last executing test programs: 12.800718722s ago: executing program 2 (id=9647): sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="1af8f6fb43dde4511d2d33ac757b2ca2969b564858684f7d06517d22eeff37a3582afa569de4cc5cf909e915e63586ad5893c591d3350318039aa823756960dfcf4498e24f80c5c0f1b058026e527124cc4630ce728b41f0f428e3"], 0x20}, 0x1, 0x0, 0x0, 0x20040080}, 0x8004) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa080045000028006700000a0690"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a000340008100", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 12.556960811s ago: executing program 2 (id=9651): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa1200000000000070c0000f8ffffffb702000008000000b70300000000000085000000b9000000950000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000019540)={r0, 0xe0, &(0x7f0000019440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000040)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xb3, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0x79, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) r2 = socket(0x40000000015, 0x805, 0x0) getsockopt(r2, 0x114, 0x271b, &(0x7f0000000440)=""/102400, &(0x7f00000000c0)=0x41) ioctl$SIOCNRDECOBS(r2, 0x89e2) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000070900010073797a31000000002c0004802800018007000100637400001c0002800800044000000009050003009a00000008000240000000030900020073797a3200000000140000001100010000000000000000000a00000a2b811ab1c97a887033b97d852f0f464cf3b5d15f92c4526578c65ecc5627d7cdcd21eb7420b154c9ecfd49dc1e91befd4b09d043f8e450a3f19bdea510c6e87d1637d81bbc68"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 12.028610258s ago: executing program 2 (id=9654): r0 = socket(0x1d, 0x80802, 0x6) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) unshare(0x2c020400) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) listen(r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2f, 0x0, "6248bc9c8095fdfb8d639d954a0649542709e9baf27860bd22292b501f2c28d45a71ec3fa8539e7223c278d70126314aca030d71da9dcb99d1d087f250685685db59cf6de9c2a0496da59a4fcf3d9ceb"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x27, 0x0, "a58fc096f80633b333145c32b45013f5547000229e90bfdd2cbb775085438751fa41b217c492169b0cb51256adc3e5baedfa65fd3c4429b247e9dc51c16f89c5a42145bb09f23ab88b0bd564fd44893a"}, 0xd8) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0xf0, 0x4}, 0xfe}, 0x18) 11.810617945s ago: executing program 2 (id=9656): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0x0, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 8.39381756s ago: executing program 2 (id=9668): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073717a30000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$netlink(0x10, 0x3, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) socket$inet6(0xa, 0x802, 0x0) socket(0x18, 0x0, 0x1) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) socket(0x2c, 0x3, 0x0) socket$kcm(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r2, &(0x7f00000003c0), &(0x7f0000000080)=@udp=r3, 0x1}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r5, &(0x7f0000000080)='syz1\x00', 0x1ff) r6 = openat$cgroup(r5, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) syz_emit_ethernet(0x16, &(0x7f0000000380)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, @local, @void, {@llc={0x4, {@snap={0x1, 0x1, "c8", "118190", 0x60}}}}}, 0x0) ioctl$SIOCGETNODEID(r1, 0x89e1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_int(r8, &(0x7f0000000140), 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) 4.283074389s ago: executing program 1 (id=9686): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r1, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4) (async, rerun: 32) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) (rerun: 32) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000140)=0x2, 0x4) (async) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000004740)={0x0, @in6={{0xa, 0x4e23, 0xcc7, @remote, 0x13b9}}}, 0x84) 4.205244272s ago: executing program 1 (id=9688): connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="00020201"], 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c) writev(r0, 0x0, 0x0) 4.017285548s ago: executing program 1 (id=9690): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x800000, 0x0, {0x0, 0x0, 0xfcff, 0x0, 0x830}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_USER_PORT_KEY={0x6, 0x19, 0x7}, @IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x44}, 0x1, 0xba01}, 0x0) 3.786631956s ago: executing program 1 (id=9693): sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="1af8f6fb43dde4511d2d33ac757b2ca2969b564858684f7d06517d22eeff37a3582afa569de4cc5cf909e915e63586ad5893c591d3350318039aa823756960dfcf4498e24f80c5c0f1b058026e527124cc4630ce728b41f0f428e3b866443fdf5b8946c0"], 0x20}, 0x1, 0x0, 0x0, 0x20040080}, 0x8004) syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa080045000028006700000a069078ac1e"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mreqsrc(r2, 0x0, 0x26, &(0x7f0000000080)={@private, @multicast1, @broadcast}, &(0x7f00000000c0)=0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r5 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r5, &(0x7f0000000240)="800000800000210ee7decd7a000340008100", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r4, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 2.893130699s ago: executing program 3 (id=9703): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x10, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="911044000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x2000000, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) 2.826514016s ago: executing program 3 (id=9705): ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000005c00)={{}, 