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 323.742479][T13272] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 323.742507][T13272] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 323.742535][T13272] warn_alloc+0x214/0x310 [ 323.742561][T13272] ? stack_depot_save_flags+0x40/0x900 [ 323.742605][T13272] ? __pfx_warn_alloc+0x10/0x10 [ 323.742636][T13272] ? kasan_save_track+0x4f/0x80 [ 323.742668][T13272] ? xskq_create+0x56/0x170 [ 323.742689][T13272] ? xsk_init_queue+0xb0/0x110 [ 323.742707][T13272] ? xsk_setsockopt+0x43f/0x710 [ 323.742725][T13272] ? do_sock_setsockopt+0x25a/0x3e0 [ 323.742751][T13272] ? __x64_sys_setsockopt+0x18b/0x220 [ 323.742778][T13272] ? do_syscall_64+0xfa/0x3b0 [ 323.742813][T13272] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.742842][T13272] __vmalloc_node_range_noprof+0x125/0x12f0 [ 323.742896][T13272] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 323.742925][T13272] ? __kasan_kmalloc+0x93/0xb0 [ 323.742947][T13272] vmalloc_user_noprof+0xad/0xf0 [ 323.742968][T13272] ? xskq_create+0xbf/0x170 [ 323.742990][T13272] xskq_create+0xbf/0x170 [ 323.743014][T13272] xsk_init_queue+0xb0/0x110 [ 323.743038][T13272] xsk_setsockopt+0x43f/0x710 [ 323.743061][T13272] ? __pfx_xsk_setsockopt+0x10/0x10 [ 323.743079][T13272] ? __lock_acquire+0xab9/0xd20 [ 323.743117][T13272] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 323.743142][T13272] ? __pfx_xsk_setsockopt+0x10/0x10 [ 323.743163][T13272] do_sock_setsockopt+0x25a/0x3e0 [ 323.743194][T13272] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 323.743226][T13272] ? __fget_files+0x2a/0x420 [ 323.743256][T13272] __x64_sys_setsockopt+0x18b/0x220 [ 323.743291][T13272] do_syscall_64+0xfa/0x3b0 [ 323.743312][T13272] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.743334][T13272] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.743353][T13272] ? clear_bhb_loop+0x60/0xb0 [ 323.743378][T13272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.743397][T13272] RIP: 0033:0x7fb21558e929 [ 323.743414][T13272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.743432][T13272] RSP: 002b:00007fb2163ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 323.743453][T13272] RAX: ffffffffffffffda RBX: 00007fb2157b5fa0 RCX: 00007fb21558e929 [ 323.743468][T13272] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 323.743486][T13272] RBP: 00007fb215610b39 R08: 0000000000000004 R09: 0000000000000000 [ 323.743498][T13272] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.743511][T13272] R13: 0000000000000000 R14: 00007fb2157b5fa0 R15: 00007ffc2408b8d8 [ 323.743543][T13272] [ 323.745559][T13272] Mem-Info: [ 324.119014][T13272] active_anon:3680 inactive_anon:0 isolated_anon:0 [ 324.119014][T13272] active_file:1653 inactive_file:39927 isolated_file:0 [ 324.119014][T13272] unevictable:768 dirty:171 writeback:0 [ 324.119014][T13272] slab_reclaimable:12406 slab_unreclaimable:168610 [ 324.119014][T13272] mapped:30187 shmem:1424 pagetables:982 [ 324.119014][T13272] sec_pagetables:0 bounce:0 [ 324.119014][T13272] kernel_misc_reclaimable:0 [ 324.119014][T13272] free:1255504 free_pcp:12668 free_cma:0 [ 324.184283][T13272] Node 0 active_anon:14720kB inactive_anon:0kB active_file:6612kB inactive_file:159508kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120748kB dirty:684kB writeback:0kB shmem:4160kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12672kB pagetables:3576kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 324.232206][T13272] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 324.274587][T13272] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 324.314069][T13272] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 324.320392][T13272] Node 0 DMA32 free:1102428kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14876kB inactive_anon:0kB active_file:6612kB inactive_file:157672kB unevictable:1536kB writepending:684kB present:3129332kB managed:2560932kB mlocked:0kB bounce:0kB free_pcp:33824kB local_pcp:16136kB free_cma:0kB [ 324.359281][T13272] lowmem_reserve[]: 0 0 1 1 1 [ 324.365247][T13272] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1836kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 324.457179][T13294] netlink: 'syz.1.2086': attribute type 3 has an invalid length. [ 324.517212][T13272] lowmem_reserve[]: 0 0 0 0 0 [ 324.558829][T13272] Node 1 Normal free:3903640kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17760kB local_pcp:6496kB free_cma:0kB [ 324.593260][T13272] lowmem_reserve[]: 0 0 0 0 0 [ 324.598055][T13272] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 324.651388][T13272] Node 0 DMA32: 728*4kB (UM) 721*8kB (UM) 280*16kB (UM) 483*32kB (UM) 225*64kB (UME) 93*128kB (UM) 99*256kB (UM) 39*512kB (UM) 39*1024kB (UME) 6*2048kB (UM) 232*4096kB (M) = 1102728kB [ 324.670919][T13272] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 324.683765][T13272] Node 1 Normal: 196*4kB (UME) 45*8kB (UME) 42*16kB (UME) 138*32kB (UME) 47*64kB (UME) 7*128kB (UME) 3*256kB (ME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (UM) = 3903640kB [ 324.703005][T13272] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 324.713280][T13272] Node 0 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 324.728105][T13272] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 324.748921][T13272] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 324.758765][T13272] 43001 total pagecache pages [ 324.768480][T13272] 0 pages in swap cache [ 324.773570][ T30] audit: type=1800 audit(1751181812.894:5): pid=13304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2090" name="memory.events" dev="tmpfs" ino=2322 res=0 errno=0 [ 324.773884][T13272] Free swap = 124996kB [ 324.805917][T13272] Total swap = 124996kB [ 324.810221][T13272] 2097051 pages RAM [ 