last executing test programs: 52.63143784s ago: executing program 2 (id=780): r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast2, @loopback, 0x1, 0x1, [@empty]}, 0x14) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r3, &(0x7f0000000380)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x10000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10001}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000001c0)='O', 0x1}], 0x1}}], 0x1, 0x880) shutdown(r3, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0x1, 0x10, 0x9, 0x6}, &(0x7f0000000100)=0x18) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r5, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r6) r7 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=@newtaction={0x14, 0x30, 0xffffffffffffffff, 0x0, 0x40002}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) getsockname$packet(r2, 0x0, 0x0) 48.691356247s ago: executing program 2 (id=790): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 48.345162996s ago: executing program 2 (id=793): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000080000201000000000000000", @ANYRES32=0x1, @ANYBLOB="00eaffffd1080d00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000300000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 48.083242482s ago: executing program 2 (id=795): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000001940)=ANY=[@ANYBLOB="b4000000000b00007910120000000000c31000045100000095007400000a000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d29066927603deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e62367581c92ef9e7e8ece17d566c93a114d68c577d694b9844e0d9e306404cfc3bfbead9e1b96c6a6cb639bca6d000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 47.823390954s ago: executing program 2 (id=797): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001d80)=ANY=[@ANYBLOB="b70200001a140000bfa300001f0000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000002b000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e6185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f659cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c61a137462c7f2539479f49d4eb2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc16e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c0977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6040099d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663dd472021d202eedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe3594d4a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed180d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35f267632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12a851810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f314001a62863f6e04b4506ac2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab79e609c57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2b4bb9905a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296e99d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55000048e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cf7800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc699d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7dc1a869fa5551b873e2c838e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e0cbed29faef19c0082e26fb867bf0ff0000000000000000000000a0616252abda1102c3eee13eddef0275f21752ee474e32d790ae1f3df77e303ae1968c2a4419d1ca13b97b2c3123ab5b8473b880644e6acfe1d346d1528262c6e91f38029ec24eeb4fe5c1b3726bcfd386ba153fed11692170e5a09432bd02fa9dba861ecad4dbf61a93733a21aeff5f541b8f78bccbf1ac0000000000000000000000145aaaa62ff74b216b2977e7b9261824f663cea60ec6e0fa03bd596cec6d12316c8ed147d4cdd140857444c27c1946b1afcd4ec260694cb71e421744cf1f860840b0decf9be35aeb02d1bf6137b3189edb2d21557e6804ed52305e7deace8b97cd2b423cb79c541762097e29c386634a4bcc3ee91266d808706aadbc4650183d71bf5341edfe4c815d3a87c05d75da20b260d39cdd8559292000cb06faf9972683d379565dcd932fbc6bfb13f938a693252fc3af8088fcf8e06a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) 47.564506866s ago: executing program 2 (id=798): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a050018000000000000000a0000040900010073797a3100000000140000001180010000000000de15b742ef000000"], 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000340)={{0x0, 0x1, 0x1, 0x80000001, 0x3, 0x8, 0x2, 0x4, 0x83, 0x4, 0x29772aa5, 0x0, 0x5, 0x0, 0x38}, 0x8, [0x0]}) r1 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r1, &(0x7f0000000b00)=[{{&(0x7f00000001c0)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000080)=[{&(0x7f00000000c0)="a905000000007464000100000000000000e5c09a0349f9cd417e5d4c8ba3d218c4f7e4ebebee6335ac4ca8c4e94692a88e9be336877a5d1fd4e3e3457fcdce7d952f3f14089167ab4776819c0d16a38446b235f67df52cadcbe1610c63fbb0294fc77fdc811ebc8e5821c46c2eb3e22861b4bf6fc1d84e26a0345cdbde018f4d7b04cc81f99a3312d8afa8aca7b4dbc389b01af79890140733e23759d96e01dc2f42df84bb36535ae898a060e61052131e4f7b", 0xb3}, {&(0x7f0000000300)="82d903bfcb8484b98931c6c599ed9cf57c", 0x11}], 0x2}}], 0x1, 0x24004044) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x2) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r3, &(0x7f0000000f00)=[{&(0x7f0000000d80)="00214717a70700000000030640710a069d313ebb9b49", 0x16}], 0x1, 0x7, 0xfffffff9) recvmmsg(r2, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) listen(0xffffffffffffffff, 0x406) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvtap0\x00'}) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280001f, 0x110, r5, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0600000014000000000000004e0000002bfa0000e89d2ef493f97baa55526793e6b54a6a078601dcdb33cdf64b6aa9f00b6f90c8eb895883499f59b854bad048d87d5e195e14c453b68d814739915534a245dae995c815e0869f6d89637b66919dfc6b15cc3aa51992f0a929311c78474429788051372484b2936299f0cf8dfcbfc203c29bcb47f10b0692c36e775b6ae71ab83ce8"], 0x14}}, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 32.290122735s ago: executing program 32 (id=798): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a050018000000000000000a0000040900010073797a3100000000140000001180010000000000de15b742ef000000"], 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000340)={{0x0, 0x1, 0x1, 0x80000001, 0x3, 0x8, 0x2, 0x4, 0x83, 0x4, 0x29772aa5, 0x0, 0x5, 0x0, 0x38}, 0x8, [0x0]}) r1 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r1, &(0x7f0000000b00)=[{{&(0x7f00000001c0)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000080)=[{&(0x7f00000000c0)="a905000000007464000100000000000000e5c09a0349f9cd417e5d4c8ba3d218c4f7e4ebebee6335ac4ca8c4e94692a88e9be336877a5d1fd4e3e3457fcdce7d952f3f14089167ab4776819c0d16a38446b235f67df52cadcbe1610c63fbb0294fc77fdc811ebc8e5821c46c2eb3e22861b4bf6fc1d84e26a0345cdbde018f4d7b04cc81f99a3312d8afa8aca7b4dbc389b01af79890140733e23759d96e01dc2f42df84bb36535ae898a060e61052131e4f7b", 0xb3}, {&(0x7f0000000300)="82d903bfcb8484b98931c6c599ed9cf57c", 0x11}], 0x2}}], 0x1, 0x24004044) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x2) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r3, &(0x7f0000000f00)=[{&(0x7f0000000d80)="00214717a70700000000030640710a069d313ebb9b49", 0x16}], 0x1, 0x7, 0xfffffff9) recvmmsg(r2, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) listen(0xffffffffffffffff, 0x406) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvtap0\x00'}) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280001f, 0x110, r5, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0600000014000000000000004e0000002bfa0000e89d2ef493f97baa55526793e6b54a6a078601dcdb33cdf64b6aa9f00b6f90c8eb895883499f59b854bad048d87d5e195e14c453b68d814739915534a245dae995c815e0869f6d89637b66919dfc6b15cc3aa51992f0a929311c78474429788051372484b2936299f0cf8dfcbfc203c29bcb47f10b0692c36e775b6ae71ab83ce8"], 0x14}}, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 2.21323102s ago: executing program 5 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000009c0)=ANY=[@ANYBLOB="38010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="0c009900000000003e000000140004006e69637666300000000000000000000008000500060000000c001780040005000400040014000400766c616e300000000000000000000000050053000000"], 0x138}}, 0x0) 2.173220852s ago: executing program 3 (id=1068): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth1_to_batadv\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48884}, 0x0) 1.9688414s ago: executing program 5 (id=1071): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="700000000406010400000000000000000700000105000100070000"], 0x70}, 0x1, 0x0, 0x0, 0x20048801}, 0x0) 1.968568049s ago: executing program 3 (id=1072): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f0", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 1.95003617s ago: executing program 4 (id=1073): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x3, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x40041}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x4000000000000, 0x200000000000000, 0xff}}}, 0xb8}}, 0x2c000010) 1.839060614s ago: executing program 5 (id=1076): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f000000be00)=[{{0x0, 0x0, &(0x7f0000002c80)=[{0x0}, {&(0x7f0000001980)=""/233, 0x94}], 0x2}, 0x10001}], 0x1, 0x40000000, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 1.770689054s ago: executing program 4 (id=1077): syz_open_procfs$namespace(0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$l2tp(0x2, 0x2, 0x73) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.744653518s ago: executing program 0 (id=1078): socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x66, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x30, 0x2b, 0x0, @remote, @local, {[@routing={0x3a, 0x2, 0x2, 0x1, 0x0, [@mcast1]}], {0x4e22, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) 1.648527792s ago: executing program 3 (id=1079): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x28) poll(&(0x7f00000000c0)=[{r0, 0x9404}], 0x1, 0x3ff) shutdown(r0, 0x0) 1.495794651s ago: executing program 3 (id=1082): unshare(0x26020480) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, 0x0, &(0x7f00000000c0)) 1.316711928s ago: executing program 1 (id=1085): bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b98769aecf8529402bc66e37f0f20580e8e5f59ec48979957552fe17b897dcb4ed1a8d0fdf68d8c065c9d3501b387cf08c681326fcd79e7104eb50bc58a0140b594ad57b8d4be0c50f98e9c3e323d0a57001f8c6a094a7908315c7d7b33227861d2035649bb91daf77776e11159f3ebf7f3ed576adfc364f363e6f474dbbe3500c62c74193e7102fdf57b345066a6ebe47b4b469187631b586676e8e449fa215444366baf5d675f637a0f52c36a042d74957e94bd6d87061675da18128f69106970a9492d76dc312884bb7fcd88ca7e13f2914ba817724bc97ab634e845dfd1ab40344c33c7c202674ef959378abaf3f4fa038a6bbec31f5bd88f81240d2722dfa5e8621eb604db9ae06d49f0a56d64d525f3d41b367ed4d459f21baa3dc43c7cbe096f15bead83bc5ffe2f82128f2943a479556a39ab661bf0a86e0ad0520ab015112eeb06c13abc0da61cc6bf9508182d142696a4670fef7dcfa7a7e09f673c992f3acd4bafa7874c8bf9dc362943d7cd3c14d32bb7a8c3e3f1f55f500eca0c6fd0f199fefe601857e5307660c000cbd8f83f64e2afeb931f5dbba2d538f1c1d78c6ecd14af198f9e0ae4a8e2ef6cda63e059f5b3137946434418fd8920753c3ea5d054ad5d3da2749c94b23018be9495831a1ac647783823ac4f554bea483ee919824516f8d3d9d90753d69dd6375f0edafc98716d2aa7dbbf73208ee017fddec8c994cb5df3f74bfed87db0b88076c430495ce8a39b4b61003bb6c0e12a2f6d41a994537dadc0b389d5a1049e26b968d4aa8ded4fc38dec2ab5b14b5d0d0e24b37875e17d1066e0b04c807ef6712034f0cbd899e5cfd68143e0c3865c00a18fc7001fe9386acb55614fb7c739aef69bf21b8364e407fdb62e068359017714809d3a0b61b8bd046119f2a8e71f17908da23fbe13e50eafce63abba77a07695782fb01423efffe421bc9bede0df8ff1e163f677178eb84aec1c8517ca5a503fddba2a15878d0bf1bd255671f17417692a950fb0181150a08868107071661984c0099d588cc9456eb457fcb5fc37cec48a30aa0aa83251394fc1ec9cd0be2b7b95798a59ffd1d0a4b62e82de24bc54ad7c7385371bd27469d2631167e6c021f01f0e5ebf3819cb1f07e1cec4813ef51cc0b8e9c1069e472876e8721b81d64967edb507724fefb6128745623f6c3e520812ae1f373901d9e8f662d45aa7a1d51709960f82dc7580af43ca338631eb32259564e3379dbe0dc3bd700c8c7b04b66cff0b07d930e7a166fce6b0191283451c8dd50774b6c8d3adadd024c3faf1cf2ca2bc8d45804da21b56eb296a4f80b9a3a99fc6557b32de7db3c9637c8d481b29211c304127bf1504d6e5f9bc410d321d7cf28d55cc2f51eee3b284a67fbb8186391b2e0eae792aa886b8de71317131f17cff6d7f07775c64cb6ffad2eeedf8a650f8fdbfb9c1c2f0433369ce8c3d998e5cef6f3d6d791714e8ce2c0bfe99f893524dc832945874e80567164280a454b67339282406b152efcc57361aaec97ddf3643fd00bad9772130cabe0ff2b9355842e94d78df7a9792d1fa65f11f843c30d0db43eb952cf925e7cee0841227179a4752f3f72577c0e2b07e80f4675c1b9f673ff836b54b7ec04c9312102ba2bd1f41aa99f529f4758d91b298fc76209269cf064be9f2c72eb45efa50a2ba6c12041c6e94272b4f23235f36afafc64f22486aaabeb08ee5fd33de02812bb63b3eb71b3d9f95262fbdcc32dd6853beb822b2bab7fdef0d8a34b207d65b6cc6974c0f2979da42f4bc28f80b31735611a707a9212d13906f075c7d20675ddbb27edfd90a4770154d720cae0cc84b3429dc7d77498604f7cb786bd53a3f401d801602222962fde144e5f9fd5016d787a8992915c01091b5ee4c1f0747c80d32517d8e070fe04da5320b13c7e21c678fce1d34cbd2cd434d49b01e4dc154d88aad7431b8a456125ebd0995cb88f935c645341737a8a5122c11f197c8c37f4301325d79dc575000fed5fc73f5a9bfae94e6750aabd4481ce8e5df07fcd3f3f1043ac829a418ef3e84eaccaf24173254f74490831b9b2bf1719cacff67ed93bce09bf975b7ac4de15c6e9ca9baa4ea8ffd2f6ca83ec22316cf7cc795b9b2e3f67bd604d4b088c12cb4b7e137e1822b99555d95c3efcbb7bf5b9096d87ee3359cc2d6ca4ab049e8838fc24d84104683e3ea23cea700f53b8998d46276e29406858c425bf9fa69d7dbd1261c664e88bee5c0d9029c3c3e5870ac5a6e8d7fb62f8708f9da8aa5142e90992d4ab0eb76419bfb204a24df000d9f0767f4fb56fa4cebf3cc67ac91ba410ab0c761c4071ced60d723a50884056d89a7b631f29b329e3bb56b99eb8b71d1ca19de64e0631ffa99f2cbaf3caf1f5550bad84d1da4bf67cea04d1cce4d9522c1fb627c72d8", 0xa2b}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624", 0x44}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d34d9f", 0x22}, {0x0}], 0x5}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.088551119s ago: executing program 1 (id=1086): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, 0x0, 0x0) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000"], 0x24}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 1.033079443s ago: executing program 1 (id=1087): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000500)=@l2tp6={0xa, 0x0, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000100)="f4000900062b3325fe80000000000000dc8b850f2323fcb11ea3548466cc00007a000000ad6e911b", 0x28}], 0x1}, 0x0) 999.433248ms ago: executing program 3 (id=1088): bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b98769aecf8529402bc66e37f0f20580e8e5f59ec48979957552fe17b897dcb4ed1a8d0fdf68d8c065c9d3501b387cf08c681326fcd79e7104eb50bc58a0140b594ad57b8d4be0c50f98e9c3e323d0a57001f8c6a094a7908315c7d7b33227861d2035649bb91daf77776e11159f3ebf7f3ed576adfc364f363e6f474dbbe3500c62c74193e7102fdf57b345066a6ebe47b4b469187631b586676e8e449fa215444366baf5d675f637a0f52c36a042d74957e94bd6d87061675da18128f69106970a9492d76dc312884bb7fcd88ca7e13f2914ba817724bc97ab634e845dfd1ab40344c33c7c202674ef959378abaf3f4fa038a6bbec31f5bd88f81240d2722dfa5e8621eb604db9ae06d49f0a56d64d525f3d41b367ed4d459f21baa3dc43c7cbe096f15bead83bc5ffe2f82128f2943a479556a39ab661bf0a86e0ad0520ab015112eeb06c13abc0da61cc6bf9508182d142696a4670fef7dcfa7a7e09f673c992f3acd4bafa7874c8bf9dc362943d7cd3c14d32bb7a8c3e3f1f55f500eca0c6fd0f199fefe601857e5307660c000cbd8f83f64e2afeb931f5dbba2d538f1c1d78c6ecd14af198f9e0ae4a8e2ef6cda63e059f5b3137946434418fd8920753c3ea5d054ad5d3da2749c94b23018be9495831a1ac647783823ac4f554bea483ee919824516f8d3d9d90753d69dd6375f0edafc98716d2aa7dbbf73208ee017fddec8c994cb5df3f74bfed87db0b88076c430495ce8a39b4b61003bb6c0e12a2f6d41a994537dadc0b389d5a1049e26b968d4aa8ded4fc38dec2ab5b14b5d0d0e24b37875e17d1066e0b04c807ef6712034f0cbd899e5cfd68143e0c3865c00a18fc7001fe9386acb55614fb7c739aef69bf21b8364e407fdb62e068359017714809d3a0b61b8bd046119f2a8e71f17908da23fbe13e50eafce63abba77a07695782fb01423efffe421bc9bede0df8ff1e163f677178eb84aec1c8517ca5a503fddba2a15878d0bf1bd255671f17417692a950fb0181150a08868107071661984c0099d588cc9456eb457fcb5fc37cec48a30aa0aa83251394fc1ec9cd0be2b7b95798a59ffd1d0a4b62e82de24bc54ad7c7385371bd27469d2631167e6c021f01f0e5ebf3819cb1f07e1cec4813ef51cc0b8e9c1069e472876e8721b81d64967edb507724fefb6128745623f6c3e520812ae1f373901d9e8f662d45aa7a1d51709960f82dc7580af43ca338631eb32259564e3379dbe0dc3bd700c8c7b04b66cff0b07d930e7a166fce6b0191283451c8dd50774b6c8d3adadd024c3faf1cf2ca2bc8d45804da21b56eb296a4f80b9a3a99fc6557b32de7db3c9637c8d481b29211c304127bf1504d6e5f9bc410d321d7cf28d55cc2f51eee3b284a67fbb8186391b2e0eae792aa886b8de71317131f17cff6d7f07775c64cb6ffad2eeedf8a650f8fdbfb9c1c2f0433369ce8c3d998e5cef6f3d6d791714e8ce2c0bfe99f893524dc832945874e80567164280a454b67339282406b152efcc57361aaec97ddf3643fd00bad9772130cabe0ff2b9355842e94d78df7a9792d1fa65f11f843c30d0db43eb952cf925e7cee0841227179a4752f3f72577c0e2b07e80f4675c1b9f673ff836b54b7ec04c9312102ba2bd1f41aa99f529f4758d91b298fc76209269cf064be9f2c72eb45efa50a2ba6c12041c6e94272b4f23235f36afafc64f22486aaabeb08ee5fd33de02812bb63b3eb71b3d9f95262fbdcc32dd6853beb822b2bab7fdef0d8a34b207d65b6cc6974c0f2979da42f4bc28f80b31735611a707a9212d13906f075c7d20675ddbb27edfd90a4770154d720cae0cc84b3429dc7d77498604f7cb786bd53a3f401d801602222962fde144e5f9fd5016d787a8992915c01091b5ee4c1f0747c80d32517d8e070fe04da5320b13c7e21c678fce1d34cbd2cd434d49b01e4dc154d88aad7431b8a456125ebd0995cb88f935c645341737a8a5122c11f197c8c37f4301325d79dc575000fed5fc73f5a9bfae94e6750aabd4481ce8e5df07fcd3f3f1043ac829a418ef3e84eaccaf24173254f74490831b9b2bf1719cacff67ed93bce09bf975b7ac4de15c6e9ca9baa4ea8ffd2f6ca83ec22316cf7cc795b9b2e3f67bd604d4b088c12cb4b7e137e1822b99555d95c3efcbb7bf5b9096d87ee3359cc2d6ca4ab049e8838fc24d84104683e3ea23cea700f53b8998d46276e29406858c425bf9fa69d7dbd1261c664e88bee5c0d9029c3c3e5870ac5a6e8d7fb62f8708f9da8aa5142e90992d4ab0eb76419bfb204a24df000d9f0767f4fb56fa4cebf3cc67ac91ba410ab0c761c4071ced60d723a50884056d89a7b631f29b329e3bb56b99eb8b71d1ca19de64e0631ffa99f2cbaf3caf1f5550bad84d1da4bf67cea04d1cce4d9522c1fb627c72d8", 0xa2b}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e515", 0x46}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d34d9f", 0x22}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c363112c81f005fb311", 0x31}, {0x0}], 0x6}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 912.485791ms ago: executing program 0 (id=1089): r0 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x2d16, 0xf) sendmmsg(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d181a4b5f3e38100", 0xe}], 0x1}}], 0x1, 0x24044015) recvmmsg(r0, &(0x7f000000a800)=[{{0x0, 0x0, 0x0}, 0xc62}], 0x1, 0x2002, 0x0) 759.870718ms ago: executing program 1 (id=1090): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r0, 0x1, 0x1070bd0c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40811}, 0x20) 688.717579ms ago: executing program 0 (id=1091): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000500)=@l2tp6={0xa, 0x0, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000100)="f4000900062b3325fe80000000000000dc8b850f2323fcb11ea3548466cc00007a000000ad6e911b247f", 0x2a}], 0x1}, 0x0) 570.454311ms ago: executing program 4 (id=1092): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x44, r1, 0x511, 0x400000, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40850}, 0x0) 567.093082ms ago: executing program 5 (id=1093): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="0000000008000200000000001400", @ANYRES64=r0], 0x38}}, 0x0) 509.143666ms ago: executing program 1 (id=1094): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e00000000c001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c8269956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bea01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f085f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c33c1ed1c0d9cae846bcbfa8cce7b8944578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e666e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000100000000000000000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf129e6d19079e64336e7c676505c78ad67548f4b192be18b1fed95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb080000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eaf36e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee40350273418d4b000000000000c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a7467941bc21edcb9cb8d81e24c3090e1cc90d99e76939da87908fe2bedb44211701130d07c860000ba43870c61fcb4e84dbb216e6046fd7965ec52c94c5bf7511f4ed930c2"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd29, 0x25dfdbfb, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x80000001, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffd}, {0x0, 0x5, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2}, [@tmpl={0x44, 0x5, [{{@in=@multicast1, 0x4d6, 0x32}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x3507, 0x0, 0x3, 0x10, 0x9, 0x0, 0x10001}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20080004}, 0x0) socket$kcm(0xf, 0x3, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000633a77fbac141416e000030a83040211fe8000ff811e0000845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 477.480547ms ago: executing program 0 (id=1095): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={0x30, 0x0, 0x60b, 0x70bd2d, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0xf8}]}, 0x30}, 0x1, 0x8000000, 0x0, 0x24008801}, 0x0) 467.412506ms ago: executing program 3 (id=1096): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x18}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000002a40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001400)=""/226, 0xe2}], 0x1}, 0x5}], 0x1, 0x202, 0x0) 321.262267ms ago: executing program 4 (id=1097): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10) write(r0, &(0x7f0000000180)="822a0a65aa8c002b03", 0x9) 321.027237ms ago: executing program 5 (id=1098): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0xc, @loopback, 0x400}}, 0x0, 0x0, 0x40, 0x0, "947116a1a606754bab1cb61212bb07a2bd205f00f81bef965a071f0d1aadd97b9640d9a0cd9ea71a5e9aec7f03d4406a7710c42cb5e754b089928abcd7589d209bc45b4064028eb7fafaa8b125736e00"}, 0xd8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000190001090000000024000000021800000002fd010000000008000100ac1414000800050064010100100016800c0001000308010802000000060015"], 0x44}}, 0x0) 240.074105ms ago: executing program 0 (id=1099): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000004000000200001800d000100"], 0x34}}, 0x4040) 225.590429ms ago: executing program 4 (id=1100): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x30, r1, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "56528f7fd35a4aa115b2ea3654d62767"}]}, 0x30}, 0x1, 0x0, 0x0, 0x40101}, 0xc0) 181.056216ms ago: executing program 1 (id=1101): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x38, r3, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x4000000) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0) 68.220677ms ago: executing program 5 (id=1102): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x18}}, 0x20004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYBLOB="0300000000000000280012800a0001"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 16.494677ms ago: executing program 0 (id=1103): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[], 0x188}, 0x1, 0x7}, 0x0) 0s ago: executing program 4 (id=1104): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x28001, @empty, 0xffffff5d}, 0x1c) listen(r0, 0x50) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e23, 0x5, @empty, 0x4}, 0x1c) listen(r1, 0x50) kernel console output (not intermixed with test programs): /0x420 [ 109.568352][ T6298] ? __fget_files+0x3a0/0x420 [ 109.568389][ T6298] __x64_sys_sendmsg+0x1bd/0x2a0 [ 109.568421][ T6298] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.568460][ T6298] ? __pfx_ksys_write+0x10/0x10 [ 109.568492][ T6298] do_syscall_64+0x14d/0xf80 [ 109.568520][ T6298] ? trace_irq_disable+0x3b/0x150 [ 109.568547][ T6298] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.568567][ T6298] ? clear_bhb_loop+0x40/0x90 [ 109.568589][ T6298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.568609][ T6298] RIP: 0033:0x7f8aa419c629 [ 109.568627][ T6298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.568643][ T6298] RSP: 002b:00007f8aa502c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.568672][ T6298] RAX: ffffffffffffffda RBX: 00007f8aa4415fa0 RCX: 00007f8aa419c629 [ 109.568686][ T6298] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003 [ 109.568699][ T6298] RBP: 00007f8aa502c090 R08: 0000000000000000 R09: 0000000000000000 [ 109.568710][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.568722][ T6298] R13: 00007f8aa4416038 R14: 00007f8aa4415fa0 R15: 00007fffdd1b5ff8 [ 109.568754][ T6298] [ 109.596756][ T6302] netlink: 'syz.3.124': attribute type 10 has an invalid length. [ 109.876165][ T6302] netlink: 55 bytes leftover after parsing attributes in process `syz.3.124'. [ 109.901808][ T6304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.125'. [ 109.937553][ T6306] netlink: 160 bytes leftover after parsing attributes in process `syz.4.126'. [ 109.966137][ T6306] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 110.338252][ T6311] netlink: 24 bytes leftover after parsing attributes in process `syz.2.128'. [ 110.984860][ T6336] netlink: 24 bytes leftover after parsing attributes in process `syz.3.131'. [ 111.102047][ T6335] syzkaller0: entered promiscuous mode [ 111.127512][ T6335] syzkaller0: entered allmulticast mode [ 111.299158][ T6342] FAULT_INJECTION: forcing a failure. [ 111.299158][ T6342] name failslab, interval 1, probability 0, space 0, times 1 [ 111.326119][ T6342] CPU: 1 UID: 0 PID: 6342 Comm: syz.4.135 Not tainted syzkaller #0 PREEMPT(full) [ 111.326149][ T6342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.326161][ T6342] Call Trace: [ 111.326170][ T6342] [ 111.326179][ T6342] dump_stack_lvl+0xe8/0x150 [ 111.326214][ T6342] should_fail_ex+0x412/0x560 [ 111.326243][ T6342] should_failslab+0xa8/0x100 [ 111.326271][ T6342] __kmalloc_cache_noprof+0x88/0x660 [ 111.326291][ T6342] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 111.326319][ T6342] ? sctp_add_bind_addr+0x8c/0x370 [ 111.326348][ T6342] sctp_add_bind_addr+0x8c/0x370 [ 111.326377][ T6342] sctp_copy_local_addr_list+0x314/0x4f0 [ 111.326407][ T6342] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 111.326432][ T6342] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 111.326460][ T6342] ? sctp_v6_is_any+0x64/0x80 [ 111.326486][ T6342] ? sctp_copy_one_addr+0x93/0x360 [ 111.326514][ T6342] sctp_bind_addr_copy+0xb3/0x3c0 [ 111.326540][ T6342] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 111.326566][ T6342] sctp_connect_new_asoc+0x2ff/0x6b0 [ 111.326600][ T6342] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 111.326638][ T6342] ? __local_bh_enable_ip+0xd0/0x130 [ 111.326663][ T6342] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 111.326686][ T6342] ? security_sctp_bind_connect+0x7e/0x2c0 [ 111.326722][ T6342] sctp_sendmsg+0x1528/0x2c10 [ 111.326766][ T6342] ? __pfx_sctp_sendmsg+0x10/0x10 [ 111.326793][ T6342] ? aa_sk_perm+0x15a/0x960 [ 111.326817][ T6342] ? aa_sk_perm+0x82d/0x960 [ 111.326847][ T6342] ? __pfx_aa_sk_perm+0x10/0x10 [ 111.326873][ T6342] ? sock_rps_record_flow+0x19/0x400 [ 111.326914][ T6342] ? inet_sendmsg+0x2f4/0x370 [ 111.326949][ T6342] __sys_sendto+0x627/0x7a0 [ 111.326980][ T6342] ? __pfx___sys_sendto+0x10/0x10 [ 111.327004][ T6342] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 111.327050][ T6342] ? __fget_files+0x3a0/0x420 [ 111.327092][ T6342] ? ksys_write+0x242/0x270 [ 111.327115][ T6342] ? __pfx_ksys_write+0x10/0x10 [ 111.327141][ T6342] __x64_sys_sendto+0xde/0x100 [ 111.327172][ T6342] do_syscall_64+0x14d/0xf80 [ 111.327202][ T6342] ? trace_irq_disable+0x3b/0x150 [ 111.327248][ T6342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.327268][ T6342] ? clear_bhb_loop+0x40/0x90 [ 111.327293][ T6342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.327314][ T6342] RIP: 0033:0x7f141a99c629 [ 111.327334][ T6342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.327350][ T6342] RSP: 002b:00007f141b942028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 111.327372][ T6342] RAX: ffffffffffffffda RBX: 00007f141ac15fa0 RCX: 00007f141a99c629 [ 111.327387][ T6342] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 111.327400][ T6342] RBP: 00007f141b942090 R08: 0000200000000080 R09: 000000000000001c [ 111.327413][ T6342] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 111.327424][ T6342] R13: 00007f141ac16038 R14: 00007f141ac15fa0 R15: 00007ffe07c172c8 [ 111.327459][ T6342] [ 111.943721][ T6345] netlink: 216 bytes leftover after parsing attributes in process `syz.4.137'. [ 112.321247][ T6361] netlink: 'syz.2.136': attribute type 83 has an invalid length. [ 112.645432][ T6351] netlink: 160 bytes leftover after parsing attributes in process `syz.4.139'. [ 112.674594][ T6351] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 113.025523][ T6379] netlink: 87 bytes leftover after parsing attributes in process `syz.0.145'. [ 113.154866][ T6386] syzkaller0: entered promiscuous mode [ 113.187842][ T6386] syzkaller0: entered allmulticast mode [ 113.866937][ T6399] tipc: Started in network mode [ 113.875681][ T6399] tipc: Node identity fe800000000000000000000000000018, cluster identity 4711 [ 113.902944][ T6399] tipc: Enabled bearer , priority 10 [ 113.916798][ T6402] syzkaller0: entered promiscuous mode [ 113.923563][ T6402] syzkaller0: entered allmulticast mode [ 114.043776][ T6404] netlink: 'syz.4.150': attribute type 3 has an invalid length. [ 114.059387][ T6404] netlink: 'syz.4.150': attribute type 3 has an invalid length. [ 114.072549][ T6408] FAULT_INJECTION: forcing a failure. [ 114.072549][ T6408] name failslab, interval 1, probability 0, space 0, times 0 [ 114.092764][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.3.151 Not tainted syzkaller #0 PREEMPT(full) [ 114.092793][ T6408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 114.092805][ T6408] Call Trace: [ 114.092813][ T6408] [ 114.092821][ T6408] dump_stack_lvl+0xe8/0x150 [ 114.092854][ T6408] should_fail_ex+0x412/0x560 [ 114.092883][ T6408] should_failslab+0xa8/0x100 [ 114.092911][ T6408] __kmalloc_cache_noprof+0x88/0x660 [ 114.092933][ T6408] ? sctp_add_bind_addr+0x8c/0x370 [ 114.092961][ T6408] sctp_add_bind_addr+0x8c/0x370 [ 114.092988][ T6408] sctp_copy_local_addr_list+0x314/0x4f0 [ 114.093018][ T6408] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 114.093043][ T6408] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 114.093067][ T6408] ? sctp_v6_is_any+0x64/0x80 [ 114.093094][ T6408] ? sctp_copy_one_addr+0x93/0x360 [ 114.093122][ T6408] sctp_bind_addr_copy+0xb3/0x3c0 [ 114.093147][ T6408] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 114.093172][ T6408] sctp_connect_new_asoc+0x2ff/0x6b0 [ 114.093206][ T6408] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 114.093238][ T6408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 114.093267][ T6408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 114.093295][ T6408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 114.093324][ T6408] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 114.093347][ T6408] ? security_sctp_bind_connect+0x7e/0x2c0 [ 114.093383][ T6408] sctp_sendmsg+0x1528/0x2c10 [ 114.093428][ T6408] ? __pfx_sctp_sendmsg+0x10/0x10 [ 114.093456][ T6408] ? aa_sk_perm+0x15a/0x960 [ 114.093479][ T6408] ? aa_sk_perm+0x82d/0x960 [ 114.093511][ T6408] ? __pfx_aa_sk_perm+0x10/0x10 [ 114.093536][ T6408] ? sock_rps_record_flow+0x19/0x400 [ 114.093569][ T6408] ? inet_sendmsg+0x2f4/0x370 [ 114.093605][ T6408] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 114.093630][ T6408] __sys_sendto+0x627/0x7a0 [ 114.093660][ T6408] ? __pfx___sys_sendto+0x10/0x10 [ 114.093684][ T6408] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 114.093728][ T6408] ? __fget_files+0x3a0/0x420 [ 114.093769][ T6408] ? ksys_write+0x242/0x270 [ 114.093792][ T6408] ? __pfx_ksys_write+0x10/0x10 [ 114.093819][ T6408] __x64_sys_sendto+0xde/0x100 [ 114.093850][ T6408] do_syscall_64+0x14d/0xf80 [ 114.093880][ T6408] ? trace_irq_disable+0x3b/0x150 [ 114.093909][ T6408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.093931][ T6408] ? clear_bhb_loop+0x40/0x90 [ 114.093957][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.093978][ T6408] RIP: 0033:0x7f6b6f19c629 [ 114.093998][ T6408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.094014][ T6408] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 114.094043][ T6408] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 114.094057][ T6408] RDX: 000000000000005b RSI: 0000200000000040 RDI: 0000000000000003 [ 114.094070][ T6408] RBP: 00007f6b70054090 R08: 0000200000000100 R09: 000000000000001c [ 114.094083][ T6408] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 114.094094][ T6408] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 114.094128][ T6408] [ 114.848664][ T6416] __nla_validate_parse: 1 callbacks suppressed [ 114.848688][ T6416] netlink: 80 bytes leftover after parsing attributes in process `syz.4.155'. [ 114.957895][ T5886] tipc: Node number set to 4269801496 [ 115.364120][ T6433] syzkaller0: entered promiscuous mode [ 115.390652][ T6433] syzkaller0: entered allmulticast mode [ 115.440852][ T6435] 8021q: adding VLAN 0 to HW filter on device bond1 [ 115.468866][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.160'. [ 116.139196][ T6455] netlink: 84 bytes leftover after parsing attributes in process `syz.4.168'. [ 116.512588][ T6478] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.183'. [ 116.528632][ T6478] netlink: Unknown conntrack attr (type=2304, max=9) [ 116.927169][ T6484] netlink: 24 bytes leftover after parsing attributes in process `syz.4.174'. [ 117.222984][ T6502] xt_hashlimit: size too large, truncated to 1048576 [ 117.283406][ T6503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.180'. [ 117.442380][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.179'. [ 117.580068][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.649691][ T6503] bridge_slave_0 (unregistering): left allmulticast mode [ 117.702368][ T6503] bridge_slave_0 (unregistering): left promiscuous mode [ 117.745889][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.763517][ T6513] netlink: 28 bytes leftover after parsing attributes in process `syz.2.184'. [ 117.893394][ T6508] netlink: 8 bytes leftover after parsing attributes in process `syz.0.181'. [ 117.904533][ T6508] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 118.123839][ T6515] netlink: 140 bytes leftover after parsing attributes in process `syz.2.185'. [ 118.156167][ T6515] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 119.025965][ T6547] netlink: 'syz.0.198': attribute type 32 has an invalid length. [ 119.204808][ T6552] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 119.621638][ T6568] netlink: 'syz.3.204': attribute type 4 has an invalid length. [ 119.702784][ T6579] FAULT_INJECTION: forcing a failure. [ 119.702784][ T6579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.759990][ T6579] CPU: 1 UID: 0 PID: 6579 Comm: syz.4.207 Not tainted syzkaller #0 PREEMPT(full) [ 119.760022][ T6579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 119.760036][ T6579] Call Trace: [ 119.760045][ T6579] [ 119.760054][ T6579] dump_stack_lvl+0xe8/0x150 [ 119.760100][ T6579] should_fail_ex+0x412/0x560 [ 119.760132][ T6579] _copy_from_user+0x2d/0xb0 [ 119.760164][ T6579] ___sys_sendmsg+0x1c6/0x360 [ 119.760203][ T6579] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.760290][ T6579] ? __fget_files+0x2a/0x420 [ 119.760325][ T6579] ? __fget_files+0x3a0/0x420 [ 119.760366][ T6579] __x64_sys_sendmsg+0x1bd/0x2a0 [ 119.760401][ T6579] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 119.760444][ T6579] ? __pfx_ksys_write+0x10/0x10 [ 119.760478][ T6579] do_syscall_64+0x14d/0xf80 [ 119.760509][ T6579] ? trace_irq_disable+0x3b/0x150 [ 119.760540][ T6579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.760563][ T6579] ? clear_bhb_loop+0x40/0x90 [ 119.760590][ T6579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.760612][ T6579] RIP: 0033:0x7f141a99c629 [ 119.760642][ T6579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.760660][ T6579] RSP: 002b:00007f141b942028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.760691][ T6579] RAX: ffffffffffffffda RBX: 00007f141ac15fa0 RCX: 00007f141a99c629 [ 119.760707][ T6579] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003 [ 119.760721][ T6579] RBP: 00007f141b942090 R08: 0000000000000000 R09: 0000000000000000 [ 119.760741][ T6579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.760754][ T6579] R13: 00007f141ac16038 R14: 00007f141ac15fa0 R15: 00007ffe07c172c8 [ 119.760788][ T6579] [ 120.052798][ T6584] __nla_validate_parse: 4 callbacks suppressed [ 120.052822][ T6584] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'. [ 120.069686][ T6584] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 120.254065][ T6591] bond_slave_0: entered promiscuous mode [ 120.260231][ T6591] bond_slave_1: entered promiscuous mode [ 120.279483][ T6596] FAULT_INJECTION: forcing a failure. [ 120.279483][ T6596] name failslab, interval 1, probability 0, space 0, times 0 [ 120.306217][ T6596] CPU: 0 UID: 0 PID: 6596 Comm: syz.3.213 Not tainted syzkaller #0 PREEMPT(full) [ 120.306245][ T6596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 120.306258][ T6596] Call Trace: [ 120.306266][ T6596] [ 120.306275][ T6596] dump_stack_lvl+0xe8/0x150 [ 120.306309][ T6596] should_fail_ex+0x412/0x560 [ 120.306338][ T6596] should_failslab+0xa8/0x100 [ 120.306365][ T6596] __kmalloc_node_noprof+0xf0/0x7c0 [ 120.306387][ T6596] ? alloc_slab_obj_exts+0x4b/0x1b0 [ 120.306423][ T6596] alloc_slab_obj_exts+0x4b/0x1b0 [ 120.306456][ T6596] __memcg_slab_post_alloc_hook+0x53c/0xa80 [ 120.306506][ T6596] kmem_cache_alloc_node_noprof+0x40e/0x690 [ 120.306540][ T6596] ? __alloc_skb+0x1d0/0x7d0 [ 120.306564][ T6596] ? kmem_cache_alloc_node_noprof+0x23e/0x690 [ 120.306600][ T6596] __alloc_skb+0x1d0/0x7d0 [ 120.306625][ T6596] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 120.306654][ T6596] ? do_syscall_64+0x14d/0xf80 [ 120.306688][ T6596] alloc_skb_with_frags+0xca/0x890 [ 120.306731][ T6596] sock_alloc_send_pskb+0x878/0x990 [ 120.306782][ T6596] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 120.306811][ T6596] ? kasan_quarantine_put+0xbb/0x1f0 [ 120.306830][ T6596] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.306864][ T6596] ? kmem_cache_free+0x187/0x630 [ 120.306887][ T6596] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 120.306915][ T6596] unix_dgram_sendmsg+0x460/0x18e0 [ 120.306949][ T6596] ? __lock_acquire+0x6b5/0x2cf0 [ 120.306978][ T6596] ? __lock_acquire+0x6b5/0x2cf0 [ 120.307020][ T6596] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 120.307044][ T6596] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 120.307082][ T6596] ? unix_seqpacket_sendmsg+0x111/0x1e0 [ 120.307109][ T6596] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 120.307133][ T6596] ____sys_sendmsg+0xa68/0xad0 [ 120.307172][ T6596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.307212][ T6596] ? import_iovec+0x73/0xa0 [ 120.307244][ T6596] ___sys_sendmsg+0x2a5/0x360 [ 120.307279][ T6596] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.307361][ T6596] __sys_sendmmsg+0x27c/0x4e0 [ 120.307397][ T6596] ? __pfx___sys_sendmmsg+0x10/0x10 [ 120.307424][ T6596] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 120.307483][ T6596] ? ksys_write+0x242/0x270 [ 120.307506][ T6596] ? __pfx_ksys_write+0x10/0x10 [ 120.307533][ T6596] __x64_sys_sendmmsg+0xa0/0xc0 [ 120.307564][ T6596] do_syscall_64+0x14d/0xf80 [ 120.307592][ T6596] ? trace_irq_disable+0x3b/0x150 [ 120.307620][ T6596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.307640][ T6596] ? clear_bhb_loop+0x40/0x90 [ 120.307664][ T6596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.307683][ T6596] RIP: 0033:0x7f6b6f19c629 [ 120.307703][ T6596] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.307720][ T6596] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.307741][ T6596] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 120.307756][ T6596] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 120.307769][ T6596] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 120.307780][ T6596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 120.307789][ T6596] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 120.307816][ T6596] [ 120.311412][ T6591] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 120.660182][ T6600] netlink: 'syz.4.210': attribute type 13 has an invalid length. [ 120.676122][ T6600] netlink: 'syz.4.210': attribute type 17 has an invalid length. [ 120.723448][ T6590] dummy0: entered promiscuous mode [ 120.738782][ T6590] vlan2: entered promiscuous mode [ 121.099108][ T6600] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 121.123262][ T6610] tipc: Started in network mode [ 121.128683][ T6610] tipc: Node identity fa732889ce1f, cluster identity 4711 [ 121.136848][ T6610] tipc: Enabled bearer , priority 0 [ 121.151672][ T6603] syzkaller0: entered promiscuous mode [ 121.170908][ T6603] syzkaller0: entered allmulticast mode [ 121.229296][ T6599] tipc: Resetting bearer [ 121.271908][ T6624] netlink: 24 bytes leftover after parsing attributes in process `syz.2.218'. [ 121.303490][ T6625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.219'. [ 121.318443][ T6599] tipc: Disabling bearer [ 121.321203][ T6627] netlink: 24 bytes leftover after parsing attributes in process `syz.3.220'. [ 121.512007][ T6631] netlink: 16 bytes leftover after parsing attributes in process `syz.3.220'. [ 121.683877][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.221'. [ 121.715559][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.221'. [ 121.727003][ T6641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.222'. [ 121.749129][ T6641] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 121.806630][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.221'. [ 121.831873][ T6621] netlink: 44 bytes leftover after parsing attributes in process `syz.1.216'. [ 121.851169][ T24] IPVS: starting estimator thread 0... [ 121.956294][ T6642] IPVS: using max 25 ests per chain, 60000 per kthread [ 122.110652][ T6650] bridge: RTM_NEWNEIGH with invalid state 0x10 [ 122.565468][ T6668] xt_TPROXY: Can be used only with -p tcp or -p udp [ 122.884235][ T6678] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 122.949545][ T6677] netlink: 'syz.2.235': attribute type 1 has an invalid length. [ 123.017955][ T6687] xt_hashlimit: size too large, truncated to 1048576 [ 123.031397][ T6686] netlink: 'syz.1.238': attribute type 4 has an invalid length. [ 123.083229][ T6692] netlink: 'syz.1.238': attribute type 4 has an invalid length. [ 123.174945][ T6677] 8021q: adding VLAN 0 to HW filter on device bond2 [ 123.228202][ T6691] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.308781][ T6691] bridge_slave_0 (unregistering): left promiscuous mode [ 123.316796][ T6691] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.343199][ T6700] netlink: 'syz.2.240': attribute type 8 has an invalid length. [ 123.675641][ T6708] netlink: 'syz.1.242': attribute type 32 has an invalid length. [ 124.093169][ T6722] netlink: Unknown conntrack attr (type=2304, max=9) [ 124.260754][ T6731] team0: Device gtp0 is of different type [ 125.305494][ T6775] __nla_validate_parse: 68 callbacks suppressed [ 125.305517][ T6775] netlink: 172 bytes leftover after parsing attributes in process `syz.4.261'. [ 125.402196][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.267'. [ 125.677938][ T6790] netlink: 140 bytes leftover after parsing attributes in process `syz.2.273'. [ 125.713240][ T6790] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 125.888918][ T6797] ipvlan2: entered promiscuous mode [ 125.906913][ T6797] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 126.376854][ T6819] netlink: 'syz.3.284': attribute type 1 has an invalid length. [ 126.396201][ T6819] netlink: 'syz.3.284': attribute type 1 has an invalid length. [ 126.525732][ T6821] netlink: 140 bytes leftover after parsing attributes in process `syz.3.285'. [ 126.545202][ T6821] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 126.758720][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 128.910149][ T6836] FAULT_INJECTION: forcing a failure. [ 128.910149][ T6836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.941453][ T6840] FAULT_INJECTION: forcing a failure. [ 128.941453][ T6840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.985890][ T6840] CPU: 1 UID: 0 PID: 6840 Comm: syz.3.293 Not tainted syzkaller #0 PREEMPT(full) [ 128.985919][ T6840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.985932][ T6840] Call Trace: [ 128.985941][ T6840] [ 128.985950][ T6840] dump_stack_lvl+0xe8/0x150 [ 128.985997][ T6840] should_fail_ex+0x412/0x560 [ 128.986025][ T6840] _copy_to_user+0x31/0xb0 [ 128.986056][ T6840] simple_read_from_buffer+0xe1/0x170 [ 128.986090][ T6840] proc_fail_nth_read+0x1bb/0x230 [ 128.986122][ T6840] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 128.986153][ T6840] ? rw_verify_area+0x2a6/0x4d0 [ 128.986172][ T6840] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 128.986201][ T6840] vfs_read+0x20c/0xa70 [ 128.986219][ T6840] ? fdget_pos+0x246/0x320 [ 128.986253][ T6840] ? __pfx___mutex_lock+0x10/0x10 [ 128.986285][ T6840] ? __pfx_vfs_read+0x10/0x10 [ 128.986307][ T6840] ? __fget_files+0x2a/0x420 [ 128.986340][ T6840] ? __fget_files+0x3a0/0x420 [ 128.986367][ T6840] ? __fget_files+0x2a/0x420 [ 128.986404][ T6840] ksys_read+0x150/0x270 [ 128.986427][ T6840] ? __pfx_ksys_read+0x10/0x10 [ 128.986459][ T6840] do_syscall_64+0x14d/0xf80 [ 128.986488][ T6840] ? trace_irq_disable+0x3b/0x150 [ 128.986518][ T6840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.986539][ T6840] ? clear_bhb_loop+0x40/0x90 [ 128.986564][ T6840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.986585][ T6840] RIP: 0033:0x7f6b6f15cece [ 128.986605][ T6840] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 128.986621][ T6840] RSP: 002b:00007f6b70053fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 128.986643][ T6840] RAX: ffffffffffffffda RBX: 00007f6b700546c0 RCX: 00007f6b6f15cece [ 128.986658][ T6840] RDX: 000000000000000f RSI: 00007f6b700540a0 RDI: 0000000000000004 [ 128.986670][ T6840] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 128.986682][ T6840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.986693][ T6840] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 128.986727][ T6840] [ 129.253807][ T6836] CPU: 1 UID: 0 PID: 6836 Comm: syz.4.291 Not tainted syzkaller #0 PREEMPT(full) [ 129.253836][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 129.253848][ T6836] Call Trace: [ 129.253856][ T6836] [ 129.253864][ T6836] dump_stack_lvl+0xe8/0x150 [ 129.253897][ T6836] should_fail_ex+0x412/0x560 [ 129.253923][ T6836] _copy_from_user+0x2d/0xb0 [ 129.254012][ T6836] generic_map_update_batch+0x648/0x990 [ 129.254046][ T6836] ? __pfx_generic_map_update_batch+0x10/0x10 [ 129.254070][ T6836] ? __fget_files+0x2a/0x420 [ 129.254103][ T6836] ? __pfx_generic_map_update_batch+0x10/0x10 [ 129.254127][ T6836] bpf_map_do_batch+0x39b/0x630 [ 129.254152][ T6836] __sys_bpf+0x7c1/0x950 [ 129.254183][ T6836] ? __pfx___sys_bpf+0x10/0x10 [ 129.254229][ T6836] ? ksys_write+0x242/0x270 [ 129.254252][ T6836] ? __pfx_ksys_write+0x10/0x10 [ 129.254279][ T6836] __x64_sys_bpf+0x7c/0x90 [ 129.254307][ T6836] do_syscall_64+0x14d/0xf80 [ 129.254337][ T6836] ? trace_irq_disable+0x3b/0x150 [ 129.254366][ T6836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.254386][ T6836] ? clear_bhb_loop+0x40/0x90 [ 129.254410][ T6836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.254430][ T6836] RIP: 0033:0x7f141a99c629 [ 129.254448][ T6836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.254464][ T6836] RSP: 002b:00007f141b942028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 129.254487][ T6836] RAX: ffffffffffffffda RBX: 00007f141ac15fa0 RCX: 00007f141a99c629 [ 129.254502][ T6836] RDX: 0000000000000038 RSI: 0000200000000040 RDI: 000000000000001a [ 129.254514][ T6836] RBP: 00007f141b942090 R08: 0000000000000000 R09: 0000000000000000 [ 129.254526][ T6836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 129.254538][ T6836] R13: 00007f141ac16038 R14: 00007f141ac15fa0 R15: 00007ffe07c172c8 [ 129.254570][ T6836] [ 129.468691][ T6844] netlink: 12 bytes leftover after parsing attributes in process `syz.1.295'. [ 129.554543][ T6844] syzkaller1: entered promiscuous mode [ 129.560400][ T6844] syzkaller1: entered allmulticast mode [ 129.569422][ T6846] netlink: 140 bytes leftover after parsing attributes in process `syz.2.296'. [ 129.569801][ T6844] netlink: 16 bytes leftover after parsing attributes in process `syz.1.295'. [ 129.628030][ T6846] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 129.723535][ T6853] netlink: 16 bytes leftover after parsing attributes in process `syz.4.299'. [ 129.881453][ T6853] bond0: entered promiscuous mode [ 129.897879][ T6853] bond0: left promiscuous mode [ 129.974652][ T6863] netlink: 256 bytes leftover after parsing attributes in process `syz.3.301'. [ 130.209336][ T6863] can: request_module (can-proto-3) failed. [ 130.617778][ T6883] netlink: 16 bytes leftover after parsing attributes in process `syz.2.306'. [ 130.708900][ T6888] netlink: 160 bytes leftover after parsing attributes in process `syz.0.310'. [ 130.738456][ T6888] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 130.837663][ T6893] netlink: 'syz.3.313': attribute type 4 has an invalid length. [ 130.855976][ T6894] netlink: 'syz.1.314': attribute type 4 has an invalid length. [ 130.890799][ T6893] netlink: 'syz.3.313': attribute type 4 has an invalid length. [ 131.395145][ T6901] netlink: 24 bytes leftover after parsing attributes in process `syz.1.316'. [ 131.485395][ T6910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.319'. [ 132.313015][ T6946] netlink: 'syz.4.331': attribute type 4 has an invalid length. [ 132.323398][ T6935] netlink: 240 bytes leftover after parsing attributes in process `syz.2.327'. [ 132.338475][ T6929] xt_CT: You must specify a L4 protocol and not use inversions on it [ 132.411531][ T6942] netlink: 'syz.4.331': attribute type 4 has an invalid length. [ 132.546493][ T6949] netlink: 48 bytes leftover after parsing attributes in process `syz.0.332'. [ 132.853203][ T6963] netlink: 24 bytes leftover after parsing attributes in process `syz.3.333'. [ 132.875501][ T6965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'. [ 132.930831][ T6960] netlink: 160 bytes leftover after parsing attributes in process `syz.1.336'. [ 132.943749][ T6960] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 133.128679][ T6971] xt_nfacct: accounting object `syz0' does not exist [ 133.164823][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.171895][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.594827][ T6987] batadv0: entered promiscuous mode [ 133.647037][ T6992] netlink: 'syz.3.347': attribute type 4 has an invalid length. [ 133.676582][ T6987] vlan2: entered promiscuous mode [ 133.698239][ T6993] netlink: 'syz.3.347': attribute type 4 has an invalid length. [ 133.913079][ T6997] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 134.165109][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.351'. [ 134.200201][ T7006] netlink: 'syz.0.352': attribute type 4 has an invalid length. [ 134.250638][ T7006] netlink: 'syz.0.352': attribute type 4 has an invalid length. [ 134.984923][ T7029] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 135.204051][ T7037] syzkaller0: entered promiscuous mode [ 135.217046][ T7037] syzkaller0: entered allmulticast mode [ 135.366176][ T7038] veth1_macvtap: renamed from veth0_vlan [ 135.770449][ T7048] __nla_validate_parse: 3 callbacks suppressed [ 135.770472][ T7048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.368'. [ 135.826980][ T7048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.368'. [ 135.872725][ T7048] bond0: entered promiscuous mode [ 135.897433][ T7048] bond_slave_0: entered promiscuous mode [ 135.921910][ T7048] bond_slave_1: entered promiscuous mode [ 135.956380][ T7056] netlink: 'syz.4.370': attribute type 4 has an invalid length. [ 136.016962][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'. [ 136.032147][ T7059] netlink: 'syz.4.370': attribute type 4 has an invalid length. [ 136.091184][ T7048] bond0: left promiscuous mode [ 136.097014][ T7048] bond_slave_0: left promiscuous mode [ 136.122950][ T7048] bond_slave_1: left promiscuous mode [ 136.450505][ T7072] netlink: 80 bytes leftover after parsing attributes in process `syz.0.373'. [ 137.155511][ T7101] netlink: 'syz.0.381': attribute type 1 has an invalid length. [ 137.593757][ T7099] netlink: 24 bytes leftover after parsing attributes in process `syz.4.382'. [ 137.686261][ T5487] veth1_macvtap: left promiscuous mode [ 137.759677][ T5487] veth1_macvtap: entered promiscuous mode [ 138.345496][ T7139] netlink: 'syz.0.388': attribute type 4 has an invalid length. [ 138.405873][ T7133] netlink: 'syz.0.388': attribute type 4 has an invalid length. [ 138.535723][ T7145] netlink: 28 bytes leftover after parsing attributes in process `syz.3.393'. [ 138.564906][ T7145] netlink: 28 bytes leftover after parsing attributes in process `syz.3.393'. [ 138.618852][ T7145] bond0: entered promiscuous mode [ 138.625281][ T7145] bond_slave_0: entered promiscuous mode [ 138.649221][ T7145] bond_slave_1: entered promiscuous mode [ 138.707274][ T7145] bond0: left promiscuous mode [ 138.722833][ T7145] bond_slave_0: left promiscuous mode [ 138.764178][ T7145] bond_slave_1: left promiscuous mode [ 138.846356][ T7160] netlink: 24 bytes leftover after parsing attributes in process `syz.2.392'. [ 139.234417][ T7172] FAULT_INJECTION: forcing a failure. [ 139.234417][ T7172] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.283577][ T7172] CPU: 0 UID: 0 PID: 7172 Comm: syz.3.399 Not tainted syzkaller #0 PREEMPT(full) [ 139.283608][ T7172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.283621][ T7172] Call Trace: [ 139.283629][ T7172] [ 139.283637][ T7172] dump_stack_lvl+0xe8/0x150 [ 139.283673][ T7172] should_fail_ex+0x412/0x560 [ 139.283703][ T7172] _copy_from_user+0x2d/0xb0 [ 139.283732][ T7172] ___sys_sendmsg+0x1c6/0x360 [ 139.283769][ T7172] ? __pfx____sys_sendmsg+0x10/0x10 [ 139.283834][ T7172] ? __fget_files+0x2a/0x420 [ 139.283868][ T7172] ? __fget_files+0x3a0/0x420 [ 139.283905][ T7172] __x64_sys_sendmsg+0x1bd/0x2a0 [ 139.283938][ T7172] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 139.283982][ T7172] ? __pfx_ksys_write+0x10/0x10 [ 139.284014][ T7172] do_syscall_64+0x14d/0xf80 [ 139.284043][ T7172] ? trace_irq_disable+0x3b/0x150 [ 139.284071][ T7172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.284091][ T7172] ? clear_bhb_loop+0x40/0x90 [ 139.284114][ T7172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.284133][ T7172] RIP: 0033:0x7f6b6f19c629 [ 139.284151][ T7172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.284167][ T7172] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 139.284186][ T7172] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 139.284200][ T7172] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003 [ 139.284212][ T7172] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 139.284224][ T7172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.284235][ T7172] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 139.284268][ T7172] [ 139.861458][ T7192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.406'. [ 139.882631][ T7192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.406'. [ 139.936307][ T7192] team0: entered promiscuous mode [ 139.948778][ T7192] team_slave_0: entered promiscuous mode [ 139.961397][ T7192] team_slave_1: entered promiscuous mode [ 139.969691][ T7192] debugfs: 'hsr1' already exists in 'hsr' [ 139.975816][ T7192] Cannot create hsr debugfs directory [ 140.525778][ T7221] netlink: 'syz.1.415': attribute type 2 has an invalid length. [ 141.087767][ T7257] FAULT_INJECTION: forcing a failure. [ 141.087767][ T7257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.140817][ T7257] CPU: 0 UID: 0 PID: 7257 Comm: syz.4.428 Not tainted syzkaller #0 PREEMPT(full) [ 141.140847][ T7257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.140860][ T7257] Call Trace: [ 141.140868][ T7257] [ 141.140876][ T7257] dump_stack_lvl+0xe8/0x150 [ 141.140912][ T7257] should_fail_ex+0x412/0x560 [ 141.140942][ T7257] _copy_from_iter+0x1d3/0x1670 [ 141.140972][ T7257] ? rcu_is_watching+0x15/0xb0 [ 141.141006][ T7257] ? __pfx__copy_from_iter+0x10/0x10 [ 141.141040][ T7257] ? netlink_sendmsg+0x650/0xb40 [ 141.141064][ T7257] ? skb_put+0x11b/0x210 [ 141.141096][ T7257] netlink_sendmsg+0x6c0/0xb40 [ 141.141131][ T7257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.141159][ T7257] ? aa_sock_msg_perm+0xf1/0x1b0 [ 141.141184][ T7257] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 141.141207][ T7257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.141231][ T7257] ____sys_sendmsg+0xa68/0xad0 [ 141.141269][ T7257] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.141308][ T7257] ? import_iovec+0x73/0xa0 [ 141.141339][ T7257] ___sys_sendmsg+0x2a5/0x360 [ 141.141376][ T7257] ? __pfx____sys_sendmsg+0x10/0x10 [ 141.141452][ T7257] ? __fget_files+0x2a/0x420 [ 141.141481][ T7257] ? __fget_files+0x3a0/0x420 [ 141.141520][ T7257] __x64_sys_sendmsg+0x1bd/0x2a0 [ 141.141553][ T7257] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 141.141593][ T7257] ? __pfx_ksys_write+0x10/0x10 [ 141.141625][ T7257] do_syscall_64+0x14d/0xf80 [ 141.141655][ T7257] ? trace_irq_disable+0x3b/0x150 [ 141.141684][ T7257] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.141706][ T7257] ? clear_bhb_loop+0x40/0x90 [ 141.141735][ T7257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.141754][ T7257] RIP: 0033:0x7f141a99c629 [ 141.141772][ T7257] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.141788][ T7257] RSP: 002b:00007f141b942028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.141810][ T7257] RAX: ffffffffffffffda RBX: 00007f141ac15fa0 RCX: 00007f141a99c629 [ 141.141823][ T7257] RDX: 0000000000044000 RSI: 0000200000000200 RDI: 0000000000000003 [ 141.141836][ T7257] RBP: 00007f141b942090 R08: 0000000000000000 R09: 0000000000000000 [ 141.141847][ T7257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.141858][ T7257] R13: 00007f141ac16038 R14: 00007f141ac15fa0 R15: 00007ffe07c172c8 [ 141.141890][ T7257] [ 141.417957][ T7263] __nla_validate_parse: 4 callbacks suppressed [ 141.417981][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.0.439'. [ 141.454267][ T7263] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 141.461677][ T7263] IPv6: NLM_F_CREATE should be set when creating new route [ 141.481490][ T7265] netlink: 'syz.3.429': attribute type 1 has an invalid length. [ 141.904025][ T7282] netlink: 20 bytes leftover after parsing attributes in process `syz.4.437'. [ 142.246664][ T7290] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.324533][ T7302] netlink: 8 bytes leftover after parsing attributes in process `syz.2.436'. [ 142.342786][ T7304] netlink: 'syz.0.442': attribute type 4 has an invalid length. [ 142.407035][ T7304] netlink: 'syz.0.442': attribute type 4 has an invalid length. [ 