last executing test programs: 2.2272311s ago: executing program 4 (id=3888): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x5, 0x2, 0x3c, 0x29, 0x9, 0xae, 0x9, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c0}, 0x8000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.890292377s ago: executing program 0 (id=3890): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000000404000001000000b7050000000000006a0a00fe80000000850000000a000000b700000059a700009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04000000000000000000000000000000000000000000000000000000000000000082b4baec000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x138) r2 = socket(0x1d, 0x2, 0x6) bind$inet(r2, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0x3b, 0xfd08, &(0x7f0000000180)="5ae02efc442000000000000000c723fa03faf2acdc0f9d5af8015b0abe92772c580d85e0dfa999ceaef773ead243c07350d9156d0ecc6a43edaeaa20fbf448d756e97a49901cf5", &(0x7f0000000140)=""/24, 0x0, 0x0, 0x37, 0x21}, 0x28) recvmmsg(r2, &(0x7f0000001540)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1}, 0xfff}, {{&(0x7f0000001380)=@l2tp6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}, 0x80, &(0x7f0000000300)=[{&(0x7f0000001400)=""/78, 0x4e}], 0x1, &(0x7f0000001480)=""/142, 0x8e}, 0x22}], 0x2, 0x40000002, &(0x7f00000015c0)={0x0, 0x3938700}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff00000000db040000f10000003f000000000000005504000001ed0a002500000017ffffff46040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9e104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f1300010000949b3aab06b1e042ff2164d80c8ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1e0600bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6330000000000000000000000000000000000004000000000000000038600008fb854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8265e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb66701f4578ba4cb9b706e605a88c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f6a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cf026657a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2cccb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400090300000021911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a8f01bc4b73cc31df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21c24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a3c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68000000000099347593f67da85d1c962bfb320d1553a74ec3bf003ba62b1784dbf0168a7e85f28b77bdebce96bf386a6dd5df162a16f2b7e8a4de0ffc464a87f91f81866d2ef0af71ebb07a739c3cb1b7000000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48) 1.870331279s ago: executing program 4 (id=3891): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) r0 = socket$pppl2tp(0x18, 0x1, 0x1) unshare(0x22020400) socket$kcm(0x29, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x1fffffffc0000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.823542089s ago: executing program 2 (id=3892): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x300}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}, 0x1, 0x2100000000000000}, 0x0) 1.739953593s ago: executing program 0 (id=3893): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xa, &(0x7f0000000200)=ANY=[@ANYBLOB="18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000500850000008200000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_udplite(0x2, 0x2, 0x88) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0xe, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000000)='GPL\x00'}, 0x94) r1 = socket(0x29, 0x5, 0x0) ioctl$SIOCX25GFACILITIES(r1, 0x89e2, &(0x7f0000000000)) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300014001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r2], 0x30}}, 0x0) 1.707634456s ago: executing program 4 (id=3894): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1e, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000400eaff00000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007500000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f00000000c0)="5fd63edbfd8a4a6077fd87686f9a", 0x0, 0x704, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, &(0x7f0000001280)={0x6, @multicast1, 0x0, 0x0, 'none\x00', 0x0, 0x0, 0x10}, 0x2c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r6 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r6, &(0x7f0000000000)={0xa0000001}) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000040)={0x2004}) epoll_wait(r9, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x2000c800) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r10, 0x6, 0x1, &(0x7f0000000000)={0x4fc0, 0x80, 0x6, 0x0, 0x8, 0x80, 0x7}, 0xc) bind$bt_l2cap(r10, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) unshare(0x24020400) pipe(&(0x7f0000000080)={0xffffffffffffffff}) tee(r11, 0xffffffffffffffff, 0x2, 0x100000000000003) connect$bt_l2cap(r10, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmmsg(r10, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='z', 0x1}], 0x1}}], 0x1, 0x4004004) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010000304fdffffff0000d598cd", @ANYRES32=0x0, @ANYBLOB="e4470600a04d0600140012800900010076657468"], 0x44}, 0x1, 0xba01}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000013000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="e74f0700efffffe7"], 0x20}}, 0x0) 1.623552314s ago: executing program 0 (id=3895): unshare(0x20000400) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) sendmmsg$inet6(r0, &(0x7f0000000440)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="90", 0x1}], 0x1}}], 0x1, 0x20008050) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e25}, 0x6e) listen(r1, 0x8) listen(r1, 0x5) 1.623167424s ago: executing program 2 (id=3896): socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) unshare(0x20000400) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000d600000000000000000000008500000041000000850000000f00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x0, 0x3, 0x8bb}, 0x10, 0xffffffffffffffff}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x890b, &(0x7f0000000000)=@buf={0x0, &(0x7f0000000140)}) 1.580435675s ago: executing program 0 (id=3897): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000040000701feffffff00000000017c0000040042801c0001800600060088a80000100004002524298d275c232f262d2b00040002"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x5, 0x1, 0xb, 0xa, 0xa}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) 1.549128814s ago: executing program 2 (id=3898): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000002637850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x18) unshare(0x8040480) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan1\x00'}) r1 = socket$phonet(0x23, 0x2, 0x1) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x7, 0x8, 0x6}, 0x10) socket(0x11, 0x3, 0x2) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000000b80)="2f00000014000f3f00000000120f0a0011000000009a67ec53f737bf1739078682ee6e8d06e500000000638c7b9916", 0x2f) 1.45915763s ago: executing program 0 (id=3899): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x12500, 0x0) writev(r0, &(0x7f00000015c0)=[{&(0x7f0000000040)="59b065ca4ce8d9c0e2a9c7aa51e421b8fff58925d780b37a2fc31fb58389b47027b769f1de9b6fbf058adcc0ed9999e2e60496f57f3a5cd591cdc08c30f7bfc5a7a74f20c1b37fc53a2fd1e24493579cbf41548c91a7ec5e1f3ccd95ff33654e2d02af4de1cbfe3f80db8d378afec4db4f85c16a8de97a6dda429eb35223f47d27829898b556796a5906760ae4465bb5d63a36e52bbf81e71befb4c3febeff8af0fd9f25f1f435", 0xa7}, {&(0x7f0000000100)="3fbf80cf5a42b02176cb921b6e4b57de536d8405fb1716eff0e99f4d7e34ba4ae3b297ca4321c0f9e87f7d8e5e4ea5f9c8a4a9c08bed97b3cb5f67ce25afe0590f90f206e17801192772f0005794833c3904ccd092013c76a384d8e5123d2029632ec82799d6276ae4ff7e3895426cd199582d2a29f1c9f43bdb78b2c889f019253a35c2a5a78c877a626f50524694fbe875c2dea6a2f3f55ef4c09f64c5f1", 0x9f}, {&(0x7f0000000240)="4827abc467b49cfad52f94d87149d11116fbc93f8db1f76c5497f61ed0d61d37051d81680b9a456efa98f430d61491ead9556d5cbbc33f8d7731d86a31e132e2a3560b568b6a4a5d237dde762fc679caf770b144925c2fafaabdae0b1bc97c2ddc7aaad3a9e51b90dd0828395ae72dbe9db2efa05955b6f81fdf8210e8fd1128d29c837d4503976110c0c965db273d771b9580b0ab3ea8f80d58c5bed075ecfb068fbdd81c999243754c4bf397811182dd840316aacb2b30b60f1c397e7c0043840131793e05a2910581a750d635d8e4833c66000adaeb8dc44e6452f72de0e262452c8a9d001b492a7b6a1fa163ade4b6f9788742ce9ef6d3d43f3dcac2aa9d2fe7e9cc4a37331fc031fa06f39bb7e8ebaace0574cc7fe9e2afef768238f323f638b4c93416d7ceed071225e1ef8ba1c1ba8ea91f758b230a6a57fabab2d57e837337546151b8bfc8d3076a37f26d63d9621cb3feda8b0b10a34219a600a8be5d4e0d7085e7e8c156971bcd47e95f7c6142c8d7d65833fd5bdc48a814e81fb7bd628e3f261abf43e19a4d5c5287b1644cc719ab00dd9c4db8892a226b513221bd764b56eae224d4b78f3fe1ad8439eab9051aadd6bcbf8438aaf03592d640925237c6b3372096bd4b255a7317d1e984487f1947692fee42df84b5629bb9e770afc65d27faf25a691c229d094cbfd289a3ed33c43e695f8318502a4b79b0f4a0ea98717aa169408ff72b69c37a04c6776dc2e92643eebc0c05d36e1b2f56c9800f8580f67059cbfe2178f15c481b90214d1f297ebd70f24f81b591023f072ac16466611a309ad8fb745db1ecf5a327985d2a162b4abf45785e2c98f898126eb68a852783689bd4603aa47cb4627711bfba278e9a227c543c584db5eba365206599e3aad3721bc72d96500c1ebda5d3f80c2bbf490265a83775ba047f3d856955ba571da4164a3ac0ca960059e9e41c29916ebbdeb21a92ce91669a5aab29b2166464d9c393f24c9d8d60e34b1dbf95de4442d81f09ed19b69dcd36427129fabc21ccfd5e4b0191fe02a8e9908ad83003062f770965a2ea67c2e2e06d7f38bad81960c64f5dd1acd5cf6343c1cd8a33d224eeaf1c45cc99f79e1464e73f7b474b799f3b272be57fc28dac244550083b4cbd76858ad05ce78f4d85cae98928fef36679aac77ed9b91dcbecd53266edebe1badceda4e8cf90abd0b39a7bafa040577f46f660637ddf06aa59328b9450fb5960598b9c50e884b60f2a1bfeec569a07f86ef0c3b1f94b41446b7297db2f06e11f288cca48fe3fd198ed4ac7d09324576c447f209aba25710a7d253c71abe843b7d70a1c7fa1564a630db0a65a92a37a789fdf41c69bdbe866ad34e2430aa613582d3caf1bc6efa87ad509f8343c765240d281fe3ac931fa51eb2a89c9238e46833b78fe3ce84e49882dcb55e2bcf9ee7a518662ec8977a2f701c38ef1b82374dd330e9d0c1d56e57fc099d6980d1d8509eaa2e63ddc8ae41df8887cb9280090ca92e6a55619275f46420fbffe3878eb131b9d7f7d2bc504b2ea8f16a85bb2a1e0993de830de5cd26df6384ee25b8dd6792c568f0e295e88d6397615807618ad19686c3a4e1f89e4d9187462e25dd00bdfe04ffbf51ce6a52e0186631a7d77e82622ecae33a349ccf7d56db29e05f06b478142bc6421f9b32e49da406bf82b8181826fcadfe033839da376be4fdf6173c9df5a73b7530190efe0c1131e6b525da1073a02be1ad834351b98d748646f3ff70201aecbe2f486f886f3c79e0735837dff1b8364e301a7b5566a680e3378499ea1e08e4876a819df8887b53afee68b5c352f397c7e580808915c6eb8a4ce88d9b6f6a19058bae346620cb6952deb61c8e209acd4569227b2533bf9a6b4e4215dc8f132a6e7182a082fd299972f3c7e1a8a250322679288e693580f4f6333cb01a7e99bb9ddb32c36b1b805d9152db1c428489c5ba720fc9c3b21b590c8c1914d5590981fcee11791fd5ec56a1da98d81646b2057ddac342bf9ea108c1870de61d0e96b87edc014b9cd07d4a08ae6ab4735252b8bf5ccca67c9c589e0ab50abc878e2d247bfe6ddddd02f0a0e4a39c1cc547baa5b3c0a11bb0bdfae69b9734acb91caebfb095b1d9fa8b374074f468e6883cd4aac0bb48c73434ec45ac25ea1c7fd1fb63e89540b25da92dc13f6763020a9bd5f2f9ec10c27902fe148dd785e2b3c77f5d45867beb53c74a0795eb827b515661168800134b84f5b40f30b802c3449e144760651e313dddc041d35fa685cd6c72d1bf530a157d384b456911db6d0a1ed118d990a8989a92149c872d811fe0f45f5b810c332edcf875012f69b379b670f8579e68c3df524b8dbde90588c2434fae7b2472d2859a0bc5cfde208bda91fe4e84b1de15e1ebb10936c3eb951789fb91a4ae4c02e0af11bea2f2d6060d79ec43354ea7ea303dddf45fff8596a1435b231f2d1a3c0f651321267df5518a21c4f71c741e23912426ef92be1a1996cb83ffe8e45d653f20d5b5179f8ba8e0fab3f316ba6bfe3d64e83babd8544e02336c7ff96720df1af9b98e2bb756a3f0f7b1c75b3312fb1ece8a34e4c9a3a1965653e3510ad8c9cda4e14bc05e89eaf2ab6c432f45d06fabbac16f947288efd2c50cc462777ae063a7d45ea37957e98093c640fa4c30e1029de89bfb33c1d7aec00da6a8fe6a2121be618d9ee96fab1c7f4b1d54e73f30995f9861d7efe58631aa513e4dc0c0e3f91301e5e8fc3b2b6551566a1cfca7135572b3a548c39612347ce230750dea5c7f176cb5ff6a009bbf9623b73f7fd10f6e0c3f6f5005ddf25891f3b20db75e61adf25936f0dc18aa6bfa4cdd2ffd4e835be55169d2f116dd77d0d3da74e73750e32fd53fb129cbf036a5624c7ec4e5a9020fae2fbdb60a301c435d6cb27377026ac9bd864650d310d5806090fbe7d50eac2dfa5a72df53736948a2677b1bd43eabccc970c07bfe406ab30503a3f6cca2c458dc21c0b4b770632f700703da8ea7a3d0a7170bca6ca56fa4c060bd07b83d3e1cc5959e1aec59e41c69b94ad66d035a059bfd19c2c9b48b763f5aec2f7a5584f8f879138a6beafc72e051a554fa8ab58f1397a28fe2b8dadfbea89eb2df0211c6d353b938a2b0e8c1c428196ff6cc909dce090e6aaf031c534dfb0a15a682f7013c093d1ceb207ca3e57f483ba30fdc6671309ec9c947a8c99a5b40668b3dc3f97017200664daedaba8c80192dfc42d57bb1147f38ce16f762f588c52fd194ca4390c039cced38a324706eabac7d65813ce412293cc07aa088682bb5a5db74048be1d85dbf7745420b38fce1623d473cf5f10c86830ed953e3fcedb893f7552d2bc6c2eea95951bfeb2ede7f16bfbc39a1df3c14c5d987b172296b17fc8bc0c8c1c42ef60086ee8dc24b9d7dde6d326f7aaf15cf4beed51a5d3b4fc6dc17bd1e44a70c6bd64600adf598055c4f947fa6644c8c79d656e8668b60f9785b4963586fea81a2b7fc57dd7942110199342a9e61586dd11222354bf02be745a41095a7929b94cc0324dc319f9e6f96436d831688ecaf2acc8079fb7c13a56776c4c6f74d85920744ffae20a07d81c014a7440c5df69136b21ca2c3415b5b4a8b62546d0fcf3e4de15c16e41a6945666af6c30b95a286604287e69ade97686cbca35d287831e56f08614a9adba943a09cc0ba9a97fbef99e76637e910dd37d0c997fc9c5292211ef35b8ce6908b4a602ea12a538126d85eadadc4a7e3b21b2ddaa6dfb61b9cbb9cb7c79ebc883e50a38723385ca1252a3c270ddff497d10a1bcec92f121421dc0b0682825f40d5ed0d09c7d489b551aecc50ddf131fd30d872267cd90d698057d8f1dd89df67fc9ea162d5876ec9e0a6276d0ef7a3e485128d846d16f7f8bb391b96b164fbe785d94d15dab1ef676438c0674bdb3f274e61663b9cbc139d1a2556e87c48a8009668f510221db731c7ad9033d2adaa0b2a69afb036c3b142988a1b62c0a9be06c3f15ab6546b314e9fb5e83d13214bc4ca0b9fcf9a67d6cc28745513495224f2d31a239db969c53c811e810383ede34090b0ab5479ff529b0afb55e69541f27690f764cd0c6d774e67125aec0a52eedc18507a32c36c6de34160a44ce650e818525ec8ab3f281c9b2ec6f75c32682625b3f4f57ffc27c33e7982e9b46d50ea2c93b26c591505250321a85f19e0d5665c2d8e81045ff5004f783f5826a19cdd60dcb0ee31e3b57aeca5941db2788efb08d2139b2d239e4832f8d7a7ad5b9bb9ee8203f1fab6dc90a60e8a840a6bcbc237364bb565d2f9f59674d00f0668f9d1d72daab1fbbb42215f2993fbacd0e2d308fa0ec33e747a8ca1b26a658d8aaf26ec1c2b03e3dad42509af6a9c3e970c99e9ed08966b4cfcfecce26cb90c1944c1e934614e0c52b0f0c37c5340d68c44ce38983b91e763b1b64ace896281b2a48e61c250c55398855c482d41ad728858824dd1db83c721797d468cb4f3b602ef6c58227fbb71f5cf01106aa2a22c33812f7f81be1a6b0867a04d809dce58a7cd43d0695491b63996bebf2d12694feb5761c864647c0455b158b7243f9cbaa6c766f1a68dbd232fb2762728d7ed05ea497f907b098a95119ad117a8414ce55034173a59769abe657f3f6e5c34ffb58d50328bf99dd1ba2ac8f1b2821990078dcb0b972543547d395caf46454020ecf899f601af9fd02dd4c8aba1b70184d935b049cfa79c7199c5e2446d48dad774842e93acffaaaf71fad1cde043cb004ea293f31fc23a1e711c3b636305a3d404e8596c0f4b9b9debc9664d0ae8d23bbd1e354565a08d4bb3051be27ef85ebc352e5cafb8ca7101fb174ac7f5d248a36e1b475e463f2b92d73352c81dfc74f206d84eb33763c14e55d8cc9c2a85c0b5eb7e5873029aa45bd4d4cea3216b02a151468a0dd38114a80ab58b32c9ba83f9fe90ddcdf1c0c9318871ccffbfc97e2ca70d94a37f4220c0808f9c95b887cd24d355d262d2ee43b5cabd2d36ffde9f9e7f4d7759ca2e4ff596e529bdb8f046e86c06777dc63d66f6e6c04fcc125be23370dcf3273925a648b3733aab27869d66c288d5f9d3b19ed1b4e24fb55036d5b4fd6731b91ce242c994370e143c44f088320f3e1d15aff0a4664d8a78db6ac8d56c1965cb2a6a789ff16a12d2d73314a93cfdb93199b9fc96582deac5779ee47e0c9ff23e407464cbbf2e92bd95e85eec46e45549cbe3ce55dcd03d54775f6f863b7bb5314b4fd597dfd4321fab89b5810c4b9937e899b2cea105c98f187dc59642304c900b3d2b8cbf858b1972aace8354f5d4eccf244668418f12d45f0a68f58257132b9ecd43905302ee138c74bc352e967aecc5fefd92b55090ad005a29f957548552e39108aebd325d7bb69dacf8454c9147c21ebf052f2da4e8ebcb5a96d4c36740e12aba6a4c971907f151f79dd93743e5cec6e2c97765ea61d4fe73a3500c086575dd3c33e34eb4675d9283ba04317e6b12937d002e14777c717043a5158242c916b380abcf2f3f3dfbf4fbcf623825fcf06dbef6d94d195917185400a1d6f4bbe0398a296b21d98c7d7923bdb4bde9c1e5dce5fe91a172ff056fbfd2707478014875933f4fae9d1d974260bd29ce6ed4f3866d47b41a3795244e5eba6a65b7a98383369d980852d478eab983b57776b1319989df91da670911d06603b1b0a58db74025427f8b5707a7a8aed711c9b6596ac95f1bc3a6cb0c100067c20e7c4ab150874d526a82ecba32c0101577afc887ed87ecdc838cd67ee7b93efe3ed059", 0x1000}, {&(0x7f0000001240)="c7c9babb5f6da36ec55927b2905800ab5c42dc1897d8d06f7d9eaa6ddbc228ef86635814fba2e8a12246f9236eda53b89206f01184b445fd3002077b8b499a618914e657d22f6db859b0ab8dff08077ca9666b1ffb5198dd286cac56605e2296b6726913f941dfb57e168977d0c86c7f0a3f0cbad62ac2522d2025e57606a427a57a369fb6ae44f5f7f1e2ae918eb0391af98dda2679885f18cdd68e99983e6c265fb1c6ed0fc939f89ab8249651637f1a8fca82cec9725c69c622a7b5b7259664480d2497fdf170bcade807fa707085960112bcdfcf67", 0xd7}, {&(0x7f0000001340)="52c6fb02a840613eeff6c57695c582730ea8b4324b0255ef5734120538f8575246c340d4c51814ac620fa54829b63c92f413bc28880f400859cc90bf780c6448b13add2e25433bb045cb2c234d8da5ac35245aa0c025813cb4e8c1fbfd129a7a9b7e76516b5c6750384d8c3b52f2f5754e98c34e685a66b8418a40bdfbc84e2d7312cde133c1e6f5fe8526eca2907a01a4ef3c2e25055f2dd75375ce3f5258cf2391dc45a5a9b2ed8dc12234bc460c3152a45188992228d48fad1c281f889b0d742477a84131e4ea29cc17216e842f7b05fc8b8a06fd63ffadcb2004281d399a71addf778aeda985b0", 0xe9}, {&(0x7f0000001440)="4395191d830c699a930b94f6ea80239d6cb1432d22610842e603c4e5afb0da7611c8d458b7c19bee8816871559278beac5f380ecd9c55138b6819fedf7aa088aeff17b0ccabd75726d4ef8", 0x4b}, {&(0x7f00000014c0)="19b71990baee4399a07369ae52bf93b1d4376726e37512679448f8855fff5610d73c24b450b4297fd6aa280e78ecbfa1a3f3bc0d28112a640663d95839eadc0ecc74f491f13445a8fd8c262f242074a1f7e32cc02175df036bcd8c8f04c30e965ef75c202f256f7fb1641eac69b741d3f65e6f629951f3916c30fe37afa3ff12766831ec4814acdeedece923360e2c61dc89e07838479a732d7e24eb98500a251db0fe96f0dbd1665aae20bc6fcd13a70c00baa734c21242754cf6952cb64087ced19d70b63f03f9120d", 0xca}], 0x7) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$packet(0x11, 0x2, 0x300) close(r0) 1.45799998s ago: executing program 2 (id=3900): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x810) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x0, 0x5, 0x5, 0x9, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x3, 0x1000, 0xfd, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r9, &(0x7f0000000700)="f83cac0259c8e3f2bada30fbc99b5400040000ea07566e96573c7f95a5125ca220428d3c404d329f", 0x28, 0xc080, &(0x7f00000001c0)={0x11, 0x86dd, r8, 0x1, 0xd8, 0x6, @multicast}, 0x14) 1.454959798s ago: executing program 1 (id=3901): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003"], 0xb0}}, 0x40) (fail_nth: 4) 1.121533637s ago: executing program 0 (id=3902): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x5, 0x2, 0x3c, 0x29, 0x9, 0xae, 0x9, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c0}, 0x8000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.073566733s ago: executing program 3 (id=3903): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newlink={0x68, 0x10, 0xffffff1f, 0x4d0f9, 0x0, {0x0, 0x0, 0x0, 0x0, 0x68520, 0x10044}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xfffffe7a, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x40008000}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x7}, @IFLA_IPTUN_ENCAP_SPORT={0x0, 0x11, 0x4e21}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @loopback}]}}}, @IFLA_MASTER={0x8}]}, 0x68}}, 0x4040) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000340)=0x5, 0x4) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xcc, r1, 0xdca35907ee82b95a, 0x70bd28, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x4}, {0x8, 0x13, 0x17e0290c}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x101}, {0x6, 0x11, 0xd}, {0x8, 0x13, 0xfffffff8}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x7}, {0x8, 0x13, 0x2}, {0x5, 0x14, 0x1}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4000}, 0x4010) 1.070857881s ago: executing program 1 (id=3904): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000100000000f5ffffffffffffff0a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900010073797a30000000000c000240000000000000000109000300030000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0) 874.304796ms ago: executing program 1 (id=3905): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) r0 = socket$pppl2tp(0x18, 0x1, 0x1) unshare(0x22020400) socket$kcm(0x29, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x1fffffffc0000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 699.417975ms ago: executing program 3 (id=3906): socket$kcm(0x29, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x20044004) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="000088f6ffffffffffffaaaaaaaaaaaa08004500002000660000fc2f907800001fe1e00000018001"], 0x32) r4 = accept4(r0, &(0x7f0000000080)=@alg, &(0x7f0000000100)=0x80, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x448c4) socket$kcm(0x29, 0x2, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x20044004) (async) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="000088f6ffffffffffffaaaaaaaaaaaa08004500002000660000fc2f907800001fe1e00000018001"], 0x32) (async) accept4(r0, &(0x7f0000000080)=@alg, &(0x7f0000000100)=0x80, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) (async) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x448c4) (async) 677.108477ms ago: executing program 4 (id=3907): bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, 0x0, 0x4000004) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) sendmmsg$inet6(r0, &(0x7f00000007c0)=[{{&(0x7f00000001c0)={0xa, 