0x0, 0xe, @inherit={0x98, &(0x7f0000005b40)=ANY=[]}, @devid}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getpeername(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0xcf) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x10000800, 0x4) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x300) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) close(r4) 2.06296169s ago: executing program 0 (id=9708): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x14, 0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000100)=@filter={'filter\x00', 0x42, 0x4, 0x12f0, 0xffffffff, 0x98, 0x11c0, 0x11c0, 0xffffffff, 0xffffffff, 0x1258, 0x1258, 0x1258, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00', {}, {}, 0x0, 0x2}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@empty, @remote, 0xff, 0x0, 'veth0_to_batadv\x00', 'team_slave_1\x00'}, 0x287, 0x10e8, 0x1128, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz1\x00', 0x0, {0x4000000000000000}}}, @common=@unspec=@limit={{0x48}, {0xa, 0x7, 0x0, 0x2, 0x0, 0x0, 0x2}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x3, {0x8}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x1ff, 0x2, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1350) accept$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x61d0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20040024}, 0x8040) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0xa4}, 0x1, 0x0, 0x0, 0x48005}, 0x801) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x8000000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) 1.394927053s ago: executing program 3 (id=9711): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 1.199945408s ago: executing program 3 (id=9712): connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="00020201"], 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c) writev(r0, &(0x7f00000000c0), 0x0) 1.199304972s ago: executing program 4 (id=9713): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) ioctl$sock_ifreq(r0, 0x8929, &(0x7f0000004480)={'vlan1\x00', @ifru_addrs=@nfc={0x27, r1, 0x0, 0x7}}) (async) ioctl$sock_ifreq(r0, 0x8929, &(0x7f0000004480)={'vlan1\x00', @ifru_addrs=@nfc={0x27, r1, 0x0, 0x7}}) 1.065094342s ago: executing program 4 (id=9714): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f0000000c00)={&(0x7f00000005c0)={0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, '\x00', 0x27}, 0x81}, 0x1c, 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1400000000000000290000000b000000000000080000000014000000000000000100000034"], 0x410}, 0x80) 1.029090932s ago: executing program 0 (id=9715): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtaction={0xcc, 0x30, 0x51b, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x4000}}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_skbmod={0x54, 0x2, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0x4, 0x10000000, 0x0, 0x6}, 0x6}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0xcc}}, 0x0) 1.0278733s ago: executing program 3 (id=9716): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, r5, 0x1, 0x72bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x5, 0x8}]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@broadcast, @dev, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x0, 0x1, @broadcast, @broadcast, @multicast, @private=0x2}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x7d, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r7, &(0x7f0000003300)=[{{&(0x7f0000000ec0), 0x6e, &(0x7f0000002700)=[{&(0x7f00000001c0)=""/57, 0x39}], 0x1}}], 0x1, 0x400000a0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000840) sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000061108b000000000007000000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) syz_emit_ethernet(0xfdef, &(0x7f0000001200)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800000000119078000000000000000000004e20001040784200000000"], 0x0) 969.762322ms ago: executing program 4 (id=9717): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000100001001b000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114000000020a090100000000000000000000000014000000110001"], 0xd4}}, 0x4000010) 865.024003ms ago: executing program 0 (id=9718): syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2a0210", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x18, 0x1, "00ffffffffff"}, {0x3, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffffffff8000000000"}]}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000041ffffff00000000080000009111b3000000000095"], &(0x7f0000000c40)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94) 858.383277ms ago: executing program 4 (id=9719): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000001000)=@raw={'raw\x00', 0x8, 0x3, 0x430, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x360, 0xffffffff, 0xffffffff, 0x360, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x62], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x228, 0x270, 0x0, {}, [@common=@inet=@length={{0x28}, {0x2, 0x0, 0x1}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x490) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xea, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) 785.487722ms ago: executing program 0 (id=9720): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x210, 0x210, 0x138, 0x0, 0x210, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x3f00, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98, 0x0, {0x4000000000000}}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'gretap0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) 571.738981ms ago: executing program 1 (id=9721): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x91}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd8}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)={0x0, 