142.544297][ T7290] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.620563][ T7314] IPv6: NLM_F_CREATE should be specified when creating new route [ 142.632256][ T7314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.444'. [ 142.878738][ T7290] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.911733][ T7315] syzkaller0: entered promiscuous mode [ 142.934049][ T7315] syzkaller0: entered allmulticast mode [ 142.954827][ T7326] netlink: 'syz.1.449': attribute type 8 has an invalid length. [ 143.023004][ T7290] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.193007][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.225762][ T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.263518][ T7334] openvswitch: netlink: Unexpected mask (mask=240040, allowed=10048) [ 143.272049][ T35] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.317559][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.338409][ T7338] netlink: 'syz.3.455': attribute type 4 has an invalid length. [ 143.347942][ T7336] netlink: 12 bytes leftover after parsing attributes in process `syz.1.454'. [ 143.381977][ T7336] vlan2: entered promiscuous mode [ 143.390085][ T7339] netlink: 'syz.3.455': attribute type 4 has an invalid length. [ 143.474368][ T7341] syzkaller0: entered promiscuous mode [ 143.487889][ T7341] syzkaller0: entered allmulticast mode [ 143.562090][ T7343] netlink: 20 bytes leftover after parsing attributes in process `syz.3.457'. [ 143.748981][ T7349] team0: Device gtp0 is of different type [ 143.981108][ T7362] FAULT_INJECTION: forcing a failure. [ 143.981108][ T7362] name failslab, interval 1, probability 0, space 0, times 0 [ 144.029391][ T7362] CPU: 0 UID: 0 PID: 7362 Comm: syz.1.465 Not tainted syzkaller #0 PREEMPT(full) [ 144.029419][ T7362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 144.029432][ T7362] Call Trace: [ 144.029440][ T7362] [ 144.029448][ T7362] dump_stack_lvl+0xe8/0x150 [ 144.029481][ T7362] should_fail_ex+0x412/0x560 [ 144.029511][ T7362] should_failslab+0xa8/0x100 [ 144.029537][ T7362] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 144.029569][ T7362] ? __alloc_skb+0x186/0x7d0 [ 144.029593][ T7362] ? __alloc_skb+0x1d0/0x7d0 [ 144.029615][ T7362] ? __local_bh_enable_ip+0xd0/0x130 [ 144.029647][ T7362] __alloc_skb+0x1d0/0x7d0 [ 144.029677][ T7362] alloc_skb_with_frags+0xca/0x890 [ 144.029711][ T7362] ? __lock_acquire+0x6b5/0x2cf0 [ 144.029743][ T7362] sock_alloc_send_pskb+0x878/0x990 [ 144.029780][ T7362] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 144.029814][ T7362] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 144.029849][ T7362] ? dev_get_by_index+0x22/0x2e0 [ 144.029868][ T7362] ? dev_get_by_index+0x22/0x2e0 [ 144.029895][ T7362] packet_sendmsg+0x33e5/0x50f0 [ 144.029929][ T7362] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 144.029957][ T7362] ? __lock_acquire+0x6b5/0x2cf0 [ 144.030007][ T7362] ? aa_sk_perm+0x15a/0x960 [ 144.030031][ T7362] ? aa_sk_perm+0x82d/0x960 [ 144.030050][ T7362] ? __pfx_packet_sendmsg+0x10/0x10 [ 144.030086][ T7362] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 144.030123][ T7362] ? aa_sock_msg_perm+0xf1/0x1b0 [ 144.030149][ T7362] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.030173][ T7362] ? __pfx_packet_sendmsg+0x10/0x10 [ 144.030198][ T7362] ____sys_sendmsg+0xa68/0xad0 [ 144.030237][ T7362] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.030276][ T7362] ? import_iovec+0x73/0xa0 [ 144.030311][ T7362] ___sys_sendmsg+0x2a5/0x360 [ 144.030354][ T7362] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.030419][ T7362] ? __fget_files+0x2a/0x420 [ 144.030446][ T7362] ? __fget_files+0x3a0/0x420 [ 144.030483][ T7362] __x64_sys_sendmsg+0x1bd/0x2a0 [ 144.030515][ T7362] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 144.030552][ T7362] ? __pfx_ksys_write+0x10/0x10 [ 144.030583][ T7362] do_syscall_64+0x14d/0xf80 [ 144.030618][ T7362] ? trace_irq_disable+0x3b/0x150 [ 144.030646][ T7362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.030667][ T7362] ? clear_bhb_loop+0x40/0x90 [ 144.030692][ T7362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.030713][ T7362] RIP: 0033:0x7fdfaa79c629 [ 144.030733][ T7362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.030749][ T7362] RSP: 002b:00007fdfab744028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.030771][ T7362] RAX: ffffffffffffffda RBX: 00007fdfaaa15fa0 RCX: 00007fdfaa79c629 [ 144.030785][ T7362] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003 [ 144.030797][ T7362] RBP: 00007fdfab744090 R08: 0000000000000000 R09: 0000000000000000 [ 144.030808][ T7362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.030819][ T7362] R13: 00007fdfaaa16038 R14: 00007fdfaaa15fa0 R15: 00007ffc8f1f57a8 [ 144.030851][ T7362] [ 144.538547][ T7373] veth0: entered promiscuous mode [ 144.549598][ T7367] veth0: left promiscuous mode [ 144.655494][ T7383] netlink: 264 bytes leftover after parsing attributes in process `syz.4.475'. [ 144.699577][ T7380] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.746162][ T7380] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.763822][ T7380] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.812963][ T7380] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.888529][ T7393] sctp: [Deprecated]: syz.1.477 (pid 7393) Use of struct sctp_assoc_value in delayed_ack socket option. [ 144.888529][ T7393] Use struct sctp_sack_info instead [ 145.008165][ T7393] sctp: [Deprecated]: syz.1.477 (pid 7393) Use of struct sctp_assoc_value in delayed_ack socket option. [ 145.008165][ T7393] Use struct sctp_sack_info instead [ 145.089933][ T7393] netlink: 8 bytes leftover after parsing attributes in process `syz.1.477'. [ 145.380721][ T7413] netlink: 28 bytes leftover after parsing attributes in process `syz.3.481'. [ 145.446144][ T7413] netlink: 28 bytes leftover after parsing attributes in process `syz.3.481'. [ 145.561993][ T7419] team0: entered promiscuous mode [ 145.594518][ T7419] team_slave_0: entered promiscuous mode [ 145.614320][ T7419] team_slave_1: entered promiscuous mode [ 145.640685][ T7419] bond0: entered promiscuous mode [ 145.658983][ T7419] bond0: left promiscuous mode [ 145.693452][ T7419] team0: left promiscuous mode [ 145.699919][ T7419] team_slave_0: left promiscuous mode [ 145.726688][ T7419] team_slave_1: left promiscuous mode [ 146.132341][ T7446] netlink: 'syz.2.490': attribute type 10 has an invalid length. [ 146.348471][ T7452] FAULT_INJECTION: forcing a failure. [ 146.348471][ T7452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.415268][ T7452] CPU: 0 UID: 0 PID: 7452 Comm: syz.3.494 Not tainted syzkaller #0 PREEMPT(full) [ 146.415296][ T7452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.415308][ T7452] Call Trace: [ 146.415316][ T7452] [ 146.415324][ T7452] dump_stack_lvl+0xe8/0x150 [ 146.415496][ T7452] should_fail_ex+0x412/0x560 [ 146.415525][ T7452] _copy_from_user+0x2d/0xb0 [ 146.415555][ T7452] generic_map_update_batch+0x69a/0x990 [ 146.415593][ T7452] ? __pfx_generic_map_update_batch+0x10/0x10 [ 146.415619][ T7452] ? __fget_files+0x2a/0x420 [ 146.415655][ T7452] ? __pfx_generic_map_update_batch+0x10/0x10 [ 146.415680][ T7452] bpf_map_do_batch+0x39b/0x630 [ 146.415791][ T7452] __sys_bpf+0x7c1/0x950 [ 146.415847][ T7452] ? __pfx___sys_bpf+0x10/0x10 [ 146.415896][ T7452] ? ksys_write+0x242/0x270 [ 146.415932][ T7452] ? __pfx_ksys_write+0x10/0x10 [ 146.415962][ T7452] __x64_sys_bpf+0x7c/0x90 [ 146.415995][ T7452] do_syscall_64+0x14d/0xf80 [ 146.416025][ T7452] ? trace_irq_disable+0x3b/0x150 [ 146.416061][ T7452] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.416083][ T7452] ? clear_bhb_loop+0x40/0x90 [ 146.416109][ T7452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.416131][ T7452] RIP: 0033:0x7f6b6f19c629 [ 146.416152][ T7452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.416170][ T7452] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 146.416192][ T7452] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 146.416207][ T7452] RDX: 0000000000000038 RSI: 0000200000000040 RDI: 000000000000001a [ 146.416221][ T7452] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 146.416234][ T7452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 146.416246][ T7452] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 146.416281][ T7452] [ 146.700666][ T7462] __nla_validate_parse: 3 callbacks suppressed [ 146.700723][ T7462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.498'. [ 146.723064][ T5833] Bluetooth: hci4: link tx timeout [ 146.735150][ T5833] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 146.951430][ T7472] FAULT_INJECTION: forcing a failure. [ 146.951430][ T7472] name failslab, interval 1, probability 0, space 0, times 0 [ 146.993111][ T7472] CPU: 1 UID: 0 PID: 7472 Comm: syz.1.503 Not tainted syzkaller #0 PREEMPT(full) [ 146.993140][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.993152][ T7472] Call Trace: [ 146.993161][ T7472] [ 146.993170][ T7472] dump_stack_lvl+0xe8/0x150 [ 146.993205][ T7472] should_fail_ex+0x412/0x560 [ 146.993237][ T7472] should_failslab+0xa8/0x100 [ 146.993270][ T7472] __kmalloc_cache_noprof+0x88/0x660 [ 146.993291][ T7472] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 146.993315][ T7472] ? sctp_v6_cmp_addr+0x15/0xd0 [ 146.993339][ T7472] ? sctp_add_bind_addr+0x8c/0x370 [ 146.993370][ T7472] sctp_add_bind_addr+0x8c/0x370 [ 146.993400][ T7472] sctp_copy_local_addr_list+0x314/0x4f0 [ 146.993430][ T7472] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 146.993456][ T7472] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 146.993483][ T7472] ? sctp_v6_is_any+0x64/0x80 [ 146.993511][ T7472] ? sctp_copy_one_addr+0x93/0x360 [ 146.993539][ T7472] sctp_bind_addr_copy+0xb3/0x3c0 [ 146.993565][ T7472] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 146.993615][ T7472] sctp_connect_new_asoc+0x2ff/0x6b0 [ 146.993649][ T7472] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 146.993687][ T7472] ? __local_bh_enable_ip+0xd0/0x130 [ 146.993711][ T7472] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 146.993735][ T7472] ? security_sctp_bind_connect+0x7e/0x2c0 [ 146.993772][ T7472] sctp_sendmsg+0x1528/0x2c10 [ 146.993817][ T7472] ? __pfx_sctp_sendmsg+0x10/0x10 [ 146.993844][ T7472] ? aa_sk_perm+0x15a/0x960 [ 146.993868][ T7472] ? aa_sk_perm+0x82d/0x960 [ 146.993899][ T7472] ? __pfx_aa_sk_perm+0x10/0x10 [ 146.993924][ T7472] ? sock_rps_record_flow+0x19/0x400 [ 146.993958][ T7472] ? inet_sendmsg+0x2f4/0x370 [ 146.993991][ T7472] __sys_sendto+0x627/0x7a0 [ 146.994027][ T7472] ? __pfx___sys_sendto+0x10/0x10 [ 146.994051][ T7472] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 146.994097][ T7472] ? __fget_files+0x3a0/0x420 [ 146.994138][ T7472] ? ksys_write+0x242/0x270 [ 146.994161][ T7472] ? __pfx_ksys_write+0x10/0x10 [ 146.994188][ T7472] __x64_sys_sendto+0xde/0x100 [ 146.994219][ T7472] do_syscall_64+0x14d/0xf80 [ 146.994248][ T7472] ? trace_irq_disable+0x3b/0x150 [ 146.994274][ T7472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.994294][ T7472] ? clear_bhb_loop+0x40/0x90 [ 146.994319][ T7472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.994339][ T7472] RIP: 0033:0x7fdfaa79c629 [ 146.994358][ T7472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.994375][ T7472] RSP: 002b:00007fdfab744028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 146.994396][ T7472] RAX: ffffffffffffffda RBX: 00007fdfaaa15fa0 RCX: 00007fdfaa79c629 [ 146.994410][ T7472] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 146.994422][ T7472] RBP: 00007fdfab744090 R08: 0000200000000080 R09: 000000000000001c [ 146.994435][ T7472] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 146.994446][ T7472] R13: 00007fdfaaa16038 R14: 00007fdfaaa15fa0 R15: 00007ffc8f1f57a8 [ 146.994481][ T7472] [ 147.471770][ T7483] netlink: 'syz.1.507': attribute type 1 has an invalid length. [ 147.485120][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.507'. [ 147.504642][ T7483] netlink: 'syz.1.507': attribute type 1 has an invalid length. [ 147.676477][ T7488] netlink: 160 bytes leftover after parsing attributes in process `syz.4.508'. [ 147.700874][ T7493] netlink: 8 bytes leftover after parsing attributes in process `syz.1.511'. [ 147.716967][ T7488] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 147.796756][ T7493] erspan0: entered promiscuous mode [ 147.964586][ T7504] openvswitch: netlink: Message has 8 unknown bytes. [ 148.123212][ T7506] netlink: 24 bytes leftover after parsing attributes in process `syz.3.514'. [ 148.146422][ T7516] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 148.767667][ T5825] Bluetooth: hci4: command 0x0405 tx timeout [ 148.924671][ T7555] netlink: 28 bytes leftover after parsing attributes in process `syz.2.527'. [ 148.982566][ T7555] netlink: 28 bytes leftover after parsing attributes in process `syz.2.527'. [ 149.108198][ T7555] bond0: entered promiscuous mode [ 149.113314][ T7555] bond_slave_0: entered promiscuous mode [ 149.166511][ T7555] bond_slave_1: entered promiscuous mode [ 149.172509][ T7562] netlink: 80 bytes leftover after parsing attributes in process `syz.3.530'. [ 149.238676][ T7555] bond0: left promiscuous mode [ 149.256528][ T7555] bond_slave_0: left promiscuous mode [ 149.262229][ T7555] bond_slave_1: left promiscuous mode [ 149.543167][ T7574] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.558716][ T7574] netlink: 104 bytes leftover after parsing attributes in process `syz.0.533'. [ 149.578291][ T7576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.534'. [ 149.623939][ T7578] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.186320][ T7605] IPv6: addrconf: prefix option has invalid lifetime [ 150.333463][ T7611] tc_dump_action: action bad kind [ 150.786472][ T7636] netlink: 'syz.1.555': attribute type 23 has an invalid length. [ 151.067997][ T7648] FAULT_INJECTION: forcing a failure. [ 151.067997][ T7648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.125407][ T7648] CPU: 0 UID: 0 PID: 7648 Comm: syz.0.557 Not tainted syzkaller #0 PREEMPT(full) [ 151.125437][ T7648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 151.125450][ T7648] Call Trace: [ 151.125459][ T7648] [ 151.125468][ T7648] dump_stack_lvl+0xe8/0x150 [ 151.125503][ T7648] should_fail_ex+0x412/0x560 [ 151.125532][ T7648] _copy_to_user+0x31/0xb0 [ 151.125574][ T7648] simple_read_from_buffer+0xe1/0x170 [ 151.125608][ T7648] proc_fail_nth_read+0x1bb/0x230 [ 151.125640][ T7648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 151.125671][ T7648] ? rw_verify_area+0x2a6/0x4d0 [ 151.125690][ T7648] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 151.125720][ T7648] vfs_read+0x20c/0xa70 [ 151.125738][ T7648] ? fdget_pos+0x246/0x320 [ 151.125772][ T7648] ? __pfx___mutex_lock+0x10/0x10 [ 151.125805][ T7648] ? __pfx_vfs_read+0x10/0x10 [ 151.125827][ T7648] ? __fget_files+0x2a/0x420 [ 151.125859][ T7648] ? __fget_files+0x3a0/0x420 [ 151.125886][ T7648] ? __fget_files+0x2a/0x420 [ 151.125924][ T7648] ksys_read+0x150/0x270 [ 151.125947][ T7648] ? __pfx_ksys_read+0x10/0x10 [ 151.125982][ T7648] do_syscall_64+0x14d/0xf80 [ 151.126010][ T7648] ? trace_irq_disable+0x3b/0x150 [ 151.126039][ T7648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.126060][ T7648] ? clear_bhb_loop+0x40/0x90 [ 151.126086][ T7648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.126107][ T7648] RIP: 0033:0x7efe3ed5cece [ 151.126126][ T7648] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 151.126143][ T7648] RSP: 002b:00007efe3fc25fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 151.126164][ T7648] RAX: ffffffffffffffda RBX: 00007efe3fc266c0 RCX: 00007efe3ed5cece [ 151.126179][ T7648] RDX: 000000000000000f RSI: 00007efe3fc260a0 RDI: 0000000000000005 [ 151.126191][ T7648] RBP: 00007efe3fc26090 R08: 0000000000000000 R09: 0000000000000000 [ 151.126202][ T7648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.126213][ T7648] R13: 00007efe3f016128 R14: 00007efe3f016090 R15: 00007ffcd0d6e5f8 [ 151.126247][ T7648] [ 151.835645][ T7636] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.026458][ T7654] __nla_validate_parse: 7 callbacks suppressed [ 152.026494][ T7654] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.559'. [ 152.629429][ T7636] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.071487][ T7636] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.193438][ T7689] netlink: 20 bytes leftover after parsing attributes in process `syz.2.570'. [ 153.625286][ T7636] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.094572][ T7703] bridge2: entered promiscuous mode [ 154.149335][ T7703] bridge2: entered allmulticast mode [ 154.904990][ T35] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.255715][ T227] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.448577][ T227] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.457555][ T7732] x_tables: ip_tables: l2tp.0 match: invalid size 16 (kernel) != (user) 88 [ 155.506629][ T227] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.057073][ T7744] dummy0: entered promiscuous mode [ 156.089468][ T7744] vlan2: entered promiscuous mode [ 156.246393][ T7749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.586'. [ 156.747636][ T7761] netlink: 'syz.4.590': attribute type 9 has an invalid length. [ 156.983205][ T7769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.593'. [ 157.113747][ T7769] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 157.749131][ T7784] netlink: 'syz.0.595': attribute type 4 has an invalid length. [ 157.792398][ T7781] netlink: 'syz.0.595': attribute type 4 has an invalid length. [ 158.118273][ T7790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.599'. [ 158.322158][ T7795] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 158.393023][ T7795] pim6reg1: linktype set to 805 [ 158.609799][ T7801] FAULT_INJECTION: forcing a failure. [ 158.609799][ T7801] name failslab, interval 1, probability 0, space 0, times 0 [ 158.663535][ T7801] CPU: 0 UID: 0 PID: 7801 Comm: syz.2.604 Not tainted syzkaller #0 PREEMPT(full) [ 158.663566][ T7801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 158.663578][ T7801] Call Trace: [ 158.663587][ T7801] [ 158.663596][ T7801] dump_stack_lvl+0xe8/0x150 [ 158.663631][ T7801] should_fail_ex+0x412/0x560 [ 158.663661][ T7801] should_failslab+0xa8/0x100 [ 158.663688][ T7801] __kmalloc_noprof+0xe8/0x760 [ 158.663711][ T7801] ? tomoyo_encode+0x28b/0x550 [ 158.663742][ T7801] tomoyo_encode+0x28b/0x550 [ 158.663775][ T7801] tomoyo_realpath_from_path+0x58d/0x5d0 [ 158.663821][ T7801] ? tomoyo_path_number_perm+0x219/0x630 [ 158.663842][ T7801] tomoyo_path_number_perm+0x246/0x630 [ 158.663867][ T7801] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 158.663892][ T7801] ? __lock_acquire+0x6b5/0x2cf0 [ 158.663930][ T7801] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 158.663983][ T7801] ? __fget_files+0x2a/0x420 [ 158.664016][ T7801] ? __fget_files+0x2a/0x420 [ 158.664043][ T7801] ? __fget_files+0x3a0/0x420 [ 158.664070][ T7801] ? __fget_files+0x2a/0x420 [ 158.664103][ T7801] security_file_ioctl+0xc3/0x2a0 [ 158.664138][ T7801] __se_sys_ioctl+0x47/0x170 [ 158.664164][ T7801] do_syscall_64+0x14d/0xf80 [ 158.664193][ T7801] ? trace_irq_disable+0x3b/0x150 [ 158.664222][ T7801] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.664243][ T7801] ? clear_bhb_loop+0x40/0x90 [ 158.664268][ T7801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.664289][ T7801] RIP: 0033:0x7f8aa419c629 [ 158.664308][ T7801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.664325][ T7801] RSP: 002b:00007f8aa502c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.664347][ T7801] RAX: ffffffffffffffda RBX: 00007f8aa4415fa0 RCX: 00007f8aa419c629 [ 158.664361][ T7801] RDX: 0000200000000080 RSI: 0000000000008b20 RDI: 0000000000000004 [ 158.664374][ T7801] RBP: 00007f8aa502c090 R08: 0000000000000000 R09: 0000000000000000 [ 158.664385][ T7801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.664397][ T7801] R13: 00007f8aa4416038 R14: 00007f8aa4415fa0 R15: 00007fffdd1b5ff8 [ 158.664430][ T7801] [ 158.664468][ T7801] ERROR: Out of memory at tomoyo_realpath_from_path. [ 158.948559][ T7803] team0: Device gtp0 is of different type [ 159.227719][ T7808] FAULT_INJECTION: forcing a failure. [ 159.227719][ T7808] name failslab, interval 1, probability 0, space 0, times 0 [ 159.240474][ T7808] CPU: 0 UID: 0 PID: 7808 Comm: syz.1.606 Not tainted syzkaller #0 PREEMPT(full) [ 159.240503][ T7808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.240516][ T7808] Call Trace: [ 159.240524][ T7808] [ 159.240534][ T7808] dump_stack_lvl+0xe8/0x150 [ 159.240568][ T7808] should_fail_ex+0x412/0x560 [ 159.240598][ T7808] should_failslab+0xa8/0x100 [ 159.240626][ T7808] kmem_cache_alloc_bulk_noprof+0x8d/0x7e0 [ 159.240650][ T7808] ? pfn_valid+0x125/0x4c0 [ 159.240685][ T7808] bpf_test_run_xdp_live+0x179c/0x1cf0 [ 159.240732][ T7808] ? bpf_test_run_xdp_live+0x438/0x1cf0 [ 159.240768][ T7808] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 159.240815][ T7808] ? 