0x4e23, 0x2, @mcast1, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000b80)="39e91d56ef30f3c8b68629e954bdf6d4b98f714ff7340602d4a8e69b03541eb2fe6b91602229a6129e2d8af70e9536f1543c549949723a937754a065aae78e8f43afd851b05d3c30b01cca274564688b1fb3413876b383b61b32fbda68c01884c84647240f6ea75c87204559b4b815b8a5c2245d47e5bfa417843a52ab0205496a129c9cab277f29b8907908195ec607fdc18a8186e06f99e98c238e4cff66ce8df066a3caf937fe8c5cafceed00ca7ffaefd9a378ede544ccc6ff5362a73e9e029d5aaf956cc6f31462270a3b948fad046435f66a3ea9395d602ed78808633feea2efdfee8dc46910ae6f8581fcd9e3c890c539d137cb100e00e86ce92180630712154889ab57b874df724a28e6b2ac531dbf916457df87e42bbef42f382101735425ab5e51e674e0d45c13fd394f0e5943d415b5674c3a48db455a4fbd740dbcb5fded52821380f864cc878b19ede9166889d30254d656355950c4b4e35893145d9a59833e7435feecfcb95484d551e192fe8ca4d49dd2ae4494a310d19b46f72648c3b54c259687b295b200aafb413ee8d5e9c400dcf7c1bf82e9c1fbed7463bfd130912c8773f0657e63310c160fd17f258879e95ee938abc4fb42bb1fed9bbe6acbaf6ae11ab61c08ebb475a20b294a92e9125fd5ce0cee18007b4f9f25bb1b34c7c107c9cef4bdb63ccefc4cdc63a74db11db97306a2cd9dccf3e30f9ccf6b0346175c5654801bf6fd6802922e4fbbfb61be769e75a70ddf7639ebb28a1800d8899870ded5497b692cd7b91dc576a2b909539028d8851cbbc65aef32b2cfb66df88fa831d2fca996d1750216d5af3651869952fbc5f093d53d7379f127d234be7804f61c8cdd5f43a582aab7112385ac928d8a4149dde488ff0d7336d4bc72f320b64be73bff383ca33846c3f0834cc09136efdf9deb2817409a8e3a3ff0173a864700308d138ce7c74e2a870c27a4f748e415e3a2a5eb3fe7244991df5519a435f62146e60a7e0579b45773c5b0c01bb1b06f0ef89ff06fb4edbabe0d1ec6e63d1091888d5e86f7325e41579de6459cbba731a0b35a174b023b35cad9cdca4b18aa55b7ff63529b8acdbe630a8ba90e7b33fda1221a7f6e59a5a7a194cba96a91cd8469b3d8ce181a0bc998b6ee4df642c741a93b367753f1353bf80b676682a89617fa3887f5a23dc233d3fa4294f03f305bb93fd3e41680f3f5661de7c47fdb32f00b6fa463ddfd232626444592c523d0e47d00b89c5373dda3ac2b6648310be373fe221e39f786395d828f189188a88803862f1644928b61ad547fa5813a13144a70d801b7afa35a887851a77aeb3cda1d5766e664509baaa6bd9b6ac2fd7b87584ae18fa1a4946bf99b737254a6490994f4f42a9e21154b509e6bebf984d1fdd60696aa35a36f5ee9fcfdf5f4b0ab3eed89494ce170b92e4cb5ba5cb8762de82fa49018d97b7c0f52449c59f352c502093ef0ab284ddd46edacffc8f675bee61417573e236b23ce47b3cadf5e937cf0a35276a2f0ce9369aaee54d22314b84a910f9df9ecb321ed81185cb3b5179f610a1e9c0524c19620d2cfa26645db079c86af3a5bc9e27f828523b5d8e2263d51d166b27d83d917e9d6b03e45", 0x481}], 0x1, 0x0, 0x0, 0x10000000}}], 0x2, 0xc004) 641.864111ms ago: executing program 1 (id=3908): socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) unshare(0x20000400) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x0, 0x3, 0x8bb}, 0x10, 0xffffffffffffffff}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x890b, &(0x7f0000000000)=@buf={0x0, &(0x7f0000000140)}) 504.058916ms ago: executing program 4 (id=3909): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newlink={0x38, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x64403, 0x610c3}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x222}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) syz_emit_ethernet(0x82, &(0x7f0000000a40)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbb86dd60ee527a004c3c0020010000000000000000000000000001ff02000000000000000000000000000173000000000000000420880b0000000000000800000086dd080088be00000001100000000100000000000000080022eb00000000200000080200000000000000000000000800655800"], 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000008000005"], 0xfce) preadv(r2, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000680)=""/180, 0xb4}], 0x2, 0x6, 0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r2) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[], 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f6, &(0x7f0000000100)={'erspan0\x00', 0x0}) getsockopt(0xffffffffffffffff, 0x1, 0x6, 0x0, &(0x7f00000001c0)) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400000000202e16227f8aebc14b6dcef0c594d6bce05c46100796f285ebd6ec0c4cc570944780c9841d9e80d4ea63832364fa05872a26f6901e32c7c14fe9a88b202d782c92b0471384689ddb41fc76aca5406da9276c4b52c8f5b9b6dafb91df78d9ae7d3c89cb998502cff5e2438e706d2f1420b1b5ab5c2155513e7e02f43cbfe1eb52859855c201d6e2793e839734eead6b25bad50fa9681e79cd6bfef1b4fc3c00235323640756e94d2ef2c983763dddf3cc17fe747a3ec4b018d60b9c5b1ccabaf7c14d00ef38b66820f65ce46516c50a6c11b4875aeb5a199326863aa5f71588a94b2eda9aa47c986f27ab724dc1a435e4c608bca36bece9df1081439cbf6531251c15ed50adc0bb2771fbf073b6eac5e5ec7522fa4a"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 503.173243ms ago: executing program 2 (id=3910): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newlink={0x38, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x64403, 0x610c3}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x222}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) syz_emit_ethernet(0x82, &(0x7f0000000a40)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbb86dd60ee527a004c3c0020010000000000000000000000000001ff02000000000000000000000000000173000000000000000420880b0000000000000800000086dd080088be00000001100000000100000000000000080022eb00000000200000080200000000000000000000000800655800"], 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000008000005"], 0xfce) preadv(r2, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000680)=""/180, 0xb4}], 0x2, 0x6, 0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r2) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[], 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f6, &(0x7f0000000100)={'erspan0\x00', 0x0}) getsockopt(0xffffffffffffffff, 0x1, 0x6, 0x0, &(0x7f00000001c0)) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400000000202e16227f8aebc14b6dcef0c594d6bce05c46100796f285ebd6ec0c4cc570944780c9841d9e80d4ea63832364fa05872a26f6901e32c7c14fe9a88b202d782c92b0471384689ddb41fc76aca5406da9276c4b52c8f5b9b6dafb91df78d9ae7d3c89cb998502cff5e2438e706d2f1420b1b5ab5c2155513e7e02f43cbfe1eb52859855c201d6e2793e839734eead6b25bad50fa9681e79cd6bfef1b4fc3c00235323640756e94d2ef2c983763dddf3cc17fe747a3ec4b018d60b9c5b1ccabaf7c14d00ef38b66820f65ce46516c50a6c11b4875aeb5a199326863aa5f71588a94b2eda9aa47c986f27ab724dc1a435e4c608bca36bece9df1081439cbf6531251c15ed50adc0bb2771fbf073b6eac5e5ec7522fa4a"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 502.465029ms ago: executing program 1 (id=3911): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000002637850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x18) unshare(0x8040480) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$phonet(0x23, 0x2, 0x1) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x7, 0x8, 0x6}, 0x10) socket(0x11, 0x3, 0x2) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000000b80)="2f00000014000f3f00000000120f0a0011000000009a67ec53f737bf1739078682ee6e8d06e500000000638c7b9916", 0x2f) 430.641339ms ago: executing program 3 (id=3912): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}, 0x24) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) (fail_nth: 5) 333.161177ms ago: executing program 4 (id=3913): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r1, 0x10, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x1, 0x34}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x74}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}]}, 0x64}}, 0x1) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz0\x00', 0x200002, 0x0) mkdirat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x1ff) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000240)={r3, 0xc, 0xfffffffffffffffd, 0x8}) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="516226be9ce5690af1dcbb803bf2bd5be90fb8cc15f3118a50f87d0e0925a393", 0x20) r5 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SIOCGSTAMPNS(r5, 0x8907, &(0x7f00000002c0)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_xfrm(r4, &(0x7f00000006c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000680)={&(0x7f0000000380)=@updpolicy={0x2cc, 0x19, 0x20, 0x70bd28, 0x25dfdbfb, {{@in6=@empty, @in=@private=0xa010101, 0x4e20, 0x9af5, 0x4e21, 0x7, 0xa, 0x80, 0x20, 0x3b, 0x0, 0xee01}, {0xffffffffffff0001, 0x11ee, 0xffffffff, 0xfff, 0xa000000000000000, 0x4, 0x200, 0x84}, {0x2, 0xfffffffffffffffe, 0x6}, 0x3, 0x6e6bb8, 0x1, 0x0, 0x0, 0x2}, [@mark={0xc, 0x15, {0x350759, 0x9}}, @XFRMA_SET_MARK={0x8}, @migrate={0x1cc, 0x11, [{@in=@broadcast, @in=@dev={0xac, 0x14, 0x14, 0x3f}, @in=@remote, @in6=@mcast1, 0xff, 0x4, 0x0, 0x3505, 0xa, 0x2}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@empty, @in6=@private1, @in6=@dev={0xfe, 0x80, '\x00', 0x16}, 0xff, 0x4, 0x0, 0x3501, 0xa, 0xa}, {@in=@multicast2, @in=@dev={0xac, 0x14, 0x14, 0x37}, @in=@broadcast, @in=@multicast2, 0x3c, 0x3, 0x0, 0x3505, 0xa, 0x2}, {@in=@dev={0xac, 0x14, 0x14, 0x23}, @in=@rand_addr=0x64010100, @in=@local, @in=@dev={0xac, 0x14, 0x14, 0x3d}, 0x33, 0x2, 0x0, 0x0, 0x2, 0x2}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@dev={0xac, 0x14, 0x14, 0x19}, @in=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x32, 0x0, 0x0, 0x3506, 0xa, 0x2}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@loopback, @in6=@mcast1, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x2}]}, @offload={0xc, 0x1c, {r6, 0x3}}, @address_filter={0x28, 0x1a, {@in6=@local, @in=@local, 0xa, 0x1, 0x7}}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x40}, 0x4000880) r7 = openat$cgroup_ro(r3, &(0x7f0000000700)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000740), r0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x24, 0x0, 0x520, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0xb200}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x940}, 0xc0) write$rfkill(r7, &(0x7f0000000880)={0x80000001, 0x9, 0x2, 0x1, 0x1}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0x40049366, &(0x7f0000000900)=0x1) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r0) r10 = getpid() sendmsg$DEVLINK_CMD_RELOAD(r7, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0x8c, r9, 0x800, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r10}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x20008080) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000b40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x4c, r1, 0x200, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x1, 0x6c}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x20, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000cc0), r4) sendmsg$DEVLINK_CMD_TRAP_SET(r8, &(0x7f0000000e80)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x2010000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d00)={0x120, r12, 0x200, 0x70bd27, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x120}, 0x1, 0x0, 0x0, 0x880}, 0x10) ioctl$sock_inet_SIOCGIFDSTADDR(r5, 0x8917, &(0x7f0000000ec0)={'veth0_to_batadv\x00', {0x2, 0x0, @initdev}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000f80)={r4, 0x58, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_netdev_private(r8, 0x89f1, &(0x7f0000000fc0)="1657d9bcb771cde373260ed7b104502f46d2602a132a07fd9093ded7c995e4f2cbe064d08e4bb474b69dd9dcb26fccfde222a9d4aabfe8a49a231fffd833bdbc9cc1cfe73989c4da489d0d711c5de18382934e152837ba96f56e385fe766dee2d137af613cd403de07e5dc2d8bdb955c540a904c37c466efc835fda7385ce62a515188c8fe83a4d110ab6c8b3e371e44b93e67bce35ac112d7ab6dd136ccfd") ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000001100)={'tunl0\x00', &(0x7f0000001080)={'ip_vti0\x00', r13, 0x7, 0x40, 0x8, 0x0, {{0xf, 0x4, 0x2, 0x2, 0x3c, 0x68, 0x7ff, 0x15, 0x2f, 0x0, @loopback, @remote, {[@lsrr={0x83, 0x27, 0x2f, [@initdev={0xac, 0x1e, 0x0, 0x0}, @local, @rand_addr=0x64010102, @multicast2, @private=0xa010100, @remote, @broadcast, @rand_addr=0x64010101, @loopback]}]}}}}}) 203.318605ms ago: executing program 3 (id=3914): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x28, r0, 0x10ada85e65c25359, 0xfffffffc, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x7431, 0x4e}}}}}, 0x28}, 0x1, 0x800000000000000, 0x0, 0x8441}, 0x4000000) 113.086125ms ago: executing program 1 (id=3915): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000580)=@udp}, 0x20) getsockopt$CAN_RAW_RECV_OWN_MSGS(r3, 0x65, 0x4, &(0x7f0000000440), &(0x7f0000000480)=0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r5}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r5, 0x0, 0x0}, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup, 0x8963f97524497136, 0x1, 0x9, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0], 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000611898000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x29, 0x7, 0x6, 0x0, 0x0, @loopback, @mcast1, 0x20, 0x0, 0x1, 0xda02}}) r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)=ANY=[@ANYRES32=r7, @ANYRES32=r5, @ANYBLOB='*\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r8, @ANYBLOB="3a949112e692823be823fe3eb9e2b2a4083ca9514ef325fa757241c467d8c2684e887442d4706386c0955769395a39ed0eae2fde0a14db45ccb11e1430efc464fb158730cf5acfe5729862b16af1a3d263f5c574bd6b904ee24d4166f3b086fc5483e975b961", @ANYRES64=r6], 0x20) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000400), 0x3) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000280)={@empty}, 0x14) socketpair$unix(0x1, 0xa99745c3384d6919, 0x0, &(0x7f0000000540)) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r10, {0x1, 0x6}, {0xc}, {0x3}}}, 0x24}}, 0x0) sendmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000005c0)='R', 0x1}], 0x1, &(0x7f0000000100)=ANY=[], 0x4}}], 0x1, 0x4004804) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r11, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) 53.075769ms ago: executing program 3 (id=3916): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind(r0, &(0x7f0000000500)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e22}}, 0x80) 50.175347ms ago: executing program 2 (id=3917): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x14c, 0x18, 0x1, 0x70bd2a, 0x25dfdbfd, {0x1d, 0x1, 0x5}, [@CGW_CS_CRC8={0x11e, 0x6, {0xfc, 0x0, 0x3, 0x0, 0xff, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x0, "5c8d58752a88d818b56d2a5e15c8a95d29e5b2ea"}}, @CGW_MOD_SET={0x15, 0x4, {{{0x3, 0x1, 0x0, 0x1}, 0x0, 0x5, 0x0, 0x0, "0000000000800008"}, 0x1}}]}, 0x14c}}, 0x20000880) (fail_nth: 5) 0s ago: executing program 3 (id=3918): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) r0 = socket$pppl2tp(0x18, 0x1, 0x1) unshare(0x22020400) socket$kcm(0x29, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x1fffffffc0000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) kernel console output (not intermixed with test programs): an_adv: batadv0: Interface deactivated: batadv_slave_0 [ 342.028067][T14467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 342.109548][ T30] audit: type=1800 audit(1768577269.378:6): pid=14477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3317" name="cgroup.controllers" dev="tmpfs" ino=79 res=0 errno=0 [ 342.208889][ T392] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.241619][ T392] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.278430][ T392] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.324065][ T392] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.499825][T14281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.534133][T14488] openvswitch: netlink: Duplicate or invalid key (type 0). [ 342.567274][T14488] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 342.639652][T14281] veth0_vlan: entered promiscuous mode [ 342.689123][T14281] veth1_vlan: entered promiscuous mode [ 342.725752][T14493] netlink: 'syz.0.3322': attribute type 12 has an invalid length. [ 342.779502][T14281] veth0_macvtap: entered promiscuous mode [ 342.821200][T14281] veth1_macvtap: entered promiscuous mode [ 342.886922][T14502] FAULT_INJECTION: forcing a failure. [ 342.886922][T14502] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 342.894666][T14281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 342.919119][T14502] CPU: 1 UID: 0 PID: 14502 Comm: syz.1.3327 Not tainted syzkaller #0 PREEMPT(full) [ 342.919150][T14502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 342.919164][T14502] Call Trace: [ 342.919173][T14502] [ 342.919182][T14502] dump_stack_lvl+0xe8/0x150 [ 342.919215][T14502] should_fail_ex+0x414/0x560 [ 342.919256][T14502] prepare_alloc_pages+0x22b/0x650 [ 342.919289][T14502] __alloc_frozen_pages_noprof+0x123/0x370 [ 342.919319][T14502] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 342.919350][T14502] ? ima_match_policy+0x2125/0x21b0 [ 342.919375][T14502] ? policy_nodemask+0x27c/0x720 [ 342.919407][T14502] alloc_pages_mpol+0x232/0x4a0 [ 342.919438][T14502] vma_alloc_folio_noprof+0xe4/0x200 [ 342.919464][T14502] ? __lock_acquire+0x6b6/0x2cf0 [ 342.919486][T14502] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 342.919519][T14502] ? ___pte_offset_map+0x29/0x240 [ 342.919562][T14502] folio_prealloc+0x30/0x180 [ 342.919584][T14502] do_pte_missing+0x14e8/0x3330 [ 342.919628][T14502] handle_mm_fault+0x1b26/0x32b0 [ 342.919673][T14502] ? handle_mm_fault+0xdb/0x32b0 [ 342.919713][T14502] ? __pfx_handle_mm_fault+0x10/0x10 [ 342.919766][T14502] ? lock_mm_and_find_vma+0x9c/0x300 [ 342.919789][T14502] do_user_addr_fault+0x764/0x1380 [ 342.919826][T14502] exc_page_fault+0x71/0xd0 [ 342.919853][T14502] asm_exc_page_fault+0x26/0x30 [ 342.919874][T14502] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 342.919907][T14502] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 342.919925][T14502] RSP: 0018:ffffc9000217fa00 EFLAGS: 00050202 [ 342.919945][T14502] RAX: 30203a636967616d RBX: 000000000000000f RCX: 000000000000000f [ 342.919959][T14502] RDX: 0000000000000000 RSI: ffff8880275de234 RDI: 0000200000001f80 [ 342.919974][T14502] RBP: dffffc0000000001 R08: ffff8880275de242 R09: 1ffff11004ebbc48 [ 342.919990][T14502] R10: dffffc0000000000 R11: ffffed1004ebbc49 R12: 0000200000001f8f [ 342.920006][T14502] R13: 00007ffffffff000 R14: ffff8880275de234 R15: 0000200000001f80 [ 342.920039][T14502] _copy_to_user+0x8a/0xb0 [ 342.920069][T14502] bpf_verifier_vlog+0x3ba/0x900 [ 342.920102][T14502] __btf_verifier_log+0xd4/0x120 [ 342.920135][T14502] ? __pfx___btf_verifier_log+0x10/0x10 [ 342.920157][T14502] ? __might_fault+0xb0/0x130 [ 342.920194][T14502] ? btf_parse_hdr+0x1e2/0x6d0 [ 342.920232][T14502] btf_parse_hdr+0x282/0x6d0 [ 342.920270][T14502] btf_new_fd+0x372/0xc90 [ 342.920289][T14502] ? apparmor_capable+0x137/0x1a0 [ 342.920319][T14502] ? __pfx_btf_new_fd+0x10/0x10 [ 342.920339][T14502] ? bpf_token_put+0x143/0x160 [ 342.920360][T14502] ? bpf_btf_load+0x126/0x190 [ 342.920394][T14502] __sys_bpf+0x3ed/0x860 [ 342.920425][T14502] ? __pfx___sys_bpf+0x10/0x10 [ 342.920471][T14502] ? ksys_write+0x22a/0x250 [ 342.920494][T14502] ? __pfx_ksys_write+0x10/0x10 [ 342.920524][T14502] __x64_sys_bpf+0x7c/0x90 [ 342.920560][T14502] do_syscall_64+0xec/0xf80 [ 342.920587][T14502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.920607][T14502] ? trace_irq_disable+0x37/0x100 [ 342.920635][T14502] ? clear_bhb_loop+0x60/0xb0 [ 342.920662][T14502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.920682][T14502] RIP: 0033:0x7f4c5bf8f749 [ 342.920702][T14502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.920720][T14502] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 342.920741][T14502] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 342.920757][T14502] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012 [ 342.920771][T14502] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 342.920785][T14502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.920798][T14502] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 342.920832][T14502] [ 342.943628][T14281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.398451][ T3786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.414969][ T3786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.440504][ T3786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.470702][ T3786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.509278][T14513] netlink: 'syz.1.3329': attribute type 3 has an invalid length. [ 343.618541][T14522] netlink: 'syz.0.3330': attribute type 10 has an invalid length. [ 343.644657][T14523] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3332'. [ 343.653975][T14523] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3332'. [ 343.674274][T14522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.685843][T14525] netlink: 'syz.1.3333': attribute type 1 has an invalid length. [ 343.698000][T14522] team0: Port device bond0 added [ 343.746795][T14530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3333'. [ 343.756088][T14530] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3333'. [ 343.830746][T14525] 8021q: adding VLAN 0 to HW filter on device bond1 [ 343.855033][T14535] IPv6: NLM_F_CREATE should be specified when creating new route [ 343.883860][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.908159][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.951131][T11005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.975754][T11005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.121900][T14540] netlink: 'syz.0.3338': attribute type 10 has an invalid length. [ 344.138436][T14540] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 344.176093][T14546] xt_CT: You must specify a L4 protocol and not