324.816591][T13272] 0 pages HighMem/MovableOnly [ 324.821305][T13272] 424712 pages reserved [ 324.829683][T13272] 0 pages cma reserved [ 324.830717][ T30] audit: type=1804 audit(1751181812.924:6): pid=13304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2090" name="/newroot/453/memory.events" dev="tmpfs" ino=2322 res=1 errno=0 [ 324.891054][T13307] __nla_validate_parse: 2 callbacks suppressed [ 324.891073][T13307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2091'. [ 325.016398][T13311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2092'. [ 325.062395][T13311] openvswitch: netlink: nsh attr 12 is out of range max 3 [ 325.075198][T13311] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 325.147124][T13316] wireguard0: entered allmulticast mode [ 325.175984][T13316] xt_hashlimit: invalid rate [ 325.276970][T13325] lo speed is unknown, defaulting to 1000 [ 325.435184][T13334] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2101'. [ 325.747906][T13358] netlink: 'syz.1.2104': attribute type 10 has an invalid length. [ 325.783233][T13358] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2104'. [ 325.853750][T13358] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 325.896324][T13360] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2106'. [ 326.061835][T13321] lo speed is unknown, defaulting to 1000 [ 326.105648][T13366] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2108'. [ 326.188109][T13370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2097'. [ 326.213401][T13366] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2108'. [ 326.231246][T13370] netlink: 'syz.2.2097': attribute type 6 has an invalid length. [ 326.536196][T13382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2109'. [ 326.921622][T13397] netlink: 'syz.3.2113': attribute type 13 has an invalid length. [ 326.931666][T13397] netlink: 'syz.3.2113': attribute type 17 has an invalid length. [ 326.962187][T13397] netlink: 'syz.3.2113': attribute type 27 has an invalid length. [ 327.200339][T13409] IPVS: set_ctl: invalid protocol: 43 172.20.20.187:20001 [ 327.207910][T13410] IPVS: set_ctl: invalid protocol: 43 172.20.20.187:20001 [ 327.387083][T13420] lo speed is unknown, defaulting to 1000 [ 327.480856][T13422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 327.544500][T13423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 327.612436][T13422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 327.864506][T13418] lo speed is unknown, defaulting to 1000 [ 327.900022][T13421] netlink: 'syz.4.2120': attribute type 6 has an invalid length. [ 330.105692][T13445] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2126'. [ 330.188679][T13445] vlan4: entered promiscuous mode [ 330.213034][T13445] gretap0: entered promiscuous mode [ 330.303820][T13454] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2129'. [ 330.313606][T13454] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2129'. [ 330.330730][T13454] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2129'. [ 330.370927][T13454] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2129'. [ 330.434992][T13457] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2130'. [ 330.454774][T13457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2130'. [ 330.475756][T13457] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2130'. [ 330.514567][T13457] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2130'. [ 330.951740][T13487] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2139'. [ 331.029340][T13492] veth0_to_hsr: entered promiscuous mode [ 331.052295][T13492] veth0_to_hsr: entered allmulticast mode [ 331.368213][T13508] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 331.389187][T13508] batman_adv: batadv0: Adding interface: ip6gretap2 [ 331.398947][T13508] batman_adv: batadv0: The MTU of interface ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.429144][T13508] batman_adv: batadv0: Interface activated: ip6gretap2 [ 331.513198][T13511] pim6reg1: entered promiscuous mode [ 331.531452][T13511] pim6reg1: entered allmulticast mode [ 331.550354][T13507] lo speed is unknown, defaulting to 1000 [ 331.593736][T13514] netlink: 'syz.4.2148': attribute type 10 has an invalid length. [ 331.688463][T13514] geneve0: entered promiscuous mode [ 331.713787][T13514] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 331.745383][T13514] team0: Failed to send options change via netlink (err -105) [ 331.762049][T13514] team0: Port device geneve0 added [ 332.287932][T13548] xt_CT: You must specify a L4 protocol and not use inversions on it [ 332.648199][T13561] lo speed is unknown, defaulting to 1000 [ 332.734389][T13565] netlink: 'syz.1.2164': attribute type 10 has an invalid length. [ 332.757063][T13565] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 333.481356][T13583] netlink: 'syz.3.2170': attribute type 2 has an invalid length. [ 333.505043][T13583] netlink: 'syz.3.2170': attribute type 1 has an invalid length. [ 333.669945][T13595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.764973][T13595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.841602][T13600] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 333.851590][T13598] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 333.891418][T13602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 334.176594][T13592] lo speed is unknown, defaulting to 1000 [ 334.290185][T13613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 334.337975][T13615] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 334.463497][T13617] netlink: 'syz.1.2179': attribute type 9 has an invalid length. [ 334.591670][T13622] netlink: 'syz.1.2180': attribute type 1 has an invalid length. [ 334.781150][T13622] 8021q: adding VLAN 0 to HW filter on device