0xffffffffa020180c [ 159.240863][ T7808] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 159.240901][ T7808] ? _copy_from_user+0x94/0xb0 [ 159.240930][ T7808] ? bpf_test_init+0x113/0x150 [ 159.240950][ T7808] ? xdp_convert_md_to_buff+0x5b/0x330 [ 159.240977][ T7808] bpf_prog_test_run_xdp+0x81c/0x1160 [ 159.241019][ T7808] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 159.241049][ T7808] ? __fget_files+0x2a/0x420 [ 159.241083][ T7808] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 159.241109][ T7808] bpf_prog_test_run+0x2c7/0x340 [ 159.241134][ T7808] __sys_bpf+0x643/0x950 [ 159.241167][ T7808] ? __pfx___sys_bpf+0x10/0x10 [ 159.241215][ T7808] ? ksys_write+0x242/0x270 [ 159.241238][ T7808] ? __pfx_ksys_write+0x10/0x10 [ 159.241267][ T7808] __x64_sys_bpf+0x7c/0x90 [ 159.241296][ T7808] do_syscall_64+0x14d/0xf80 [ 159.241327][ T7808] ? trace_irq_disable+0x3b/0x150 [ 159.241355][ T7808] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.241376][ T7808] ? clear_bhb_loop+0x40/0x90 [ 159.241401][ T7808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.241422][ T7808] RIP: 0033:0x7fdfaa79c629 [ 159.241449][ T7808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.241465][ T7808] RSP: 002b:00007fdfab744028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 159.241487][ T7808] RAX: ffffffffffffffda RBX: 00007fdfaaa15fa0 RCX: 00007fdfaa79c629 [ 159.241501][ T7808] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 159.241513][ T7808] RBP: 00007fdfab744090 R08: 0000000000000000 R09: 0000000000000000 [ 159.241525][ T7808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 159.241536][ T7808] R13: 00007fdfaaa16038 R14: 00007fdfaaa15fa0 R15: 00007ffc8f1f57a8 [ 159.241569][ T7808] [ 160.916367][ T7846] FAULT_INJECTION: forcing a failure. [ 160.916367][ T7846] name failslab, interval 1, probability 0, space 0, times 0 [ 161.017386][ T7846] CPU: 0 UID: 0 PID: 7846 Comm: syz.3.620 Not tainted syzkaller #0 PREEMPT(full) [ 161.017415][ T7846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.017428][ T7846] Call Trace: [ 161.017436][ T7846] [ 161.017445][ T7846] dump_stack_lvl+0xe8/0x150 [ 161.017479][ T7846] should_fail_ex+0x412/0x560 [ 161.017509][ T7846] should_failslab+0xa8/0x100 [ 161.017534][ T7846] ? skb_clone+0x212/0x3a0 [ 161.017563][ T7846] kmem_cache_alloc_noprof+0x87/0x650 [ 161.017595][ T7846] ? __netlink_lookup+0xc6/0x8b0 [ 161.017627][ T7846] skb_clone+0x212/0x3a0 [ 161.017662][ T7846] __netlink_deliver_tap+0x404/0x850 [ 161.017699][ T7846] ? netlink_deliver_tap+0x2e/0x1b0 [ 161.017726][ T7846] netlink_deliver_tap+0x19c/0x1b0 [ 161.017751][ T7846] netlink_unicast+0x7e3/0x9b0 [ 161.017782][ T7846] ? __pfx_netlink_unicast+0x10/0x10 [ 161.017805][ T7846] ? netlink_sendmsg+0x650/0xb40 [ 161.017828][ T7846] ? skb_put+0x11b/0x210 [ 161.017859][ T7846] netlink_sendmsg+0x813/0xb40 [ 161.017894][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.017922][ T7846] ? aa_sock_msg_perm+0xf1/0x1b0 [ 161.017949][ T7846] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 161.017972][ T7846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.017995][ T7846] ____sys_sendmsg+0xa68/0xad0 [ 161.018035][ T7846] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.018075][ T7846] ? import_iovec+0x73/0xa0 [ 161.018107][ T7846] ___sys_sendmsg+0x2a5/0x360 [ 161.018143][ T7846] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.018211][ T7846] ? __fget_files+0x2a/0x420 [ 161.018246][ T7846] ? __fget_files+0x3a0/0x420 [ 161.018285][ T7846] __x64_sys_sendmsg+0x1bd/0x2a0 [ 161.018319][ T7846] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 161.018360][ T7846] ? __pfx_ksys_write+0x10/0x10 [ 161.018393][ T7846] do_syscall_64+0x14d/0xf80 [ 161.018423][ T7846] ? trace_irq_disable+0x3b/0x150 [ 161.018452][ T7846] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.018473][ T7846] ? clear_bhb_loop+0x40/0x90 [ 161.018499][ T7846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.018520][ T7846] RIP: 0033:0x7f6b6f19c629 [ 161.018540][ T7846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.018556][ T7846] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.018578][ T7846] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 161.018592][ T7846] RDX: 0000000004004000 RSI: 0000200000000240 RDI: 0000000000000003 [ 161.018605][ T7846] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 161.018618][ T7846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.018629][ T7846] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 161.018663][ T7846] [ 161.461776][ T7848] bond1: option tlb_dynamic_lb: invalid value (5) [ 161.505677][ T7848] bond1 (unregistering): Released all slaves [ 161.579247][ T7850] ipvlan2: entered promiscuous mode [ 161.586121][ T7850] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 162.251049][ T7866] netlink: 28 bytes leftover after parsing attributes in process `syz.2.630'. [ 162.291266][ T7866] netlink: 28 bytes leftover after parsing attributes in process `syz.2.630'. [ 162.843346][ T7881] netlink: 'syz.2.634': attribute type 1 has an invalid length. [ 163.109244][ T7881] bond3: entered promiscuous mode [ 163.124826][ T7881] 8021q: adding VLAN 0 to HW filter on device bond3 [ 163.237611][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 163.280579][ T7887] bond3: (slave bridge3): making interface the new active one [ 163.308501][ T7887] bridge3: entered promiscuous mode [ 163.333713][ T7887] bond3: (slave bridge3): Enslaving as an active interface with an up link [ 163.483931][ T7896] netlink: 28 bytes leftover after parsing attributes in process `syz.3.637'. [ 163.554249][ T7896] netlink: 28 bytes leftover after parsing attributes in process `syz.3.637'. [ 163.659999][ T7896] team0: entered promiscuous mode [ 163.709903][ T7896] team_slave_0: entered promiscuous mode [ 163.760152][ T7896] team_slave_1: entered promiscuous mode [ 163.842330][ T7896] bond0: entered promiscuous mode [ 163.884798][ T7896] bond_slave_0: entered promiscuous mode [ 163.903759][ T7896] bond_slave_1: entered promiscuous mode [ 163.946735][ T7896] 8021q: adding VLAN 0 to HW filter on device hsr2 [ 164.329951][ T7923] FAULT_INJECTION: forcing a failure. [ 164.329951][ T7923] name failslab, interval 1, probability 0, space 0, times 0 [ 164.380699][ T7923] CPU: 0 UID: 0 PID: 7923 Comm: syz.3.643 Not tainted syzkaller #0 PREEMPT(full) [ 164.380728][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 164.380740][ T7923] Call Trace: [ 164.380749][ T7923] [ 164.380757][ T7923] dump_stack_lvl+0xe8/0x150 [ 164.380793][ T7923] should_fail_ex+0x412/0x560 [ 164.380823][ T7923] should_failslab+0xa8/0x100 [ 164.380851][ T7923] __kmalloc_cache_noprof+0x88/0x660 [ 164.380872][ T7923] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 164.380900][ T7923] ? sctp_add_bind_addr+0x8c/0x370 [ 164.380930][ T7923] sctp_add_bind_addr+0x8c/0x370 [ 164.380961][ T7923] sctp_copy_local_addr_list+0x314/0x4f0 [ 164.380991][ T7923] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 164.381017][ T7923] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 164.381044][ T7923] ? sctp_v6_is_any+0x64/0x80 [ 164.381071][ T7923] ? sctp_copy_one_addr+0x93/0x360 [ 164.381100][ T7923] sctp_bind_addr_copy+0xb3/0x3c0 [ 164.381137][ T7923] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 164.381163][ T7923] sctp_connect_new_asoc+0x2ff/0x6b0 [ 164.381198][ T7923] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 164.381236][ T7923] ? __local_bh_enable_ip+0xd0/0x130 [ 164.381261][ T7923] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 164.381284][ T7923] ? security_sctp_bind_connect+0x7e/0x2c0 [ 164.381320][ T7923] sctp_sendmsg+0x1528/0x2c10 [ 164.381365][ T7923] ? __pfx_sctp_sendmsg+0x10/0x10 [ 164.381393][ T7923] ? aa_sk_perm+0x15a/0x960 [ 164.381418][ T7923] ? aa_sk_perm+0x82d/0x960 [ 164.381448][ T7923] ? __pfx_aa_sk_perm+0x10/0x10 [ 164.381474][ T7923] ? sock_rps_record_flow+0x19/0x400 [ 164.381509][ T7923] ? inet_sendmsg+0x2f4/0x370 [ 164.381543][ T7923] __sys_sendto+0x627/0x7a0 [ 164.381574][ T7923] ? __pfx___sys_sendto+0x10/0x10 [ 164.381599][ T7923] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 164.381644][ T7923] ? __fget_files+0x3a0/0x420 [ 164.381685][ T7923] ? ksys_write+0x242/0x270 [ 164.381708][ T7923] ? __pfx_ksys_write+0x10/0x10 [ 164.381740][ T7923] __x64_sys_sendto+0xde/0x100 [ 164.381772][ T7923] do_syscall_64+0x14d/0xf80 [ 164.381802][ T7923] ? trace_irq_disable+0x3b/0x150 [ 164.381831][ T7923] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.381852][ T7923] ? clear_bhb_loop+0x40/0x90 [ 164.381878][ T7923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.381899][ T7923] RIP: 0033:0x7f6b6f19c629 [ 164.381919][ T7923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.381936][ T7923] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 164.381957][ T7923] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 164.381972][ T7923] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 164.381985][ T7923] RBP: 00007f6b70054090 R08: 0000200000000140 R09: 000000000000001c [ 164.381998][ T7923] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 164.382010][ T7923] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 164.382044][ T7923] [ 165.127273][ T7932] netlink: 'syz.2.646': attribute type 4 has an invalid length. [ 165.225005][ T7932] netlink: 'syz.2.646': attribute type 4 has an invalid length. [ 165.905217][ T7949] netlink: 'syz.1.651': attribute type 2 has an invalid length. [ 165.968757][ T7949] netlink: 14 bytes leftover after parsing attributes in process `syz.1.651'. [ 166.156009][ C1] sched: DL replenish lagged too much [ 166.408204][ T7950] netlink: 24 bytes leftover after parsing attributes in process `syz.4.652'. [ 166.437543][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 168.276651][ T7996] netlink: 4 bytes leftover after parsing attributes in process `syz.2.666'. [ 168.692733][ T8006] FAULT_INJECTION: forcing a failure. [ 168.692733][ T8006] name failslab, interval 1, probability 0, space 0, times 0 [ 168.898985][ T8006] CPU: 0 UID: 0 PID: 8006 Comm: syz.4.669 Not tainted syzkaller #0 PREEMPT(full) [ 168.899016][ T8006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 168.899029][ T8006] Call Trace: [ 168.899037][ T8006] [ 168.899047][ T8006] dump_stack_lvl+0xe8/0x150 [ 168.899082][ T8006] should_fail_ex+0x412/0x560 [ 168.899113][ T8006] should_failslab+0xa8/0x100 [ 168.899141][ T8006] __kmalloc_cache_noprof+0x88/0x660 [ 168.899165][ T8006] ? sctp_add_bind_addr+0x8c/0x370 [ 168.899197][ T8006] sctp_add_bind_addr+0x8c/0x370 [ 168.899227][ T8006] sctp_copy_local_addr_list+0x314/0x4f0 [ 168.899257][ T8006] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 168.899283][ T8006] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 168.899313][ T8006] ? sctp_v4_is_any+0x35/0x60 [ 168.899338][ T8006] ? sctp_copy_one_addr+0x93/0x360 [ 168.899367][ T8006] sctp_bind_addr_copy+0xb3/0x3c0 [ 168.899404][ T8006] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 168.899430][ T8006] sctp_connect_new_asoc+0x2ff/0x6b0 [ 168.899465][ T8006] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 168.899503][ T8006] ? __local_bh_enable_ip+0xd0/0x130 [ 168.899528][ T8006] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 168.899552][ T8006] ? security_sctp_bind_connect+0x7e/0x2c0 [ 168.899587][ T8006] sctp_sendmsg+0x1528/0x2c10 [ 168.899632][ T8006] ? __pfx_sctp_sendmsg+0x10/0x10 [ 168.899661][ T8006] ? aa_sk_perm+0x15a/0x960 [ 168.899686][ T8006] ? aa_sk_perm+0x82d/0x960 [ 168.899716][ T8006] ? __pfx_aa_sk_perm+0x10/0x10 [ 168.899742][ T8006] ? sock_rps_record_flow+0x19/0x400 [ 168.899776][ T8006] ? inet_sendmsg+0x2f4/0x370 [ 168.899811][ T8006] ____sys_sendmsg+0x894/0xad0 [ 168.899852][ T8006] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.899892][ T8006] ? import_iovec+0x73/0xa0 [ 168.899926][ T8006] ___sys_sendmsg+0x2a5/0x360 [ 168.899962][ T8006] ? __pfx____sys_sendmsg+0x10/0x10 [ 168.900037][ T8006] ? __fget_files+0x2a/0x420 [ 168.900066][ T8006] ? __fget_files+0x3a0/0x420 [ 168.900107][ T8006] __x64_sys_sendmsg+0x1bd/0x2a0 [ 168.900141][ T8006] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 168.900182][ T8006] ? __pfx_ksys_write+0x10/0x10 [ 168.900217][ T8006] do_syscall_64+0x14d/0xf80 [ 168.900247][ T8006] ? trace_irq_disable+0x3b/0x150 [ 168.900276][ T8006] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.900297][ T8006] ? clear_bhb_loop+0x40/0x90 [ 168.900323][ T8006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.900343][ T8006] RIP: 0033:0x7f141a99c629 [ 168.900363][ T8006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.900386][ T8006] RSP: 002b:00007f141b942028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.900409][ T8006] RAX: ffffffffffffffda RBX: 00007f141ac15fa0 RCX: 00007f141a99c629 [ 168.900423][ T8006] RDX: 000000002c0408d0 RSI: 0000200000000400 RDI: 0000000000000009 [ 168.900436][ T8006] RBP: 00007f141b942090 R08: 0000000000000000 R09: 0000000000000000 [ 168.900449][ T8006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 168.900460][ T8006] R13: 00007f141ac16038 R14: 00007f141ac15fa0 R15: 00007ffe07c172c8 [ 168.900495][ T8006] [ 169.503893][ T8005] netlink: 24 bytes leftover after parsing attributes in process `syz.3.668'. [ 169.587384][ T8020] netlink: 'syz.0.672': attribute type 4 has an invalid length. [ 170.188878][ T8035] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.676'. [ 170.199034][ T8035] netlink: Unknown conntrack attr (type=2304, max=9) [ 170.567396][ T8039] netlink: 28 bytes leftover after parsing attributes in process `syz.3.677'. [ 170.630077][ T8039] netlink: 28 bytes leftover after parsing attributes in process `syz.3.677'. [ 170.737700][ T8039] dummy0: entered promiscuous mode [ 170.779119][ T8039] dummy0: left promiscuous mode [ 171.044789][ T8044] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.679'. [ 171.177634][ T8048] FAULT_INJECTION: forcing a failure. [ 171.177634][ T8048] name failslab, interval 1, probability 0, space 0, times 0 [ 171.255014][ T8048] CPU: 0 UID: 0 PID: 8048 Comm: syz.2.680 Not tainted syzkaller #0 PREEMPT(full) [ 171.255043][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 171.255056][ T8048] Call Trace: [ 171.255064][ T8048] [ 171.255072][ T8048] dump_stack_lvl+0xe8/0x150 [ 171.255108][ T8048] should_fail_ex+0x412/0x560 [ 171.255138][ T8048] should_failslab+0xa8/0x100 [ 171.255185][ T8048] __kvmalloc_node_noprof+0x178/0x8a0 [ 171.255209][ T8048] ? xt_alloc_table_info+0x40/0xb0 [ 171.255250][ T8048] xt_alloc_table_info+0x40/0xb0 [ 171.255284][ T8048] do_ipt_set_ctl+0x903/0xe00 [ 171.255309][ T8048] ? rcu_is_watching+0x15/0xb0 [ 171.255339][ T8048] ? trace_contention_end+0x3d/0x150 [ 171.255371][ T8048] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 171.255412][ T8048] ? __pfx___mutex_lock+0x10/0x10 [ 171.255445][ T8048] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 171.255484][ T8048] ? __pfx_aa_sk_perm+0x10/0x10 [ 171.255512][ T8048] nf_setsockopt+0x26f/0x290 [ 171.255545][ T8048] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 171.255571][ T8048] do_sock_setsockopt+0x17c/0x1b0 [ 171.255604][ T8048] __x64_sys_setsockopt+0x13d/0x1b0 [ 171.255638][ T8048] do_syscall_64+0x14d/0xf80 [ 171.255668][ T8048] ? trace_irq_disable+0x3b/0x150 [ 171.255697][ T8048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.255718][ T8048] ? clear_bhb_loop+0x40/0x90 [ 171.255743][ T8048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.255763][ T8048] RIP: 0033:0x7f8aa419c629 [ 171.255783][ T8048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.255799][ T8048] RSP: 002b:00007f8aa502c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 171.255821][ T8048] RAX: ffffffffffffffda RBX: 00007f8aa4415fa0 RCX: 00007f8aa419c629 [ 171.255836][ T8048] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 171.255849][ T8048] RBP: 00007f8aa502c090 R08: 00000000000002e0 R09: 0000000000000000 [ 171.255861][ T8048] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 171.255873][ T8048] R13: 00007f8aa4416038 R14: 00007f8aa4415fa0 R15: 00007fffdd1b5ff8 [ 171.255906][ T8048] [ 171.478164][ T8052] netlink: 72 bytes leftover after parsing attributes in process `syz.0.682'. [ 171.550309][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.682'. [ 172.117852][ T8067] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.688'. [ 172.176356][ T8067] netlink: Unknown conntrack attr (type=2304, max=9) [ 172.451951][ T8065] netlink: 24 bytes leftover after parsing attributes in process `syz.2.687'. [ 172.684564][ T8081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.692'. [ 174.973364][ T8119] 8021q: VLANs not supported on ipvlan1 [ 174.994349][ T8118] __nla_validate_parse: 2 callbacks suppressed [ 174.994371][ T8118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'. [ 175.221398][ T8138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'. [ 175.240483][ T8139] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 175.279577][ T8139] x_tables: ip_tables: CT.0 target: invalid size 40 (kernel) != (user) 0 [ 175.464204][ T8123] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.721450][ T8144] netlink: 996 bytes leftover after parsing attributes in process `syz.2.708'. [ 175.852736][ T8138] hsr_slave_1 (unregistering): left promiscuous mode [ 175.987458][ T8149] netlink: 24 bytes leftover after parsing attributes in process `syz.0.709'. [ 176.049112][ T8123] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.469155][ T8123] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.929398][ T8123] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.976452][ T8165] netlink: 104 bytes leftover after parsing attributes in process `syz.2.714'. [ 177.181396][ T8164] pimreg3: entered allmulticast mode [ 177.373535][ T8160] pimreg3: left allmulticast mode [ 177.470935][ T8168] netlink: 12 bytes leftover after parsing attributes in process `syz.2.715'. [ 177.545841][ T8168] vlan2: entered promiscuous mode [ 177.564520][ T8168] bond0: entered promiscuous mode [ 177.604815][ T8168] bond_slave_0: entered promiscuous mode [ 177.632918][ T8168] bond_slave_1: entered promiscuous mode [ 177.801095][ T8171] netlink: 76 bytes leftover after parsing attributes in process `syz.1.716'. [ 177.880156][ T8171] netlink: 76 bytes leftover after parsing attributes in process `syz.1.716'. [ 178.120294][ T8176] FAULT_INJECTION: forcing a failure. [ 178.120294][ T8176] name failslab, interval 1, probability 0, space 0, times 0 [ 178.195046][ T8176] CPU: 1 UID: 0 PID: 8176 