use inversions on it [ 344.298748][T14550] bridge1: entered promiscuous mode [ 344.505452][T14561] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3342'. [ 344.516181][T14561] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3342'. [ 344.529288][T14561] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3342'. [ 344.646126][T14565] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3344'. [ 344.673020][T14565] netlink: 'syz.4.3344': attribute type 29 has an invalid length. [ 344.760111][T14565] netlink: 'syz.4.3344': attribute type 29 has an invalid length. [ 345.291661][T14581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3351'. [ 345.332678][T14584] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 345.504883][T14590] lo speed is unknown, defaulting to 1000 [ 345.603676][T14596] FAULT_INJECTION: forcing a failure. [ 345.603676][T14596] name failslab, interval 1, probability 0, space 0, times 0 [ 345.633844][T14596] CPU: 1 UID: 0 PID: 14596 Comm: syz.1.3355 Not tainted syzkaller #0 PREEMPT(full) [ 345.633875][T14596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 345.633888][T14596] Call Trace: [ 345.633896][T14596] [ 345.633906][T14596] dump_stack_lvl+0xe8/0x150 [ 345.633939][T14596] should_fail_ex+0x414/0x560 [ 345.633980][T14596] should_failslab+0xa8/0x100 [ 345.634020][T14596] __kmalloc_noprof+0xdf/0x800 [ 345.634041][T14596] ? __alloc_skb+0x4a4/0x720 [ 345.634064][T14596] ? tipc_nl_compat_doit+0x19b/0x5f0 [ 345.634096][T14596] ? netlink_sendmsg+0x805/0xb30 [ 345.634134][T14596] tipc_nl_compat_doit+0x19b/0x5f0 [ 345.634173][T14596] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 345.634214][T14596] ? apparmor_capable+0x137/0x1a0 [ 345.634237][T14596] ? bpf_lsm_capable+0x9/0x20 [ 345.634261][T14596] ? security_capable+0x7e/0x2e0 [ 345.634295][T14596] tipc_nl_compat_recv+0x83c/0xbe0 [ 345.634330][T14596] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 345.634359][T14596] ? __mutex_trylock_common+0x153/0x260 [ 345.634390][T14596] ? __pfx___mutex_trylock_common+0x10/0x10 [ 345.634417][T14596] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 345.634452][T14596] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 345.634491][T14596] ? trace_contention_end+0x39/0x100 [ 345.634526][T14596] genl_family_rcv_msg_doit+0x215/0x300 [ 345.634557][T14596] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 345.634595][T14596] ? __dev_queue_xmit+0x280/0x3100 [ 345.634631][T14596] genl_rcv_msg+0x60e/0x790 [ 345.634662][T14596] ? __pfx_genl_rcv_msg+0x10/0x10 [ 345.634684][T14596] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 345.634714][T14596] ? __asan_memcpy+0x40/0x70 [ 345.634732][T14596] ? __pfx_ref_tracker_free+0x10/0x10 [ 345.634751][T14596] ? __skb_clone+0x63/0x7a0 [ 345.634785][T14596] netlink_rcv_skb+0x208/0x470 [ 345.634817][T14596] ? __pfx_genl_rcv_msg+0x10/0x10 [ 345.634842][T14596] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 345.634869][T14596] ? genl_rcv+0x19/0x40 [ 345.634907][T14596] ? down_read+0x274/0x2e0 [ 345.634933][T14596] ? genl_rcv+0xd/0x40 [ 345.634957][T14596] genl_rcv+0x28/0x40 [ 345.634977][T14596] netlink_unicast+0x82f/0x9e0 [ 345.635021][T14596] ? __pfx_netlink_unicast+0x10/0x10 [ 345.635051][T14596] ? netlink_sendmsg+0x642/0xb30 [ 345.635088][T14596] netlink_sendmsg+0x805/0xb30 [ 345.635128][T14596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 345.635163][T14596] ? aa_sock_msg_perm+0xf1/0x1b0 [ 345.635191][T14596] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 345.635210][T14596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 345.635242][T14596] __sock_sendmsg+0x21c/0x270 [ 345.635279][T14596] ____sys_sendmsg+0x505/0x820 [ 345.635311][T14596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 345.635348][T14596] ? import_iovec+0x74/0xa0 [ 345.635378][T14596] ___sys_sendmsg+0x21f/0x2a0 [ 345.635408][T14596] ? __pfx____sys_sendmsg+0x10/0x10 [ 345.635472][T14596] ? __fget_files+0x2a/0x420 [ 345.635499][T14596] ? __fget_files+0x3a0/0x420 [ 345.635535][T14596] __x64_sys_sendmsg+0x19b/0x260 [ 345.635565][T14596] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 345.635600][T14596] ? __pfx_ksys_write+0x10/0x10 [ 345.635632][T14596] do_syscall_64+0xec/0xf80 [ 345.635658][T14596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.635677][T14596] ? trace_irq_disable+0x37/0x100 [ 345.635704][T14596] ? clear_bhb_loop+0x60/0xb0 [ 345.635728][T14596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.635748][T14596] RIP: 0033:0x7f4c5bf8f749 [ 345.635767][T14596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.635785][T14596] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 345.635808][T14596] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 345.635822][T14596] RDX: 0000000000008000 RSI: 0000200000001e80 RDI: 0000000000000003 [ 345.635835][T14596] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 345.635848][T14596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.635860][T14596] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 345.635893][T14596] [ 346.304267][T14599] tipc: Started in network mode [ 346.353791][T14599] tipc: Node identity bea9991a1024, cluster identity 4711 [ 346.401241][T14620] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3363'. [ 346.417644][T14599] tipc: Enabled bearer , priority 0 [ 346.451663][T14605] syzkaller0: entered promiscuous mode [ 346.486063][T14617] lec:lec_vcc_attach: copy from user failed for 28 bytes [ 346.493477][T14605] syzkaller0: entered allmulticast mode [ 346.545743][T14599] tipc: Resetting bearer [ 346.585659][T14621] netlink: 'syz.3.3359': attribute type 10 has an invalid length. [ 346.598437][T14598] tipc: Resetting bearer [ 346.621001][T14598] tipc: Disabling bearer [ 346.654840][T14611] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 346.673329][T14621] team0: Device ipvlan1 failed to register rx_handler [ 346.712122][T14622] lo speed is unknown, defaulting to 1000 [ 346.861523][T14634] macsec1: entered allmulticast mode [ 346.867002][T14634] macsec0: entered allmulticast mode [ 346.878299][T14634] veth1_macvtap: entered allmulticast mode [ 346.918536][T14640] netlink: 'syz.3.3367': attribute type 23 has an invalid length. [ 346.930243][T14640] FAULT_INJECTION: forcing a failure. [ 346.930243][T14640] name failslab, interval 1, probability 0, space 0, times 0 [ 346.957529][T14640] CPU: 0 UID: 0 PID: 14640 Comm: syz.3.3367 Not tainted syzkaller #0 PREEMPT(full) [ 346.957559][T14640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 346.957571][T14640] Call Trace: [ 346.957579][T14640] [ 346.957588][T14640] dump_stack_lvl+0xe8/0x150 [ 346.957620][T14640] should_fail_ex+0x414/0x560 [ 346.957660][T14640] should_failslab+0xa8/0x100 [ 346.957688][T14640] __kmalloc_cache_noprof+0x84/0x700 [ 346.957713][T14640] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 346.957741][T14640] ? kobject_uevent_env+0x28c/0x9f0 [ 346.957777][T14640] ? __pfx_dev_uevent_name+0x10/0x10 [ 346.957805][T14640] kobject_uevent_env+0x28c/0x9f0 [ 346.957854][T14640] device_add+0x557/0xb80 [ 346.957881][T14640] device_create+0x25b/0x2f0 [ 346.957908][T14640] ? timer_init_key+0x161/0x2b0 [ 346.957943][T14640] ? __pfx_device_create+0x10/0x10 [ 346.957969][T14640] ? ieee80211_alloc_hw_nm+0x18fa/0x1f60 [ 346.958008][T14640] mac80211_hwsim_new_radio+0x40c/0x52f0 [ 346.958038][T14640] ? _printk+0xcf/0x120 [ 346.958079][T14640] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 346.958102][T14640] ? ___ratelimit+0x5a0/0x900 [ 346.958130][T14640] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 346.958152][T14640] ? __nla_validate_parse+0x2400/0x2d40 [ 346.958175][T14640] ? __x64_sys_sendmsg+0x19b/0x260 [ 346.958213][T14640] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 346.958244][T14640] ? __pfx___nla_validate_parse+0x10/0x10 [ 346.958283][T14640] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 346.958313][T14640] ? rcu_is_watching+0x15/0xb0 [ 346.958342][T14640] ? __nla_parse+0x40/0x60 [ 346.958388][T14640] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 346.958422][T14640] genl_family_rcv_msg_doit+0x215/0x300 [ 346.958455][T14640] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 346.958495][T14640] ? bpf_lsm_capable+0x9/0x20 [ 346.958519][T14640] ? security_capable+0x7e/0x2e0 [ 346.958552][T14640] genl_rcv_msg+0x60e/0x790 [ 346.958582][T14640] ? __pfx_genl_rcv_msg+0x10/0x10 [ 346.958605][T14640] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 346.958643][T14640] netlink_rcv_skb+0x208/0x470 [ 346.958674][T14640] ? __pfx_genl_rcv_msg+0x10/0x10 [ 346.958700][T14640] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 346.958728][T14640] ? genl_rcv+0x19/0x40 [ 346.958767][T14640] ? down_read+0x274/0x2e0 [ 346.958793][T14640] ? genl_rcv+0xd/0x40 [ 346.958816][T14640] genl_rcv+0x28/0x40 [ 346.958855][T14640] netlink_unicast+0x82f/0x9e0 [ 346.958892][T14640] ? __pfx_netlink_unicast+0x10/0x10 [ 346.958921][T14640] ? netlink_sendmsg+0x642/0xb30 [ 346.958950][T14640] ? skb_put+0x11b/0x210 [ 346.958979][T14640] netlink_sendmsg+0x805/0xb30 [ 346.959020][T14640] ? __pfx_netlink_sendmsg+0x10/0x10 [ 346.959054][T14640] ? aa_sock_msg_perm+0xf1/0x1b0 [ 346.959082][T14640] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 346.959107][T14640] ? __pfx_netlink_sendmsg+0x10/0x10 [ 346.959139][T14640] __sock_sendmsg+0x21c/0x270 [ 346.959176][T14640] ____sys_sendmsg+0x505/0x820 [ 346.959210][T14640] ? __pfx_____sys_sendmsg+0x10/0x10 [ 346.959249][T14640] ? import_iovec+0x74/0xa0 [ 346.959278][T14640] ___sys_sendmsg+0x21f/0x2a0 [ 346.959309][T14640] ? __pfx____sys_sendmsg+0x10/0x10 [ 346.959375][T14640] ? __fget_files+0x2a/0x420 [ 346.959402][T14640] ? __fget_files+0x3a0/0x420 [ 346.959440][T14640] __x64_sys_sendmsg+0x19b/0x260 [ 346.959471][T14640] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 346.959510][T14640] ? __pfx_ksys_write+0x10/0x10 [ 346.959544][T14640] do_syscall_64+0xec/0xf80 [ 346.959569][T14640] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.959589][T14640] ? trace_irq_disable+0x37/0x100 [ 346.959617][T14640] ? clear_bhb_loop+0x60/0xb0 [ 346.959643][T14640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.959663][T14640] RIP: 0033:0x7f31ed18f749 [ 346.959681][T14640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.959700][T14640] RSP: 002b:00007f31edf84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 346.959722][T14640] RAX: ffffffffffffffda RBX: 00007f31ed3e5fa0 RCX: 00007f31ed18f749 [ 346.959737][T14640] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 346.959750][T14640] RBP: 00007f31edf84090 R08: 0000000000000000 R09: 0000000000000000 [ 346.959763][T14640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 346.959775][T14640] R13: 00007f31ed3e6038 R14: 00007f31ed3e5fa0 R15: 00007fff77173d48 [ 346.959810][T14640] [ 347.408975][T14639] netlink: 'syz.4.3366': attribute type 12 has an invalid length. [ 347.432981][T14641] netlink: 'syz.2.3364': attribute type 1 has an invalid length. [ 347.796194][T14658] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 347.816697][T14658] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0 [ 347.829346][T14663] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 347.848907][T14661] netlink: 'syz.1.3372': attribute type 1 has an invalid length. [ 348.416761][T14693] netlink: 'syz.1.3382': attribute type 39 has an invalid length. [ 348.891970][T14717] __nla_validate_parse: 6 callbacks suppressed [ 348.892002][T14717] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3391'. [ 348.938472][T14720] FAULT_INJECTION: forcing a failure. [ 348.938472][T14720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 348.966383][T14720] CPU: 0 UID: 0 PID: 14720 Comm: syz.0.3392 Not tainted syzkaller #0 PREEMPT(full) [ 348.966404][T14720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 348.966414][T14720] Call Trace: [ 348.966421][T14720] [ 348.966427][T14720] dump_stack_lvl+0xe8/0x150 [ 348.966451][T14720] should_fail_ex+0x414/0x560 [ 348.966480][T14720] _copy_from_user+0x2d/0xb0 [ 348.966500][T14720] kstrtouint_from_user+0xc4/0x170 [ 348.966518][T14720] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 348.966545][T14720] proc_fail_nth_write+0x88/0x200 [ 348.966562][T14720] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 348.966582][T14720] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 348.966599][T14720] vfs_write+0x27e/0xb30 [ 348.966621][T14720] ? __pfx_vfs_write+0x10/0x10 [ 348.966637][T14720] ? __fget_files+0x2a/0x420 [ 348.966659][T14720] ? __fget_files+0x3a0/0x420 [ 348.966677][T14720] ? __fget_files+0x2a/0x420 [ 348.966703][T14720] ksys_write+0x145/0x250 [ 348.966719][T14720] ? __pfx_ksys_write+0x10/0x10 [ 348.966744][T14720] do_syscall_64+0xec/0xf80 [ 348.966763][T14720] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.966777][T14720] ? trace_irq_disable+0x37/0x100 [ 348.966798][T14720] ? clear_bhb_loop+0x60/0xb0 [ 348.966816][T14720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.966831][T14720] RIP: 0033:0x7f8e6978e1ff [ 348.966845][T14720] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 348.966858][T14720] RSP: 002b:00007f8e6a681030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 348.966874][T14720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e6978e1ff [ 348.966885][T14720] RDX: 0000000000000001 RSI: 00007f8e6a6810a0 RDI: 0000000000000006 [ 348.966895][T14720] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 348.966904][T14720] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 348.966913][T14720] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 348.966937][T14720] [ 349.258953][T14721] syzkaller0: entered promiscuous mode [ 349.264546][T14721] syzkaller0: entered allmulticast mode [ 349.349542][T14728] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3395'. [ 349.360451][T14728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3395'. [ 349.567301][T14741] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3396'. [ 349.576713][T14741] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3396'. [ 349.585864][T14741] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3396'. [ 349.599485][T14741] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3396'. [ 351.229039][T14737] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.418399][T14767] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3406'. [ 351.674472][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3412'. [ 351.707371][T14784] netlink: 'syz.4.3413': attribute type 10 has an invalid length. [ 351.824194][T14786] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3412'. [ 352.142833][T14793] netlink: 'syz.3.3415': attribute type 10 has an invalid length. [ 352.353447][T14798] netlink: 'syz.3.3416': attribute type 13 has an invalid length. [ 352.479732][T14802] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 352.953649][T14801] vlan2: entered promiscuous mode [ 352.966955][T14801] vlan2: entered allmulticast mode [ 352.980533][T14801] hsr_slave_1: entered allmulticast mode [ 353.011387][T14806] tipc: Enabled bearer , priority 0 [ 353.048702][T14811] syzkaller1: entered promiscuous mode [ 353.056435][T14811] syzkaller1: entered allmulticast mode [ 353.128823][T14815] syzkaller0: entered promiscuous mode [ 353.134539][T14815] syzkaller0: entered allmulticast mode [ 353.140869][T14815] tipc: Resetting bearer [ 353.150078][T14824] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.157958][T14824] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.253327][T14797] tipc: Resetting bearer [ 354.871438][T14797] tipc: Disabling bearer [ 354.912634][T14831] syzkaller0: entered promiscuous mode [ 354.922049][T14831] syzkaller0: entered allmulticast mode [ 354.930448][T14839] FAULT_INJECTION: forcing a failure. [ 354.930448][T14839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 354.943714][T14839] CPU: 1 UID: 0 PID: 14839 Comm: syz.0.3425 Not tainted syzkaller #0 PREEMPT(full) [ 354.943742][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.943756][T14839] Call Trace: [ 354.943766][T14839] [ 354.943785][T14839] dump_stack_lvl+0xe8/0x150 [ 354.943819][T14839] should_fail_ex+0x414/0x560 [ 354.943857][T14839] _copy_from_user+0x2d/0xb0 [ 354.943885][T14839] br_dev_siocdevprivate+0xf5/0x1580 [ 354.943926][T14839] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 354.943957][T14839] ? lockdep_hardirqs_on+0x7b/0x110 [ 354.943994][T14839] ? __mutex_lock+0x5bb/0x1350 [ 354.944027][T14839] ? dev_ioctl+0x83c/0x1150 [ 354.944053][T14839] ? full_name_hash+0x92/0xe0 [ 354.944085][T14839] ? netdev_name_node_lookup+0xdf/0x120 [ 354.944129][T14839] dev_ifsioc+0xb57/0xf00 [ 354.944165][T14839] dev_ioctl+0x84c/0x1150 [ 354.944195][T14839] sock_ioctl+0x719/0x790 [ 354.944230][T14839] ? __pfx_sock_ioctl+0x10/0x10 [ 354.944264][T14839] ? __fget_files+0x3a0/0x420 [ 354.944290][T14839] ? __fget_files+0x2a/0x420 [ 354.944321][T14839] ? bpf_lsm_file_ioctl+0x9/0x20 [ 354.944344][T14839] ? __pfx_sock_ioctl+0x10/0x10 [ 354.944376][T14839] __se_sys_ioctl+0xfc/0x170 [ 354.944413][T14839] do_syscall_64+0xec/0xf80 [ 354.944438][T14839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.944460][T14839] ? clear_bhb_loop+0x60/0xb0 [ 354.944486][T14839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.944506][T14839] RIP: 0033:0x7f8e6978f749 [ 354.944527][T14839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.944546][T14839] RSP: 002b:00007f8e6a681038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 354.944582][T14839] RAX: ffffffffffffffda RBX: 00007f8e699e5fa0 RCX: 00007f8e6978f749 [ 354.944597][T14839] RDX: 0000200000000040 RSI: 00000000000089f0 RDI: 0000000000000003 [ 354.944611][T14839] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 354.944624][T14839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.944636][T14839] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 354.944670][T14839] [ 355.389080][T14864] __nla_validate_parse: 2 callbacks suppressed [ 355.389101][T14864] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3428'. [ 355.404797][T14864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3428'. [ 355.414200][T14864] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3428'. [ 356.190723][T14867] IPVS: set_ctl: invalid protocol: 44 0.0.0.0:20001 [ 356.667874][ T9668] tipc: Node number set to 506174604 [ 356.903545][T14878] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3435'. [ 357.790686][T14905] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 358.113949][T14927] tipc: Enabling of bearer rejected, failed to enable media [ 358.255535][T14934] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3446'. [ 358.270135][T14936] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3448'. [ 358.284194][T14934] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3446'. [ 358.293644][T14934] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3446'. [ 358.305555][T14934] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3446'. [ 358.511776][T14948] netlink: 'syz.1.3452': attribute type 10 has an invalid length. [ 358.522565][T14948] bond0: (slave dummy0): Releasing backup interface [ 358.534959][T14948] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 358.544256][T14948] team0: Failed to send options change via netlink (err -105) [ 358.553202][T14948] team0: Port device dummy0 added [ 358.670725][T14951] netlink: 'syz.1.3453': attribute type 4 has an invalid length. [ 358.678806][T14951] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3453'. [ 359.227591][T14959] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.481015][T14959] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.646694][T14959] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.684906][T14974] netlink: 'syz.1.3462': attribute type 1 has an invalid length. [ 359.749398][T14974] 8021q: adding VLAN 0 to HW filter on device bond2 [ 359.784189][T14959] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.878150][T14980] netlink: 'syz.1.3463': attribute type 1 has an invalid length. [ 359.893304][T14980] netlink: 'syz.1.3463': attribute type 1 has an invalid length. [ 360.064864][ T392] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.136799][T11020] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.163771][T11020] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.187332][T11020] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.451061][T14995] __nla_validate_parse: 5 callbacks suppressed [ 360.451080][T14995] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3466'. [ 360.466876][T14995] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3466'. [ 360.476032][T14995] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3466'. [ 360.485447][T14995] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3466'. [ 360.528343][T14994] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3468'. [ 360.572445][T15000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3469'. [ 360.586800][T15001] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3470'. [ 361.024313][T15025] netlink: 'syz.2.3477': attribute type 15 has an invalid length. [ 361.125952][T15031] rdma_op ffff88803d4049f0 conn xmit_rdma 0000000000000000 [ 361.340504][T15038] m1Ie5nè‹Ò: entered promiscuous mode [ 361.372157][T15038] tipc: Failed to remove unknown binding: 