bond5 [ 335.180957][T13631] lo speed is unknown, defaulting to 1000 [ 335.291187][T13638] netlink: 'syz.1.2184': attribute type 178 has an invalid length. [ 335.418877][T13635] syzkaller1: entered promiscuous mode [ 335.437701][T13635] syzkaller1: entered allmulticast mode [ 335.791570][T13650] sctp: [Deprecated]: syz.1.2187 (pid 13650) Use of int in maxseg socket option. [ 335.791570][T13650] Use struct sctp_assoc_value instead [ 336.017668][T13653] __nla_validate_parse: 11 callbacks suppressed [ 336.017687][T13653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2188'. [ 336.204398][T13655] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2189'. [ 336.226279][T13655] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2189'. [ 336.236255][T13655] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2189'. [ 336.261092][T13655] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2189'. [ 336.574835][T13663] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2191'. [ 336.627762][T13666] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2191'. [ 336.956492][T13676] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 337.092605][T13682] Cannot find set identified by id 2 to match [ 337.312874][T13689] tipc: Started in network mode [ 337.317815][T13689] tipc: Node identity 3e79d235de42, cluster identity 4711 [ 337.325227][T13689] tipc: Enabled bearer , priority 0 [ 337.499486][T13700] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2202'. [ 337.526451][T13700] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2202'. [ 337.542667][T13689] syzkaller0: entered promiscuous mode [ 337.548393][T13689] syzkaller0: entered allmulticast mode [ 337.554658][T13700] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2202'. [ 337.564642][T13689] tipc: Resetting bearer [ 337.628810][T13702] netlink: 'syz.2.2203': attribute type 1 has an invalid length. [ 337.658306][T13688] tipc: Resetting bearer [ 338.382150][T12450] tipc: Node number set to 3762016821 [ 339.822968][T13688] tipc: Disabling bearer [ 339.957528][T13727] geneve2: entered promiscuous mode [ 339.978209][ T30] audit: type=1804 audit(1751181828.094:7): pid=13728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2210" name="/newroot/449/cgroup.controllers" dev="tmpfs" ino=2312 res=1 errno=0 [ 339.988878][T13730] sctp: [Deprecated]: syz.1.2211 (pid 13730) Use of struct sctp_assoc_value in delayed_ack socket option. [ 339.988878][T13730] Use struct sctp_sack_info instead [ 340.067707][ T30] audit: type=1800 audit(1751181828.124:8): pid=13728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2210" name="cgroup.controllers" dev="tmpfs" ino=2312 res=0 errno=0 [ 340.579024][T13759] lo speed is unknown, defaulting to 1000 [ 340.707770][ T1159] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.767323][ T1159] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.791122][ T1159] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.876188][T13739] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode [ 341.177380][ T30] audit: type=1107 audit(1751181829.294:9): pid=13778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1d]:xJP@cd$JnyO^D#z' [ 341.309127][T13772] lo speed is unknown, defaulting to 1000 [ 341.714739][T13767] mpoa:mpoad_close: () going down [ 341.739897][T13779] lo speed is unknown, defaulting to 1000 [ 342.402786][T13802] __nla_validate_parse: 14 callbacks suppressed [ 342.402806][T13802] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2230'. [ 342.423531][T13802] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2230'. [ 342.471371][T13802] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2230'. [ 342.482943][T13802] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2230'. [ 342.616356][T13805] lo speed is unknown, defaulting to 1000 [ 342.662848][T13810] tap0: tun_chr_ioctl cmd 35111 [ 342.671138][T13810] tap0: tun_chr_ioctl cmd 2184212994 [ 342.678453][T13810] netlink: 'syz.4.2232': attribute type 1 has an invalid length. [ 342.689893][T13810] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2232'. [ 342.775234][T13766] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.879553][T13766] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.971405][T13818] netlink: 'syz.4.2234': attribute type 1 has an invalid length. [ 343.008524][T13766] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 343.167755][ T1159] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 343.190427][T13824] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2235'. [ 343.228917][ T1147] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 343.326527][ T1159] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 343.460993][ T1147] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 343.568438][T13831] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 343.644105][T13828] lo speed is unknown, defaulting to 1000 [ 343.742720][T13838] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.2239'. [ 344.087149][T13850] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2242'. [ 344.113213][T13850] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2242'. [ 344.126131][T13850] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2242'. [ 345.282187][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 348.017471][T13874] __nla_validate_parse: 1 callbacks suppressed [ 348.017490][T13874] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2248'. [ 348.102096][T13874] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2248'. [ 348.145682][T13874] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 348.164914][T13874] gretap2: entered promiscuous mode [ 348.185055][T13874] gretap2: entered allmulticast mode [ 348.238193][T13889] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2256'. [ 