Comm: syz.2.717 Not tainted syzkaller #0 PREEMPT(full) [ 178.195077][ T8176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 178.195090][ T8176] Call Trace: [ 178.195098][ T8176] [ 178.195107][ T8176] dump_stack_lvl+0xe8/0x150 [ 178.195142][ T8176] should_fail_ex+0x412/0x560 [ 178.195171][ T8176] should_failslab+0xa8/0x100 [ 178.195196][ T8176] ? skb_clone+0x212/0x3a0 [ 178.195227][ T8176] kmem_cache_alloc_noprof+0x87/0x650 [ 178.195259][ T8176] ? __netlink_lookup+0xc6/0x8b0 [ 178.195293][ T8176] skb_clone+0x212/0x3a0 [ 178.195327][ T8176] __netlink_deliver_tap+0x404/0x850 [ 178.195365][ T8176] ? netlink_deliver_tap+0x2e/0x1b0 [ 178.195391][ T8176] netlink_deliver_tap+0x19c/0x1b0 [ 178.195417][ T8176] netlink_unicast+0x7e3/0x9b0 [ 178.195447][ T8176] ? __pfx_netlink_unicast+0x10/0x10 [ 178.195471][ T8176] ? netlink_sendmsg+0x650/0xb40 [ 178.195494][ T8176] ? skb_put+0x11b/0x210 [ 178.195525][ T8176] netlink_sendmsg+0x813/0xb40 [ 178.195560][ T8176] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.195589][ T8176] ? aa_sock_msg_perm+0xf1/0x1b0 [ 178.195621][ T8176] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 178.195646][ T8176] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.195669][ T8176] ____sys_sendmsg+0xa68/0xad0 [ 178.195709][ T8176] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.195748][ T8176] ? import_iovec+0x73/0xa0 [ 178.195780][ T8176] ___sys_sendmsg+0x2a5/0x360 [ 178.195816][ T8176] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.195884][ T8176] ? __fget_files+0x2a/0x420 [ 178.195912][ T8176] ? __fget_files+0x3a0/0x420 [ 178.195950][ T8176] __x64_sys_sendmsg+0x1bd/0x2a0 [ 178.195986][ T8176] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 178.196026][ T8176] ? __pfx_ksys_write+0x10/0x10 [ 178.196060][ T8176] do_syscall_64+0x14d/0xf80 [ 178.196089][ T8176] ? trace_irq_disable+0x3b/0x150 [ 178.196118][ T8176] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.196139][ T8176] ? clear_bhb_loop+0x40/0x90 [ 178.196165][ T8176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.196186][ T8176] RIP: 0033:0x7f8aa419c629 [ 178.196206][ T8176] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.196222][ T8176] RSP: 002b:00007f8aa502c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.196245][ T8176] RAX: ffffffffffffffda RBX: 00007f8aa4415fa0 RCX: 00007f8aa419c629 [ 178.196260][ T8176] RDX: 0000000004004000 RSI: 0000200000000240 RDI: 0000000000000003 [ 178.196273][ T8176] RBP: 00007f8aa502c090 R08: 0000000000000000 R09: 0000000000000000 [ 178.196285][ T8176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.196296][ T8176] R13: 00007f8aa4416038 R14: 00007f8aa4415fa0 R15: 00007fffdd1b5ff8 [ 178.196331][ T8176] [ 178.874249][ T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.889781][ T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.066401][ T58] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.867285][ T8204] netlink: 996 bytes leftover after parsing attributes in process `syz.4.721'. [ 184.584612][ T8210] netlink: 'syz.3.722': attribute type 4 has an invalid length. [ 184.696457][ T151] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.004010][ T8217] netlink: 'syz.1.723': attribute type 3 has an invalid length. [ 185.134349][ T8217] netlink: 8 bytes leftover after parsing attributes in process `syz.1.723'. [ 185.171317][ T8222] FAULT_INJECTION: forcing a failure. [ 185.171317][ T8222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.241666][ T8222] CPU: 0 UID: 0 PID: 8222 Comm: syz.2.725 Not tainted syzkaller #0 PREEMPT(full) [ 185.241696][ T8222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.241710][ T8222] Call Trace: [ 185.241718][ T8222] [ 185.241727][ T8222] dump_stack_lvl+0xe8/0x150 [ 185.241768][ T8222] should_fail_ex+0x412/0x560 [ 185.241798][ T8222] _copy_from_user+0x2d/0xb0 [ 185.241829][ T8222] __sys_bpf+0x229/0x950 [ 185.241870][ T8222] ? __pfx___sys_bpf+0x10/0x10 [ 185.241917][ T8222] ? ksys_write+0x242/0x270 [ 185.241941][ T8222] ? __pfx_ksys_write+0x10/0x10 [ 185.241970][ T8222] __x64_sys_bpf+0x7c/0x90 [ 185.241999][ T8222] do_syscall_64+0x14d/0xf80 [ 185.242029][ T8222] ? trace_irq_disable+0x3b/0x150 [ 185.242058][ T8222] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.242079][ T8222] ? clear_bhb_loop+0x40/0x90 [ 185.242104][ T8222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.242125][ T8222] RIP: 0033:0x7f8aa419c629 [ 185.242144][ T8222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.242161][ T8222] RSP: 002b:00007f8aa502c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.242182][ T8222] RAX: ffffffffffffffda RBX: 00007f8aa4415fa0 RCX: 00007f8aa419c629 [ 185.242197][ T8222] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 185.242210][ T8222] RBP: 00007f8aa502c090 R08: 0000000000000000 R09: 0000000000000000 [ 185.242223][ T8222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.242234][ T8222] R13: 00007f8aa4416038 R14: 00007f8aa4415fa0 R15: 00007fffdd1b5ff8 [ 185.242268][ T8222] [ 186.468982][ T8243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.730'. [ 186.549539][ T8243] netlink: 24 bytes leftover after parsing attributes in process `syz.4.730'. [ 186.880374][ T8245] 8021q: VLANs not supported on caif0 [ 186.917497][ T8249] lo speed is unknown, defaulting to 1000 [ 186.950165][ T8251] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.734'. [ 186.990125][ T8249] lo speed is unknown, defaulting to 1000 [ 187.016384][ T8251] netlink: Unknown conntrack attr (type=2304, max=9) [ 187.069203][ T8249] lo speed is unknown, defaulting to 1000 [ 187.758074][ T8264] 8021q: VLANs not supported on caif0 [ 188.143656][ T8265] syzkaller0: entered promiscuous mode [ 188.166290][ T8265] syzkaller0: entered allmulticast mode [ 188.651031][ T8249] infiniband syz0: set active [ 188.665905][ T8249] infiniband syz0: added lo [ 188.852093][ T8249] RDS/IB: syz0: added [ 188.881590][ T8249] smc: adding ib device syz0 with port count 1 [ 188.903047][ T8249] smc: ib device syz0 port 1 has no pnetid [ 191.998662][ T10] lo speed is unknown, defaulting to 1000 [ 192.362661][ T6682] lo speed is unknown, defaulting to 1000 [ 192.429698][ T8249] lo speed is unknown, defaulting to 1000 [ 192.758911][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.748'. [ 192.841711][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.748'. [ 192.969991][ T8299] dummy0: entered promiscuous mode [ 193.011183][ T8299] team0: entered promiscuous mode [ 193.058865][ T8299] team_slave_0: entered promiscuous mode [ 193.104176][ T8299] team_slave_1: entered promiscuous mode [ 193.137645][ T8299] debugfs: 'hsr1' already exists in 'hsr' [ 193.170297][ T8299] Cannot create hsr debugfs directory [ 193.212809][ T8305] dummy0: entered promiscuous mode [ 193.248548][ T8305] vlan2: entered promiscuous mode [ 193.504189][ T8306] 8021q: VLANs not supported on caif0 [ 193.869723][ T8316] netlink: 104 bytes leftover after parsing attributes in process `syz.3.753'. [ 193.916803][ T8318] netlink: 'syz.2.754': attribute type 4 has an invalid length. [ 194.021879][ T8318] netlink: 'syz.2.754': attribute type 4 has an invalid length. [ 194.104888][ T8249] lo speed is unknown, defaulting to 1000 [ 194.328254][ T8324] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 194.438089][ T8324] batman_adv: batadv0: Adding interface: gretap1 [ 194.487918][ T8324] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 194.645575][ T8324] batman_adv: batadv0: Interface activated: gretap1 [ 195.024632][ T8338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.759'. [ 195.075056][ T8338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.759'. [ 195.101610][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.115823][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.187608][ T8338] bridge0: entered promiscuous mode [ 195.234738][ T8338] ip6gretap0: entered promiscuous mode [ 195.271043][ T8338] debugfs: 'hsr2' already exists in 'hsr' [ 195.297641][ T8338] Cannot create hsr debugfs directory [ 195.486960][ T8249] lo speed is unknown, defaulting to 1000 [ 195.671595][ T8352] dummy0: mtu less than device minimum [ 195.739186][ T8353] 8021q: VLANs not supported on caif0 [ 196.014783][ T8359] netlink: 124 bytes leftover after parsing attributes in process `syz.4.767'. [ 196.048163][ T8359] netlink: 124 bytes leftover after parsing attributes in process `syz.4.767'. [ 196.791715][ T8249] lo speed is unknown, defaulting to 1000 [ 196.840455][ T8372] netlink: 28 bytes leftover after parsing attributes in process `syz.0.773'. [ 196.882156][ T8372] netlink: 28 bytes leftover after parsing attributes in process `syz.0.773'. [ 196.940198][ T8376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.774'. [ 196.974266][ T8372] bond0: entered promiscuous mode [ 197.005802][ T8372] bond_slave_0: entered promiscuous mode [ 197.032293][ T8372] bond_slave_1: entered promiscuous mode [ 197.107461][ T8372] bond0: left promiscuous mode [ 197.113190][ T8372] bond_slave_0: left promiscuous mode [ 197.129052][ T8372] bond_slave_1: left promiscuous mode [ 197.656391][ T8383] 8021q: VLANs not supported on caif0 [ 197.998282][ T8249] lo speed is unknown, defaulting to 1000 [ 198.070580][ T8393] netlink: 'syz.2.780': attribute type 4 has an invalid length. [ 198.143617][ T8393] netlink: 'syz.2.780': attribute type 4 has an invalid length. [ 198.332678][ T8397] netlink: 'syz.4.781': attribute type 39 has an invalid length. [ 198.540432][ T8400] delete_channel: no stack [ 198.572712][ T8400] delete_channel: no stack [ 198.797641][ T8405] xt_nfacct: accounting object `syz0' does not exist [ 199.054751][ T8408] FAULT_INJECTION: forcing a failure. [ 199.054751][ T8408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.148834][ T8408] CPU: 0 UID: 0 PID: 8408 Comm: syz.3.785 Not tainted syzkaller #0 PREEMPT(full) [ 199.148865][ T8408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 199.148878][ T8408] Call Trace: [ 199.148886][ T8408] [ 199.148896][ T8408] dump_stack_lvl+0xe8/0x150 [ 199.148931][ T8408] should_fail_ex+0x412/0x560 [ 199.148961][ T8408] _copy_from_user+0x2d/0xb0 [ 199.148992][ T8408] generic_map_update_batch+0x648/0x990 [ 199.149030][ T8408] ? __pfx_generic_map_update_batch+0x10/0x10 [ 199.149057][ T8408] ? __fget_files+0x2a/0x420 [ 199.149091][ T8408] ? __pfx_generic_map_update_batch+0x10/0x10 [ 199.149118][ T8408] bpf_map_do_batch+0x39b/0x630 [ 199.149146][ T8408] __sys_bpf+0x7c1/0x950 [ 199.149178][ T8408] ? __pfx___sys_bpf+0x10/0x10 [ 199.149225][ T8408] ? ksys_write+0x242/0x270 [ 199.149249][ T8408] ? __pfx_ksys_write+0x10/0x10 [ 199.149278][ T8408] __x64_sys_bpf+0x7c/0x90 [ 199.149307][ T8408] do_syscall_64+0x14d/0xf80 [ 199.149347][ T8408] ? trace_irq_disable+0x3b/0x150 [ 199.149382][ T8408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.149404][ T8408] ? clear_bhb_loop+0x40/0x90 [ 199.149429][ T8408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.149449][ T8408] RIP: 0033:0x7f6b6f19c629 [ 199.149470][ T8408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.149488][ T8408] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 199.149511][ T8408] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 199.149526][ T8408] RDX: 0000000000000038 RSI: 0000200000000040 RDI: 000000000000001a [ 199.149538][ T8408] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 199.149551][ T8408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 199.149563][ T8408] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 199.149595][ T8408] [ 199.393211][ T227] wlan1: Trigger new scan to find an IBSS to join [ 199.584222][ T8410] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 199.801736][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.786'. [ 202.046718][ T8426] 8021q: VLANs not supported on caif0 [ 203.236379][ T151] wlan1: Trigger new scan to find an IBSS to join [ 203.888363][ T8453] syz.4.799 (8453) used greatest stack depth: 16952 bytes left [ 203.907643][ T8469] tipc: Enabled bearer , priority 10 [ 204.325755][ T8474] 8021q: VLANs not supported on caif0 [ 204.378478][ T8450] lo speed is unknown, defaulting to 1000 [ 204.470795][ T37] wlan1: Creating new IBSS network, BSSID 22:71:d3:ea:bd:4c [ 204.567016][ T8478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.806'. [ 204.607598][ T8478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.806'. [ 205.137576][ T24] tipc: Node number set to 879503497 [ 205.296215][ T8489] netlink: 'syz.0.810': attribute type 4 has an invalid length. [ 205.369631][ T8492] netlink: 'syz.0.810': attribute type 4 has an invalid length. [ 205.410687][ T8493] netlink: 88 bytes leftover after parsing attributes in process `syz.1.811'. [ 207.410806][ T8507] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 207.473523][ T8507] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 207.536071][ T8507] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 208.174383][ T8529] netlink: 'syz.1.822': attribute type 1 has an invalid length. [ 208.188928][ T8530] xt_TPROXY: Can be used only with -p tcp or -p udp [ 208.288708][ T8532] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.824'. [ 208.342404][ T8532] netlink: ct family unspecified [ 208.635776][ T8529] bond1: entered promiscuous mode [ 208.654495][ T8529] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.711948][ T8544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.828'. [ 208.773148][ T8533] bond1: (slave bridge2): making interface the new active one [ 208.792717][ T8533] bridge2: entered promiscuous mode [ 208.807821][ T8533] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 209.128625][ T8551] netlink: 20 bytes leftover after parsing attributes in process `syz.4.829'. [ 209.158685][ T8550] netlink: 'syz.3.831': attribute type 32 has an invalid length. [ 209.896385][ T8566] netlink: 'syz.0.834': attribute type 1 has an invalid length. [ 209.961968][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.833'. [ 209.977230][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 210.047793][ T8571] netlink: 104 bytes leftover after parsing attributes in process `syz.3.836'. [ 210.331635][ T8577] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.837'. [ 210.361943][ T8574] gtp0: entered promiscuous mode [ 210.371631][ T8577] netlink: ct family unspecified [ 210.382564][ T8574] team0: Device gtp0 is of different type [ 210.569655][ T8582] lo: entered allmulticast mode [ 210.584161][ T8582] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 210.926517][ T8587] netlink: 200 bytes leftover after parsing attributes in process `syz.0.841'. [ 210.973223][ T8587] netlink: 20 bytes leftover after parsing attributes in process `syz.0.841'. [ 210.993194][ T8591] netlink: 44 bytes leftover after parsing attributes in process `syz.3.840'. [ 211.040487][ T8591] netlink: zone id is out of range [ 211.067880][ T8591] netlink: zone id is out of range [ 211.073145][ T8591] netlink: zone id is out of range [ 211.128748][ T8591] netlink: zone id is out of range [ 211.139757][ T8591] netlink: zone id is out of range [ 211.165679][ T8591] FAULT_INJECTION: forcing a failure. [ 211.165679][ T8591] name failslab, interval 1, probability 0, space 0, times 0 [ 211.209176][ T8591] CPU: 1 UID: 0 PID: 8591 Comm: syz.3.840 Not tainted syzkaller #0 PREEMPT(full) [ 211.209207][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 211.209221][ T8591] Call Trace: [ 211.209229][ T8591] [ 211.209238][ T8591] dump_stack_lvl+0xe8/0x150 [ 211.209273][ T8591] should_fail_ex+0x412/0x560 [ 211.209304][ T8591] should_failslab+0xa8/0x100 [ 211.209332][ T8591] __kmalloc_cache_noprof+0x88/0x660 [ 211.209356][ T8591] ? ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 211.209378][ T8591] ? __kmalloc_cache_noprof+0x15b/0x660 [ 211.209404][ T8591] ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 211.209444][ T8591] genl_family_rcv_msg_doit+0x22a/0x330 [ 211.209483][ T8591] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 211.209529][ T8591] ? bpf_lsm_capable+0x9/0x20 [ 211.209556][ T8591] ? security_capable+0x7e/0x2c0 [ 211.209587][ T8591] genl_rcv_msg+0x61c/0x7a0 [ 211.209624][ T8591] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.209654][ T8591] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 211.209677][ T8591] ? __lock_acquire+0x6b5/0x2cf0 [ 211.209716][ T8591] netlink_rcv_skb+0x232/0x4b0 [ 211.209742][ T8591] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.209773][ T8591] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 211.209817][ T8591] ? down_read+0x272/0x2e0 [ 211.209836][ T8591] ? genl_rcv+0xd/0x40 [ 211.209866][ T8591] genl_rcv+0x28/0x40 [ 211.209894][ T8591] netlink_unicast+0x80f/0x9b0 [ 211.209926][ T8591] ? __pfx_netlink_unicast+0x10/0x10 [ 211.209949][ T8591] ? netlink_sendmsg+0x650/0xb40 [ 211.209973][ T8591] ? skb_put+0x11b/0x210 [ 211.210005][ T8591] netlink_sendmsg+0x813/0xb40 [ 211.210051][ T8591] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.210080][ T8591] ? aa_sock_msg_perm+0xf1/0x1b0 [ 211.210107][ T8591] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.210131][ T8591] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.210155][ T8591] ____sys_sendmsg+0xa68/0xad0 [ 211.210199][ T8591] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.210240][ T8591] ? import_iovec+0x73/0xa0 [ 211.210273][ T8591] ___sys_sendmsg+0x2a5/0x360 [ 211.210310][ T8591] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.210379][ T8591] ? __fget_files+0x2a/0x420 [ 211.210408][ T8591] ? __fget_files+0x3a0/0x420 [ 211.210448][ T8591] __x64_sys_sendmsg+0x1bd/0x2a0 [ 211.210482][ T8591] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 211.210523][ T8591] ? __pfx_ksys_write+0x10/0x10 [ 211.210558][ T8591] do_syscall_64+0x14d/0xf80 [ 211.210587][ T8591] ? trace_irq_disable+0x3b/0x150 [ 211.210615][ T8591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.210636][ T8591] ? clear_bhb_loop+0x40/0x90 [ 211.210662][ T8591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.210683][ T8591] RIP: 0033:0x7f6b6f19c629 [ 211.210704][ T8591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.210722][ T8591] RSP: 002b:00007f6b70054028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.210744][ T8591] RAX: ffffffffffffffda RBX: 00007f6b6f415fa0 RCX: 00007f6b6f19c629 [ 211.210759][ T8591] RDX: 000000000000c000 RSI: 0000200000000040 RDI: 0000000000000004 [ 211.210771][ T8591] RBP: 00007f6b70054090 R08: 0000000000000000 R09: 0000000000000000 [ 211.210783][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 211.210794][ T8591] R13: 00007f6b6f416038 R14: 00007f6b6f415fa0 R15: 00007ffec9be54f8 [ 211.210827][ T8591] [ 211.808649][ T8604] FAULT_INJECTION: forcing a failure. [ 211.808649][ T8604] name failslab, interval 1, probability 0, space 0, times 0 [ 211.821696][ T8604] CPU: 1 UID: 0 PID: 8604 Comm: syz.0.846 Not tainted syzkaller #0 PREEMPT(full) [ 211.821726][ T8604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 211.821740][ T8604] Call Trace: [ 211.821749][ T8604] [ 211.821758][ T8604] dump_stack_lvl+0xe8/0x150 [ 211.821795][ T8604] should_fail_ex+0x412/0x560 [ 211.821826][ T8604] should_failslab+0xa8/0x100 [ 211.821855][ T8604] __kmalloc_cache_noprof+0x88/0x660 [ 211.821876][ T8604] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 211.821904][ T8604] ? sctp_add_bind_addr+0x8c/0x370 [ 211.821935][ T8604] sctp_add_bind_addr+0x8c/0x370 [ 211.821966][ T8604] sctp_copy_local_addr_list+0x314/0x4f0 [ 211.821998][ T8604] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 211.822025][ T8604] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 211.822055][ T8604] ? sctp_v6_is_any+0x64/0x80 [ 211.822083][ T8604] ? sctp_copy_one_addr+0x93/0x360 [ 211.822114][ T8604] sctp_bind_addr_copy+0xb3/0x3c0 [ 211.822142][ T8604] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 211.822169][ T8604] sctp_connect_new_asoc+0x2ff/0x6b0 [ 211.822206][ T8604] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 211.822245][ T8604] ? __local_bh_enable_ip+0xd0/0x130 [ 211.822272][ T8604] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 211.822296][ T8604] ? security_sctp_bind_connect+0x7e/0x2c0 [ 211.822333][ T8604] sctp_sendmsg+0x1528/0x2c10 [ 211.822382][ T8604] ? __pfx_sctp_sendmsg+0x10/0x10 [ 211.822410][ T8604] ? aa_sk_perm+0x15a/0x960 [ 211.822436][ T8604] ? aa_sk_perm+0x82d/0x960 [ 211.822468][ T8604] ? __pfx_aa_sk_perm+0x10/0x10 [ 211.822496][ T8604] ? sock_rps_record_flow+0x19/0x400 [ 211.822531][ T8604] ? inet_sendmsg+0x2f4/0x370 [ 211.822568][ T8604] __sys_sendto+0x627/0x7a0 [ 211.822600][ T8604] ? __pfx___sys_sendto+0x10/0x10 [ 211.822626][ T8604] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 211.822681][ T8604] ? __fget_files+0x3a0/0x420 [ 211.822724][ T8604] ? ksys_write+0x242/0x270 [ 211.822750][ T8604] ? __pfx_ksys_write+0x10/0x10 [ 211.822778][ T8604] __x64_sys_sendto+0xde/0x100 [ 211.822811][ T8604] do_syscall_64+0x14d/0xf80 [ 211.822841][ T8604] ? trace_irq_disable+0x3b/0x150 [ 211.822870][ T8604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.822892][ T8604] ? clear_bhb_loop+0x40/0x90 [ 211.822920][ T8604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.822941][ T8604] RIP: 0033:0x7efe3ed9c629 [ 211.822963][ T8604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.822981][ T8604] RSP: 002b:00007efe3fc47028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.823003][ T8604] RAX: ffffffffffffffda RBX: 00007efe3f015fa0 RCX: 00007efe3ed9c629 [ 211.823019][ T8604] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 211.823033][ T8604] RBP: 00007efe3fc47090 R08: 0000200000000140 R09: 000000000000001c [ 211.823047][ T8604] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 211.823060][ T8604] R13: 00007efe3f016038 R14: 00007efe3f015fa0 R15: 00007ffcd0d6e5f8 [ 211.823098][ T8604] [ 212.191662][ T5143] Bluetooth: hci1: command 0x0406 tx timeout [ 212.198380][ T5143] Bluetooth: hci2: command 0x0406 tx timeout [ 212.204542][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 212.787039][ T8611] netlink: 'syz.4.849': attribute type 1 has an invalid length. [ 213.501517][ T8621] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.852'. [ 213.545508][ T8621] netlink: ct family unspecified [ 213.703237][ T8625] netlink: 'syz.0.853': attribute type 1 has an invalid length. [ 213.993162][ T8625] 8021q: adding VLAN 0 to HW filter on device bond1 [ 214.095828][ T8630] vlan2: entered promiscuous mode [ 214.124540][ T8630] bond1: entered promiscuous mode [ 214.142491][ T8630] vlan2: entered allmulticast mode [ 214.157055][ T8635] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.856'. [ 214.176147][ T8630] bond1: entered allmulticast mode [ 214.271862][ T8631] bond1: (slave bridge4): making interface the new active one [ 214.376900][ T8631] bridge4: entered promiscuous mode [ 214.396260][ T8631] bridge4: entered allmulticast mode [ 214.428206][ T8631] bond1: (slave bridge4): Enslaving as an active interface with an up link [ 215.002150][ T8650] netlink: 4 bytes leftover after parsing attributes in process `syz.0.861'. [ 215.855651][ T8666] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.866'. [ 215.894299][ T8666] netlink: ct family unspecified [ 215.906054][ T8662] IPVS: Scheduler module ip_vs_sip not found [ 216.562568][ T8674] netlink: 'syz.4.867': attribute type 2 has an invalid length. [ 216.943216][ T8683] netlink: 48 bytes leftover after parsing attributes in process `syz.0.871'. [ 217.309968][ T8691] netlink: 52 bytes leftover after parsing attributes in process `syz.3.875'. [ 217.558128][ T8700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.876'. [ 217.569765][ T8699] netlink: 'syz.3.875': attribute type 9 has an invalid length. [ 217.721466][ T8704] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.878'. [ 217.793358][ T8704] netlink: ct family unspecified [ 218.339516][ T8715] netlink: 'syz.3.882': attribute type 1 has an invalid length. [ 218.980551][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 218.990046][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 218.999621][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 219.009136][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 219.017055][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 219.047733][ T8727] netlink: 'syz.1.883': attribute type 4 has an invalid length. [ 219.150453][ T8733] netlink: 36 bytes leftover after parsing attributes in process `syz.3.886'. [ 219.270480][ T8725] lo speed is unknown, defaulting to 1000 [ 219.621149][ T8737] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 220.086790][ T8743] netlink: 'syz.3.888': attribute type 13 has an invalid length. [ 220.142664][ T8743] gretap0: refused to change device tx_queue_len [ 220.180180][ T8743] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 220.219994][ T8751] netlink: 'syz.1.891': attribute type 1 has an invalid length. [ 220.528828][ T8751] bond2: entered promiscuous mode [ 220.565469][ T8751] 8021q: adding VLAN 0 to HW filter on device bond2 [ 220.628881][ T8758] netlink: 212328 bytes leftover after parsing attributes in process `syz.0.893'. [ 220.681538][ T8758] netlink: ct family unspecified [ 220.728633][ T8752] syzkaller0: entered promiscuous mode [ 220.737491][ T8752] syzkaller0: entered allmulticast mode [ 220.759284][ T8753] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 220.789853][ T8753] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 220.801004][ T8753] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 220.838477][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.894'. [ 220.847749][ T8761] netlink: 24 bytes leftover after parsing attributes in process `syz.4.894'. [ 221.076233][ T5825] Bluetooth: hci5: command tx timeout [ 221.170965][ T8765] netlink: 12 bytes leftover after parsing attributes in process `syz.0.896'. [ 223.162089][ T5825] Bluetooth: hci5: command tx timeout [ 225.234367][ T58] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.245785][ T5825] Bluetooth: hci5: command tx timeout [ 225.254781][ T8785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'. [ 225.598452][ T8794] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.905'. [ 225.619524][ T8793] netlink: 'syz.0.900': attribute type 4 has an invalid length. [ 225.677991][ T58] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.688435][ T8794] netlink: ct family unspecified [ 225.996660][ T58] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.402249][ T8811] netlink: 'syz.4.909': attribute type 2 has an invalid length. [ 226.457027][ T8811] netlink: 14 bytes leftover after parsing attributes in process `syz.4.909'. [ 226.655377][ T8817] netlink: 'syz.1.908': attribute type 58 has an invalid length. [ 226.692854][ T8817] netlink: 20 bytes leftover after parsing attributes in process `syz.1.908'. [ 227.270875][ T58] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.326188][ T5825] Bluetooth: hci5: command tx timeout [ 227.616238][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.3.912'. [ 227.625365][ T8822] netlink: 24 bytes leftover after parsing attributes in process `syz.3.912'. [ 227.709713][ T8824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.913'. [ 227.719248][ T8824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.913'. [ 228.085519][ T8824] dummy0: entered promiscuous mode [ 228.134325][ T8824] dummy0: left promiscuous mode [ 228.329677][ T8725] chnl_net:caif_netlink_parms(): no params data found [ 229.129220][ T8842] IPVS: length: 673200688 != 51605383032 [ 229.185885][ T58] bridge_slave_1: left allmulticast mode [ 229.222474][ T58] bridge_slave_1: left promiscuous mode [ 229.257863][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.300775][ T8853] netlink: 'syz.4.920': attribute type 4 has an invalid length. [ 229.313127][ T8851] netlink: 68 bytes leftover after parsing attributes in process `syz.3.921'. [ 229.358515][ T58] bridge_slave_0: left allmulticast mode [ 229.388586][ T58] bridge_slave_0: left promiscuous mode [ 229.459518][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.448664][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 230.827517][ T58] bond3 (unregistering): (slave bridge3): Releasing backup interface [ 230.837494][ T58] bridge3 (unregistering): left promiscuous mode [ 231.529396][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.540988][ T58] bond_slave_0: left promiscuous mode [ 231.557529][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.570568][ T58] bond_slave_1: left promiscuous mode [ 231.580730][ T58] bond0 (unregistering): Released all slaves [ 231.595444][ T58] bond1 (unregistering): Released all slaves [ 231.615514][ T58] bond2 (unregistering): Released all slaves [ 231.635726][ T58] bond3 (unregistering): Released all slaves [ 231.844121][ T8863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.922'. [ 231.853336][ T8863] netlink: 24 bytes leftover after parsing attributes in process `syz.3.922'. [ 232.030492][ T8868] netlink: 56 bytes leftover after parsing attributes in process `syz.3.923'. [ 232.281915][ T58] IPVS: stopping master sync thread 7516 ... [ 232.993022][ T8875] FAULT_INJECTION: forcing a failure. [ 232.993022][ T8875] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.099308][ T8875] CPU: 1 UID: 0 PID: 8875 Comm: syz.1.925 Not tainted syzkaller #0 PREEMPT(full) [ 233.099339][ T8875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 233.099352][ T8875] Call Trace: [ 233.099361][ T8875] [ 233.099369][ T8875] dump_stack_lvl+0xe8/0x150 [ 233.099414][ T8875] should_fail_ex+0x412/0x560 [ 233.099444][ T8875] _copy_from_user+0x2d/0xb0 [ 233.099476][ T8875] generic_map_update_batch+0x648/0x990 [ 233.099513][ T8875] ? __pfx_generic_map_update_batch+0x10/0x10 [ 233.099540][ T8875] ? __fget_files+0x2a/0x420 [ 233.099577][ T8875] ? __pfx_generic_map_update_batch+0x10/0x10 [ 233.099602][ T8875] bpf_map_do_batch+0x39b/0x630 [ 233.099628][ T8875] __sys_bpf+0x7c1/0x950 [ 233.099660][ T8875] ? __pfx___sys_bpf+0x10/0x10 [ 233.099706][ T8875] ? ksys_write+0x242/0x270 [ 233.099730][ T8875] ? __pfx_ksys_write+0x10/0x10 [ 233.099759][ T8875] __x64_sys_bpf+0x7c/0x90 [ 233.099788][ T8875] do_syscall_64+0x14d/0xf80 [ 233.099818][ T8875] ? trace_irq_disable+0x3b/0x150 [ 233.099848][ T8875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.099869][ T8875] ? clear_bhb_loop+0x40/0x90 [ 233.099894][ T8875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.099915][ T8875] RIP: 0033:0x7fdfaa79c629 [ 233.099935][ T8875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.099953][ T8875] RSP: 002b:00007fdfab744028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 233.099976][ T8875] RAX: ffffffffffffffda RBX: 00007fdfaaa15fa0 RCX: 00007fdfaa79c629 [ 233.099991][ T8875] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 233.100004][ T8875] RBP: 00007fdfab744090 R08: 0000000000000000 R09: 0000000000000000 [ 233.100016][ T8875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 233.100028][ T8875] R13: 00007fdfaaa16038 R14: 00007fdfaaa15fa0 R15: 00007ffc8f1f57a8 [ 233.100061][ T8875] [ 233.470304][ T8882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.929'. [ 233.949142][ T8725] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.039091][ T8893] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.930'. [ 234.056489][ T8725] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.063808][ T8725] bridge_slave_0: entered allmulticast mode [ 234.128395][ T8893] netlink: 'syz.0.930': attribute type 5 has an invalid length. [ 234.163016][ T8725] bridge_slave_0: entered promiscuous mode [ 234.455643][ T8725] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.486187][ T8725] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.548515][ T8725] bridge_slave_1: entered allmulticast mode [ 234.617011][ T8725] bridge_slave_1: entered promiscuous mode [ 234.696521][ T8904] netlink: 12 bytes leftover after parsing attributes in process `syz.1.934'. [ 234.861770][ T8904] vlan2: entered promiscuous mode [ 235.445038][ T8725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.563014][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 235.779234][ T8725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.851473][ T8938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.939'. [ 235.882775][ T8942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'. [ 235.961614][ T8942] netlink: 24 bytes leftover after parsing attributes in process `syz.1.941'. [ 236.295297][ T8934] lo speed is unknown, defaulting to 1000 [ 236.431797][ T8952] netlink: 'syz.1.942': attribute type 4 has an invalid length. [ 236.866638][ T8725] team0: Port device team_slave_0 added [ 236.939431][ T8725] team0: Port device team_slave_1 added [ 237.360978][ T8725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.418014][ T8725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.496142][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 237.575415][ T8725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.020737][ T8725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.064386][ T8974] netlink: 'syz.4.946': attribute type 1 has an invalid length. [ 238.074555][ T8725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 238.208475][ T8725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.524375][ T8974] bond1: entered promiscuous mode [ 238.562178][ T8974] 8021q: adding VLAN 0 to HW filter on device bond1 [ 238.772157][ T8982] nft_compat: unsupported protocol 0 [ 238.800540][ T58] team0: left promiscuous mode [ 238.805398][ T58] team_slave_0: left promiscuous mode [ 238.835879][ T58] team_slave_1: left promiscuous mode [ 238.872778][ T58] hsr_slave_0: left promiscuous mode [ 238.880889][ T58] hsr_slave_1: left promiscuous mode [ 238.893578][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.903213][ T8993] netlink: 12 bytes leftover after parsing attributes in process `syz.4.950'. [ 238.912447][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.922789][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.930903][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.971276][ T58] veth1_macvtap: left promiscuous mode [ 238.985439][ T58] veth0_macvtap: left promiscuous mode [ 238.997320][ T58] veth1_vlan: left promiscuous mode [ 239.002926][ T58] veth0_vlan: left promiscuous mode [ 239.337625][ T58] team0 (unregistering): Port device team_slave_1 removed [ 239.356248][ T58] team0 (unregistering): Port device team_slave_0 removed [ 239.595063][ T8993] vlan2: entered promiscuous mode [ 239.600367][ T8993] batadv0: entered promiscuous mode [ 239.635080][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.951'. [ 239.647189][ T9001] netlink: 24 bytes leftover after parsing attributes in process `syz.1.951'. [ 239.759525][ T8725] hsr_slave_0: entered promiscuous mode [ 239.767203][ T8725] hsr_slave_1: entered promiscuous mode [ 239.774175][ T8725] debugfs: 'hsr0' already exists in 'hsr' [ 239.780443][ T8725] Cannot create hsr debugfs directory [ 239.909626][ T9006] netlink: 'syz.1.953': attribute type 4 has an invalid length. [ 239.939962][ T9008] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.954'. [ 239.953305][ T9008] netlink: ct family unspecified [ 240.220985][ T9018] netlink: 8 bytes leftover after parsing attributes in process `syz.4.956'. [ 240.710418][ T9035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.961'. [ 240.766931][ T9035] netlink: 24 bytes leftover after parsing attributes in process `syz.4.961'. [ 240.889801][ T8725] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 240.954151][ T8725] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 240.992247][ T8725] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 241.010323][ T9045] netlink: 12 bytes leftover after parsing attributes in process `syz.0.963'. [ 241.024209][ T8725] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 241.179550][ T9060] netlink: 212328 bytes leftover after parsing attributes in process `syz.1.966'. [ 241.190338][ T9062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.967'. [ 241.232958][ T9060] netlink: ct family unspecified [ 241.409671][ T8725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.466675][ T9074] netlink: 'syz.0.970': attribute type 4 has an invalid length. [ 241.489421][ T8725] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.537735][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.545049][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.594188][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.601459][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.059544][ T9089] lo speed is unknown, defaulting to 1000 [ 242.324620][ T9100] netlink: 'syz.0.974': attribute type 32 has an invalid length. [ 242.466837][ T8725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.051938][ T9114] lo speed is unknown, defaulting to 1000 [ 243.170379][ T9114] lo speed is unknown, defaulting to 1000 [ 243.222093][ T9114] lo speed is unknown, defaulting to 1000 [ 243.299483][ T9114] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 243.454924][ T9114] lo speed is unknown, defaulting to 1000 [ 243.496935][ T9114] lo speed is unknown, defaulting to 1000 [ 243.506215][ T8725] veth0_vlan: entered promiscuous mode [ 243.533683][ T9114] lo speed is unknown, defaulting to 1000 [ 243.558784][ T8725] veth1_vlan: entered promiscuous mode [ 243.594942][ T9114] lo speed is unknown, defaulting to 1000 [ 243.624345][ T9114] lo speed is unknown, defaulting to 1000 [ 243.648112][ T9114] lo speed is unknown, defaulting to 1000 [ 243.677690][ T8725] veth0_macvtap: entered promiscuous mode [ 243.713771][ T8725] veth1_macvtap: entered promiscuous mode [ 243.791953][ T8725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.833476][ T8725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.930050][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.951838][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.048175][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.069609][ T9152] __nla_validate_parse: 3 callbacks suppressed [ 244.069631][ T9152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.984'. [ 244.076656][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.341694][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.355498][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.431126][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.450041][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.705791][ T9167] syz_tun: entered allmulticast mode [ 244.868446][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 244.895809][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 244.922036][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 244.950586][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 244.984135][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.009617][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.051400][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.083125][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.124296][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.149495][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.185404][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.197149][ T9173] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 245.634210][ T9202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1006'. [ 245.666840][ T9208] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1008'. [ 245.679690][ T9208] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1008'. [ 245.772445][ T9211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1010'. [ 246.268244][ T9240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1023'. [ 