66,0,0/0:4084817248/4084817249 [ 361.384097][T15038] tipc: Failed to remove unknown binding: 66,0,0/0:4084817248/4084817249 [ 361.509201][T15049] FAULT_INJECTION: forcing a failure. [ 361.509201][T15049] name failslab, interval 1, probability 0, space 0, times 0 [ 361.539817][T15049] CPU: 1 UID: 0 PID: 15049 Comm: syz.4.3487 Not tainted syzkaller #0 PREEMPT(full) [ 361.539846][T15049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 361.539859][T15049] Call Trace: [ 361.539867][T15049] [ 361.539877][T15049] dump_stack_lvl+0xe8/0x150 [ 361.539910][T15049] should_fail_ex+0x414/0x560 [ 361.539950][T15049] should_failslab+0xa8/0x100 [ 361.539979][T15049] kmem_cache_alloc_lru_noprof+0x8d/0x6e0 [ 361.540015][T15049] ? sock_alloc_inode+0x28/0xc0 [ 361.540038][T15049] ? __pfx_sock_alloc_inode+0x10/0x10 [ 361.540057][T15049] sock_alloc_inode+0x28/0xc0 [ 361.540075][T15049] alloc_inode+0x6a/0x1b0 [ 361.540102][T15049] __sock_create+0x12d/0x9d0 [ 361.540134][T15049] udp_sock_create6+0xcb/0x690 [ 361.540172][T15049] ? __pfx_udp_sock_create6+0x10/0x10 [ 361.540213][T15049] ? rxrpc_lookup_local+0xc1a/0x1410 [ 361.540246][T15049] rxrpc_lookup_local+0xc92/0x1410 [ 361.540283][T15049] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 361.540333][T15049] ? __local_bh_enable_ip+0xd0/0x130 [ 361.540361][T15049] rxrpc_sendmsg+0x399/0x710 [ 361.540386][T15049] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 361.540407][T15049] __sock_sendmsg+0x21c/0x270 [ 361.540440][T15049] ____sys_sendmsg+0x505/0x820 [ 361.540470][T15049] ? __pfx_____sys_sendmsg+0x10/0x10 [ 361.540504][T15049] ? import_iovec+0x74/0xa0 [ 361.540531][T15049] ___sys_sendmsg+0x21f/0x2a0 [ 361.540558][T15049] ? __pfx____sys_sendmsg+0x10/0x10 [ 361.540630][T15049] ? __fget_files+0x2a/0x420 [ 361.540655][T15049] ? __fget_files+0x3a0/0x420 [ 361.540689][T15049] __x64_sys_sendmsg+0x19b/0x260 [ 361.540717][T15049] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 361.540752][T15049] ? __pfx_ksys_write+0x10/0x10 [ 361.540782][T15049] do_syscall_64+0xec/0xf80 [ 361.540805][T15049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.540823][T15049] ? trace_irq_disable+0x37/0x100 [ 361.540849][T15049] ? clear_bhb_loop+0x60/0xb0 [ 361.540878][T15049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.540897][T15049] RIP: 0033:0x7ff7ac38f749 [ 361.540914][T15049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.540931][T15049] RSP: 002b:00007ff7ad13f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 361.540951][T15049] RAX: ffffffffffffffda RBX: 00007ff7ac5e5fa0 RCX: 00007ff7ac38f749 [ 361.540965][T15049] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 361.540977][T15049] RBP: 00007ff7ad13f090 R08: 0000000000000000 R09: 0000000000000000 [ 361.540988][T15049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.540999][T15049] R13: 00007ff7ac5e6038 R14: 00007ff7ac5e5fa0 R15: 00007ffd0f754438 [ 361.541030][T15049] [ 361.541040][T15049] socket: no more sockets [ 361.827418][T15053] netlink: 212336 bytes leftover after parsing attributes in process `syz.3.3483'. [ 361.847277][T15052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3489'. [ 362.044309][T15063] FAULT_INJECTION: forcing a failure. [ 362.044309][T15063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 362.068334][T15063] CPU: 1 UID: 0 PID: 15063 Comm: syz.0.3491 Not tainted syzkaller #0 PREEMPT(full) [ 362.068364][T15063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 362.068377][T15063] Call Trace: [ 362.068386][T15063] [ 362.068395][T15063] dump_stack_lvl+0xe8/0x150 [ 362.068428][T15063] should_fail_ex+0x414/0x560 [ 362.068467][T15063] _copy_from_iter+0x1cd/0x1630 [ 362.068491][T15063] ? rcu_is_watching+0x15/0xb0 [ 362.068517][T15063] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 362.068548][T15063] ? kmem_cache_alloc_node_noprof+0x48c/0x720 [ 362.068582][T15063] ? kmalloc_reserve+0xbd/0x290 [ 362.068608][T15063] ? __pfx__copy_from_iter+0x10/0x10 [ 362.068641][T15063] ? netlink_sendmsg+0x642/0xb30 [ 362.068671][T15063] ? skb_put+0x11b/0x210 [ 362.068700][T15063] netlink_sendmsg+0x6b2/0xb30 [ 362.068739][T15063] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.068774][T15063] ? aa_sock_msg_perm+0xf1/0x1b0 [ 362.068811][T15063] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 362.068831][T15063] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.068862][T15063] __sock_sendmsg+0x21c/0x270 [ 362.068899][T15063] ____sys_sendmsg+0x505/0x820 [ 362.068932][T15063] ? __pfx_____sys_sendmsg+0x10/0x10 [ 362.068969][T15063] ? import_iovec+0x74/0xa0 [ 362.068998][T15063] ___sys_sendmsg+0x21f/0x2a0 [ 362.069029][T15063] ? __pfx____sys_sendmsg+0x10/0x10 [ 362.069092][T15063] ? __fget_files+0x2a/0x420 [ 362.069117][T15063] ? __fget_files+0x3a0/0x420 [ 362.069153][T15063] __x64_sys_sendmsg+0x19b/0x260 [ 362.069182][T15063] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 362.069217][T15063] ? __pfx_ksys_write+0x10/0x10 [ 362.069248][T15063] do_syscall_64+0xec/0xf80 [ 362.069273][T15063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.069293][T15063] ? trace_irq_disable+0x37/0x100 [ 362.069320][T15063] ? clear_bhb_loop+0x60/0xb0 [ 362.069346][T15063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.069366][T15063] RIP: 0033:0x7f8e6978f749 [ 362.069385][T15063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.069403][T15063] RSP: 002b:00007f8e6a681038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 362.069425][T15063] RAX: ffffffffffffffda RBX: 00007f8e699e5fa0 RCX: 00007f8e6978f749 [ 362.069441][T15063] RDX: 0000000020000880 RSI: 0000200000000040 RDI: 0000000000000003 [ 362.069454][T15063] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 362.069467][T15063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.069478][T15063] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 362.069512][T15063] [ 362.379474][T15065] tipc: Started in network mode [ 362.384416][T15065] tipc: Node identity 4a926f62c7b9, cluster identity 4711 [ 362.422381][T15065] tipc: Enabled bearer , priority 0 [ 362.437856][T15065] syzkaller0: entered promiscuous mode [ 362.443399][T15065] syzkaller0: entered allmulticast mode [ 362.508194][T15065] tipc: Resetting bearer [ 362.519636][T15064] tipc: Resetting bearer [ 362.561435][T15064] tipc: Disabling bearer [ 362.622251][T15080] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3495'. [ 362.661447][T15077] .70·: renamed from hsr0 (while UP) [ 362.675635][T15077] .70·: entered allmulticast mode [ 362.685593][T15077] hsr_slave_0: entered allmulticast mode [ 362.695747][T15077] hsr_slave_1: entered allmulticast mode [ 362.715165][T15077] A link change request failed with some changes committed already. Interface .70· may have been left with an inconsistent configuration, please check. [ 363.470905][T15118] FAULT_INJECTION: forcing a failure. [ 363.470905][T15118] name failslab, interval 1, probability 0, space 0, times 0 [ 363.546337][T15118] CPU: 0 UID: 0 PID: 15118 Comm: syz.1.3507 Not tainted syzkaller #0 PREEMPT(full) [ 363.546375][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 363.546388][T15118] Call Trace: [ 363.546397][T15118] [ 363.546406][T15118] dump_stack_lvl+0xe8/0x150 [ 363.546438][T15118] should_fail_ex+0x414/0x560 [ 363.546479][T15118] should_failslab+0xa8/0x100 [ 363.546508][T15118] __kmalloc_cache_noprof+0x84/0x700 [ 363.546529][T15118] ? __pfx___mutex_lock+0x10/0x10 [ 363.546555][T15118] ? __inet_diag_dump_start+0x8b/0xbf0 [ 363.546576][T15118] ? netlink_lookup+0x30/0x200 [ 363.546608][T15118] __inet_diag_dump_start+0x8b/0xbf0 [ 363.546629][T15118] ? netlink_lookup+0x30/0x200 [ 363.546656][T15118] ? netlink_lookup+0x30/0x200 [ 363.546681][T15118] ? netlink_lookup+0x30/0x200 [ 363.546716][T15118] __netlink_dump_start+0x469/0x7e0 [ 363.546756][T15118] inet_diag_handler_cmd+0x1bf/0x290 [ 363.546794][T15118] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 363.546827][T15118] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 363.546845][T15118] ? __pfx_inet_diag_dump+0x10/0x10 [ 363.546860][T15118] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 363.546881][T15118] ? sock_diag_lock_handler+0x19/0x290 [ 363.546905][T15118] ? sock_diag_lock_handler+0x19/0x290 [ 363.546935][T15118] sock_diag_rcv_msg+0x4cc/0x600 [ 363.546963][T15118] netlink_rcv_skb+0x208/0x470 [ 363.546992][T15118] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 363.547016][T15118] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 363.547056][T15118] ? netlink_deliver_tap+0x2e/0x1b0 [ 363.547094][T15118] netlink_unicast+0x82f/0x9e0 [ 363.547130][T15118] ? __pfx_netlink_unicast+0x10/0x10 [ 363.547159][T15118] ? netlink_sendmsg+0x642/0xb30 [ 363.547194][T15118] ? skb_put+0x11b/0x210 [ 363.547240][T15118] netlink_sendmsg+0x805/0xb30 [ 363.547283][T15118] ? __pfx_netlink_sendmsg+0x10/0x10 [ 363.547317][T15118] ? aa_sock_msg_perm+0xf1/0x1b0 [ 363.547348][T15118] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 363.547378][T15118] ? __pfx_netlink_sendmsg+0x10/0x10 [ 363.547415][T15118] __sock_sendmsg+0x21c/0x270 [ 363.547452][T15118] sock_write_iter+0x279/0x360 [ 363.547487][T15118] ? __pfx_sock_write_iter+0x10/0x10 [ 363.547531][T15118] ? kstrtoull+0x12f/0x1d0 [ 363.547572][T15118] do_iter_readv_writev+0x623/0x8c0 [ 363.547604][T15118] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 363.547624][T15118] ? common_file_perm+0x1b5/0x220 [ 363.547657][T15118] ? bpf_lsm_file_permission+0x9/0x20 [ 363.547680][T15118] ? security_file_permission+0x75/0x290 [ 363.547703][T15118] ? rw_verify_area+0x255/0x4d0 [ 363.547742][T15118] vfs_writev+0x31a/0x960 [ 363.547778][T15118] ? __pfx_vfs_writev+0x10/0x10 [ 363.547822][T15118] ? __fget_files+0x2a/0x420 [ 363.547854][T15118] ? __fget_files+0x3a0/0x420 [ 363.547880][T15118] ? __fget_files+0x2a/0x420 [ 363.547917][T15118] do_writev+0x14d/0x2d0 [ 363.547947][T15118] ? __pfx_do_writev+0x10/0x10 [ 363.547971][T15118] ? __task_pid_nr_ns+0x28/0x490 [ 363.548012][T15118] do_syscall_64+0xec/0xf80 [ 363.548038][T15118] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.548058][T15118] ? trace_irq_disable+0x37/0x100 [ 363.548085][T15118] ? clear_bhb_loop+0x60/0xb0 [ 363.548112][T15118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.548132][T15118] RIP: 0033:0x7f4c5bf8f749 [ 363.548152][T15118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.548170][T15118] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 363.548194][T15118] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 363.548210][T15118] RDX: 0000000000000001 RSI: 0000200000000540 RDI: 0000000000000005 [ 363.548224][T15118] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 363.548237][T15118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 363.548249][T15118] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 363.548286][T15118] [ 364.189772][T15127] tipc: Enabled bearer , priority 0 [ 364.217481][T15127] syzkaller0: entered promiscuous mode [ 364.223126][T15127] syzkaller0: entered allmulticast mode [ 364.259564][T15127] tipc: Resetting bearer [ 364.286959][T15126] tipc: Resetting bearer [ 364.357827][T15126] tipc: Disabling bearer [ 364.465121][T15143] FAULT_INJECTION: forcing a failure. [ 364.465121][T15143] name failslab, interval 1, probability 0, space 0, times 0 [ 364.514752][T15143] CPU: 0 UID: 0 PID: 15143 Comm: syz.2.3513 Not tainted syzkaller #0 PREEMPT(full) [ 364.514788][T15143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 364.514802][T15143] Call Trace: [ 364.514811][T15143] [ 364.514820][T15143] dump_stack_lvl+0xe8/0x150 [ 364.514854][T15143] should_fail_ex+0x414/0x560 [ 364.514904][T15143] should_failslab+0xa8/0x100 [ 364.514933][T15143] kmem_cache_alloc_noprof+0x88/0x710 [ 364.514982][T15143] ? __netlink_lookup+0xbd/0x8a0 [ 364.515015][T15143] ? skb_clone+0x212/0x3a0 [ 364.515050][T15143] skb_clone+0x212/0x3a0 [ 364.515084][T15143] __netlink_deliver_tap+0x404/0x850 [ 364.515129][T15143] ? netlink_deliver_tap+0x2e/0x1b0 [ 364.515161][T15143] netlink_deliver_tap+0x19c/0x1b0 [ 364.515194][T15143] netlink_unicast+0x7fa/0x9e0 [ 364.515232][T15143] ? __pfx_netlink_unicast+0x10/0x10 [ 364.515262][T15143] ? netlink_sendmsg+0x642/0xb30 [ 364.515291][T15143] ? skb_put+0x11b/0x210 [ 364.515322][T15143] netlink_sendmsg+0x805/0xb30 [ 364.515364][T15143] ? __pfx_netlink_sendmsg+0x10/0x10 [ 364.515400][T15143] ? aa_sock_msg_perm+0xf1/0x1b0 [ 364.515430][T15143] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 364.515450][T15143] ? __pfx_netlink_sendmsg+0x10/0x10 [ 364.515483][T15143] __sock_sendmsg+0x21c/0x270 [ 364.515522][T15143] ____sys_sendmsg+0x505/0x820 [ 364.515557][T15143] ? __pfx_____sys_sendmsg+0x10/0x10 [ 364.515603][T15143] ? import_iovec+0x74/0xa0 [ 364.515634][T15143] ___sys_sendmsg+0x21f/0x2a0 [ 364.515665][T15143] ? __pfx____sys_sendmsg+0x10/0x10 [ 364.515733][T15143] ? __fget_files+0x2a/0x420 [ 364.515759][T15143] ? __fget_files+0x3a0/0x420 [ 364.515797][T15143] __x64_sys_sendmsg+0x19b/0x260 [ 364.515828][T15143] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 364.515867][T15143] ? __pfx_ksys_write+0x10/0x10 [ 364.515902][T15143] do_syscall_64+0xec/0xf80 [ 364.515928][T15143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.515948][T15143] ? trace_irq_disable+0x37/0x100 [ 364.515977][T15143] ? clear_bhb_loop+0x60/0xb0 [ 364.516002][T15143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.516023][T15143] RIP: 0033:0x7fab3738f749 [ 364.516042][T15143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.516061][T15143] RSP: 002b:00007fab355b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 364.516084][T15143] RAX: ffffffffffffffda RBX: 00007fab375e6180 RCX: 00007fab3738f749 [ 364.516100][T15143] RDX: 0000000004000054 RSI: 0000200000000480 RDI: 000000000000000d [ 364.516114][T15143] RBP: 00007fab355b4090 R08: 0000000000000000 R09: 0000000000000000 [ 364.516127][T15143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.516140][T15143] R13: 00007fab375e6218 R14: 00007fab375e6180 R15: 00007ffea3e6e6d8 [ 364.516175][T15143] [ 364.813567][T15148] ip6gre1: entered promiscuous mode [ 364.818862][T15148] ip6gre1: entered allmulticast mode [ 364.825918][T11005] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 364.839221][T11005] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 364.847136][ T9661] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 365.010331][ T9661] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 365.255915][T15166] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input19 [ 365.276794][ T9663] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 365.442393][T15164] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.475328][T15170] FAULT_INJECTION: forcing a failure. [ 365.475328][T15170] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.496610][T15170] CPU: 1 UID: 0 PID: 15170 Comm: syz.4.3525 Not tainted syzkaller #0 PREEMPT(full) [ 365.496640][T15170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 365.496666][T15170] Call Trace: [ 365.496675][T15170] [ 365.496684][T15170] dump_stack_lvl+0xe8/0x150 [ 365.496718][T15170] should_fail_ex+0x414/0x560 [ 365.496758][T15170] _copy_to_user+0x31/0xb0 [ 365.496785][T15170] simple_read_from_buffer+0xe1/0x170 [ 365.496817][T15170] proc_fail_nth_read+0x1b3/0x220 [ 365.496843][T15170] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.496869][T15170] ? rw_verify_area+0x2a6/0x4d0 [ 365.496902][T15170] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.496927][T15170] vfs_read+0x200/0xa30 [ 365.496945][T15170] ? fdget_pos+0x247/0x320 [ 365.496977][T15170] ? __pfx___mutex_lock+0x10/0x10 [ 365.497006][T15170] ? __pfx_vfs_read+0x10/0x10 [ 365.497028][T15170] ? __fget_files+0x2a/0x420 [ 365.497060][T15170] ? __fget_files+0x3a0/0x420 [ 365.497086][T15170] ? __fget_files+0x2a/0x420 [ 365.497122][T15170] ksys_read+0x145/0x250 [ 365.497154][T15170] ? __pfx_ksys_read+0x10/0x10 [ 365.497188][T15170] do_syscall_64+0xec/0xf80 [ 365.497214][T15170] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.497235][T15170] ? trace_irq_disable+0x37/0x100 [ 365.497262][T15170] ? clear_bhb_loop+0x60/0xb0 [ 365.497288][T15170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.497326][T15170] RIP: 0033:0x7ff7ac38e15c [ 365.497344][T15170] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 365.497362][T15170] RSP: 002b:00007ff7aa5f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.497384][T15170] RAX: ffffffffffffffda RBX: 00007ff7ac5e6090 RCX: 00007ff7ac38e15c [ 365.497399][T15170] RDX: 000000000000000f RSI: 00007ff7aa5f60a0 RDI: 0000000000000006 [ 365.497413][T15170] RBP: 00007ff7aa5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 365.497425][T15170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.497437][T15170] R13: 00007ff7ac5e6128 R14: 00007ff7ac5e6090 R15: 00007ffd0f754438 [ 365.497472][T15170] [ 365.739336][T15180] FAULT_INJECTION: forcing a failure. [ 365.739336][T15180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.752639][T15180] CPU: 0 UID: 0 PID: 15180 Comm: syz.0.3529 Not tainted syzkaller #0 PREEMPT(full) [ 365.752668][T15180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 365.752681][T15180] Call Trace: [ 365.752689][T15180] [ 365.752698][T15180] dump_stack_lvl+0xe8/0x150 [ 365.752730][T15180] should_fail_ex+0x414/0x560 [ 365.752770][T15180] _copy_to_user+0x31/0xb0 [ 365.752799][T15180] simple_read_from_buffer+0xe1/0x170 [ 365.752831][T15180] proc_fail_nth_read+0x1b3/0x220 [ 365.752856][T15180] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.752881][T15180] ? rw_verify_area+0x2a6/0x4d0 [ 365.752911][T15180] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.752934][T15180] vfs_read+0x200/0xa30 [ 365.752952][T15180] ? fdget_pos+0x247/0x320 [ 365.752982][T15180] ? __pfx___mutex_lock+0x10/0x10 [ 365.753009][T15180] ? __pfx_vfs_read+0x10/0x10 [ 365.753030][T15180] ? __fget_files+0x2a/0x420 [ 365.753061][T15180] ? __fget_files+0x3a0/0x420 [ 365.753085][T15180] ? __fget_files+0x2a/0x420 [ 365.753120][T15180] ksys_read+0x145/0x250 [ 365.753143][T15180] ? __pfx_ksys_read+0x10/0x10 [ 365.753176][T15180] do_syscall_64+0xec/0xf80 [ 365.753201][T15180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.753220][T15180] ? trace_irq_disable+0x37/0x100 [ 365.753247][T15180] ? clear_bhb_loop+0x60/0xb0 [ 365.753272][T15180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.753310][T15180] RIP: 0033:0x7f8e6978e15c [ 365.753330][T15180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 365.753350][T15180] RSP: 002b:00007f8e6a681030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.753372][T15180] RAX: ffffffffffffffda RBX: 00007f8e699e5fa0 RCX: 00007f8e6978e15c [ 365.753388][T15180] RDX: 000000000000000f RSI: 00007f8e6a6810a0 RDI: 0000000000000004 [ 365.753402][T15180] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 365.753415][T15180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.753428][T15180] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 365.753472][T15180] [ 366.003949][T15182] syzkaller1: entered promiscuous mode [ 366.009660][T15182] syzkaller1: entered allmulticast mode [ 366.058563][T15186] __nla_validate_parse: 10 callbacks suppressed [ 366.058583][T15186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3532'. [ 366.125519][T15164] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.165151][T15186] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.214078][T15188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3532'. [ 366.277849][T15164] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.311888][T15195] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3536'. [ 366.323545][T15186] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.349064][T15197] FAULT_INJECTION: forcing a failure. [ 366.349064][T15197] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 366.380458][T15197] CPU: 0 UID: 0 PID: 15197 Comm: syz.3.3535 Not tainted syzkaller #0 PREEMPT(full) [ 366.380489][T15197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 366.380502][T15197] Call Trace: [ 366.380510][T15197] [ 366.380519][T15197] dump_stack_lvl+0xe8/0x150 [ 366.380551][T15197] should_fail_ex+0x414/0x560 [ 366.380596][T15197] _copy_from_user+0x2d/0xb0 [ 366.380640][T15197] ___sys_sendmsg+0x158/0x2a0 [ 366.380674][T15197] ? __pfx____sys_sendmsg+0x10/0x10 [ 366.380738][T15197] ? __fget_files+0x2a/0x420 [ 366.380763][T15197] ? __fget_files+0x3a0/0x420 [ 366.380799][T15197] __x64_sys_sendmsg+0x19b/0x260 [ 366.380828][T15197] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 366.380866][T15197] ? __pfx_ksys_write+0x10/0x10 [ 366.380902][T15197] do_syscall_64+0xec/0xf80 [ 366.380927][T15197] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.380946][T15197] ? trace_irq_disable+0x37/0x100 [ 366.380974][T15197] ? clear_bhb_loop+0x60/0xb0 [ 366.380998][T15197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.381018][T15197] RIP: 0033:0x7f31ed18f749 [ 366.381036][T15197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.381054][T15197] RSP: 002b:00007f31edf63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 366.381077][T15197] RAX: ffffffffffffffda RBX: 00007f31ed3e6090 RCX: 00007f31ed18f749 [ 366.381092][T15197] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000009 [ 366.381105][T15197] RBP: 00007f31edf63090 R08: 0000000000000000 R09: 0000000000000000 [ 