348.255784][T13889] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2256'. [ 348.314134][T13889] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2256'. [ 348.349514][T13889] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2256'. [ 348.380320][T13893] netlink: 'syz.1.2254': attribute type 10 has an invalid length. [ 348.418347][T13893] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 348.440022][T13903] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2258'. [ 348.527259][T13907] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2259'. [ 348.647876][T13914] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2261'. [ 349.347867][T13960] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2271'. [ 349.757582][T13970] lo speed is unknown, defaulting to 1000 [ 350.791562][T14039] netlink: 'syz.3.2293': attribute type 1 has an invalid length. [ 350.882218][T14039] 8021q: adding VLAN 0 to HW filter on device bond4 [ 351.152545][T14027] syz.0.2273: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 351.170553][T14027] CPU: 1 UID: 0 PID: 14027 Comm: syz.0.2273 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 351.170582][T14027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 351.170595][T14027] Call Trace: [ 351.170604][T14027] [ 351.170612][T14027] dump_stack_lvl+0x189/0x250 [ 351.170650][T14027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.170680][T14027] ? __pfx__printk+0x10/0x10 [ 351.170702][T14027] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 351.170723][T14027] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 351.170747][T14027] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 351.170772][T14027] warn_alloc+0x214/0x310 [ 351.170802][T14027] ? __pfx_warn_alloc+0x10/0x10 [ 351.170836][T14027] ? __get_vm_area_node+0x28f/0x300 [ 351.170857][T14027] ? __do_replace+0xb4/0xaa0 [ 351.170890][T14027] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 351.170911][T14027] ? stack_depot_save_flags+0x40/0x900 [ 351.170959][T14027] ? translate_table+0x1b4d/0x1f90 [ 351.170990][T14027] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 351.171018][T14027] ? __do_replace+0xb4/0xaa0 [ 351.171070][T14027] vzalloc_noprof+0xb2/0xf0 [ 351.171108][T14027] ? __do_replace+0xb4/0xaa0 [ 351.171141][T14027] __do_replace+0xb4/0xaa0 [ 351.171177][T14027] ? __pfx_translate_table+0x10/0x10 [ 351.171214][T14027] ? __pfx___do_replace+0x10/0x10 [ 351.171263][T14027] ? _copy_from_user+0x94/0xb0 [ 351.171288][T14027] do_arpt_set_ctl+0xa2a/0xf10 [ 351.171326][T14027] ? __mutex_trylock_common+0x153/0x260 [ 351.171353][T14027] ? __pfx_do_arpt_set_ctl+0x10/0x10 [ 351.171391][T14027] ? rcu_is_watching+0x15/0xb0 [ 351.171443][T14027] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 351.171475][T14027] ? __pfx___mutex_lock+0x10/0x10 [ 351.171493][T14027] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 351.171510][T14027] ? aa_sk_perm+0x81e/0x950 [ 351.171532][T14027] ? __pfx_aa_sk_perm+0x10/0x10 [ 351.171554][T14027] nf_setsockopt+0x26f/0x290 [ 351.171578][T14027] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 351.171598][T14027] do_sock_setsockopt+0x25a/0x3e0 [ 351.171621][T14027] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 351.171646][T14027] ? __fget_files+0x2a/0x420 [ 351.171669][T14027] __x64_sys_setsockopt+0x18b/0x220 [ 351.171695][T14027] do_syscall_64+0xfa/0x3b0 [ 351.171713][T14027] ? lockdep_hardirqs_on+0x9c/0x150 [ 351.171729][T14027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.171744][T14027] ? clear_bhb_loop+0x60/0xb0 [ 351.171763][T14027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.171777][T14027] RIP: 0033:0x7ffbc1b8e929 [ 351.171791][T14027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.171805][T14027] RSP: 002b:00007ffbbf591038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 351.171821][T14027] RAX: ffffffffffffffda RBX: 00007ffbc1db6240 RCX: 00007ffbc1b8e929 [ 351.171833][T14027] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003 [ 351.171842][T14027] RBP: 00007ffbc1c10b39 R08: 0000000000000068 R09: 0000000000000000 [ 351.171851][T14027] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 351.171861][T14027] R13: 0000000000000000 R14: 00007ffbc1db6240 R15: 00007ffd82eecc48 [ 351.171884][T14027] [ 351.490126][T14027] Mem-Info: [ 351.493351][T14027] active_anon:6515 inactive_anon:0 isolated_anon:0 [ 351.493351][T14027] active_file:1653 inactive_file:39937 isolated_file:0 [ 351.493351][T14027] unevictable:768 dirty:117 writeback:0 [ 351.493351][T14027] slab_reclaimable:12526 slab_unreclaimable:174565 [ 351.493351][T14027] mapped:33941 shmem:4243 pagetables:942 [ 351.493351][T14027] sec_pagetables:0 bounce:0 [ 351.493351][T14027] kernel_misc_reclaimable:0 [ 351.493351][T14027] free:1237252 free_pcp:13677 free_cma:0 [ 351.539135][T14027] Node 0 active_anon:26060kB inactive_anon:0kB active_file:6612kB inactive_file:159548kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135764kB dirty:468kB writeback:0kB shmem:15436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12708kB pagetables:3616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 351.572892][T14027] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 351.604682][T14027] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 351.633862][T14027] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 351.639815][T14027] Node 0 DMA32 free:1030004kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26016kB inactive_anon:0kB active_file:6612kB inactive_file:157712kB unevictable:1536kB writepending:468kB present:3129332kB managed:2560932kB mlocked:0kB bounce:0kB free_pcp:36908kB local_pcp:21252kB free_cma:0kB [ 351.672452][T14027] lowmem_reserve[]: 0 0 1 1 1 [ 351.677200][T14027] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1836kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 