246.546871][ T9252] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 247.711205][ T9308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1052'. [ 248.087188][ T9327] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1062'. [ 248.167289][ T9332] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1063'. [ 248.390959][ T9341] netlink: 204 bytes leftover after parsing attributes in process `syz.5.1066'. [ 250.033169][ T9405] validate_nla: 39 callbacks suppressed [ 250.033192][ T9405] netlink: 'syz.5.1093': attribute type 4 has an invalid length. [ 250.112143][ T9410] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 250.331805][ T9421] __nla_validate_parse: 4 callbacks suppressed [ 250.331827][ T9421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1099'. [ 250.503934][ T9427] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1102'. [ 250.519848][ T9427] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1102'. [ 250.530814][ C0] ------------[ cut here ]------------ [ 250.530927][ C0] 1 [ 250.530947][ C0] WARNING: net/ipv4/route.c:1275 at ip_rt_bug+0x2d/0x140, CPU#0: syz.5.1102/9427 [ 250.531004][ C0] Modules linked in: [ 250.531069][ C0] CPU: 0 UID: 0 PID: 9427 Comm: syz.5.1102 Not tainted syzkaller #0 PREEMPT(full) [ 250.531094][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.531109][ C0] RIP: 0010:ip_rt_bug+0x2d/0x140 [ 250.531142][ C0] Code: fa 55 41 57 41 56 41 55 41 54 53 48 89 d3 e8 7a e0 bb f7 66 90 e8 73 e0 bb f7 31 ff 48 89 de ba 02 00 00 00 e8 64 61 6a ff 90 <0f> 0b 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 49 [ 250.531163][ C0] RSP: 0018:ffffc90000007738 EFLAGS: 00010296 [ 250.531186][ C0] RAX: cb78d708180f0300 RBX: ffff888037180640 RCX: 0000000000000302 [ 250.531204][ C0] RDX: 0000000000000002 RSI: ffffffff8def18d2 RDI: ffffffff8c27a480 [ 250.531221][ C0] RBP: 0000000000000001 R08: ffffffff901172b7 R09: 1ffffffff2022e56 [ 250.531238][ C0] R10: dffffc0000000000 R11: fffffbfff2022e57 R12: dffffc0000000000 [ 250.531257][ C0] R13: 0000000000000000 R14: ffff888037180640 R15: ffff88801bb33480 [ 250.531274][ C0] FS: 00007f9bb55316c0(0000) GS:ffff888125466000(0000) knlGS:0000000000000000 [ 250.531296][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.531313][ C0] CR2: 0000200000000040 CR3: 000000005d14e000 CR4: 00000000003526f0 [ 250.531335][ C0] Call Trace: [ 250.531345][ C0] [ 250.531361][ C0] ip_push_pending_frames+0xbe/0x150 [ 250.531398][ C0] __icmp_send+0x118d/0x1590 [ 250.531426][ C0] ? __icmp_send+0x22b/0x1590 [ 250.531461][ C0] ? __pfx___icmp_send+0x10/0x10 [ 250.531506][ C0] ? psi_group_change+0xab8/0x1050 [ 250.531553][ C0] ? css_rstat_updated+0x23a/0x530 [ 250.531589][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.531630][ C0] ipv4_link_failure+0x66c/0xa70 [ 250.531674][ C0] ? __pfx_ipv4_link_failure+0x10/0x10 [ 250.531710][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.531749][ C0] ? __pfx_ipv4_link_failure+0x10/0x10 [ 250.531782][ C0] arp_error_report+0x118/0x160 [ 250.531821][ C0] neigh_invalidate+0x235/0x460 [ 250.531865][ C0] neigh_timer_handler+0xb99/0x11e0 [ 250.531910][ C0] call_timer_fn+0x192/0x640 [ 250.531941][ C0] ? __pfx_neigh_timer_handler+0x10/0x10 [ 250.531972][ C0] ? call_timer_fn+0xd4/0x640 [ 250.532002][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 250.532046][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.532079][ C0] ? __pfx_neigh_timer_handler+0x10/0x10 [ 250.532115][ C0] __run_timer_base+0x652/0x8b0 [ 250.532155][ C0] ? ktime_get+0x45/0x200 [ 250.532193][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 250.532228][ C0] ? sched_clock_cpu+0x74/0x440 [ 250.532265][ C0] run_timer_softirq+0xb7/0x170 [ 250.532293][ C0] handle_softirqs+0x22a/0x870 [ 250.532328][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 250.532385][ C0] __irq_exit_rcu+0x5f/0x150 [ 250.532414][ C0] irq_exit_rcu+0x9/0x30 [ 250.532441][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 250.532474][ C0] [ 250.532483][ C0] [ 250.532503][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 250.532528][ C0] RIP: 0010:console_flush_all+0x801/0xb20 [ 250.532553][ C0] Code: ff ff e8 22 eb 20 00 90 0f 0b 90 e9 85 fc ff ff e8 14 eb 20 00 e8 0f 71 08 0a 48 85 db 74 c0 e8 05 eb 20 00 fb 48 8b 5c 24 08 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 d6 [ 250.532574][ C0] RSP: 0018:ffffc900034a6920 EFLAGS: 00000287 [ 250.532597][ C0] RAX: ffffffff81a4a18b RBX: ffffc900034a6a80 RCX: 0000000000080000 [ 250.532615][ C0] RDX: ffffc9001ac2f000 RSI: 0000000000003b1d RDI: 0000000000003b1e [ 250.532631][ C0] RBP: ffffc900034a6a30 R08: ffffffff901172b7 R09: 1ffffffff2022e56 [ 250.532649][ C0] R10: dffffc0000000000 R11: fffffbfff2022e57 R12: dffffc0000000000 [ 250.532668][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8f00a4a0 [ 250.532693][ C0] ? console_flush_all+0x7fb/0xb20 [ 250.532731][ C0] ? console_flush_all+0x123/0xb20 [ 250.532761][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 250.532790][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 250.532822][ C0] console_unlock+0xd1/0x1c0 [ 250.532859][ C0] ? __pfx_console_unlock+0x10/0x10 [ 250.532894][ C0] ? _printk+0xdd/0x130 [ 250.532924][ C0] vprintk_emit+0x485/0x560 [ 250.532956][ C0] ? unwind_get_return_address+0x4d/0x90 [ 250.532993][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 250.533038][ C0] _printk+0xdd/0x130 [ 250.533066][ C0] ? __pfx__printk+0x10/0x10 [ 250.533091][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 250.533122][ C0] ? ___ratelimit+0x58c/0x8d0 [ 250.533160][ C0] __nla_validate_parse+0x25d4/0x2dc0 [ 250.533190][ C0] ? __sys_sendmmsg+0x27c/0x4e0 [ 250.533221][ C0] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 250.533272][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 250.533330][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 250.533361][ C0] __nla_parse+0x40/0x60 [ 250.533396][ C0] rtnl_newlink+0x202/0x1be0 [ 250.533427][ C0] ? kasan_save_track+0x4f/0x80 [ 250.533448][ C0] ? kasan_save_track+0x3e/0x80 [ 250.533469][ C0] ? kasan_save_free_info+0x46/0x50 [ 250.533507][ C0] ? __kasan_slab_free+0x5c/0x80 [ 250.533529][ C0] ? kmem_cache_free+0x187/0x630 [ 250.533554][ C0] ? __dev_queue_xmit+0x168f/0x38a0 [ 250.533587][ C0] ? __netlink_deliver_tap+0x5ad/0x850 [ 250.533613][ C0] ? netlink_deliver_tap+0x19c/0x1b0 [ 250.533637][ C0] ? netlink_unicast+0x7e3/0x9b0 [ 250.533659][ C0] ? netlink_sendmsg+0x813/0xb40 [ 250.533686][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.533712][ C0] ? do_syscall_64+0x14d/0xf80 [ 250.533744][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.533821][ C0] ? kasan_quarantine_put+0xbb/0x1f0 [ 250.533843][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.533880][ C0] ? kmem_cache_free+0x187/0x630 [ 250.533903][ C0] ? nlmon_xmit+0xb0/0x100 [ 250.533947][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.533981][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 250.534010][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.534041][ C0] ? __dev_queue_xmit+0x274/0x38a0 [ 250.534072][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 250.534098][ C0] ? __dev_queue_xmit+0x274/0x38a0 [ 250.534158][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.534185][ C0] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 250.534216][ C0] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 250.534242][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.534268][ C0] ? ref_tracker_free+0x693/0x840 [ 250.534293][ C0] ? __copy_skb_header+0xa3/0x4a0 [ 250.534327][ C0] ? __pfx_ref_tracker_free+0x10/0x10 [ 250.534366][ C0] netlink_rcv_skb+0x232/0x4b0 [ 250.534393][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.534423][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 250.534462][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.534507][ C0] netlink_unicast+0x80f/0x9b0 [ 250.534541][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 250.534567][ C0] ? netlink_sendmsg+0x650/0xb40 [ 250.534591][ C0] ? skb_put+0x11b/0x210 [ 250.534623][ C0] netlink_sendmsg+0x813/0xb40 [ 250.534661][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.534691][ C0] ? aa_sock_msg_perm+0xf1/0x1b0 [ 250.534719][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 250.534746][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.534771][ C0] ____sys_sendmsg+0xa68/0xad0 [ 250.534813][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.534854][ C0] ? import_iovec+0x73/0xa0 [ 250.534889][ C0] ___sys_sendmsg+0x2a5/0x360 [ 250.534927][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.534966][ C0] ? __pfx_futex_wake_mark+0x10/0x10 [ 250.535043][ C0] __sys_sendmmsg+0x27c/0x4e0 [ 250.535081][ C0] ? __pfx___sys_sendmmsg+0x10/0x10 [ 250.535110][ C0] ? do_futex+0x333/0x420 [ 250.535170][ C0] ? rcu_is_watching+0x15/0xb0 [ 250.535209][ C0] __x64_sys_sendmmsg+0xa0/0xc0 [ 250.535244][ C0] do_syscall_64+0x14d/0xf80 [ 250.535274][ C0] ? trace_irq_disable+0x3b/0x150 [ 250.535306][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.535329][ C0] ? clear_bhb_loop+0x40/0x90 [ 250.535356][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.535379][ C0] RIP: 0033:0x7f9bb459c629 [ 250.535401][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 250.535421][ C0] RSP: 002b:00007f9bb5531028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 250.535446][ C0] RAX: ffffffffffffffda RBX: 00007f9bb4815fa0 RCX: 00007f9bb459c629 [ 250.535463][ C0] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 250.535478][ C0] RBP: 00007f9bb4632b39 R08: 0000000000000000 R09: 0000000000000000 [ 250.535501][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.535516][ C0] R13: 00007f9bb4816038 R14: 00007f9bb4815fa0 R15: 00007ffff06dbdb8 [ 250.535553][ C0] [ 250.535567][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 250.535584][ C0] CPU: 0 UID: 0 PID: 9427 Comm: syz.5.1102 Not tainted syzkaller #0 PREEMPT(full) [ 250.535608][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.535622][ C0] Call Trace: [ 250.535631][ C0] [ 250.535640][ C0] vpanic+0x56c/0xa60 [ 250.535670][ C0] ? __pfx__printk+0x10/0x10 [ 250.535691][ C0] ? __pfx_vpanic+0x10/0x10 [ 250.535718][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 250.535740][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 250.535773][ C0] panic+0xc5/0xd0 [ 250.535801][ C0] ? __pfx_panic+0x10/0x10 [ 250.535849][ C0] __warn+0x315/0x4f0 [ 250.535876][ C0] ? ip_rt_bug+0x2d/0x140 [ 250.535908][ C0] ? ip_rt_bug+0x2d/0x140 [ 250.535941][ C0] __report_bug+0x29a/0x540 [ 250.535967][ C0] ? neigh_timer_handler+0xb99/0x11e0 [ 250.535993][ C0] ? call_timer_fn+0x192/0x640 [ 250.536016][ C0] ? __run_timer_base+0x652/0x8b0 [ 250.536043][ C0] ? ip_rt_bug+0x2d/0x140 [ 250.536070][ C0] ? __pfx___report_bug+0x10/0x10 [ 250.536096][ C0] ? rtnl_newlink+0x202/0x1be0 [ 250.536116][ C0] ? rtnetlink_rcv_msg+0x7d5/0xbe0 [ 250.536139][ C0] ? netlink_rcv_skb+0x232/0x4b0 [ 250.536159][ C0] ? netlink_unicast+0x80f/0x9b0 [ 250.536178][ C0] ? netlink_sendmsg+0x813/0xb40 [ 250.536201][ C0] ? ____sys_sendmsg+0xa68/0xad0 [ 250.536229][ C0] ? ___sys_sendmsg+0x2a5/0x360 [ 250.536257][ C0] ? __sys_sendmmsg+0x27c/0x4e0 [ 250.536286][ C0] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 250.536314][ C0] ? do_syscall_64+0x14d/0xf80 [ 250.536343][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.536394][ C0] ? ip_rt_bug+0x2d/0x140 [ 250.536422][ C0] report_bug+0x16a/0x220 [ 250.536452][ C0] ? ip_rt_bug+0x2d/0x140 [ 250.536479][ C0] ? ip_rt_bug+0x2f/0x140 [ 250.536515][ C0] handle_bug+0x98/0x200 [ 250.536537][ C0] exc_invalid_op+0x1a/0x50 [ 250.536559][ C0] asm_exc_invalid_op+0x1a/0x20 [ 250.536580][ C0] RIP: 0010:ip_rt_bug+0x2d/0x140 [ 250.536610][ C0] Code: fa 55 41 57 41 56 41 55 41 54 53 48 89 d3 e8 7a e0 bb f7 66 90 e8 73 e0 bb f7 31 ff 48 89 de ba 02 00 00 00 e8 64 61 6a ff 90 <0f> 0b 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 49 [ 250.536630][ C0] RSP: 0018:ffffc90000007738 EFLAGS: 00010296 [ 250.536648][ C0] RAX: cb78d708180f0300 RBX: ffff888037180640 RCX: 0000000000000302 [ 250.536663][ C0] RDX: 0000000000000002 RSI: ffffffff8def18d2 RDI: ffffffff8c27a480 [ 250.536679][ C0] RBP: 0000000000000001 R08: ffffffff901172b7 R09: 1ffffffff2022e56 [ 250.536694][ C0] R10: dffffc0000000000 R11: fffffbfff2022e57 R12: dffffc0000000000 [ 250.536711][ C0] R13: 0000000000000000 R14: ffff888037180640 R15: ffff88801bb33480 [ 250.536744][ C0] ? ip_rt_bug+0x2c/0x140 [ 250.536779][ C0] ip_push_pending_frames+0xbe/0x150 [ 250.536813][ C0] __icmp_send+0x118d/0x1590 [ 250.536838][ C0] ? __icmp_send+0x22b/0x1590 [ 250.536869][ C0] ? __pfx___icmp_send+0x10/0x10 [ 250.536902][ C0] ? psi_group_change+0xab8/0x1050 [ 250.536945][ C0] ? css_rstat_updated+0x23a/0x530 [ 250.536976][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.537012][ C0] ipv4_link_failure+0x66c/0xa70 [ 250.537053][ C0] ? __pfx_ipv4_link_failure+0x10/0x10 [ 250.537086][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.537123][ C0] ? __pfx_ipv4_link_failure+0x10/0x10 [ 250.537153][ C0] arp_error_report+0x118/0x160 [ 250.537188][ C0] neigh_invalidate+0x235/0x460 [ 250.537229][ C0] neigh_timer_handler+0xb99/0x11e0 [ 250.537270][ C0] call_timer_fn+0x192/0x640 [ 250.537297][ C0] ? __pfx_neigh_timer_handler+0x10/0x10 [ 250.537326][ C0] ? call_timer_fn+0xd4/0x640 [ 250.537353][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 250.537392][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.537421][ C0] ? __pfx_neigh_timer_handler+0x10/0x10 [ 250.537453][ C0] __run_timer_base+0x652/0x8b0 [ 250.537478][ C0] ? ktime_get+0x45/0x200 [ 250.537522][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 250.537555][ C0] ? sched_clock_cpu+0x74/0x440 [ 250.537591][ C0] run_timer_softirq+0xb7/0x170 [ 250.537617][ C0] handle_softirqs+0x22a/0x870 [ 250.537649][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 250.537702][ C0] __irq_exit_rcu+0x5f/0x150 [ 250.537729][ C0] irq_exit_rcu+0x9/0x30 [ 250.537754][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 250.537786][ C0] [ 250.537794][ C0] [ 250.537803][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 250.537827][ C0] RIP: 0010:console_flush_all+0x801/0xb20 [ 250.537850][ C0] Code: ff ff e8 22 eb 20 00 90 0f 0b 90 e9 85 fc ff ff e8 14 eb 20 00 e8 0f 71 08 0a 48 85 db 74 c0 e8 05 eb 20 00 fb 48 8b 5c 24 08 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 d6 [ 250.537868][ C0] RSP: 0018:ffffc900034a6920 EFLAGS: 00000287 [ 250.537888][ C0] RAX: ffffffff81a4a18b RBX: ffffc900034a6a80 RCX: 0000000000080000 [ 250.537904][ C0] RDX: ffffc9001ac2f000 RSI: 0000000000003b1d RDI: 0000000000003b1e [ 250.537920][ C0] RBP: ffffc900034a6a30 R08: ffffffff901172b7 R09: 1ffffffff2022e56 [ 250.537937][ C0] R10: dffffc0000000000 R11: fffffbfff2022e57 R12: dffffc0000000000 [ 250.537953][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8f00a4a0 [ 250.537976][ C0] ? console_flush_all+0x7fb/0xb20 [ 250.538012][ C0] ? console_flush_all+0x123/0xb20 [ 250.538040][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 250.538067][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 250.538097][ C0] console_unlock+0xd1/0x1c0 [ 250.538132][ C0] ? __pfx_console_unlock+0x10/0x10 [ 250.538166][ C0] ? _printk+0xdd/0x130 [ 250.538193][ C0] vprintk_emit+0x485/0x560 [ 250.538223][ C0] ? unwind_get_return_address+0x4d/0x90 [ 250.538260][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 250.538303][ C0] _printk+0xdd/0x130 [ 250.538330][ C0] ? __pfx__printk+0x10/0x10 [ 250.538353][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 250.538384][ C0] ? ___ratelimit+0x58c/0x8d0 [ 250.538421][ C0] __nla_validate_parse+0x25d4/0x2dc0 [ 250.538449][ C0] ? __sys_sendmmsg+0x27c/0x4e0 [ 250.538479][ C0] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 250.538536][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 250.538591][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 250.538620][ C0] __nla_parse+0x40/0x60 [ 250.538653][ C0] rtnl_newlink+0x202/0x1be0 [ 250.538682][ C0] ? kasan_save_track+0x4f/0x80 [ 250.538702][ C0] ? kasan_save_track+0x3e/0x80 [ 250.538728][ C0] ? kasan_save_free_info+0x46/0x50 [ 250.538756][ C0] ? __kasan_slab_free+0x5c/0x80 [ 250.538777][ C0] ? kmem_cache_free+0x187/0x630 [ 250.538800][ C0] ? __dev_queue_xmit+0x168f/0x38a0 [ 250.538831][ C0] ? __netlink_deliver_tap+0x5ad/0x850 [ 250.538856][ C0] ? netlink_deliver_tap+0x19c/0x1b0 [ 250.538878][ C0] ? netlink_unicast+0x7e3/0x9b0 [ 250.538898][ C0] ? netlink_sendmsg+0x813/0xb40 [ 250.538924][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.538949][ C0] ? do_syscall_64+0x14d/0xf80 [ 250.538978][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.539039][ C0] ? kasan_quarantine_put+0xbb/0x1f0 [ 250.539061][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.539097][ C0] ? kmem_cache_free+0x187/0x630 [ 250.539120][ C0] ? nlmon_xmit+0xb0/0x100 [ 250.539163][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.539197][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 250.539226][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.539256][ C0] ? __dev_queue_xmit+0x274/0x38a0 [ 250.539287][ C0] ? __local_bh_enable_ip+0xd0/0x130 [ 250.539313][ C0] ? __dev_queue_xmit+0x274/0x38a0 [ 250.539371][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.539398][ C0] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 250.539429][ C0] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 250.539456][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.539481][ C0] ? ref_tracker_free+0x693/0x840 [ 250.539512][ C0] ? __copy_skb_header+0xa3/0x4a0 [ 250.539546][ C0] ? __pfx_ref_tracker_free+0x10/0x10 [ 250.539585][ C0] netlink_rcv_skb+0x232/0x4b0 [ 250.539612][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.539641][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 250.539679][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.539714][ C0] netlink_unicast+0x80f/0x9b0 [ 250.539747][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 250.539773][ C0] ? netlink_sendmsg+0x650/0xb40 [ 250.539797][ C0] ? skb_put+0x11b/0x210 [ 250.539829][ C0] netlink_sendmsg+0x813/0xb40 [ 250.539866][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.539897][ C0] ? aa_sock_msg_perm+0xf1/0x1b0 [ 250.539925][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 250.539950][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.539975][ C0] ____sys_sendmsg+0xa68/0xad0 [ 250.540016][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.540058][ C0] ? import_iovec+0x73/0xa0 [ 250.540093][ C0] ___sys_sendmsg+0x2a5/0x360 [ 250.540131][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.540170][ C0] ? __pfx_futex_wake_mark+0x10/0x10 [ 250.540247][ C0] __sys_sendmmsg+0x27c/0x4e0 [ 250.540286][ C0] ? __pfx___sys_sendmmsg+0x10/0x10 [ 250.540332][ C0] ? do_futex+0x333/0x420 [ 250.540390][ C0] ? rcu_is_watching+0x15/0xb0 [ 250.540429][ C0] __x64_sys_sendmmsg+0xa0/0xc0 [ 250.540463][ C0] do_syscall_64+0x14d/0xf80 [ 250.540501][ C0] ? trace_irq_disable+0x3b/0x150 [ 250.540532][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.540555][ C0] ? clear_bhb_loop+0x40/0x90 [ 250.540583][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.540605][ C0] RIP: 0033:0x7f9bb459c629 [ 250.540625][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 250.540644][ C0] RSP: 002b:00007f9bb5531028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 250.540666][ C0] RAX: ffffffffffffffda RBX: 00007f9bb4815fa0 RCX: 00007f9bb459c629 [ 250.540682][ C0] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 250.540698][ C0] RBP: 00007f9bb4632b39 R08: 0000000000000000 R09: 0000000000000000 [ 250.540712][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.540725][ C0] R13: 00007f9bb4816038 R14: 00007f9bb4815fa0 R15: 00007ffff06dbdb8 [ 250.540761][ C0] [ 250.541391][ C0] Kernel Offset: disabled