366.381117][T15197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.381128][T15197] R13: 00007f31ed3e6128 R14: 00007f31ed3e6090 R15: 00007fff77173d48 [ 366.381169][T15197] [ 366.574512][T15164] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.695784][T15186] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.769295][T15186] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.822900][ T1145] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.870688][ T1145] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.893532][ T1145] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.944645][ T399] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.974232][ T1145] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.000820][ T1145] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.041664][ T1145] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.052812][ T1145] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.221283][T15206] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.233910][T15209] FAULT_INJECTION: forcing a failure. [ 367.233910][T15209] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.238914][T15210] FAULT_INJECTION: forcing a failure. [ 367.238914][T15210] name failslab, interval 1, probability 0, space 0, times 0 [ 367.265290][T15210] CPU: 1 UID: 0 PID: 15210 Comm: syz.1.3539 Not tainted syzkaller #0 PREEMPT(full) [ 367.265321][T15210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 367.265334][T15210] Call Trace: [ 367.265343][T15210] [ 367.265352][T15210] dump_stack_lvl+0xe8/0x150 [ 367.265386][T15210] should_fail_ex+0x414/0x560 [ 367.265442][T15210] should_failslab+0xa8/0x100 [ 367.265467][T15210] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 367.265495][T15210] ? __alloc_skb+0x1d5/0x720 [ 367.265513][T15210] ? __local_bh_enable_ip+0xd0/0x130 [ 367.265532][T15210] ? __alloc_skb+0x190/0x720 [ 367.265551][T15210] __alloc_skb+0x1d5/0x720 [ 367.265574][T15210] _sctp_make_chunk+0x59/0x290 [ 367.265595][T15210] sctp_make_datafrag_empty+0x122/0x230 [ 367.265614][T15210] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 367.265634][T15210] ? sctp_user_addto_chunk+0xa8/0x240 [ 367.265655][T15210] sctp_datamsg_from_user+0x729/0xef0 [ 367.265697][T15210] sctp_sendmsg_to_asoc+0x1059/0x18d0 [ 367.265724][T15210] ? sctp_assoc_add_peer+0xce1/0x13b0 [ 367.265756][T15210] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 367.265777][T15210] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 367.265798][T15210] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 367.265819][T15210] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 367.265838][T15210] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 367.265858][T15210] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 367.265876][T15210] ? security_sctp_bind_connect+0x7e/0x2e0 [ 367.265896][T15210] sctp_sendmsg+0x1941/0x2840 [ 367.265925][T15210] ? __pfx_sctp_sendmsg+0x10/0x10 [ 367.265943][T15210] ? aa_sk_perm+0x15f/0x920 [ 367.265966][T15210] ? aa_sk_perm+0x7ee/0x920 [ 367.265990][T15210] ? __pfx_aa_sk_perm+0x10/0x10 [ 367.266015][T15210] ? sock_rps_record_flow+0x19/0x410 [ 367.266045][T15210] ? inet_sendmsg+0x2f4/0x370 [ 367.266069][T15210] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 367.266088][T15210] __sock_sendmsg+0x19c/0x270 [ 367.266118][T15210] __sys_sendto+0x3bd/0x520 [ 367.266145][T15210] ? __pfx___sys_sendto+0x10/0x10 [ 367.266163][T15210] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 367.266197][T15210] ? __fget_files+0x3a0/0x420 [ 367.266227][T15210] ? ksys_write+0x22a/0x250 [ 367.266253][T15210] ? __pfx_ksys_write+0x10/0x10 [ 367.266274][T15210] __x64_sys_sendto+0xde/0x100 [ 367.266298][T15210] do_syscall_64+0xec/0xf80 [ 367.266319][T15210] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.266336][T15210] ? trace_irq_disable+0x37/0x100 [ 367.266358][T15210] ? clear_bhb_loop+0x60/0xb0 [ 367.266378][T15210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.266396][T15210] RIP: 0033:0x7f4c5bf8f749 [ 367.266412][T15210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.266428][T15210] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 367.266447][T15210] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 367.266460][T15210] RDX: 000000000000fffd RSI: 0000200000000080 RDI: 0000000000000003 [ 367.266471][T15210] RBP: 00007f4c5a1f6090 R08: 0000200000000140 R09: 000000000000001c [ 367.266483][T15210] R10: 000000000400c0d4 R11: 0000000000000246 R12: 0000000000000002 [ 367.266494][T15210] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 367.266522][T15210] [ 367.594921][T15209] CPU: 1 UID: 0 PID: 15209 Comm: syz.3.3542 Not tainted syzkaller #0 PREEMPT(full) [ 367.594953][T15209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 367.594967][T15209] Call Trace: [ 367.594977][T15209] [ 367.594985][T15209] dump_stack_lvl+0xe8/0x150 [ 367.595019][T15209] should_fail_ex+0x414/0x560 [ 367.595059][T15209] _copy_to_user+0x31/0xb0 [ 367.595089][T15209] simple_read_from_buffer+0xe1/0x170 [ 367.595121][T15209] proc_fail_nth_read+0x1b3/0x220 [ 367.595147][T15209] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.595174][T15209] ? rw_verify_area+0x2a6/0x4d0 [ 367.595206][T15209] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.595240][T15209] vfs_read+0x200/0xa30 [ 367.595258][T15209] ? fdget_pos+0x247/0x320 [ 367.595290][T15209] ? __pfx___mutex_lock+0x10/0x10 [ 367.595319][T15209] ? __pfx_vfs_read+0x10/0x10 [ 367.595341][T15209] ? __fget_files+0x2a/0x420 [ 367.595372][T15209] ? __fget_files+0x3a0/0x420 [ 367.595398][T15209] ? __fget_files+0x2a/0x420 [ 367.595434][T15209] ksys_read+0x145/0x250 [ 367.595457][T15209] ? __pfx_ksys_read+0x10/0x10 [ 367.595490][T15209] do_syscall_64+0xec/0xf80 [ 367.595516][T15209] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.595537][T15209] ? trace_irq_disable+0x37/0x100 [ 367.595564][T15209] ? clear_bhb_loop+0x60/0xb0 [ 367.595591][T15209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.595612][T15209] RIP: 0033:0x7f31ed18e15c [ 367.595630][T15209] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 367.595649][T15209] RSP: 002b:00007f31edf84030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 367.595672][T15209] RAX: ffffffffffffffda RBX: 00007f31ed3e5fa0 RCX: 00007f31ed18e15c [ 367.595688][T15209] RDX: 000000000000000f RSI: 00007f31edf840a0 RDI: 0000000000000004 [ 367.595702][T15209] RBP: 00007f31edf84090 R08: 0000000000000000 R09: 0000000000000000 [ 367.595715][T15209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.595728][T15209] R13: 00007f31ed3e6038 R14: 00007f31ed3e5fa0 R15: 00007fff77173d48 [ 367.595763][T15209] [ 368.044254][T15220] lo speed is unknown, defaulting to 1000 [ 368.057249][T15222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3549'. [ 368.169576][T15224] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3547'. [ 368.186711][T15224] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3547'. [ 368.609006][T15248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3555'. [ 368.670186][T15249] netlink: 'syz.0.3557': attribute type 1 has an invalid length. [ 368.695154][T15251] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3558'. [ 368.876575][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 369.004470][T15257] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.011796][T15257] bridge0: port 2(bridge_slave_1) entered listening state [ 369.019344][T15257] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.026627][T15257] bridge0: port 1(bridge_slave_0) entered listening state [ 369.086059][T15257] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 369.200963][T15097] udevd[15097]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 369.384874][T15268] siw: device registration error -23 [ 369.536915][T15280] FAULT_INJECTION: forcing a failure. [ 369.536915][T15280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 369.573218][T15280] CPU: 0 UID: 0 PID: 15280 Comm: syz.0.3565 Not tainted syzkaller #0 PREEMPT(full) [ 369.573249][T15280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 369.573262][T15280] Call Trace: [ 369.573270][T15280] [ 369.573279][T15280] dump_stack_lvl+0xe8/0x150 [ 369.573311][T15280] should_fail_ex+0x414/0x560 [ 369.573350][T15280] _copy_from_iter+0x1cd/0x1630 [ 369.573377][T15280] ? sock_alloc_send_pskb+0x86b/0x980 [ 369.573414][T15280] ? __pfx__copy_from_iter+0x10/0x10 [ 369.573444][T15280] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 369.573475][T15280] skb_copy_datagram_from_iter+0xf5/0x720 [ 369.573508][T15280] ? __lock_acquire+0x6b6/0x2cf0 [ 369.573528][T15280] ? skb_put+0x11b/0x210 [ 369.573556][T15280] tun_get_user+0x1683/0x3dc0 [ 369.573601][T15280] ? aa_file_perm+0x44c/0x1530 [ 369.573630][T15280] ? __pfx_tun_get_user+0x10/0x10 [ 369.573659][T15280] ? __lock_acquire+0x6b6/0x2cf0 [ 369.573681][T15280] ? kstrtoull+0x12f/0x1d0 [ 369.573721][T15280] ? ref_tracker_alloc+0x318/0x460 [ 369.573741][T15280] ? get_pid_task+0x20/0x1f0 [ 369.573768][T15280] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 369.573800][T15280] ? tun_get+0x1c/0x2f0 [ 369.573827][T15280] ? tun_get+0x1c/0x2f0 [ 369.573859][T15280] ? tun_get+0x1c/0x2f0 [ 369.573884][T15280] ? tun_get+0x1c/0x2f0 [ 369.573914][T15280] tun_chr_write_iter+0x113/0x200 [ 369.573945][T15280] vfs_write+0x5c9/0xb30 [ 369.573970][T15280] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 369.574000][T15280] ? __pfx_vfs_write+0x10/0x10 [ 369.574030][T15280] ? __fget_files+0x2a/0x420 [ 369.574066][T15280] ksys_write+0x145/0x250 [ 369.574089][T15280] ? __pfx_ksys_write+0x10/0x10 [ 369.574120][T15280] do_syscall_64+0xec/0xf80 [ 369.574147][T15280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.574167][T15280] ? trace_irq_disable+0x37/0x100 [ 369.574198][T15280] ? clear_bhb_loop+0x60/0xb0 [ 369.574223][T15280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.574243][T15280] RIP: 0033:0x7f8e6978e1ff [ 369.574262][T15280] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 369.574280][T15280] RSP: 002b:00007f8e6a681000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 369.574302][T15280] RAX: ffffffffffffffda RBX: 00007f8e699e5fa0 RCX: 00007f8e6978e1ff [ 369.574318][T15280] RDX: 0000000000000d82 RSI: 0000200000000d00 RDI: 00000000000000c8 [ 369.574332][T15280] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 369.574345][T15280] R10: 0000000000000d82 R11: 0000000000000293 R12: 0000000000000001 [ 369.574358][T15280] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 369.574392][T15280] [ 370.188509][T15303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3574'. [ 370.437888][T15318] netlink: 'syz.2.3578': attribute type 21 has an invalid length. [ 370.653018][ T9656] IPVS: starting estimator thread 0... [ 370.862405][T15329] IPVS: using max 33 ests per chain, 79200 per kthread [ 370.980801][T15337] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3583'. [ 371.421736][T15352] lo speed is unknown, defaulting to 1000 [ 371.536812][T15357] bridge_slave_1: left allmulticast mode [ 371.553451][T15357] bridge_slave_1: left promiscuous mode [ 371.566562][T15357] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.594229][T15357] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 371.840060][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3594'. [ 371.968358][T15370] FAULT_INJECTION: forcing a failure. [ 371.968358][T15370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 372.038541][T15370] CPU: 0 UID: 0 PID: 15370 Comm: syz.3.3595 Not tainted syzkaller #0 PREEMPT(full) [ 372.038582][T15370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 372.038595][T15370] Call Trace: [ 372.038604][T15370] [ 372.038613][T15370] dump_stack_lvl+0xe8/0x150 [ 372.038645][T15370] should_fail_ex+0x414/0x560 [ 372.038684][T15370] _copy_to_user+0x31/0xb0 [ 372.038712][T15370] simple_read_from_buffer+0xe1/0x170 [ 372.038743][T15370] proc_fail_nth_read+0x1b3/0x220 [ 372.038769][T15370] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 372.038795][T15370] ? rw_verify_area+0x2a6/0x4d0 [ 372.038827][T15370] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 372.038851][T15370] vfs_read+0x200/0xa30 [ 372.038868][T15370] ? fdget_pos+0x247/0x320 [ 372.038900][T15370] ? __pfx___mutex_lock+0x10/0x10 [ 372.038927][T15370] ? __pfx_vfs_read+0x10/0x10 [ 372.038948][T15370] ? __fget_files+0x2a/0x420 [ 372.038978][T15370] ? __fget_files+0x3a0/0x420 [ 372.039003][T15370] ? __fget_files+0x2a/0x420 [ 372.039039][T15370] ksys_read+0x145/0x250 [ 372.039062][T15370] ? __pfx_ksys_read+0x10/0x10 [ 372.039094][T15370] do_syscall_64+0xec/0xf80 [ 372.039119][T15370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.039139][T15370] ? trace_irq_disable+0x37/0x100 [ 372.039166][T15370] ? clear_bhb_loop+0x60/0xb0 [ 372.039191][T15370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.039211][T15370] RIP: 0033:0x7f31ed18e15c [ 372.039229][T15370] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 372.039247][T15370] RSP: 002b:00007f31edf84030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 372.039268][T15370] RAX: ffffffffffffffda RBX: 00007f31ed3e5fa0 RCX: 00007f31ed18e15c [ 372.039283][T15370] RDX: 000000000000000f RSI: 00007f31edf840a0 RDI: 0000000000000004 [ 372.039296][T15370] RBP: 00007f31edf84090 R08: 0000000000000000 R09: 0000000000000000 [ 372.039309][T15370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.039321][T15370] R13: 00007f31ed3e6038 R14: 00007f31ed3e5fa0 R15: 00007fff77173d48 [ 372.039356][T15370] [ 372.387010][T15375] netlink: 'syz.2.3597': attribute type 13 has an invalid length. [ 372.397264][T15375] netlink: 'syz.2.3597': attribute type 12 has an invalid length. [ 372.612193][T15379] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3596'. [ 373.133217][T15400] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3604'. [ 373.236403][T15415] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3610'. [ 373.825131][T15410] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.833058][T15410] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.926739][T15427] netlink: 'syz.4.3614': attribute type 5 has an invalid length. [ 374.088262][T15410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.120634][T15410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.461098][ T399] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.494151][ T399] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.509923][ T399] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.557439][ T399] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.573174][T15433] netlink: 212216 bytes leftover after parsing attributes in process `syz.3.3615'. [ 374.628256][T15433] tun0: tun_chr_ioctl cmd 1074025675 [ 374.646628][T15433] tun0: persist enabled [ 374.679189][T15433] tun0: tun_chr_ioctl cmd 1074025675 [ 374.689201][T15433] tun0: persist enabled [ 374.723600][T15444] tipc: Enabled bearer , priority 0 [ 374.741777][T15444] syzkaller0: entered promiscuous mode [ 374.756574][T15444] syzkaller0: entered allmulticast mode [ 374.778170][T15444] tipc: Resetting bearer [ 374.831224][T15443] tipc: Resetting bearer [ 374.930472][T15443] tipc: Disabling bearer [ 375.387106][T15466] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3627'. [ 375.429780][T15468] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3628'. [ 375.438906][T15468] netlink: 116 bytes leftover after parsing attributes in process `syz.4.3628'. [ 375.455515][T15468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3628'. [ 375.637424][T15471] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3627'. [ 375.687430][T15478] netlink: 'syz.1.3631': attribute type 25 has an invalid length. [ 376.628474][T15497] lo speed is unknown, defaulting to 1000 [ 376.796405][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 376.897829][T15512] __nla_validate_parse: 2 callbacks suppressed [ 376.897851][T15512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3640'. [ 377.031134][T15515] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3642'. [ 377.192556][T15522] netlink: 'syz.4.3645': attribute type 1 has an invalid length. [ 377.239294][T15522] bond1: entered promiscuous mode [ 377.247515][T15522] bond1: entered allmulticast mode [ 377.253182][T15522] 8021q: adding VLAN 0 to HW filter on device bond1 [ 377.279256][T15524] erspan1: entered allmulticast mode [ 377.313901][T15528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3646'. [ 377.338216][T15524] bond1: (slave erspan1): making interface the new active one [ 377.382068][T15524] erspan1: entered promiscuous mode [ 377.390756][T15524] bond1: (slave erspan1): Enslaving as an active interface with an up link [ 377.522476][T15533] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3646'. [ 377.605215][T15536] netlink: 'syz.0.3648': attribute type 12 has an invalid length. [ 377.641258][T15542] FAULT_INJECTION: forcing a failure. [ 377.641258][T15542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 377.673277][T15542] CPU: 0 UID: 0 PID: 15542 Comm: syz.1.3651 Not tainted syzkaller #0 PREEMPT(full) [ 377.673308][T15542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 377.673321][T15542] Call Trace: [ 377.673329][T15542] [ 377.673339][T15542] dump_stack_lvl+0xe8/0x150 [ 377.673372][T15542] should_fail_ex+0x414/0x560 [ 377.673422][T15542] _copy_to_user+0x31/0xb0 [ 377.673449][T15542] bpf_verifier_vlog+0x3ba/0x900 [ 377.673479][T15542] __btf_verifier_log+0xd4/0x120 [ 377.673509][T15542] ? __pfx___btf_verifier_log+0x10/0x10 [ 377.673530][T15542] ? __might_fault+0xb0/0x130 [ 377.673565][T15542] ? btf_parse_hdr+0x1e2/0x6d0 [ 377.673603][T15542] btf_parse_hdr+0x2ad/0x6d0 [ 377.673638][T15542] btf_new_fd+0x372/0xc90 [ 377.673655][T15542] ? apparmor_capable+0x137/0x1a0 [ 377.673681][T15542] ? __pfx_btf_new_fd+0x10/0x10 [ 377.673701][T15542] ? bpf_token_put+0x143/0x160 [ 377.673721][T15542] ? bpf_btf_load+0x126/0x190 [ 377.673751][T15542] __sys_bpf+0x3ed/0x860 [ 377.673779][T15542] ? __pfx___sys_bpf+0x10/0x10 [ 377.673821][T15542] ? ksys_write+0x22a/0x250 [ 377.673842][T15542] ? __pfx_ksys_write+0x10/0x10 [ 377.673868][T15542] __x64_sys_bpf+0x7c/0x90 [ 377.673893][T15542] do_syscall_64+0xec/0xf80 [ 377.673917][T15542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.673935][T15542] ? trace_irq_disable+0x37/0x100 [ 377.673960][T15542] ? clear_bhb_loop+0x60/0xb0 [ 377.673982][T15542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.674001][T15542] RIP: 0033:0x7f4c5bf8f749 [ 377.674019][T15542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.674035][T15542] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 377.674057][T15542] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 377.674071][T15542] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012 [ 377.674083][T15542] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 377.674119][T15542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 377.674131][T15542] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 377.674164][T15542] [ 377.952043][T15546] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3653'. [ 378.202006][T15557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3657'. [ 378.245992][T15559] x_tables: duplicate entry at hook 3 [ 378.583211][T15582] syz_tun: entered allmulticast mode [ 378.733397][T15585] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3667'. [ 378.760579][T15588] xt_CT: You must specify a L4 protocol and not use inversions on it [ 378.776521][T15586] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3667'. [ 378.939216][T15591] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3669'. [ 378.996504][T15591] netlink: 116 bytes leftover after parsing attributes in process `syz.3.3669'. [ 379.023860][T15594] FAULT_INJECTION: forcing a failure. [ 379.023860][T15594] name failslab, interval 1, probability 0, space 0, times 0 [ 379.043863][T15594] CPU: 0 UID: 0 PID: 15594 Comm: syz.2.3670 Not tainted syzkaller #0 PREEMPT(full) [ 379.043892][T15594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 379.043905][T15594] Call Trace: [ 379.043914][T15594] [ 379.043931][T15594] dump_stack_lvl+0xe8/0x150 [ 379.043965][T15594] should_fail_ex+0x414/0x560 [ 379.044004][T15594] should_failslab+0xa8/0x100 [ 379.044033][T15594] __kmalloc_cache_node_noprof+0x88/0x700 [ 379.044056][T15594] ? __get_vm_area_node+0x13f/0x300 [ 379.044093][T15594] __get_vm_area_node+0x13f/0x300 [ 379.044130][T15594] __vmalloc_node_range_noprof+0x371/0x16a0 [ 379.044151][T15594] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.044212][T15594] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 379.044234][T15594] ? __lock_acquire+0x6b6/0x2cf0 [ 379.044262][T15594] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.044288][T15594] __vmalloc_noprof+0xd2/0x120 [ 379.044306][T15594] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.044337][T15594] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.044368][T15594] bpf_prog_alloc+0x3c/0x1a0 [ 379.044397][T15594] bpf_prog_load+0x735/0x1a10 [ 379.044432][T15594] ? get_pid_task+0x20/0x1f0 [ 379.044457][T15594] ? __pfx_bpf_prog_load+0x10/0x10 [ 379.044484][T15594] ? __might_fault+0xb0/0x130 [ 379.044530][T15594] ? bpf_lsm_bpf+0x9/0x20 [ 379.044550][T15594] ? security_bpf+0x7e/0x300 [ 379.044576][T15594] __sys_bpf+0x507/0x860 [ 379.044604][T15594] ? __pfx___sys_bpf+0x10/0x10 [ 379.044643][T15594] ? ksys_write+0x22a/0x250 [ 379.044663][T15594] ? __pfx_ksys_write+0x10/0x10 [ 379.044688][T15594] __x64_sys_bpf+0x7c/0x90 [ 379.044711][T15594] do_syscall_64+0xec/0xf80 [ 379.044734][T15594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.044751][T15594] ? trace_irq_disable+0x37/0x100 [ 379.044775][T15594] ? clear_bhb_loop+0x60/0xb0 [ 379.044797][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.044815][T15594] RIP: 0033:0x7fab3738f749 [ 379.044832][T15594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.044849][T15594] RSP: 002b:00007fab355f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 379.044869][T15594] RAX: ffffffffffffffda RBX: 00007fab375e5fa0 RCX: 00007fab3738f749 [ 379.044883][T15594] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 379.044894][T15594] RBP: 00007fab355f6090 R08: 0000000000000000 R09: 0000000000000000 [ 379.044906][T15594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.044924][T15594] R13: 00007fab375e6038 R14: 00007fab375e5fa0 R15: 00007ffea3e6e6d8 [ 379.044954][T15594] [ 379.044965][T15594] syz.2.3670: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 379.437802][T15594] CPU: 0 UID: 0 PID: 15594 Comm: syz.2.3670 Not tainted syzkaller #0 PREEMPT(full) [ 379.437833][T15594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 379.437846][T15594] Call Trace: [ 379.437854][T15594] [ 379.437862][T15594] dump_stack_lvl+0xe8/0x150 [ 379.437896][T15594] warn_alloc+0x214/0x310 [ 379.437924][T15594] ? __pfx_warn_alloc+0x10/0x10 [ 379.437957][T15594] ? __get_vm_area_node+0x13f/0x300 [ 379.437993][T15594] ? __get_vm_area_node+0x2b5/0x300 [ 379.438032][T15594] __vmalloc_node_range_noprof+0x396/0x16a0 [ 379.438104][T15594] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 379.438129][T15594] ? __lock_acquire+0x6b6/0x2cf0 [ 379.438160][T15594] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.438191][T15594] __vmalloc_noprof+0xd2/0x120 [ 379.438211][T15594] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.438246][T15594] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 379.438282][T15594] bpf_prog_alloc+0x3c/0x1a0 [ 379.438317][T15594] bpf_prog_load+0x735/0x1a10 [ 379.438353][T15594] ? get_pid_task+0x20/0x1f0 [ 379.438382][T15594] ? __pfx_bpf_prog_load+0x10/0x10 [ 379.438413][T15594] ? __might_fault+0xb0/0x130 [ 379.438465][T15594] ? bpf_lsm_bpf+0x9/0x20 [ 379.438488][T15594] ? security_bpf+0x7e/0x300 [ 379.438515][T15594] __sys_bpf+0x507/0x860 [ 379.438548][T15594] ? __pfx___sys_bpf+0x10/0x10 [ 379.438594][T15594] ? ksys_write+0x22a/0x250 [ 379.438618][T15594] ? __pfx_ksys_write+0x10/0x10 [ 379.438647][T15594] __x64_sys_bpf+0x7c/0x90 [ 379.438675][T15594] do_syscall_64+0xec/0xf80 [ 379.438701][T15594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.438722][T15594] ? trace_irq_disable+0x37/0x100 [ 379.438750][T15594] ? clear_bhb_loop+0x60/0xb0 [ 379.438775][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.438797][T15594] RIP: 0033:0x7fab3738f749 [ 379.438815][T15594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.438834][T15594] RSP: 002b:00007fab355f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 379.438857][T15594] RAX: ffffffffffffffda RBX: 00007fab375e5fa0 RCX: 00007fab3738f749 [ 379.438872][T15594] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 379.438886][T15594] RBP: 00007fab355f6090 R08: 0000000000000000 R09: 0000000000000000 [ 379.438899][T15594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.438912][T15594] R13: 00007fab375e6038 R14: 00007fab375e5fa0 R15: 00007ffea3e6e6d8 [ 379.438955][T15594] [ 379.438976][T15594] Mem-Info: [ 379.562391][T15598] xt_bpf: check failed: parse error [ 379.576412][T15594] active_anon:7927 inactive_anon:0 isolated_anon:0 [ 379.576412][T15594] active_file:4721 inactive_file:40012 isolated_file:0 [ 379.576412][T15594] unevictable:768 dirty:291 writeback:0 [ 379.576412][T15594] slab_reclaimable:12175 slab_unreclaimable:127565 [ 379.576412][T15594] mapped:32626 shmem:1356 pagetables:1275 [ 379.576412][T15594] sec_pagetables:0 bounce:0 [ 379.576412][T15594] kernel_misc_reclaimable:0 [ 379.576412][T15594] free:1277834 free_pcp:23475 free_cma:0 [ 379.746777][T15594] Node 0 active_anon:31808kB inactive_anon:0kB active_file:18884kB inactive_file:159844kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130504kB dirty:1164kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12848kB pagetables:4964kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 379.795247][T15594] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 379.838334][T15594] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 379.876866][T15594] lowmem_reserve[]: 0 2499 2501 2501 2501 [ 379.903095][T15594] Node 0 DMA32 free:1208488kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31808kB inactive_anon:0kB active_file:18884kB inactive_file:159844kB unevictable:1536kB writepending:1164kB zspages:0kB present:3129332kB managed:2559460kB mlocked:0kB bounce:0kB free_pcp:69672kB local_pcp:41776kB free_cma:0kB [ 379.970427][T15605] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 379.988206][T15605] 0ªî{X¹¦: entered allmulticast mode [ 380.007457][T15605] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 380.023578][T15594] lowmem_reserve[]: 0 0 1 1 1 [ 380.049892][T15594] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 380.088806][T15594] lowmem_reserve[]: 0 0 0 0 0 [ 380.093630][T15594] Node 1 Normal free:3887616kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:24544kB local_pcp:14216kB free_cma:0kB [ 380.129248][T15594] lowmem_reserve[]: 0 0 0 0 0 [ 380.134098][T15594] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 380.147179][T15594] Node 0 DMA32: 2405*4kB (UME) 3751*8kB (UME) 2005*16kB (UM) 1928*32kB (UME) 234*64kB (UM) 615*128kB (UE) 540*256kB (UME) 369*512kB (UM) 240*1024kB (UME) 42*2048kB (UME) 82*4096kB (UM) = 1221916kB [ 380.226348][T15594] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 380.251855][T15594] Node 1 Normal: 196*4kB (UE) 44*8kB (UME) 45*16kB (UME) 80*32kB (UME) 23*64kB (UME) 8*128kB (UME) 5*256kB (UME) 5*512kB (UM) 2*1024kB (UM) 2*2048kB (UE) 945*4096kB (M) = 3887616kB [ 380.278903][T15615] tipc: Enabling of bearer rejected, failed to enable media [ 380.336701][T15616] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.376603][T15594] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 380.404065][T15594] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 380.433704][T15594] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 380.456017][T15594] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 380.497415][T15594] 46086 total pagecache pages [ 380.502342][T15594] 0 pages in swap cache [ 380.520972][T15594] Free swap = 124996kB [ 380.525205][T15594] Total swap = 124996kB [ 380.529599][T15594] 2097051 pages RAM [ 380.533807][T15594] 0 pages HighMem/MovableOnly [ 380.538647][T15594] 425096 pages reserved [ 380.543213][T15594] 0 pages cma reserved [ 380.775974][T15616] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.937965][T15616] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.414096][T15616] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.472472][T15640] tipc: Enabled bearer , priority 0 [ 381.506572][T15640] syzkaller0: entered promiscuous mode [ 381.518820][T15640] syzkaller0: entered allmulticast mode [ 381.530294][T15642] tipc: Enabled bearer , priority 0 [ 381.592015][T15642] syzkaller0: entered promiscuous mode [ 381.601636][T15642] syzkaller0: entered allmulticast mode [ 381.619632][T15640] tipc: Resetting bearer [ 381.679085][T15642] tipc: Resetting bearer [ 381.702926][T15639] tipc: Resetting bearer [ 381.728118][T15639] tipc: Disabling bearer [ 381.746812][T15641] tipc: Resetting bearer [ 381.769416][T15641] tipc: Disabling bearer [ 381.794372][ T1145] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.890601][ T392] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.974342][ T1145] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.019606][T15659] netlink: 'syz.3.3693': attribute type 12 has an invalid length. [ 382.062571][ T1145] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.096817][T15652] lo speed is unknown, defaulting to 1000 [ 382.414978][T15676] netlink: 'syz.3.3698': attribute type 11 has an invalid length. [ 382.852516][T15681] xt_hashlimit: size too large, truncated to 1048576 [ 383.309989][T15687] netlink: 'syz.2.3702': attribute type 3 has an invalid length. [ 383.520035][T15695] tipc: Enabled bearer , priority 0 [ 383.527716][T15695] syzkaller0: entered promiscuous mode [ 383.533460][T15695] syzkaller0: entered allmulticast mode [ 383.605486][T15695] tipc: Resetting bearer [ 383.647199][T15691] tipc: Resetting bearer [ 383.734771][T15691] tipc: Disabling bearer [ 383.778405][T15705] tipc: Enabling of bearer rejected, failed to enable media [ 383.823263][T15708] __nla_validate_parse: 6 callbacks suppressed [ 383.823285][T15708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3707'. [ 383.860326][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.868791][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.947847][T15708] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3707'. [ 384.066278][T15708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3707'. [ 384.112777][T15708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3707'. [ 384.390206][T15730] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3712'. [ 384.448704][T15730] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3712'. [ 384.464733][T15733] FAULT_INJECTION: forcing a failure. [ 384.464733][T15733] name failslab, interval 1, probability 0, space 0, times 0 [ 384.471125][T15730] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3712'. [ 384.477628][T15733] CPU: 0 UID: 0 PID: 15733 Comm: syz.2.3713 Not tainted syzkaller #0 PREEMPT(full) [ 384.477747][T15733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 384.477767][T15733] Call Trace: [ 384.477789][T15733] [ 384.477808][T15733] dump_stack_lvl+0xe8/0x150 [ 384.477895][T15733] should_fail_ex+0x414/0x560 [ 384.478009][T15733] should_failslab+0xa8/0x100 [ 384.478084][T15733] kmem_cache_alloc_noprof+0x88/0x710 [ 384.478197][T15733] ? skb_clone+0x212/0x3a0 [ 384.478291][T15733] skb_clone+0x212/0x3a0 [ 384.478377][T15733] bpf_clone_redirect+0x16a/0x4b0 [ 384.478469][T15733] ? bpf_test_run+0x192/0x7d0 [ 384.478550][T15733] bpf_prog_213b1aa3a0cf109a+0x65/0x71 [ 384.478615][T15733] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 384.478718][T15733] ? arch_stack_walk+0xfc/0x150 [ 384.478864][T15733] ? ktime_get+0x45/0x200 [ 384.478982][T15733] ? seqcount_lockdep_reader_access+0xa9/0x100 [ 384.479104][T15733] ? lockdep_hardirqs_on+0x7b/0x110 [ 384.479176][T15733] ? ktime_get+0x45/0x200 [ 384.479251][T15733] ? seqcount_lockdep_reader_access+0xea/0x100 [ 384.479355][T15733] ? bpf_test_timer_continue+0x10d/0x320 [ 384.479452][T15733] bpf_test_run+0x313/0x7d0 [ 384.479608][T15733] ? __pfx_bpf_test_run+0x10/0x10 [ 384.479737][T15733] ? eth_type_trans+0x43b/0x6d0 [ 384.479841][T15733] ? convert___skb_to_skb+0x3d/0x5b0 [ 384.479943][T15733] bpf_prog_test_run_skb+0xd67/0x1d50 [ 384.480060][T15733] ? __fget_files+0x2a/0x420 [ 384.480133][T15733] ? __fget_files+0x3a0/0x420 [ 384.480199][T15733] ? __fget_files+0x2a/0x420 [ 384.480322][T15733] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 384.480399][T15733] bpf_prog_test_run+0x2c7/0x340 [ 384.480544][T15733] __sys_bpf+0x562/0x860 [ 384.480637][T15733] ? __pfx___sys_bpf+0x10/0x10 [ 384.480772][T15733] ? ksys_write+0x22a/0x250 [ 384.480835][T15733] ? __pfx_ksys_write+0x10/0x10 [ 384.480910][T15733] __x64_sys_bpf+0x7c/0x90 [ 384.480989][T15733] do_syscall_64+0xec/0xf80 [ 384.481061][T15733] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.481121][T15733] ? trace_irq_disable+0x37/0x100 [ 384.481189][T15733] ? clear_bhb_loop+0x60/0xb0 [ 384.481261][T15733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.481322][T15733] RIP: 0033:0x7fab3738f749 [ 384.481375][T15733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.481426][T15733] RSP: 002b:00007fab355f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 384.481482][T15733] RAX: ffffffffffffffda RBX: 00007fab375e5fa0 RCX: 00007fab3738f749 [ 384.481525][T15733] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 384.481566][T15733] RBP: 00007fab355f6090 R08: 0000000000000000 R09: 0000000000000000 [ 384.481606][T15733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.481639][T15733] R13: 00007fab375e6038 R14: 00007fab375e5fa0 R15: 00007ffea3e6e6d8 [ 384.481739][T15733] [ 384.836573][T15730] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3712'. [ 385.701495][T15776] openvswitch: netlink: IPv4 tunnel dst address is zero [ 385.745567][T15777] tipc: Enabled bearer , priority 0 [ 385.796919][T15777] syzkaller0: entered promiscuous mode [ 385.822714][T15777] syzkaller0: entered allmulticast mode [ 385.928968][T15777] tipc: Resetting bearer [ 385.991227][T15775] tipc: Resetting bearer [ 386.038513][T15775] tipc: Disabling bearer [ 386.126762][T15787] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3721'. [ 386.277815][T15792] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 386.312784][T15792] vlan2: entered promiscuous mode [ 386.344275][T15792] vlan2: entered allmulticast mode [ 386.368982][T15792] hsr_slave_1: entered allmulticast mode [ 386.465351][T15792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3723'. [ 386.478874][T15795] lo speed is unknown, defaulting to 1000 [ 387.042582][T15804] tipc: Enabling of bearer rejected, failed to enable media [ 387.176130][T15808] netlink: 'syz.3.3726': attribute type 12 has an invalid length. [ 387.371871][T15818] FAULT_INJECTION: forcing a failure. [ 387.371871][T15818] name failslab, interval 1, probability 0, space 0, times 0 [ 387.384969][T15818] CPU: 0 UID: 0 PID: 15818 Comm: syz.1.3732 Not tainted syzkaller #0 PREEMPT(full) [ 387.384996][T15818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 387.385009][T15818] Call Trace: [ 387.385018][T15818] [ 387.385026][T15818] dump_stack_lvl+0xe8/0x150 [ 387.385058][T15818] should_fail_ex+0x414/0x560 [ 387.385097][T15818] should_failslab+0xa8/0x100 [ 387.385124][T15818] kmem_cache_alloc_noprof+0x88/0x710 [ 387.385157][T15818] ? sctp_get_port_local+0x6d0/0x1700 [ 387.385188][T15818] sctp_get_port_local+0x6d0/0x1700 [ 387.385212][T15818] ? sctp_bind_addr_match+0x30/0x2b0 [ 387.385252][T15818] ? __pfx_sctp_get_port_local+0x10/0x10 [ 387.385282][T15818] ? sctp_bind_addr_match+0x28b/0x2b0 [ 387.385307][T15818] sctp_do_bind+0x4ef/0x9d0 [ 387.385344][T15818] sctp_connect_new_asoc+0x25c/0x690 [ 387.385372][T15818] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 387.385402][T15818] ? __local_bh_enable_ip+0xd0/0x130 [ 387.385422][T15818] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 387.385443][T15818] ? security_sctp_bind_connect+0x7e/0x2e0 [ 387.385467][T15818] sctp_sendmsg+0x155c/0x2840 [ 387.385490][T15818] ? __lock_acquire+0x6b6/0x2cf0 [ 387.385521][T15818] ? __pfx_sctp_sendmsg+0x10/0x10 [ 387.385543][T15818] ? aa_sk_perm+0x15f/0x920 [ 387.385570][T15818] ? aa_sk_perm+0x7ee/0x920 [ 387.385600][T15818] ? __pfx_aa_sk_perm+0x10/0x10 [ 387.385629][T15818] ? sock_rps_record_flow+0x19/0x410 [ 387.385664][T15818] ? inet_sendmsg+0x2f4/0x370 [ 387.385698][T15818] __sock_sendmsg+0x19c/0x270 [ 387.385731][T15818] ____sys_sendmsg+0x52d/0x820 [ 387.385760][T15818] ? __pfx_____sys_sendmsg+0x10/0x10 [ 387.385796][T15818] ? import_iovec+0x74/0xa0 [ 387.385824][T15818] ___sys_sendmsg+0x21f/0x2a0 [ 387.385854][T15818] ? __pfx____sys_sendmsg+0x10/0x10 [ 387.385886][T15818] ? kstrtouint+0x6e/0xe0 [ 387.385943][T15818] ? __fget_files+0x2a/0x420 [ 387.385966][T15818] ? __fget_files+0x3a0/0x420 [ 387.386004][T15818] __sys_sendmmsg+0x227/0x430 [ 387.386035][T15818] ? __pfx___sys_sendmmsg+0x10/0x10 [ 387.386059][T15818] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 387.386112][T15818] ? ksys_write+0x22a/0x250 [ 387.386134][T15818] ? __pfx_ksys_write+0x10/0x10 [ 387.386161][T15818] __x64_sys_sendmmsg+0xa0/0xc0 [ 387.386194][T15818] do_syscall_64+0xec/0xf80 [ 387.386220][T15818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.386248][T15818] ? trace_irq_disable+0x37/0x100 [ 387.386275][T15818] ? clear_bhb_loop+0x60/0xb0 [ 387.386299][T15818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.386320][T15818] RIP: 0033:0x7f4c5bf8f749 [ 387.386339][T15818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.386368][T15818] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 387.386389][T15818] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 387.386403][T15818] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004 [ 387.386415][T15818] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 387.386427][T15818] R10: 0000000020008050 R11: 0000000000000246 R12: 0000000000000001 [ 387.386438][T15818] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 387.386470][T15818] [ 387.735779][T15814] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.884717][T15814] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.897522][T15826] netlink: 'syz.4.3733': attribute type 46 has an invalid length. [ 387.923641][T15831] lo speed is unknown, defaulting to 1000 [ 388.023816][T15814] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.460542][T15845] netlink: 'syz.1.3740': attribute type 12 has an invalid length. [ 388.525226][T15814] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.773857][ T399] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.804985][ T399] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.817096][ T399] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.850456][ T399] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.868675][T15856] __nla_validate_parse: 3 callbacks suppressed [ 388.868696][T15856] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3744'. [ 388.903178][T15856] openvswitch: netlink: Flow key attr not present in new flow. [ 388.927697][T15856] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3744'. [ 389.137051][T15860] netlink: 'syz.2.3746': attribute type 1 has an invalid length. [ 389.236007][T15860] 8021q: adding VLAN 0 to HW filter on device bond1 [ 389.283648][T15863] bond1: (slave gretap1): making interface the new active one [ 389.374258][T15863] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 389.396066][T15868] netlink: 'syz.3.3747': attribute type 5 has an invalid length. [ 389.650355][T15875] veth0_to_team: entered promiscuous mode [ 389.926166][T15889] netlink: 'syz.3.3752': attribute type 13 has an invalid length. [ 390.398449][T15902] netlink: 67 bytes leftover after parsing attributes in process `syz.0.3757'. [ 390.647328][T15916] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3758'. [ 390.705471][T15916] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3758'. [ 390.750418][T15916] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3758'. [ 390.789623][T15916] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3758'. [ 390.963009][T15926] syzkaller0: entered promiscuous mode [ 390.975097][T15926] syzkaller0: entered allmulticast mode [ 390.982901][T15930] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3762'. [ 392.166681][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 392.678408][T15948] netlink: 'syz.0.3765': attribute type 12 has an invalid length. [ 393.029727][T15969] 0ªî{X¹¦: left allmulticast mode [ 393.053341][T15969] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 393.162250][T15972] netlink: 'syz.4.3771': attribute type 4 has an invalid length. [ 393.299825][T15978] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3773'. [ 393.321090][T15979] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3774'. [ 394.151655][T15995] __nla_validate_parse: 3 callbacks suppressed [ 394.151677][T15995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3778'. [ 394.254051][T15995] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.290068][T15998] netlink: 'syz.2.3779': attribute type 12 has an invalid length. [ 394.324024][T16000] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3780'. [ 394.333768][T16000] netlink: 116 bytes leftover after parsing attributes in process `syz.1.3780'. [ 394.363542][T15995] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.441195][T15995] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.467537][T16005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3781'. [ 394.549610][T15995] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.585332][T16005] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.708889][T16005] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.807658][ T3543] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.833125][ T3543] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.857300][T16005] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.912716][ T392] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.933072][T16005] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.991104][ T3543] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.039722][T16011] geneve0: entered promiscuous mode [ 395.049748][T16011] geneve0: entered allmulticast mode [ 395.119225][T16013] lo speed is unknown, defaulting to 1000 [ 395.163680][T16021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3785'. [ 