351.706823][T14027] lowmem_reserve[]: 0 0 0 0 0 [ 351.711594][T14027] Node 1 Normal free:3903640kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17760kB local_pcp:11264kB free_cma:0kB [ 351.743451][T14027] lowmem_reserve[]: 0 0 0 0 0 [ 351.748212][T14027] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 351.760956][T14027] Node 0 DMA32: 402*4kB (M) 438*8kB (UM) 139*16kB (M) 102*32kB (UME) 46*64kB (UME) 37*128kB (M) 62*256kB (UM) 29*512kB (UME) 36*1024kB (UM) 5*2048kB (UM) 228*4096kB (UM) = 1029992kB [ 351.780222][T14027] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 351.792211][T14027] Node 1 Normal: 196*4kB (UME) 45*8kB (UME) 42*16kB (UME) 138*32kB (UME) 47*64kB (UME) 7*128kB (UME) 3*256kB (ME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (UM) = 3903640kB [ 351.810720][T14027] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 351.820352][T14027] Node 0 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 351.832200][T14027] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 351.862928][T14027] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 351.888689][T14027] 45830 total pagecache pages [ 351.909040][T14027] 0 pages in swap cache [ 351.958353][T14027] Free swap = 124996kB [ 351.966294][T14027] Total swap = 124996kB [ 351.975377][T14059] netlink: 'syz.1.2296': attribute type 83 has an invalid length. [ 351.982072][T14027] 2097051 pages RAM [ 351.987027][T14027] 0 pages HighMem/MovableOnly [ 352.008756][T14027] 424712 pages reserved [ 352.010513][T14050] bridge0: port 4(gretap0) entered blocking state [ 352.019606][T14050] bridge0: port 4(gretap0) entered forwarding state [ 352.030961][T14027] 0 pages cma reserved [ 352.088061][T14050] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 352.157076][T14059] erspan0: left promiscuous mode [ 352.173234][ T5951] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 352.232443][T14059] macvlan0: left promiscuous mode [ 352.241069][T14059] netlink: 'syz.1.2296': attribute type 1 has an invalid length. [ 352.292509][T14059] netlink: 'syz.1.2296': attribute type 2 has an invalid length. [ 352.621612][T14066] lo speed is unknown, defaulting to 1000 [ 352.777898][T14080] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 352.864653][T14080] veth1_to_bond: entered allmulticast mode [ 352.871568][T14080] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 352.884204][ T5951] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 352.909160][T14079] veth1_to_bond: left allmulticast mode [ 353.004713][T14085] netlink: 'syz.4.2305': attribute type 1 has an invalid length. [ 353.023892][T14085] __nla_validate_parse: 13 callbacks suppressed [ 353.023911][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.065775][T14085] netlink: 'syz.4.2305': attribute type 1 has an invalid length. [ 353.089215][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.106634][T14085] netlink: 'syz.4.2305': attribute type 1 has an invalid length. [ 353.117397][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.130834][T14085] netlink: 'syz.4.2305': attribute type 1 has an invalid length. [ 353.144625][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.156499][T14085] netlink: 'syz.4.2305': attribute type 1 has an invalid length. [ 353.166221][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.178181][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.187788][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.207887][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.223500][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.237982][T14085] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2305'. [ 353.290457][T14075] lo speed is unknown, defaulting to 1000 [ 353.468914][T14102] erspan0: entered promiscuous mode [ 353.492159][T14102] macvtap2: entered promiscuous mode [ 353.502208][T14102] macvtap2: entered allmulticast mode [ 353.507607][T14102] erspan0: entered allmulticast mode [ 353.642629][ T36] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 354.132582][ T9607] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 354.882196][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 354.986429][T14167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.017834][T14167] validate_nla: 75 callbacks suppressed [ 355.017854][T14167] netlink: 'syz.1.2326': attribute type 21 has an invalid length. [ 355.072179][T14167] netlink: 'syz.1.2326': attribute type 6 has an invalid length. [ 355.149559][T14162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.707601][T14186] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 355.755500][T14191] ieee802154 phy0 wpan0: encryption failed: -22 [ 356.688376][T14236] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 357.059011][T14254] lo speed is unknown, defaulting to 1000 [ 357.070821][T14256] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 357.525820][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 357.991621][T14274] pim6reg: entered allmulticast mode [ 358.147261][T14286] __nla_validate_parse: 85 callbacks suppressed [ 358.147280][T14286] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2366'. [ 358.183506][T14286] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2366'. [ 358.202677][T14286] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2366'. [ 358.226856][T14286] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2366'. [ 358.268526][T14289] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2356'. [ 358.430054][T14257] lo speed is unknown, defaulting to 1000 [ 358.471354][T14295] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 358.494101][T14289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2356'. [ 358.507105][T14289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2356'. [ 