'bridge0\x00', {0x4}, 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002c0007012bbd7000ffdbdf25077c0000080001800400fd8008000380040009"], 0x24}}, 0xc010) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)) 508.291524ms ago: executing program 0 (id=9722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 410.598963ms ago: executing program 4 (id=9723): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@multicast, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "0300", 0x18, 0x2c, 0x0, @remote, @local, {[@routing={0x2, 0x2, 0x0, 0x1, 0x0, [@private1]}]}}}}}, 0x0) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0xd, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbffffa, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) (async) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000080)={0x2, 0x56, 0x10, &(0x7f0000000040)=""/16}) 316.724438ms ago: executing program 0 (id=9724): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0xffe0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x4040) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x25dfdbfe, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfffd}, {0x1, 0x1}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x6, 0xfffffffffffffffc, 0x57d, 0x3}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}}, 0x0) 298.595739ms ago: executing program 3 (id=9725): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x28}], 0x1}, 0x4) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r8, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0x3e}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x300}], 0x2}, 0x5) 218.111098ms ago: executing program 4 (id=9726): r0 = socket$inet6(0xa, 0x800, 0x2) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x4b9, 0x10}, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1200000005000000080000000900000000000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000095b649c105e55cf7c8cf03879a1a0c3469cd0f7221863b530f4da5f9fe1d8403ac1f3d73f76120f6669db54ec4fc170554fd0c049cf16b2dbc44a9ca2d4063ae22283d9ce109f51893f89010a7d2edfa7ec60c1751f5f40ac0e8aa949c8e5b8ca04a50417e8a0abff5e137a37e608f324effe06b681da13204d5607200f6020d7effa2ea6949b8b5aa68a4e0ed85459096d7"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r0}, 0x20) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x240400d9}, 0x2000) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f0000000880), &(0x7f00000008c0)=0x4) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r8, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r8, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x8, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r9, 0x9801}}, 0x20}}, 0x20000000) sendto$packet(r4, &(0x7f0000000400)="05d936277c6f5422007f83470806", 0x5ea, 0x40880, &(0x7f0000000200)={0x11, 0x86dd, r9, 0x1, 0x4, 0x6, @local}, 0x14) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000200)=0xc) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000240)={'gretap0\x00', 0x0, 0x10, 0x80, 0x100, 0xfffffe01, {{0xa, 0x4, 0x1, 0x0, 0x28, 0x67, 0x0, 0x40, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x19}, {[@timestamp_prespec={0x44, 0x14, 0xc0, 0x3, 0x5, [{@private=0xa010102, 0x84d}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}]}]}}}}}) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f0000000780)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}}}, &(0x7f0000000440)=0xe8) sendmsg$nl_xfrm(r3, &(0x7f0000000740)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000700)={&(0x7f0000000480)=@newae={0x260, 0x1e, 0x20, 0x70bd28, 0x25dfdbfb, {{@in6=@private2, 0x3, 0xa, 0xff}, @in6=@mcast2, 0x0, 0x3501}, [@sa={0xe4, 0x6, {{@in6=@private2, @in=@empty, 0x4e20, 0xff, 0x4e24, 0x1, 0xa, 0x10, 0xb00b7c28c337da0d, 0x6, r9, r10}, {@in6=@empty, 0x4d4, 0x32}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0x10001, 0x3ff, 0x8000, 0x1, 0x4800000000000, 0x0, 0x1}, {0x101, 0x0, 0x6, 0x3cd9}, {0xd, 0x148b, 0x800}, 0x70bd26, 0x3504, 0xa, 0x0, 0x9, 0x80}}, @srcaddr={0x14, 0xd, @in6=@private2}, @XFRMA_IF_ID={0x8, 0x1f, 0x3}, @sa={0xe4, 0x6, {{@in6=@mcast1, @in=@local, 0x4e22, 0x3, 0x4e22, 0x8001, 0xa, 0xa0, 0x0, 0x3a, r11, r12}, {@in=@remote, 0x4d3, 0xff}, @in6=@remote, {0x2, 0xfffffffffffffff6, 0x2, 0x1, 0x6, 0x81, 0x0, 0x81}, {0x4, 0x2, 0xfffffffffffffff9, 0x7}, {0xfffffffa, 0x0, 0x5}, 0x70bd27, 0x3500, 0x2, 0x2, 0x3}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x200}, @user_kmaddress={0x2c, 0x13, {@in=@initdev={0xac, 0x1e, 0x2, 0x0}, @in=@empty, 0x0, 0xa}}, @XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0x260}, 0x1, 0x0, 0x0, 0x4}, 0x400d1) 44.535669ms ago: executing program 2 (id=9727): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x9, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x82e, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 0s ago: executing program 1 (id=9728): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001180)=@newtaction={0x18, 0x30, 0x25, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000000104010100000000000000000700000a080004400000000608000340000000f8050001dbad000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4004) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x2, &(0x7f0000000040)=@raw=[@cb_func={0x18, 0x7}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x26, &(0x7f0000000100)=""/38, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x3, 0xb, 0x2, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000180)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000001c0)=[{0x5, 0x4, 0x1, 0x5}, {0x4, 0x5, 0x6, 0x1}, {0x3, 0x4, 0x7, 0x6}], 0x10, 0x3}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@cgroup, 0xf, 0x1, 0x200, &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0], &(0x7f0000000380)=[0x0, 