395.207911][ T392] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.234818][ T3543] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.253138][T16021] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.302285][T16022] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3785'. [ 395.323109][ T3543] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.380775][T16021] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.416864][ T392] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.591800][T16025] lo speed is unknown, defaulting to 1000 [ 395.600337][T16021] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.642173][T16033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3789'. [ 395.740791][T16021] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.801667][T16030] tipc: Enabled bearer , priority 0 [ 395.830348][T16031] netlink: 'syz.2.3788': attribute type 10 has an invalid length. [ 395.870417][T16035] syzkaller0: entered promiscuous mode [ 395.876105][T16035] syzkaller0: entered allmulticast mode [ 395.913912][T16031] veth1_macvtap: left promiscuous mode [ 395.927507][T16031] team0: Device veth1_macvtap failed to register rx_handler [ 396.021049][T16029] tipc: Resetting bearer [ 396.039997][T16029] tipc: Disabling bearer [ 396.161129][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 396.217031][T16047] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3793'. [ 396.226132][T16047] netlink: 116 bytes leftover after parsing attributes in process `syz.2.3793'. [ 396.234886][T16050] netlink: 'syz.0.3792': attribute type 12 has an invalid length. [ 396.254250][T16049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3791'. [ 396.495047][T16058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.508409][T16058] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.530402][T16058] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 396.794419][T16074] syzkaller0: entered promiscuous mode [ 396.805515][T16074] syzkaller0: entered allmulticast mode [ 398.422466][T16072] lo speed is unknown, defaulting to 1000 [ 398.440635][T16082] tipc: Enabling of bearer rejected, failed to enable media [ 398.885727][T16103] lo speed is unknown, defaulting to 1000 [ 399.213998][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 399.222401][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 399.259653][T16116] __nla_validate_parse: 8 callbacks suppressed [ 399.259674][T16116] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3812'. [ 399.275227][T16116] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3812'. [ 399.285389][T16116] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3812'. [ 399.294592][T16116] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3812'. [ 399.815646][T16128] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3813'. [ 399.887002][T16128] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.923294][ T36] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.976035][T16130] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3813'. [ 399.997423][ T1161] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.048953][ T1161] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.079867][T16132] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3815'. [ 400.093937][T16128] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.193224][ T1161] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.208485][T16128] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.280303][T16140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3817'. [ 400.315842][T16137] syzkaller0: entered promiscuous mode [ 400.328591][T16137] syzkaller0: entered allmulticast mode [ 402.122464][T16140] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.152943][T16128] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.199281][T16143] lo speed is unknown, defaulting to 1000 [ 402.209560][T16140] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.290025][T16140] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.345248][T11020] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.373849][T11020] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.391684][T16140] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.450115][T11014] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.497639][T11020] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.533225][T16160] team0: Device vxcan1 is of different type [ 402.603873][T11014] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.647267][T11014] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.698438][ T399] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.740280][T16168] netlink: 'syz.4.3828': attribute type 10 has an invalid length. [ 402.749153][T11014] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.761129][T16169] tipc: Enabled bearer , priority 10 [ 402.783845][T16169] netlink: 'syz.3.3829': attribute type 5 has an invalid length. [ 402.982179][T16177] netlink: 'syz.0.3830': attribute type 10 has an invalid length. [ 403.001556][T16177] FAULT_INJECTION: forcing a failure. [ 403.001556][T16177] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.020222][T16177] CPU: 0 UID: 0 PID: 16177 Comm: syz.0.3830 Not tainted syzkaller #0 PREEMPT(full) [ 403.020254][T16177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.020268][T16177] Call Trace: [ 403.020277][T16177] [ 403.020287][T16177] dump_stack_lvl+0xe8/0x150 [ 403.020320][T16177] should_fail_ex+0x414/0x560 [ 403.020361][T16177] _copy_from_user+0x2d/0xb0 [ 403.020389][T16177] ___sys_sendmsg+0x158/0x2a0 [ 403.020421][T16177] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.020488][T16177] ? __fget_files+0x2a/0x420 [ 403.020516][T16177] ? __fget_files+0x3a0/0x420 [ 403.020555][T16177] __x64_sys_sendmsg+0x19b/0x260 [ 403.020587][T16177] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 403.020626][T16177] ? __pfx_ksys_write+0x10/0x10 [ 403.020660][T16177] do_syscall_64+0xec/0xf80 [ 403.020687][T16177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.020708][T16177] ? trace_irq_disable+0x37/0x100 [ 403.020736][T16177] ? clear_bhb_loop+0x60/0xb0 [ 403.020762][T16177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.020783][T16177] RIP: 0033:0x7f8e6978f749 [ 403.020810][T16177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.020829][T16177] RSP: 002b:00007f8e6a681038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.020853][T16177] RAX: ffffffffffffffda RBX: 00007f8e699e5fa0 RCX: 00007f8e6978f749 [ 403.020868][T16177] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000009 [ 403.020881][T16177] RBP: 00007f8e6a681090 R08: 0000000000000000 R09: 0000000000000000 [ 403.020899][T16177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.020912][T16177] R13: 00007f8e699e6038 R14: 00007f8e699e5fa0 R15: 00007fff5ed37d78 [ 403.020948][T16177] [ 403.344277][T16182] syzkaller0: entered promiscuous mode [ 403.374637][T16182] syzkaller0: entered allmulticast mode [ 405.286006][T16221] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3842'. [ 405.324924][T16208] syzkaller0: entered promiscuous mode [ 405.335282][T16208] syzkaller0: entered allmulticast mode [ 405.732840][T16246] FAULT_INJECTION: forcing a failure. [ 405.732840][T16246] name failslab, interval 1, probability 0, space 0, times 0 [ 405.780701][T16251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3852'. [ 405.793304][T16246] CPU: 1 UID: 0 PID: 16246 Comm: syz.0.3850 Not tainted syzkaller #0 PREEMPT(full) [ 405.793333][T16246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 405.793346][T16246] Call Trace: [ 405.793353][T16246] [ 405.793362][T16246] dump_stack_lvl+0xe8/0x150 [ 405.793393][T16246] should_fail_ex+0x414/0x560 [ 405.793432][T16246] should_failslab+0xa8/0x100 [ 405.793458][T16246] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 405.793492][T16246] ? __alloc_skb+0x1d5/0x720 [ 405.793513][T16246] ? __local_bh_enable_ip+0xd0/0x130 [ 405.793534][T16246] ? __alloc_skb+0x190/0x720 [ 405.793569][T16246] __alloc_skb+0x1d5/0x720 [ 405.793599][T16246] netlink_ack+0x146/0xa50 [ 405.793626][T16246] ? __pfx_genl_rcv_msg+0x10/0x10 [ 405.793654][T16246] ? __asan_memcpy+0x40/0x70 [ 405.793673][T16246] ? __pfx_ref_tracker_free+0x10/0x10 [ 405.793702][T16246] netlink_rcv_skb+0x28c/0x470 [ 405.793733][T16246] ? __pfx_genl_rcv_msg+0x10/0x10 [ 405.793757][T16246] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 405.793802][T16246] ? genl_rcv+0x19/0x40 [ 405.793844][T16246] ? down_read+0x274/0x2e0 [ 405.793871][T16246] ? genl_rcv+0xd/0x40 [ 405.793896][T16246] genl_rcv+0x28/0x40 [ 405.793916][T16246] netlink_unicast+0x82f/0x9e0 [ 405.793954][T16246] ? __pfx_netlink_unicast+0x10/0x10 [ 405.793985][T16246] ? netlink_sendmsg+0x642/0xb30 [ 405.794014][T16246] ? skb_put+0x11b/0x210 [ 405.794044][T16246] netlink_sendmsg+0x805/0xb30 [ 405.794097][T16246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.794132][T16246] ? aa_sock_msg_perm+0xf1/0x1b0 [ 405.794162][T16246] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 405.794182][T16246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.794214][T16246] __sock_sendmsg+0x21c/0x270 [ 405.794250][T16246] __sys_sendto+0x3bd/0x520 [ 405.794278][T16246] ? __pfx___sys_sendto+0x10/0x10 [ 405.794330][T16246] ? exc_page_fault+0x71/0xd0 [ 405.794360][T16246] ? do_user_addr_fault+0xc85/0x1380 [ 405.794385][T16246] __x64_sys_sendto+0xde/0x100 [ 405.794414][T16246] do_syscall_64+0xec/0xf80 [ 405.794439][T16246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.794459][T16246] ? trace_irq_disable+0x37/0x100 [ 405.794485][T16246] ? clear_bhb_loop+0x60/0xb0 [ 405.794511][T16246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.794531][T16246] RIP: 0033:0x7f8e697915dc [ 405.794555][T16246] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 405.794574][T16246] RSP: 002b:00007f8e6a67fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 405.794597][T16246] RAX: ffffffffffffffda RBX: 00007f8e6a67ffc0 RCX: 00007f8e697915dc [ 405.794613][T16246] RDX: 0000000000000020 RSI: 00007f8e6a680010 RDI: 0000000000000005 [ 405.794627][T16246] RBP: 0000000000000000 R08: 00007f8e6a67ff14 R09: 000000000000000c [ 405.794639][T16246] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 405.794652][T16246] R13: 00007f8e6a67ff68 R14: 00007f8e6a680010 R15: 0000000000000000 [ 405.794686][T16246] [ 405.859976][T16252] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3849'. [ 406.106504][T16252] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3849'. [ 406.141400][T16252] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3849'. [ 406.216528][T16252] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3849'. [ 406.609203][T16273] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3855'. [ 406.636412][T16273] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3855'. [ 406.655946][T16273] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3855'. [ 406.680173][T16273] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3855'. [ 407.862832][T16315] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.004042][T16315] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.025915][T16317] lo speed is unknown, defaulting to 1000 [ 408.115194][T16315] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.244807][T16331] syzkaller0: entered promiscuous mode [ 408.250759][T16331] syzkaller0: entered allmulticast mode [ 408.263825][T16315] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.445684][T16335] syzkaller0: entered promiscuous mode [ 408.454287][T16335] syzkaller0: entered allmulticast mode [ 408.492118][T16341] FAULT_INJECTION: forcing a failure. [ 408.492118][T16341] name failslab, interval 1, probability 0, space 0, times 0 [ 408.509213][T16341] CPU: 1 UID: 0 PID: 16341 Comm: syz.1.3876 Not tainted syzkaller #0 PREEMPT(full) [ 408.509242][T16341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 408.509257][T16341] Call Trace: [ 408.509265][T16341] [ 408.509274][T16341] dump_stack_lvl+0xe8/0x150 [ 408.509307][T16341] should_fail_ex+0x414/0x560 [ 408.509347][T16341] should_failslab+0xa8/0x100 [ 408.509376][T16341] __kmalloc_noprof+0xdf/0x800 [ 408.509398][T16341] ? nla_strdup+0x9d/0x140 [ 408.509420][T16341] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 408.509445][T16341] nla_strdup+0x9d/0x140 [ 408.509471][T16341] nf_tables_newchain+0x1988/0x2750 [ 408.509520][T16341] ? __pfx_nf_tables_newchain+0x10/0x10 [ 408.509570][T16341] ? nft_trans_table_add+0x230/0x430 [ 408.509598][T16341] ? nfnl_pernet+0x23/0x240 [ 408.509626][T16341] ? nfnl_pernet+0x23/0x240 [ 408.509663][T16341] ? __nla_parse+0x40/0x60 [ 408.509691][T16341] nfnetlink_rcv+0x11d9/0x2590 [ 408.509757][T16341] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 408.509802][T16341] ? ref_tracker_free+0x63a/0x7d0 [ 408.509855][T16341] ? __netlink_deliver_tap+0x807/0x850 [ 408.509886][T16341] ? netlink_deliver_tap+0x2e/0x1b0 [ 408.509935][T16341] netlink_unicast+0x82f/0x9e0 [ 408.509972][T16341] ? __pfx_netlink_unicast+0x10/0x10 [ 408.510002][T16341] ? netlink_sendmsg+0x642/0xb30 [ 408.510031][T16341] ? skb_put+0x11b/0x210 [ 408.510061][T16341] netlink_sendmsg+0x805/0xb30 [ 408.510102][T16341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.510138][T16341] ? aa_sock_msg_perm+0xf1/0x1b0 [ 408.510168][T16341] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 408.510188][T16341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.510221][T16341] __sock_sendmsg+0x21c/0x270 [ 408.510257][T16341] ____sys_sendmsg+0x505/0x820 [ 408.510291][T16341] ? __pfx_____sys_sendmsg+0x10/0x10 [ 408.510329][T16341] ? import_iovec+0x74/0xa0 [ 408.510359][T16341] ___sys_sendmsg+0x21f/0x2a0 [ 408.510390][T16341] ? __pfx____sys_sendmsg+0x10/0x10 [ 408.510457][T16341] ? __fget_files+0x2a/0x420 [ 408.510483][T16341] ? __fget_files+0x3a0/0x420 [ 408.510527][T16341] __x64_sys_sendmsg+0x19b/0x260 [ 408.510558][T16341] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 408.510597][T16341] ? __pfx_ksys_write+0x10/0x10 [ 408.510631][T16341] do_syscall_64+0xec/0xf80 [ 408.510658][T16341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.510677][T16341] ? trace_irq_disable+0x37/0x100 [ 408.510705][T16341] ? clear_bhb_loop+0x60/0xb0 [ 408.510731][T16341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.510751][T16341] RIP: 0033:0x7f4c5bf8f749 [ 408.510770][T16341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.510788][T16341] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 408.510811][T16341] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 408.510826][T16341] RDX: 0000000004000040 RSI: 00002000000000c0 RDI: 0000000000000003 [ 408.510840][T16341] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 408.510853][T16341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 408.510865][T16341] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 408.510900][T16341] [ 408.930810][T16347] netlink: 'syz.1.3877': attribute type 2 has an invalid length. [ 409.051990][T11014] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.090981][ T3543] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.117547][ T3543] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.179752][T11018] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.294613][T16360] openvswitch: netlink: Flow key attr not present in new flow. [ 409.732994][T16387] syzkaller0: entered promiscuous mode [ 409.751559][T16387] syzkaller0: entered allmulticast mode [ 409.772700][ T30] audit: type=1107 audit(1768577337.198:7): pid=16383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='¹Ë' [ 410.066701][T16403] tipc: Started in network mode [ 410.086420][T16403] tipc: Node identity fe800000000000000000000000000034, cluster identity 4711 [ 410.106454][T16403] tipc: Enabling of bearer rejected, failed to enable media [ 410.290500][T16415] openvswitch: netlink: Invalid VLAN frame [ 410.326371][T16418] __nla_validate_parse: 10 callbacks suppressed [ 410.326400][T16418] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3894'. [ 410.429502][T16422] FAULT_INJECTION: forcing a failure. [ 410.429502][T16422] name failslab, interval 1, probability 0, space 0, times 0 [ 410.442442][T16422] CPU: 0 UID: 0 PID: 16422 Comm: syz.1.3901 Not tainted syzkaller #0 PREEMPT(full) [ 410.442471][T16422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 410.442485][T16422] Call Trace: [ 410.442494][T16422] [ 410.442503][T16422] dump_stack_lvl+0xe8/0x150 [ 410.442537][T16422] should_fail_ex+0x414/0x560 [ 410.442576][T16422] should_failslab+0xa8/0x100 [ 410.442604][T16422] kmem_cache_alloc_noprof+0x88/0x710 [ 410.442636][T16422] ? __netlink_lookup+0xbd/0x8a0 [ 410.442669][T16422] ? skb_clone+0x212/0x3a0 [ 410.442704][T16422] skb_clone+0x212/0x3a0 [ 410.442738][T16422] __netlink_deliver_tap+0x404/0x850 [ 410.442782][T16422] ? netlink_deliver_tap+0x2e/0x1b0 [ 410.442814][T16422] netlink_deliver_tap+0x19c/0x1b0 [ 410.442848][T16422] netlink_unicast+0x7fa/0x9e0 [ 410.442885][T16422] ? __pfx_netlink_unicast+0x10/0x10 [ 410.442915][T16422] ? netlink_sendmsg+0x642/0xb30 [ 410.442944][T16422] ? skb_put+0x11b/0x210 [ 410.442974][T16422] netlink_sendmsg+0x805/0xb30 [ 410.443016][T16422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.443052][T16422] ? aa_sock_msg_perm+0xf1/0x1b0 [ 410.443081][T16422] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 410.443102][T16422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.443135][T16422] __sock_sendmsg+0x21c/0x270 [ 410.443170][T16422] ____sys_sendmsg+0x505/0x820 [ 410.443203][T16422] ? __pfx_____sys_sendmsg+0x10/0x10 [ 410.443241][T16422] ? import_iovec+0x74/0xa0 [ 410.443272][T16422] ___sys_sendmsg+0x21f/0x2a0 [ 410.443303][T16422] ? __pfx____sys_sendmsg+0x10/0x10 [ 410.443379][T16422] ? __fget_files+0x2a/0x420 [ 410.443406][T16422] ? __fget_files+0x3a0/0x420 [ 410.443445][T16422] __x64_sys_sendmsg+0x19b/0x260 [ 410.443476][T16422] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 410.443515][T16422] ? __pfx_ksys_write+0x10/0x10 [ 410.443549][T16422] do_syscall_64+0xec/0xf80 [ 410.443576][T16422] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.443596][T16422] ? trace_irq_disable+0x37/0x100 [ 410.443624][T16422] ? clear_bhb_loop+0x60/0xb0 [ 410.443650][T16422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.443670][T16422] RIP: 0033:0x7f4c5bf8f749 [ 410.443690][T16422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.443708][T16422] RSP: 002b:00007f4c5a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 410.443731][T16422] RAX: ffffffffffffffda RBX: 00007f4c5c1e5fa0 RCX: 00007f4c5bf8f749 [ 410.443747][T16422] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 410.443761][T16422] RBP: 00007f4c5a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 410.443774][T16422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.443787][T16422] R13: 00007f4c5c1e6038 R14: 00007f4c5c1e5fa0 R15: 00007ffd28362488 [ 410.443822][T16422] [ 410.805758][T16430] syzkaller0: entered promiscuous mode [ 410.811671][T16430] syzkaller0: entered allmulticast mode [ 410.873907][T16431] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3903'. [ 411.119053][T16447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3906'. [ 411.402811][T16463] FAULT_INJECTION: forcing a failure. [ 411.402811][T16463] name failslab, interval 1, probability 0, space 0, times 0 [ 411.417543][T16463] CPU: 1 UID: 0 PID: 16463 Comm: syz.3.3912 Not tainted syzkaller #0 PREEMPT(full) [ 411.417574][T16463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.417587][T16463] Call Trace: [ 411.417596][T16463] [ 411.417605][T16463] dump_stack_lvl+0xe8/0x150 [ 411.417640][T16463] should_fail_ex+0x414/0x560 [ 411.417680][T16463] should_failslab+0xa8/0x100 [ 411.417709][T16463] kmem_cache_alloc_noprof+0x88/0x710 [ 411.417744][T16463] ? security_inode_alloc+0x39/0x330 [ 411.417778][T16463] security_inode_alloc+0x39/0x330 [ 411.417810][T16463] inode_init_always_gfp+0x9ed/0xdc0 [ 411.417865][T16463] ? __pfx_sock_alloc_inode+0x10/0x10 [ 411.417885][T16463] alloc_inode+0x82/0x1b0 [ 411.417911][T16463] __sock_create+0x12d/0x9d0 [ 411.417944][T16463] udp_sock_create6+0xcb/0x690 [ 411.417984][T16463] ? __pfx_udp_sock_create6+0x10/0x10 [ 411.418025][T16463] ? rxrpc_lookup_local+0xc1a/0x1410 [ 411.418057][T16463] rxrpc_lookup_local+0xc92/0x1410 [ 411.418094][T16463] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 411.418144][T16463] ? __local_bh_enable_ip+0xd0/0x130 [ 411.418173][T16463] rxrpc_sendmsg+0x399/0x710 [ 411.418201][T16463] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 411.418223][T16463] __sock_sendmsg+0x21c/0x270 [ 411.418260][T16463] ____sys_sendmsg+0x505/0x820 [ 411.418302][T16463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 411.418341][T16463] ? import_iovec+0x74/0xa0 [ 411.418372][T16463] ___sys_sendmsg+0x21f/0x2a0 [ 411.418403][T16463] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.418471][T16463] ? __fget_files+0x2a/0x420 [ 411.418498][T16463] ? __fget_files+0x3a0/0x420 [ 411.418537][T16463] __x64_sys_sendmsg+0x19b/0x260 [ 411.418569][T16463] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 411.418608][T16463] ? __pfx_ksys_write+0x10/0x10 [ 411.418644][T16463] do_syscall_64+0xec/0xf80 [ 411.418670][T16463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.418691][T16463] ? trace_irq_disable+0x37/0x100 [ 