358.590275][T14289] netlink: 'syz.2.2356': attribute type 12 has an invalid length. [ 358.684773][T14305] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2371'. [ 359.397883][T14319] vlan2: entered promiscuous mode [ 359.412192][T14319] bridge0: entered promiscuous mode [ 359.473006][T14324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2377'. [ 359.485362][T14329] netlink: 'syz.1.2378': attribute type 10 has an invalid length. [ 359.609705][T14331] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2379'. [ 359.653570][T14334] x_tables: duplicate underflow at hook 1 [ 360.528250][T14382] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 360.898831][T14399] netlink: 'syz.0.2396': attribute type 1 has an invalid length. [ 361.007716][T14401] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 361.325071][T14420] tipc: Enabled bearer , priority 10 [ 361.595967][T14430] macsec2: entered promiscuous mode [ 361.601216][T14430] bond0: entered promiscuous mode [ 361.635484][T14430] bond0: left promiscuous mode [ 361.746248][T14435] tipc: Enabling of bearer rejected, failed to enable media [ 362.355245][ T9607] tipc: Node number set to 4285857792 [ 363.878500][T14527] __nla_validate_parse: 14 callbacks suppressed [ 363.878519][T14527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2437'. [ 363.916418][T14527] bond0: (slave bridge_slave_1): Releasing backup interface [ 365.359405][T14576] IPv6: Can't replace route, no match found [ 365.645636][T14588] xt_CT: You must specify a L4 protocol and not use inversions on it [ 365.797502][T14594] netlink: 'syz.0.2456': attribute type 2 has an invalid length. [ 365.833277][T14594] : entered promiscuous mode [ 366.596954][T14621] netlink: 'syz.2.2464': attribute type 1 has an invalid length. [ 366.654242][T14621] pim6reg: entered allmulticast mode [ 366.776635][T14633] pim6reg: left allmulticast mode [ 366.824694][T14642] netlink: 'syz.3.2468': attribute type 10 has an invalid length. [ 366.923322][T14632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2467'. [ 366.947070][T14642] dummy0: left allmulticast mode [ 366.973336][T14642] dummy0: left promiscuous mode [ 366.978603][T14642] bridge0: port 3(dummy0) entered disabled state [ 367.654214][T14682] netlink: 'syz.3.2476': attribute type 3 has an invalid length. [ 367.685135][T14682] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2476'. [ 367.708849][T14688] tipc: Enabled bearer , priority 10 [ 367.873403][T14688] tipc: Resetting bearer [ 367.943635][T14685] tipc: Resetting bearer [ 367.957675][T14699] netlink: 'syz.3.2481': attribute type 15 has an invalid length. [ 369.444653][T14685] tipc: Disabling bearer [ 369.454468][T14699] netlink: 'syz.3.2481': attribute type 3 has an invalid length. [ 369.462611][T14699] netlink: 'syz.3.2481': attribute type 3 has an invalid length. [ 369.531669][T14720] netlink: 'syz.2.2484': attribute type 1 has an invalid length. [ 369.540791][T14720] netlink: 16179 bytes leftover after parsing attributes in process `syz.2.2484'. [ 369.622708][T14722] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2484'. [ 369.748806][T14729] netlink: 'syz.3.2487': attribute type 34 has an invalid length. [ 369.820966][T14732] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2488'. [ 369.836186][T14732] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2488'. [ 369.852798][T14732] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2488'. [ 369.870030][T14725] x_tables: duplicate underflow at hook 3 [ 369.881128][T14732] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2488'. [ 369.986355][T14738] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2490'. [ 370.007448][T14734] lo speed is unknown, defaulting to 1000 [ 370.023785][T14738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2490'. [ 370.024972][T14736] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2490'. [ 370.196754][T14748] dvmrp0: entered allmulticast mode [ 370.315155][T14758] pim6reg1: entered promiscuous mode [ 370.329562][T14758] pim6reg1: entered allmulticast mode [ 371.204013][T14791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2507'. [ 371.586772][T14805] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 374.371490][T14906] lo speed is unknown, defaulting to 1000 [ 374.669313][T14916] syzkaller0: entered promiscuous mode [ 374.678876][T14916] syzkaller0: entered allmulticast mode [ 376.989594][T14954] wireguard2: entered promiscuous mode [ 377.009898][T14954] wireguard2: entered allmulticast mode [ 377.636201][T14976] __nla_validate_parse: 117 callbacks suppressed [ 377.636222][T14976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2579'. [ 378.399610][T14981] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2585'. [ 378.458885][T14986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2586'. [ 378.568496][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.034356][T15008] ================================================================== [ 379.042454][T15008] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 379.050363][T15008] Read of size 8 at addr ffff88807e50bd30 by task syz.0.2597/15008 [ 379.058245][T15008] [ 379.060578][T15008] CPU: 1 UID: 0 PID: 15008 Comm: syz.0.2597 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 379.060601][T15008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 379.060612][T15008] Call Trace: [ 379.060618][T15008] [ 379.060627][T15008] dump_stack_lvl+0x189/0x250 [ 379.060654][T15008] ? __virt_addr_valid+0x1c8/0x5c0 [ 379.060670][T15008] ? rcu_is_watching+0x15/0xb0 [ 379.060694][T15008] ? __kasan_check_byte+0x12/0x40 [ 379.060710][T15008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.060735][T15008] ? rcu_is_watching+0x15/0xb0 [ 379.060759][T15008] ? lock_release+0x4b/0x3e0 [ 379.060783][T15008] ? __virt_addr_valid+0x1c8/0x5c0 [ 379.060810][T15008] ? __virt_addr_valid+0x4a5/0x5c0 [ 379.060825][T15008] print_report+0xd2/0x2b0 [ 379.060845][T15008] ? pause_parse_request+0x40/0x160 [ 379.060860][T15008] kasan_report+0x118/0x150 [ 379.060880][T15008] ? pause_parse_request+0x40/0x160 [ 379.060899][T15008] ? __pfx_pause_parse_request+0x10/0x10 [ 379.060915][T15008] pause_parse_request+0x40/0x160 [ 379.060932][T15008] ? __pfx_pause_parse_request+0x10/0x10 [ 379.060948][T15008] ethnl_default_set_doit+0x2be/0xa40 [ 379.060970][T15008] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 379.060997][T15008] genl_family_rcv_msg_doit+0x212/0x300 [ 379.061023][T15008] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 379.061051][T15008] ? bpf_lsm_capable+0x9/0x20 [ 379.061064][T15008] ? security_capable+0x7e/0x2e0 [ 379.061084][T15008] genl_rcv_msg+0x60e/0x790 [ 379.061108][T15008] ? __pfx_genl_rcv_msg+0x10/0x10 [ 379.061129][T15008] ? ref_tracker_free+0x63a/0x7d0 [ 379.061149][T15008] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 379.061170][T15008] ? __pfx_ref_tracker_free+0x10/0x10 [ 379.061194][T15008] netlink_rcv_skb+0x208/0x470 [ 379.061213][T15008] ? __pfx_genl_rcv_msg+0x10/0x10 [ 379.061236][T15008] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 379.061259][T15008] ? down_read+0x1ad/0x2e0 [ 379.061279][T15008] genl_rcv+0x28/0x40 [ 379.061300][T15008] netlink_unicast+0x75b/0x8d0 [ 379.061319][T15008] netlink_sendmsg+0x805/0xb30 [ 379.061341][T15008] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.061361][T15008] ? aa_sock_msg_perm+0x94/0x160 [ 379.061379][T15008] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 379.061398][T15008] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.061416][T15008] __sock_sendmsg+0x219/0x270 [ 379.061450][T15008] ____sys_sendmsg+0x505/0x830 [ 379.061475][T15008] ? __pfx_____sys_sendmsg+0x10/0x10 [ 379.061501][T15008] ? import_iovec+0x74/0xa0 [ 379.061516][T15008] ___sys_sendmsg+0x21f/0x2a0 [ 379.061539][T15008] ? __pfx____sys_sendmsg+0x10/0x10 [ 379.061576][T15008] ? __fget_files+0x2a/0x420 [ 379.061592][T15008] ? __fget_files+0x3a0/0x420 [ 379.061613][T15008] __x64_sys_sendmsg+0x19b/0x260 [ 379.061638][T15008] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 379.061665][T15008] ? rcu_is_watching+0x15/0xb0 [ 379.061691][T15008] ? do_syscall_64+0xbe/0x3b0 [ 379.061712][T15008] do_syscall_64+0xfa/0x3b0 [ 379.061729][T15008] ? lockdep_hardirqs_on+0x9c/0x150 [ 379.061746][T15008] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.061762][T15008] ? clear_bhb_loop+0x60/0xb0 [ 379.061780][T15008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.061795][T15008] RIP: 0033:0x7ffbc1b8e929 [ 379.061809][T15008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.061824][T15008] RSP: 002b:00007ffbbf9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 379.061841][T15008] RAX: ffffffffffffffda RBX: 00007ffbc1db5fa0 RCX: 00007ffbc1b8e929 [ 379.061853][T15008] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000007 [ 379.061863][T15008] RBP: 00007ffbc1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 379.061880][T15008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 379.061890][T15008] R13: 0000000000000000 R14: 00007ffbc1db5fa0 R15: 00007ffd82eecc48 [ 379.061909][T15008] [ 379.061914][T15008] [ 379.444019][T15008] Allocated by task 15008: [ 379.448428][T15008] kasan_save_track+0x3e/0x80 [ 379.453114][T15008] __kasan_kmalloc+0x93/0xb0 [ 379.457717][T15008] __kmalloc_noprof+0x27a/0x4f0 [ 379.462562][T15008] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 379.468664][T15008] genl_family_rcv_msg_doit+0xb8/0x300 [ 379.474131][T15008] genl_rcv_msg+0x60e/0x790 [ 379.478635][T15008] netlink_rcv_skb+0x208/0x470 [ 379.483399][T15008] genl_rcv+0x28/0x40 [ 379.487384][T15008] netlink_unicast+0x75b/0x8d0 [ 379.492153][T15008] netlink_sendmsg+0x805/0xb30 [ 379.496922][T15008] __sock_sendmsg+0x219/0x270 [ 379.501595][T15008] ____sys_sendmsg+0x505/0x830 [ 379.506361][T15008] ___sys_sendmsg+0x21f/0x2a0 [ 379.511045][T15008] __x64_sys_sendmsg+0x19b/0x260 [ 379.515988][T15008] do_syscall_64+0xfa/0x3b0 [ 379.520499][T15008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.526408][T15008] [ 379.528731][T15008] The buggy address belongs to the object at ffff88807e50bd00 [ 379.528731][T15008] which belongs to the cache kmalloc-64 of size 64 [ 379.542638][T15008] The buggy address is located 8 bytes to the right of [ 379.542638][T15008] allocated 40-byte region [ffff88807e50bd00, ffff88807e50bd28) [ 379.557034][T15008] [ 379.559349][T15008] The buggy address belongs to the physical page: [ 379.565760][T15008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e50b [ 379.574523][T15008] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 379.582067][T15008] page_type: f5(slab) [ 379.586052][T15008] raw: 00fff00000000000 ffff88801a4418c0 ffffea0000c727c0 dead000000000005 [ 379.594632][T15008] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 379.603206][T15008] page dumped because: kasan: bad access detected [ 379.609625][T15008] page_owner tracks the page as allocated [ 379.615342][T15008] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9330, tgid 9328 (syz.4.958), ts 200257479390, free_ts 200251481017 [ 379.634537][T15008] post_alloc_hook+0x240/0x2a0 [ 379.639305][T15008] get_page_from_freelist+0x21e4/0x22c0 [ 379.644854][T15008] __alloc_frozen_pages_noprof+0x181/0x370 [ 379.650667][T15008] alloc_pages_mpol+0x232/0x4a0 [ 379.655521][T15008] allocate_slab+0x8a/0x3b0 [ 379.660030][T15008] ___slab_alloc+0xbfc/0x1480 [ 379.664721][T15008] __kmalloc_noprof+0x305/0x4f0 [ 379.669571][T15008] hash_ip4_add+0xc81/0x1ec0 [ 379.674169][T15008] hash_ip4_uadt+0x640/0x850 [ 