0x0], 0x0}, 0x40) r7 = openat$cgroup(r4, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) r8 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000500)=@generic={&(0x7f00000004c0)='./file0\x00', 0x0, 0x4}, 0x18) r9 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000069113200000000008510000002000000850800008b00000095000000000000009500a50500000000699b43160164f7d8c18db44ce3cf122c2d74e3c1b081c16865a27cd49574c26244542623f02a5e19f2aba86f807a3b25"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r10, @ANYBLOB="0006000000000000240012800b00010067656e65766500001400028006000500"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@cgroup=r7, r5, 0x32, 0x14, 0x0, @void, @value=r8, @void, @void, r6}, 0x20) socket$kcm(0x11, 0x2, 0x300) syz_emit_ethernet(0x2e, &(0x7f00000007c0)=ANY=[@ANYBLOB="e90ce10faca2bbbbbbbbbbbb0800450000200000e0856a119078000000000000000c907881010f00"], 0x0) syz_emit_ethernet(0x131, &(0x7f0000000bc0)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x123, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10f, 0x0, @opaque="dff98c8d6b02f029f30930cc593d79e16d2f5ba45ae2ebc9ada87b3df9291090c892e0198c3f759d3e92e8decaae25b9b990f47f8df1c270029d925b2732eecacc9d666932d9b5c5dcd521b858fac948673349e947e9ca65237363d0b789ba205d750fa54becd4ca1de6bb40a938c9a4be3d9a9c4ac522d58ff52890c6aa4650d744fd35f3ca0c5dcb32eca250a7eaff99b7fde796d44afbc58204d321d638793c140451840b20c150be2e3e0eb9dcab21b4614b6a681ccaececef64934fef0872c2dc0332a3a3d411127039687bc8f6e2e9963605d159ec0dc66d4a4b7d2ef127d52708459af1e500a4eccaacff7b317419cf04fa353d3ba043b4100f392cd8c1edec487e4922"}}}}}, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)={0x0, 0x4, 0xffff, 0x2}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x48) r11 = syz_open_procfs$namespace(0x0, 0x0) unshare(0x6a040000) ioctl$XFS_IOC_FD_TO_HANDLE(r11, 0xc038586a, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000000000000000000a20000000000a010300000000000000000100fffe0900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000044000000060a010400000000000000000100000008000b40000000000900010073797a30000000001c000480ffff018008000100666962000c0002800800014000000011140000001100010000000000000000000000000a0000000000000000"], 0xb8}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) kernel console output (not intermixed with test programs): ff f7 d8 64 89 01 48 [ 983.555191][ T1633] RSP: 002b:00007f3b702ab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 983.555215][ T1633] RAX: ffffffffffffffda RBX: 00007f3b6f615fa0 RCX: 00007f3b6f39c819 [ 983.555229][ T1633] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 983.555243][ T1633] RBP: 00007f3b702ab090 R08: 0000000000000000 R09: 0000000000000000 [ 983.555256][ T1633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 983.555268][ T1633] R13: 00007f3b6f616038 R14: 00007f3b6f615fa0 R15: 00007ffdfa7eff38 [ 983.555301][ T1633] [ 983.982519][ T1642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8750'. [ 984.000530][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 984.710652][ T1662] lo speed is unknown, defaulting to 1000 [ 984.744292][ T1662] hsr0 speed is unknown, defaulting to 1000 [ 984.881531][ T137] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 984.890156][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 985.046685][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 985.649429][ T1716] netlink: 'syz.1.8780': attribute type 15 has an invalid length. [ 985.695029][ T1715] netlink: 'syz.4.8778': attribute type 21 has an invalid length. [ 985.776122][ T1715] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 985.790105][ T1722] netlink: 'syz.3.8781': attribute type 29 has an invalid length. [ 985.822261][ T1725] netlink: 'syz.3.8781': attribute type 29 has an invalid length. [ 986.080488][T20854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.155820][ T1737] __nla_validate_parse: 7 callbacks suppressed [ 986.155843][ T1737] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8785'. [ 986.172002][ T1741] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8786'. [ 986.348519][ T1749] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.357537][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.368271][ T1734] syzkaller0: entered promiscuous mode [ 986.392508][ T1734] syzkaller0: entered allmulticast mode [ 986.608874][ T1756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8790'. [ 986.669723][ T1756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.678279][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.711838][ T1756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 986.720561][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 987.153523][ T1775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8797'. [ 987.180092][ T1775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8797'. [ 987.411774][ T1788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8800'. [ 987.688556][ T1803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8801'. [ 987.797136][ T1812] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8811'. [ 988.117271][ T1829] netlink: 68 bytes leftover after parsing attributes in process `syz.0.8820'. [ 988.128639][ T1831] FAULT_INJECTION: forcing a failure. [ 988.128639][ T1831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 988.153422][ T1831] CPU: 1 UID: 0 PID: 1831 Comm: syz.1.8821 Not tainted syzkaller #0 PREEMPT(full) [ 988.153452][ T1831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 988.153463][ T1831] Call Trace: [ 988.153471][ T1831] [ 988.153480][ T1831] dump_stack_lvl+0xe8/0x150 [ 988.153514][ T1831] should_fail_ex+0x412/0x560 [ 988.153548][ T1831] _copy_from_user+0x2d/0xb0 [ 988.153572][ T1831] ___sys_sendmsg+0x1c6/0x360 [ 988.153606][ T1831] ? __pfx____sys_sendmsg+0x10/0x10 [ 988.153685][ T1831] __sys_sendmmsg+0x27c/0x4e0 [ 988.153719][ T1831] ? __pfx___sys_sendmmsg+0x10/0x10 [ 988.153743][ T1831] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 988.153805][ T1831] ? ksys_write+0x242/0x270 [ 988.153832][ T1831] ? __pfx_ksys_write+0x10/0x10 [ 988.153862][ T1831] __x64_sys_sendmmsg+0xa0/0xc0 [ 988.153892][ T1831] do_syscall_64+0x14d/0xf80 [ 988.153917][ T1831] ? trace_irq_disable+0x3b/0x150 [ 988.153934][ T1831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.153953][ T1831] ? clear_bhb_loop+0x40/0x90 [ 988.153983][ T1831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.154002][ T1831] RIP: 0033:0x7f5880b9c819 [ 988.154023][ T1831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 988.154040][ T1831] RSP: 002b:00007f5881a87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 988.154061][ T1831] RAX: ffffffffffffffda RBX: 00007f5880e15fa0 RCX: 00007f5880b9c819 [ 988.154075][ T1831] RDX: 0000000000034000 RSI: 0000200000004380 RDI: 0000000000000004 [ 988.154088][ T1831] RBP: 00007f5881a87090 R08: 0000000000000000 R09: 0000000000000000 [ 988.154100][ T1831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 988.154112][ T1831] R13: 00007f5880e16038 R14: 00007f5880e15fa0 R15: 00007ffec4ff83c8 [ 988.154144][ T1831] [ 988.433275][ T1837] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8823'. [ 988.518646][ T1843] vlan3: entered allmulticast mode [ 988.527205][ T1843] bridge6: entered allmulticast mode [ 988.537364][ T1843] bridge6: port 1(erspan0) entered blocking state [ 988.544424][ T1843] bridge6: port 1(erspan0) entered disabled state [ 988.556207][ T1843] erspan0: entered allmulticast mode [ 988.572296][ T1843] erspan0: entered promiscuous mode [ 988.583828][ T1843] bridge6: port 1(erspan0) entered blocking state [ 988.590466][ T1843] bridge6: port 1(erspan0) entered forwarding state [ 989.305607][ T1863] lo speed is unknown, defaulting to 1000 [ 989.332898][ T1863] hsr0 speed is unknown, defaulting to 1000 [ 989.561043][ T1884] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 990.240484][T20854] net_ratelimit: 479 callbacks suppressed [ 990.240518][T20854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.272983][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.292703][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.348390][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.378050][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.409905][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.439150][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.480500][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.489156][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.512380][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 991.310317][ T1962] validate_nla: 1 callbacks suppressed [ 991.310338][ T1962] netlink: 'syz.0.8869': attribute type 4 has an invalid length. [ 991.331529][ T1962] netlink: 'syz.0.8869': attribute type 4 has an invalid length. [ 991.728235][ T1981] lo speed is unknown, defaulting to 1000 [ 991.749847][ T1981] hsr0 speed is unknown, defaulting to 1000 [ 992.027757][ T1998] __nla_validate_parse: 11 callbacks suppressed [ 992.027783][ T1998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8883'. [ 992.059832][ T2009] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8885'. [ 992.246871][ T2019] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8891'. [ 992.367529][ T2025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8891'. [ 992.407877][ T2027] FAULT_INJECTION: forcing a failure. [ 992.407877][ T2027] name failslab, interval 1, probability 0, space 0, times 0 [ 992.421791][ T2027] CPU: 1 UID: 0 PID: 2027 Comm: syz.2.8894 Not tainted syzkaller #0 PREEMPT(full) [ 992.421811][ T2027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 992.421819][ T2027] Call Trace: [ 992.421824][ T2027] [ 992.421830][ T2027] dump_stack_lvl+0xe8/0x150 [ 992.421852][ T2027] should_fail_ex+0x412/0x560 [ 992.421873][ T2027] should_failslab+0xa8/0x100 [ 992.421888][ T2027] ? skb_clone+0x212/0x3a0 [ 992.421904][ T2027] kmem_cache_alloc_noprof+0x87/0x650 [ 992.421917][ T2027] ? __netlink_lookup+0xc6/0x8b0 [ 992.421935][ T2027] skb_clone+0x212/0x3a0 [ 992.421952][ T2027] __netlink_deliver_tap+0x404/0x850 [ 992.421972][ T2027] ? netlink_deliver_tap+0x2e/0x1b0 [ 992.421986][ T2027] netlink_deliver_tap+0x19c/0x1b0 [ 992.422000][ T2027] netlink_unicast+0x7e3/0x9b0 [ 992.422016][ T2027] ? __pfx_netlink_unicast+0x10/0x10 [ 992.422029][ T2027] ? netlink_sendmsg+0x650/0xb40 [ 992.422041][ T2027] ? skb_put+0x11b/0x210 [ 992.422058][ T2027] netlink_sendmsg+0x813/0xb40 [ 992.422076][ T2027] ? __pfx_netlink_sendmsg+0x10/0x10 [ 992.422099][ T2027] ? aa_sock_msg_perm+0xf1/0x1b0 [ 992.422129][ T2027] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 992.422155][ T2027] ____sys_sendmsg+0x972/0x9f0 [ 992.422192][ T2027] ? __pfx_____sys_sendmsg+0x10/0x10 [ 992.422219][ T2027] ? import_iovec+0x73/0xa0 [ 992.422236][ T2027] ___sys_sendmsg+0x2a5/0x360 [ 992.422261][ T2027] ? __pfx____sys_sendmsg+0x10/0x10 [ 992.422321][ T2027] ? __fget_files+0x2a/0x420 [ 992.422339][ T2027] ? __fget_files+0x3a0/0x420 [ 992.422369][ T2027] __x64_sys_sendmsg+0x1bd/0x2a0 [ 992.422394][ T2027] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 992.422415][ T2027] ? __pfx_ksys_write+0x10/0x10 [ 992.422435][ T2027] do_syscall_64+0x14d/0xf80 [ 992.422452][ T2027] ? trace_irq_disable+0x3b/0x150 [ 992.422463][ T2027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.422474][ T2027] ? clear_bhb_loop+0x40/0x90 [ 992.422489][ T2027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.422500][ T2027] RIP: 0033:0x7f4fb799c819 [ 992.422513][ T2027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 