411.418719][T16463] ? clear_bhb_loop+0x60/0xb0 [ 411.418745][T16463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.418766][T16463] RIP: 0033:0x7f31ed18f749 [ 411.418785][T16463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.418804][T16463] RSP: 002b:00007f31edf84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.418828][T16463] RAX: ffffffffffffffda RBX: 00007f31ed3e5fa0 RCX: 00007f31ed18f749 [ 411.418844][T16463] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 411.418858][T16463] RBP: 00007f31edf84090 R08: 0000000000000000 R09: 0000000000000000 [ 411.418871][T16463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.418883][T16463] R13: 00007f31ed3e6038 R14: 00007f31ed3e5fa0 R15: 00007fff77173d48 [ 411.418920][T16463] [ 411.418957][T16463] socket: no more sockets [ 411.521833][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 411.872463][T16478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3915'. [ 411.885879][T16479] FAULT_INJECTION: forcing a failure. [ 411.885879][T16479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.887239][T16479] [ 411.887247][T16479] ====================================================== [ 411.887255][T16479] WARNING: possible circular locking dependency detected [ 411.887269][T16479] syzkaller #0 Not tainted [ 411.887279][T16479] ------------------------------------------------------ [ 411.887286][T16479] syz.2.3917/16479 is trying to acquire lock: [ 411.887296][T16479] ffffffff8df35920 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x11a/0xb00 [ 411.887351][T16479] [ 411.887351][T16479] but task is already holding lock: [ 411.887358][T16479] ffff8880b873a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 411.887399][T16479] [ 411.887399][T16479] which lock already depends on the new lock. [ 411.887399][T16479] [ 411.887405][T16479] [ 411.887405][T16479] the existing dependency chain (in reverse order) is: [ 411.887412][T16479] [ 411.887412][T16479] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 411.887439][T16479] _raw_spin_lock_nested+0x32/0x50 [ 411.887463][T16479] raw_spin_rq_lock_nested+0x2a/0x140 [ 411.887481][T16479] task_rq_lock+0xbc/0x470 [ 411.887498][T16479] cgroup_move_task+0x92/0x2a0 [ 411.887519][T16479] css_set_move_task+0x658/0x9e0 [ 411.887538][T16479] cgroup_post_fork+0x1ef/0x7a0 [ 411.887556][T16479] copy_process+0x3614/0x3950 [ 411.887587][T16479] kernel_clone+0x21e/0x820 [ 411.887605][T16479] user_mode_thread+0xdd/0x140 [ 411.887625][T16479] rest_init+0x23/0x300 [ 411.887650][T16479] start_kernel+0x381/0x3d0 [ 411.887673][T16479] x86_64_start_reservations+0x24/0x30 [ 411.887690][T16479] x86_64_start_kernel+0x143/0x1c0 [ 411.887706][T16479] common_startup_64+0x13e/0x147 [ 411.887728][T16479] [ 411.887728][T16479] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 411.887752][T16479] _raw_spin_lock_irqsave+0x40/0x60 [ 411.887771][T16479] try_to_wake_up+0x67/0x12b0 [ 411.887793][T16479] __wake_up_common_lock+0x137/0x1f0 [ 411.887818][T16479] tty_port_default_wakeup+0xfb/0x170 [ 411.887838][T16479] serial8250_tx_chars+0x72e/0x970 [ 411.887853][T16479] serial8250_handle_irq+0x633/0xbb0 [ 411.887870][T16479] serial8250_default_handle_irq+0xbf/0x200 [ 411.887891][T16479] serial8250_interrupt+0x8d/0x180 [ 411.887917][T16479] __handle_irq_event_percpu+0x217/0x970 [ 411.887945][T16479] handle_irq_event+0x8b/0x1e0 [ 411.887970][T16479] handle_edge_irq+0x23b/0xa10 [ 411.887992][T16479] __common_interrupt+0x141/0x1f0 [ 411.888018][T16479] common_interrupt+0xb6/0xe0 [ 411.888046][T16479] asm_common_interrupt+0x26/0x40 [ 411.888063][T16479] _raw_spin_unlock_irq+0x29/0x50 [ 411.888081][T16479] process_scheduled_works+0x8ce/0x1770 [ 411.888100][T16479] worker_thread+0x8a0/0xda0 [ 411.888118][T16479] kthread+0x711/0x8a0 [ 411.888140][T16479] ret_from_fork+0x510/0xa50 [ 411.888173][T16479] ret_from_fork_asm+0x1a/0x30 [ 411.888200][T16479] [ 411.888200][T16479] -> #2 (&tty->write_wait){-...}-{3:3}: [ 411.888242][T16479] _raw_spin_lock_irqsave+0x40/0x60 [ 411.888261][T16479] __wake_up_common_lock+0x2f/0x1f0 [ 411.888288][T16479] tty_port_default_wakeup+0xfb/0x170 [ 411.888309][T16479] serial8250_tx_chars+0x72e/0x970 [ 411.888324][T16479] serial8250_handle_irq+0x633/0xbb0 [ 411.888341][T16479] serial8250_default_handle_irq+0xbf/0x200 [ 411.888363][T16479] serial8250_interrupt+0x8d/0x180 [ 411.888389][T16479] __handle_irq_event_percpu+0x217/0x970 [ 411.888416][T16479] handle_irq_event+0x8b/0x1e0 [ 411.888450][T16479] handle_edge_irq+0x23b/0xa10 [ 411.888474][T16479] __common_interrupt+0x141/0x1f0 [ 411.888500][T16479] common_interrupt+0xb6/0xe0 [ 411.888528][T16479] asm_common_interrupt+0x26/0x40 [ 411.888546][T16479] _raw_spin_unlock_irq+0x29/0x50 [ 411.888564][T16479] process_scheduled_works+0x8ce/0x1770 [ 411.888582][T16479] worker_thread+0x8a0/0xda0 [ 411.888599][T16479] kthread+0x711/0x8a0 [ 411.888621][T16479] ret_from_fork+0x510/0xa50 [ 411.888635][T16479] ret_from_fork_asm+0x1a/0x30 [ 411.888658][T16479] [ 411.888658][T16479] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 411.888685][T16479] _raw_spin_lock_irqsave+0x40/0x60 [ 411.888704][T16479] serial8250_console_write+0x155/0x1b60 [ 411.888722][T16479] console_flush_all+0x713/0xb00 [ 411.888747][T16479] console_unlock+0xbb/0x190 [ 411.888768][T16479] vprintk_emit+0x47b/0x550 [ 411.888791][T16479] _printk+0xcf/0x120 [ 411.888817][T16479] register_console+0xa8b/0xf90 [ 411.888843][T16479] univ8250_console_init+0x3a/0x70 [ 411.888864][T16479] console_init+0xfc/0x3f0 [ 411.888882][T16479] start_kernel+0x227/0x3d0 [ 411.888906][T16479] x86_64_start_reservations+0x24/0x30 [ 411.888924][T16479] x86_64_start_kernel+0x143/0x1c0 [ 411.888941][T16479] common_startup_64+0x13e/0x147 [ 411.888964][T16479] [ 411.888964][T16479] -> #0 (console_owner){-.-.}-{0:0}: [ 411.888992][T16479] __lock_acquire+0x15a6/0x2cf0 [ 411.889011][T16479] lock_acquire+0x107/0x340 [ 411.889028][T16479] console_flush_all+0x6bc/0xb00 [ 411.889051][T16479] console_unlock+0xbb/0x190 [ 411.889072][T16479] vprintk_emit+0x47b/0x550 [ 411.889095][T16479] _printk+0xcf/0x120 [ 411.889120][T16479] should_fail_ex+0x3f5/0x560 [ 411.889149][T16479] strncpy_from_user+0x36/0x2c0 [ 411.889178][T16479] strncpy_from_user_nofault+0x72/0x150 [ 411.889200][T16479] bpf_bprintf_prepare+0xbbc/0x13d0 [ 411.889236][T16479] bpf_trace_printk+0xdb/0x190 [ 411.889254][T16479] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 411.889269][T16479] bpf_trace_run2+0x284/0x4c0 [ 411.889292][T16479] __bpf_trace_contention_begin+0xdc/0x130 [ 411.889314][T16479] trace_contention_begin+0xfe/0x120 [ 411.889337][T16479] __pv_queued_spin_lock_slowpath+0xf0/0xb60 [ 411.889362][T16479] queued_spin_lock_slowpath+0x43/0x50 [ 411.889390][T16479] do_raw_spin_lock+0x21f/0x290 [ 411.889415][T16479] raw_spin_rq_lock_nested+0x2a/0x140 [ 411.889434][T16479] __schedule+0x3c4/0x4fd0 [ 411.889453][T16479] preempt_schedule_irq+0x4d/0xa0 [ 411.889474][T16479] irqentry_exit+0x5e3/0x670 [ 411.889495][T16479] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 411.889514][T16479] netlink_unicast+0xcf/0x9e0 [ 411.889538][T16479] netlink_sendmsg+0x805/0xb30 [ 411.889566][T16479] __sock_sendmsg+0x21c/0x270 [ 411.889594][T16479] ____sys_sendmsg+0x505/0x820 [ 411.889618][T16479] ___sys_sendmsg+0x21f/0x2a0 [ 411.889642][T16479] __x64_sys_sendmsg+0x19b/0x260 [ 411.889665][T16479] do_syscall_64+0xec/0xf80 [ 411.889687][T16479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.889705][T16479] [ 411.889705][T16479] other info that might help us debug this: [ 411.889705][T16479] [ 411.889712][T16479] Chain exists of: [ 411.889712][T16479] console_owner --> &p->pi_lock --> &rq->__lock [ 411.889712][T16479] [ 411.889745][T16479] Possible unsafe locking scenario: [ 411.889745][T16479] [ 411.889751][T16479] CPU0 CPU1 [ 411.889757][T16479] ---- ---- [ 411.889764][T16479] lock(&rq->__lock); [ 411.889778][T16479] lock(&p->pi_lock); [ 411.889793][T16479] lock(&rq->__lock); [ 411.889808][T16479] lock(console_owner); [ 411.889822][T16479] [ 411.889822][T16479] *** DEADLOCK *** [ 411.889822][T16479] [ 411.889828][T16479] 4 locks held by syz.2.3917/16479: [ 411.889840][T16479] #0: ffff8880b873a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 411.889889][T16479] #1: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x186/0x4c0 [ 411.889943][T16479] #2: ffffffff8df35980 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 [ 411.890000][T16479] #3: ffffffff8de1d238 (console_srcu){....}-{0:0}, at: console_flush_all+0x11a/0xb00 [ 411.890054][T16479] [ 411.890054][T16479] stack backtrace: [ 411.890065][T16479] CPU: 1 UID: 0 PID: 16479 Comm: syz.2.3917 Not tainted syzkaller #0 PREEMPT(full) [ 411.890088][T16479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.890102][T16479] Call Trace: [ 411.890109][T16479] [ 411.890117][T16479] dump_stack_lvl+0xe8/0x150 [ 411.890144][T16479] print_circular_bug+0x2e2/0x300 [ 411.890172][T16479] check_noncircular+0x12e/0x150 [ 411.890202][T16479] __lock_acquire+0x15a6/0x2cf0 [ 411.890242][T16479] ? console_flush_all+0x11a/0xb00 [ 411.890269][T16479] lock_acquire+0x107/0x340 [ 411.890289][T16479] ? console_flush_all+0x11a/0xb00 [ 411.890321][T16479] ? do_raw_spin_unlock+0x122/0x240 [ 411.890349][T16479] ? console_flush_all+0x11a/0xb00 [ 411.890376][T16479] console_flush_all+0x6bc/0xb00 [ 411.890414][T16479] ? console_flush_all+0x11a/0xb00 [ 411.890442][T16479] ? console_flush_all+0x11a/0xb00 [ 411.890472][T16479] ? __pfx_console_flush_all+0x10/0x10 [ 411.890501][T16479] ? is_printk_cpu_sync_owner+0x32/0x40 [ 411.890531][T16479] console_unlock+0xbb/0x190 [ 411.890557][T16479] ? __pfx_console_unlock+0x10/0x10 [ 411.890580][T16479] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 411.890603][T16479] ? _printk+0xcf/0x120 [ 411.890652][T16479] vprintk_emit+0x47b/0x550 [ 411.890678][T16479] ? __pfx_vprintk_emit+0x10/0x10 [ 411.890708][T16479] _printk+0xcf/0x120 [ 411.890739][T16479] ? __pfx__printk+0x10/0x10 [ 411.890771][T16479] ? ___ratelimit+0x5a0/0x900 [ 411.890797][T16479] should_fail_ex+0x3f5/0x560 [ 411.890832][T16479] strncpy_from_user+0x36/0x2c0 [ 411.890864][T16479] strncpy_from_user_nofault+0x72/0x150 [ 411.890888][T16479] bpf_bprintf_prepare+0xbbc/0x13d0 [ 411.890928][T16479] ? __pfx_bpf_bprintf_prepare+0x10/0x10 [ 411.890956][T16479] ? __lock_acquire+0x6b6/0x2cf0 [ 411.890978][T16479] ? bpf_trace_printk+0xc1/0x190 [ 411.890997][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 411.891022][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 411.891047][T16479] bpf_trace_printk+0xdb/0x190 [ 411.891069][T16479] ? __pfx_bpf_trace_printk+0x10/0x10 [ 411.891089][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 411.891116][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 411.891141][T16479] ? lock_acquire+0x107/0x340 [ 411.891166][T16479] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 411.891184][T16479] bpf_trace_run2+0x284/0x4c0 [ 411.891216][T16479] ? unwind_next_frame+0xa5/0x23d0 [ 411.891240][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 411.891269][T16479] ? __pfx_bpf_trace_run2+0x10/0x10 [ 411.891298][T16479] ? __bpf_trace_contention_begin+0xcd/0x130 [ 411.891326][T16479] __bpf_trace_contention_begin+0xdc/0x130 [ 411.891351][T16479] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 411.891382][T16479] ? unwind_next_frame+0xa5/0x23d0 [ 411.891408][T16479] trace_contention_begin+0xfe/0x120 [ 411.891436][T16479] __pv_queued_spin_lock_slowpath+0xf0/0xb60 [ 411.891466][T16479] ? is_bpf_text_address+0x26/0x2b0 [ 411.891501][T16479] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 411.891534][T16479] queued_spin_lock_slowpath+0x43/0x50 [ 411.891564][T16479] do_raw_spin_lock+0x21f/0x290 [ 411.891592][T16479] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 411.891619][T16479] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 411.891656][T16479] raw_spin_rq_lock_nested+0x2a/0x140 [ 411.891678][T16479] __schedule+0x3c4/0x4fd0 [ 411.891704][T16479] ? stack_depot_save_flags+0x33/0x810 [ 411.891727][T16479] ? __lock_acquire+0x6b6/0x2cf0 [ 411.891748][T16479] ? __alloc_skb+0x1fd/0x720 [ 411.891771][T16479] ? netlink_sendmsg+0x5c6/0xb30 [ 411.891800][T16479] ? ____sys_sendmsg+0x505/0x820 [ 411.891824][T16479] ? ___sys_sendmsg+0x21f/0x2a0 [ 411.891848][T16479] ? do_syscall_64+0xec/0xf80 [ 411.891872][T16479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.891893][T16479] ? __pfx___schedule+0x10/0x10 [ 411.891937][T16479] preempt_schedule_irq+0x4d/0xa0 [ 411.891961][T16479] irqentry_exit+0x5e3/0x670 [ 411.891986][T16479] ? rcu_is_watching+0x15/0xb0 [ 411.892013][T16479] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 411.892034][T16479] RIP: 0010:netlink_unicast+0xcf/0x9e0 [ 411.892062][T16479] Code: 89 fe e8 44 09 00 00 48 89 44 24 10 31 ff 89 de e8 46 f8 49 f8 85 db 74 0c e8 fd f3 49 f8 31 c0 4d 89 e7 eb 29 e8 f1 f3 49 f8 <49> 8d 9c 24 98 03 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 4d 89 [ 411.892082][T16479] RSP: 0018:ffffc90003d1f7c0 EFLAGS: 00000293 [ 411.892099][T16479] RAX: ffffffff897704bf RBX: 0000000000000000 RCX: ffff88802d8e0000 [ 411.892113][T16479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 411.892125][T16479] RBP: ffffc90003d1f8b0 R08: ffff888055679e8b R09: 1ffff1100aacf3d1 [ 411.892141][T16479] R10: dffffc0000000000 R11: ffffed100aacf3d2 R12: ffff88801d2cb000 [ 411.892157][T16479] R13: dffffc0000000000 R14: ffff888028578280 R15: 0000000000000cc0 [ 411.892177][T16479] ? netlink_unicast+0xcf/0x9e0 [ 411.892217][T16479] ? __pfx__copy_from_iter+0x10/0x10 [ 411.892242][T16479] ? __pfx_netlink_unicast+0x10/0x10 [ 411.892269][T16479] ? netlink_sendmsg+0x642/0xb30 [ 411.892296][T16479] ? skb_put+0x11b/0x210 [ 411.892321][T16479] netlink_sendmsg+0x805/0xb30 [ 411.892354][T16479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.892384][T16479] ? aa_sock_msg_perm+0xf1/0x1b0 [ 411.892411][T16479] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 411.892429][T16479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.892459][T16479] __sock_sendmsg+0x21c/0x270 [ 411.892492][T16479] ____sys_sendmsg+0x505/0x820 [ 411.892522][T16479] ? __pfx_____sys_sendmsg+0x10/0x10 [ 411.892551][T16479] ? import_iovec+0x74/0xa0 [ 411.892578][T16479] ___sys_sendmsg+0x21f/0x2a0 [ 411.892602][T16479] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.892641][T16479] ? __fget_files+0x2a/0x420 [ 411.892665][T16479] ? __fget_files+0x3a0/0x420 [ 411.892692][T16479] __x64_sys_sendmsg+0x19b/0x260 [ 411.892717][T16479] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 411.892746][T16479] ? __pfx_ksys_write+0x10/0x10 [ 411.892770][T16479] do_syscall_64+0xec/0xf80 [ 411.892793][T16479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.892812][T16479] ? trace_irq_disable+0x37/0x100 [ 411.892838][T16479] ? clear_bhb_loop+0x60/0xb0 [ 411.892859][T16479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.892878][T16479] RIP: 0033:0x7fab3738f749 [ 411.892894][T16479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.892910][T16479] RSP: 002b:00007fab355f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.892928][T16479] RAX: ffffffffffffffda RBX: 00007fab375e5fa0 RCX: 00007fab3738f749 [ 411.892941][T16479] RDX: 0000000020000880 RSI: 0000200000000040 RDI: 0000000000000003 [ 411.892953][T16479] RBP: 00007fab355f6090 R08: 0000000000000000 R09: 0000000000000000 [ 411.892966][T16479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.892976][T16479] R13: 00007fab375e6038 R14: 00007fab375e5fa0 R15: 00007ffea3e6e6d8 [ 411.892996][T16479] [ 413.328507][T16479] CPU: 1 UID: 0 PID: 16479 Comm: syz.2.3917 Not tainted syzkaller #0 PREEMPT(full) [ 413.328530][T16479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 413.328541][T16479] Call Trace: [ 413.328549][T16479] [ 413.328558][T16479] dump_stack_lvl+0xe8/0x150 [ 413.328586][T16479] should_fail_ex+0x414/0x560 [ 413.328628][T16479] strncpy_from_user+0x36/0x2c0 [ 413.328654][T16479] strncpy_from_user_nofault+0x72/0x150 [ 413.328675][T16479] bpf_bprintf_prepare+0xbbc/0x13d0 [ 413.328706][T16479] ? __pfx_bpf_bprintf_prepare+0x10/0x10 [ 413.328731][T16479] ? __lock_acquire+0x6b6/0x2cf0 [ 413.328747][T16479] ? bpf_trace_printk+0xc1/0x190 [ 413.328763][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 413.328784][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 413.328805][T16479] bpf_trace_printk+0xdb/0x190 [ 413.328823][T16479] ? __pfx_bpf_trace_printk+0x10/0x10 [ 413.328840][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 413.328860][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 413.328881][T16479] ? lock_acquire+0x107/0x340 [ 413.328902][T16479] bpf_prog_930ede9872f2967c+0x3e/0x44 [ 413.328918][T16479] bpf_trace_run2+0x284/0x4c0 [ 413.328938][T16479] ? unwind_next_frame+0xa5/0x23d0 [ 413.328958][T16479] ? bpf_trace_run2+0x186/0x4c0 [ 413.328979][T16479] ? __pfx_bpf_trace_run2+0x10/0x10 [ 413.329003][T16479] ? __bpf_trace_contention_begin+0xcd/0x130 [ 413.329025][T16479] __bpf_trace_contention_begin+0xdc/0x130 [ 413.329045][T16479] ? __pfx___bpf_trace_contention_begin+0x10/0x10 [ 413.329069][T16479] ? unwind_next_frame+0xa5/0x23d0 [ 413.329089][T16479] trace_contention_begin+0xfe/0x120 [ 413.329119][T16479] __pv_queued_spin_lock_slowpath+0xf0/0xb60 [ 413.329144][T16479] ? is_bpf_text_address+0x26/0x2b0 [ 413.329170][T16479] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 413.329198][T16479] queued_spin_lock_slowpath+0x43/0x50 [ 413.329222][T16479] do_raw_spin_lock+0x21f/0x290 [ 413.329245][T16479] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 413.329267][T16479] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 413.329296][T16479] raw_spin_rq_lock_nested+0x2a/0x140 [ 413.329315][T16479] __schedule+0x3c4/0x4fd0 [ 413.329336][T16479] ? stack_depot_save_flags+0x33/0x810 [ 413.329353][T16479] ? __lock_acquire+0x6b6/0x2cf0 [ 413.329369][T16479] ? __alloc_skb+0x1fd/0x720 [ 413.329387][T16479] ? netlink_sendmsg+0x5c6/0xb30 [ 413.329411][T16479] ? ____sys_sendmsg+0x505/0x820 [ 413.329431][T16479] ? ___sys_sendmsg+0x21f/0x2a0 [ 413.329451][T16479] ? do_syscall_64+0xec/0xf80 [ 413.329470][T16479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.329487][T16479] ? __pfx___schedule+0x10/0x10 [ 413.329512][T16479] preempt_schedule_irq+0x4d/0xa0 [ 413.329530][T16479] irqentry_exit+0x5e3/0x670 [ 413.329550][T16479] ? rcu_is_watching+0x15/0xb0 [ 413.329572][T16479] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 413.329589][T16479] RIP: 0010:netlink_unicast+0xcf/0x9e0 [ 413.329612][T16479] Code: 89 fe e8 44 09 00 00 48 89 44 24 10 31 ff 89 de e8 46 f8 49 f8 85 db 74 0c e8 fd f3 49 f8 31 c0 4d 89 e7 eb 29 e8 f1 f3 49 f8 <49> 8d 9c 24 98 03 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 4d 89 [ 413.329627][T16479] RSP: 0018:ffffc90003d1f7c0 EFLAGS: 00000293 [ 413.329642][T16479] RAX: ffffffff897704bf RBX: 0000000000000000 RCX: ffff88802d8e0000 [ 413.329654][T16479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.329664][T16479] RBP: ffffc90003d1f8b0 R08: ffff888055679e8b R09: 1ffff1100aacf3d1 [ 413.329676][T16479] R10: dffffc0000000000 R11: ffffed100aacf3d2 R12: ffff88801d2cb000 [ 413.329689][T16479] R13: dffffc0000000000 R14: ffff888028578280 R15: 0000000000000cc0 [ 413.329704][T16479] ? netlink_unicast+0xcf/0x9e0 [ 413.329729][T16479] ? __pfx__copy_from_iter+0x10/0x10 [ 413.329749][T16479] ? __pfx_netlink_unicast+0x10/0x10 [ 413.329770][T16479] ? netlink_sendmsg+0x642/0xb30 [ 413.329811][T16479] ? skb_put+0x11b/0x210 [ 413.329833][T16479] netlink_sendmsg+0x805/0xb30 [ 413.329861][T16479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 413.329890][T16479] ? aa_sock_msg_perm+0xf1/0x1b0 [ 413.329913][T16479] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 413.329929][T16479] ? __pfx_netlink_sendmsg+0x10/0x10 [ 413.329954][T16479] __sock_sendmsg+0x21c/0x270 [ 413.329982][T16479] ____sys_sendmsg+0x505/0x820 [ 413.330006][T16479] ? __pfx_____sys_sendmsg+0x10/0x10 [ 413.330032][T16479] ? import_iovec+0x74/0xa0 [ 413.330053][T16479] ___sys_sendmsg+0x21f/0x2a0 [ 413.330076][T16479] ? __pfx____sys_sendmsg+0x10/0x10 [ 413.330117][T16479] ? __fget_files+0x2a/0x420 [ 413.330138][T16479] ? __fget_files+0x3a0/0x420 [ 413.330164][T16479] __x64_sys_sendmsg+0x19b/0x260 [ 413.330186][T16479] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 413.330212][T16479] ? __pfx_ksys_write+0x10/0x10 [ 413.330245][T16479] do_syscall_64+0xec/0xf80 [ 413.330265][T16479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.330281][T16479] ? trace_irq_disable+0x37/0x100 [ 413.330303][T16479] ? clear_bhb_loop+0x60/0xb0 [ 413.330321][T16479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.330337][T16479] RIP: 0033:0x7fab3738f749 [ 413.330351][T16479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.330365][T16479] RSP: 002b:00007fab355f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 413.330381][T16479] RAX: ffffffffffffffda RBX: 00007fab375e5fa0 RCX: 00007fab3738f749 [ 413.330393][T16479] RDX: 0000000020000880 RSI: 0000200000000040 RDI: 0000000000000003 [ 413.330404][T16479] RBP: 00007fab355f6090 R08: 0000000000000000 R09: 0000000000000000 [ 413.330414][T16479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 413.330423][T16479] R13: 00007fab375e6038 R14: 00007fab375e5fa0 R15: 00007ffea3e6e6d8 [ 413.330443][T16479]