379.678763][T15008] call_ad+0x380/0xb00 [ 379.682836][T15008] ip_set_ad+0x791/0x930 [ 379.687072][T15008] nfnetlink_rcv_msg+0xb4d/0x1130 [ 379.692088][T15008] netlink_rcv_skb+0x208/0x470 [ 379.696856][T15008] nfnetlink_rcv+0x26a/0x2520 [ 379.701536][T15008] netlink_unicast+0x75b/0x8d0 [ 379.706298][T15008] netlink_sendmsg+0x805/0xb30 [ 379.711067][T15008] page last free pid 9435 tgid 9435 stack trace: [ 379.717386][T15008] __free_frozen_pages+0xc71/0xe70 [ 379.722495][T15008] tlb_finish_mmu+0x112/0x1d0 [ 379.727178][T15008] exit_mmap+0x44c/0xb50 [ 379.731414][T15008] __mmput+0x118/0x420 [ 379.735482][T15008] exit_mm+0x1da/0x2c0 [ 379.739569][T15008] do_exit+0x648/0x22e0 [ 379.743893][T15008] do_group_exit+0x21c/0x2d0 [ 379.748482][T15008] __x64_sys_exit_group+0x3f/0x40 [ 379.753502][T15008] x64_sys_call+0x21ba/0x21c0 [ 379.758176][T15008] do_syscall_64+0xfa/0x3b0 [ 379.762676][T15008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.768582][T15008] [ 379.770927][T15008] Memory state around the buggy address: [ 379.776552][T15008] ffff88807e50bc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 379.784627][T15008] ffff88807e50bc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 379.792700][T15008] >ffff88807e50bd00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 379.800746][T15008] ^ [ 379.806367][T15008] ffff88807e50bd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 379.814427][T15008] ffff88807e50be00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 379.822477][T15008] ================================================================== [ 379.880470][T15008] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 379.887717][T15008] CPU: 0 UID: 0 PID: 15008 Comm: syz.0.2597 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) [ 379.899817][T15008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 379.909905][T15008] Call Trace: [ 379.913210][T15008] [ 379.916164][T15008] dump_stack_lvl+0x99/0x250 [ 379.920798][T15008] ? __asan_memcpy+0x40/0x70 [ 379.925417][T15008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.930630][T15008] ? __pfx__printk+0x10/0x10 [ 379.935232][T15008] panic+0x2db/0x790 [ 379.939142][T15008] ? __pfx_panic+0x10/0x10 [ 379.943584][T15008] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 379.949512][T15008] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 379.955858][T15008] ? print_memory_metadata+0x314/0x400 [ 379.961336][T15008] ? pause_parse_request+0x40/0x160 [ 379.966545][T15008] check_panic_on_warn+0x89/0xb0 [ 379.971498][T15008] ? pause_parse_request+0x40/0x160 [ 379.976721][T15008] end_report+0x78/0x160 [ 379.980990][T15008] kasan_report+0x129/0x150 [ 379.985562][T15008] ? pause_parse_request+0x40/0x160 [ 379.990779][T15008] ? __pfx_pause_parse_request+0x10/0x10 [ 379.996414][T15008] pause_parse_request+0x40/0x160 [ 380.001445][T15008] ? __pfx_pause_parse_request+0x10/0x10 [ 380.007077][T15008] ethnl_default_set_doit+0x2be/0xa40 [ 380.012465][T15008] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 380.018806][T15008] genl_family_rcv_msg_doit+0x212/0x300 [ 380.024366][T15008] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 380.030466][T15008] ? bpf_lsm_capable+0x9/0x20 [ 380.035166][T15008] ? security_capable+0x7e/0x2e0 [ 380.040118][T15008] genl_rcv_msg+0x60e/0x790 [ 380.044635][T15008] ? __pfx_genl_rcv_msg+0x10/0x10 [ 380.049671][T15008] ? ref_tracker_free+0x63a/0x7d0 [ 380.054704][T15008] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 380.060603][T15008] ? __pfx_ref_tracker_free+0x10/0x10 [ 380.065995][T15008] netlink_rcv_skb+0x208/0x470 [ 380.070856][T15008] ? __pfx_genl_rcv_msg+0x10/0x10 [ 380.076333][T15008] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 380.081677][T15008] ? down_read+0x1ad/0x2e0 [ 380.086103][T15008] genl_rcv+0x28/0x40 [ 380.090103][T15008] netlink_unicast+0x75b/0x8d0 [ 380.094892][T15008] netlink_sendmsg+0x805/0xb30 [ 380.099663][T15008] ? __pfx_netlink_sendmsg+0x10/0x10 [ 380.104955][T15008] ? aa_sock_msg_perm+0x94/0x160 [ 380.109901][T15008] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 380.115194][T15008] ? __pfx_netlink_sendmsg+0x10/0x10 [ 380.120491][T15008] __sock_sendmsg+0x219/0x270 [ 380.125197][T15008] ____sys_sendmsg+0x505/0x830 [ 380.129971][T15008] ? __pfx_____sys_sendmsg+0x10/0x10 [ 380.135263][T15008] ? import_iovec+0x74/0xa0 [ 380.139760][T15008] ___sys_sendmsg+0x21f/0x2a0 [ 380.144447][T15008] ? __pfx____sys_sendmsg+0x10/0x10 [ 380.149687][T15008] ? __fget_files+0x2a/0x420 [ 380.154288][T15008] ? __fget_files+0x3a0/0x420 [ 380.158978][T15008] __x64_sys_sendmsg+0x19b/0x260 [ 380.163932][T15008] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 380.169399][T15008] ? rcu_is_watching+0x15/0xb0 [ 380.174174][T15008] ? do_syscall_64+0xbe/0x3b0 [ 380.178850][T15008] do_syscall_64+0xfa/0x3b0 [ 380.183352][T15008] ? lockdep_hardirqs_on+0x9c/0x150 [ 380.188553][T15008] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.194639][T15008] ? clear_bhb_loop+0x60/0xb0 [ 380.199312][T15008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.205204][T15008] RIP: 0033:0x7ffbc1b8e929 [ 380.209621][T15008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.229241][T15008] RSP: 002b:00007ffbbf9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 380.237668][T15008] RAX: ffffffffffffffda RBX: 00007ffbc1db5fa0 RCX: 00007ffbc1b8e929 [ 380.245638][T15008] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000007 [ 380.253630][T15008] RBP: 00007ffbc1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 380.261598][T15008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.269563][T15008] R13: 0000000000000000 R14: 00007ffbc1db5fa0 R15: 00007ffd82eecc48 [ 380.277573][T15008] [ 380.281019][T15008] Kernel Offset: disabled [ 380.285340][T15008] Rebooting in 86400 seconds..