992.422524][ T2027] RSP: 002b:00007f4fb889c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 992.422538][ T2027] RAX: ffffffffffffffda RBX: 00007f4fb7c15fa0 RCX: 00007f4fb799c819 [ 992.422546][ T2027] RDX: 0000000004000010 RSI: 0000200000001200 RDI: 0000000000000003 [ 992.422555][ T2027] RBP: 00007f4fb889c090 R08: 0000000000000000 R09: 0000000000000000 [ 992.422562][ T2027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 992.422569][ T2027] R13: 00007f4fb7c16038 R14: 00007f4fb7c15fa0 R15: 00007ffdaf4033f8 [ 992.422588][ T2027] [ 992.855893][ T2027] sch_tbf: burst 0 is lower than device tunl0 mtu (1480) ! [ 992.858491][ T2035] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8898'. [ 993.082729][ T2045] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8900'. [ 993.146523][ T2049] FAULT_INJECTION: forcing a failure. [ 993.146523][ T2049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.164609][ T2049] CPU: 1 UID: 0 PID: 2049 Comm: syz.0.8904 Not tainted syzkaller #0 PREEMPT(full) [ 993.164640][ T2049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 993.164653][ T2049] Call Trace: [ 993.164663][ T2049] [ 993.164672][ T2049] dump_stack_lvl+0xe8/0x150 [ 993.164707][ T2049] should_fail_ex+0x412/0x560 [ 993.164743][ T2049] _copy_from_user+0x2d/0xb0 [ 993.164769][ T2049] ___sys_sendmsg+0x1c6/0x360 [ 993.164803][ T2049] ? __pfx____sys_sendmsg+0x10/0x10 [ 993.164881][ T2049] __sys_sendmmsg+0x27c/0x4e0 [ 993.164915][ T2049] ? __pfx___sys_sendmmsg+0x10/0x10 [ 993.164940][ T2049] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 993.164996][ T2049] ? ksys_write+0x242/0x270 [ 993.165022][ T2049] ? __pfx_ksys_write+0x10/0x10 [ 993.165052][ T2049] __x64_sys_sendmmsg+0xa0/0xc0 [ 993.165082][ T2049] do_syscall_64+0x14d/0xf80 [ 993.165108][ T2049] ? trace_irq_disable+0x3b/0x150 [ 993.165126][ T2049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.165147][ T2049] ? clear_bhb_loop+0x40/0x90 [ 993.165172][ T2049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.165193][ T2049] RIP: 0033:0x7f5aa359c819 [ 993.165213][ T2049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 993.165231][ T2049] RSP: 002b:00007f5aa449d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 993.165255][ T2049] RAX: ffffffffffffffda RBX: 00007f5aa3815fa0 RCX: 00007f5aa359c819 [ 993.165271][ T2049] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 993.165284][ T2049] RBP: 00007f5aa449d090 R08: 0000000000000000 R09: 0000000000000000 [ 993.165296][ T2049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 993.165309][ T2049] R13: 00007f5aa3816038 R14: 00007f5aa3815fa0 R15: 00007ffd659ddec8 [ 993.165342][ T2049] [ 993.393442][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 993.443696][ T2054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8906'. [ 993.583003][ T2066] netlink: 'syz.3.8909': attribute type 1 has an invalid length. [ 993.631927][ T2054] vlan8: entered allmulticast mode [ 993.637194][ T2054] bridge6: entered allmulticast mode [ 993.660113][ T2054] erspan0: left allmulticast mode [ 993.665646][ T2054] bridge5: port 1(erspan0) entered disabled state [ 993.691831][ T2070] netlink: 3 bytes leftover after parsing attributes in process `syz.4.8911'. [ 993.708306][ T2054] bridge6: port 1(erspan0) entered blocking state [ 993.731209][ T2054] bridge6: port 1(erspan0) entered disabled state [ 993.740293][ T2054] erspan0: entered allmulticast mode [ 993.801456][ T2070] gre1: entered allmulticast mode [ 993.888319][ T2071] netlink: 'syz.2.8912': attribute type 1 has an invalid length. [ 993.897057][ T2071] netlink: 96 bytes leftover after parsing attributes in process `syz.2.8912'. [ 993.910091][ T2071] netlink: 'syz.2.8912': attribute type 1 has an invalid length. [ 993.930079][ T2071] netlink: 'syz.2.8912': attribute type 8 has an invalid length. [ 993.937952][ T2071] netlink: 606 bytes leftover after parsing attributes in process `syz.2.8912'. [ 994.125198][ T2089] syzkaller0: entered promiscuous mode [ 994.132068][ T2089] syzkaller0: entered allmulticast mode [ 994.185283][ T2093] bond11: option downdelay: invalid value (18446744073709547007) [ 994.198341][ T2093] bond11: option downdelay: allowed values 0 - 2147483647 [ 994.212578][ T2093] bond11 (unregistering): Released all slaves [ 994.597922][ T2123] Timeout policy `syz0' can only be used by L3 protocol number 8939 [ 995.048530][T24137] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 995.064828][T24137] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 995.082534][T24137] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 995.103676][T24137] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 995.113756][T24137] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 995.182620][T18750] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 995.194047][T18750] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 995.202853][T18750] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 995.234390][T18750] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 995.253676][T18750] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 996.090519][T20854] net_ratelimit: 1093 callbacks suppressed [ 996.090543][T20854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 996.404200][T16786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 996.412610][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 997.122554][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 997.223574][ T2139] lo speed is unknown, defaulting to 1000 [ 997.237547][ T2139] hsr0 speed is unknown, defaulting to 1000 [ 997.351913][ T2163] __nla_validate_parse: 3 callbacks suppressed [ 997.351935][ T2163] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8937'. [ 997.370297][T24137] Bluetooth: hci0: command tx timeout [ 997.385361][ T2163] xt_hashlimit: size too large, truncated to 1048576 [ 997.392947][ T2163] xt_hashlimit: max too large, truncated to 1048576 [ 997.414607][ T2169] FAULT_INJECTION: forcing a failure. [ 997.414607][ T2169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 997.435509][ T2169] CPU: 1 UID: 0 PID: 2169 Comm: syz.0.8936 Not tainted syzkaller #0 PREEMPT(full) [ 997.435538][ T2169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 997.435550][ T2169] Call Trace: [ 997.435559][ T2169] [ 997.435568][ T2169] dump_stack_lvl+0xe8/0x150 [ 997.435601][ T2169] should_fail_ex+0x412/0x560 [ 997.435636][ T2169] _copy_from_user+0x2d/0xb0 [ 997.435661][ T2169] ___sys_recvmsg+0x175/0x590 [ 997.435689][ T2169] ? __lock_acquire+0x6b5/0x2cf0 [ 997.435720][ T2169] ? __pfx____sys_recvmsg+0x10/0x10 [ 997.435787][ T2169] do_recvmmsg+0x334/0x800 [ 997.435824][ T2169] ? __pfx_do_recvmmsg+0x10/0x10 [ 997.435864][ T2169] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 997.435916][ T2169] __x64_sys_recvmmsg+0x198/0x250 [ 997.435947][ T2169] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 997.435989][ T2169] do_syscall_64+0x14d/0xf80 [ 997.436014][ T2169] ? trace_irq_disable+0x3b/0x150 [ 997.436031][ T2169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 997.436052][ T2169] ? clear_bhb_loop+0x40/0x90 [ 997.436076][ T2169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 997.436097][ T2169] RIP: 0033:0x7f5aa359c819 [ 997.436117][ T2169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 997.436135][ T2169] RSP: 002b:00007f5aa445b028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 997.436157][ T2169] RAX: ffffffffffffffda RBX: 00007f5aa3816180 RCX: 00007f5aa359c819 [ 997.436171][ T2169] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 997.436184][ T2169] RBP: 00007f5aa445b090 R08: 0000000000000000 R09: 0000000000000000 [ 997.436196][ T2169] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 997.436208][ T2169] R13: 00007f5aa3816218 R14: 00007f5aa3816180 R15: 00007ffd659ddec8 [ 997.436241][ T2169] [ 997.559960][ T2171] netlink: 168 bytes leftover after parsing attributes in process `syz.2.8938'. [ 997.759401][ T2139] chnl_net:caif_netlink_parms(): no params data found [ 997.951942][ T2139] bridge0: port 1(bridge_slave_0) entered blocking state [ 997.959008][ T2191] netlink: 'syz.4.8944': attribute type 3 has an invalid length. [ 997.959208][ T2139] bridge0: port 1(bridge_slave_0) entered disabled state [ 997.974812][ T2139] bridge_slave_0: entered allmulticast mode [ 997.983143][ T2139] bridge_slave_0: entered promiscuous mode [ 997.992494][ T2139] bridge0: port 2(bridge_slave_1) entered blocking state [ 997.999772][ T2139] bridge0: port 2(bridge_slave_1) entered disabled state [ 998.007393][ T2139] bridge_slave_1: entered allmulticast mode [ 998.015798][ T2139] bridge_slave_1: entered promiscuous mode [ 998.056519][ T2139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 998.070927][ T2139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 998.114610][ T2139] team0: Port device team_slave_0 added [ 998.124252][ T2139] team0: Port device team_slave_1 added [ 998.160310][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 998.172930][ T2139] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 998.179919][ T2139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 998.274309][ T2139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 998.291968][ T2139] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 998.309324][ T2139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 998.390600][ T2139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 998.637582][ T2139] hsr_slave_0: entered promiscuous mode [ 998.671647][ T2139] hsr_slave_1: entered promiscuous mode [ 999.040184][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5650 ms [ 999.048289][ C1] lec:lec_tx_timeout: lec0 [ 999.218324][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 999.248101][ T2139] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 999.261505][ T2139] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.320868][ T2237] netlink: 'syz.2.8957': attribute type 1 has an invalid length. [ 999.384774][ T2139] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 999.411545][ T2139] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.450087][T24137] Bluetooth: hci0: command tx timeout [ 999.544144][ T2139] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 999.557964][ T2139] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.625534][ T2139] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 999.656103][ T2139] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.783799][ T2264] bridge0: entered allmulticast mode [ 999.925546][ T2266] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 999.934352][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 999.948602][ T2270] netlink: 324 bytes leftover after parsing attributes in process `syz.2.8969'. [ 1000.022751][ T2139] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1000.087062][ T2139] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1000.101009][ T2275] openvswitch: netlink: Key type 29 is not supported [ 1000.121789][ T2139] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1000.145605][ T2139] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1000.168987][ T2276] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8974'. [ 1000.240773][T28715] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1000.364469][ T2288] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8976'. [ 1000.378827][ T2289] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input8 [ 1000.515625][ T2139] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1000.616662][ T2139] 8021q: adding VLAN 0 to HW filter on device team0 [ 1000.659652][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 1000.667036][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1000.703994][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 1000.711225][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1000.795201][ T2293] lo speed is unknown, defaulting to 1000 [ 1000.809346][ T2293] hsr0 speed is unknown, defaulting to 1000 [ 1000.844978][ T2139] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1001.351154][ T2139] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1001.363386][ T2293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8977'. [ 1001.520325][T24137] Bluetooth: hci0: command tx timeout [ 1001.582096][ T2139] veth0_vlan: entered promiscuous mode [ 1001.598602][ T2139] veth1_vlan: entered promiscuous mode [ 1001.710685][ T2139] veth0_macvtap: entered promiscuous mode [ 1001.748957][ T2139] veth1_macvtap: entered promiscuous mode [ 1001.813008][ T2139] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1001.836570][ T2317] FAULT_INJECTION: forcing a failure. [ 1001.836570][ T2317] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.848813][ T2139] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1001.862522][ T2317] CPU: 1 UID: 0 PID: 2317 Comm: syz.0.8984 Not tainted syzkaller #0 PREEMPT(full) [ 1001.862550][ T2317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1001.862570][ T2317] Call Trace: [ 1001.862580][ T2317] [ 1001.862589][ T2317] dump_stack_lvl+0xe8/0x150 [ 1001.862625][ T2317] should_fail_ex+0x412/0x560 [ 1001.862662][ T2317] should_failslab+0xa8/0x100 [ 1001.862691][ T2317] __kmalloc_noprof+0xe8/0x760 [ 1001.862716][ T2317] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1001.862745][ T2317] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1001.862779][ T2317] ? tomoyo_path_number_perm+0x219/0x630 [ 1001.862807][ T2317] tomoyo_path_number_perm+0x246/0x630 [ 1001.862838][ T2317] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1001.862870][ T2317] ? __lock_acquire+0x6b5/0x2cf0 [ 1001.862910][ T2317] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1001.862961][ T2317] ? __fget_files+0x2a/0x420 [ 1001.862984][ T2317] ? __fget_files+0x2a/0x420 [ 1001.863002][ T2317] ? __fget_files+0x3a0/0x420 [ 1001.863019][ T2317] ? __fget_files+0x2a/0x420 [ 1001.863043][ T2317] security_file_ioctl+0xc3/0x2a0 [ 1001.863073][ T2317] __se_sys_ioctl+0x47/0x170 [ 1001.863102][ T2317] do_syscall_64+0x14d/0xf80 [ 1001.863127][ T2317] ? trace_irq_disable+0x3b/0x150 [ 1001.863146][ T2317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.863168][ T2317] ? clear_bhb_loop+0x40/0x90 [ 1001.863193][ T2317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.863214][ T2317] RIP: 0033:0x7f5aa359c819 [ 1001.863234][ T2317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1001.863252][ T2317] RSP: 002b:00007f5aa449d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1001.863275][ T2317] RAX: ffffffffffffffda RBX: 00007f5aa3815fa0 RCX: 00007f5aa359c819 [ 1001.863290][ T2317] RDX: 0000200000000000 RSI: 00000000400448c9 RDI: 0000000000000004 [ 1001.863304][ T2317] RBP: 00007f5aa449d090 R08: 0000000000000000 R09: 0000000000000000 [ 1001.863316][ T2317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1001.863328][ T2317] R13: 00007f5aa3816038 R14: 00007f5aa3815fa0 R15: 00007ffd659ddec8 [ 1001.863364][ T2317] [ 1001.863373][ T2317] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1001.891060][ T2318] netlink: 84 bytes leftover after parsing attributes in process `syz.3.8985'. [ 1002.046130][ T2323] xt_TCPMSS: Only works on TCP SYN packets [ 1002.053842][T20854] net_ratelimit: 3 callbacks suppressed [ 1002.053864][T20854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.065000][ T2318] netlink: 84 bytes leftover after parsing attributes in process `syz.3.8985'. [ 1002.127158][ T6850] page_pool_release_retry() stalled pool shutdown: id 253, 1 inflight 60 sec [ 1002.137401][ T2318] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 1002.155108][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.163303][T16794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.171460][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.179711][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.187874][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.196362][T16786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.205783][T16786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.221651][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.233015][T16786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.250197][T16786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.268156][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.293825][ T2321] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1002.302705][ T2327] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8988'. [ 1002.312864][ T2327] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8988'. [ 1002.381810][T16811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1002.396782][T16811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1002.452091][ T2329] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8989'. [ 1002.463883][T16794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1002.475093][T16794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1002.670628][ T2345] netlink: 44 bytes leftover after parsing attributes in process `syz.4.8993'. [ 1003.034276][ T2352] lo speed is unknown, defaulting to 1000 [ 1003.042200][ T2352] hsr0 speed is unknown, defaulting to 1000 [ 1003.263300][ T2333] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8991'. [ 1003.601898][T24137] Bluetooth: hci0: command tx timeout [ 1003.660375][ T2388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1003.669690][ T2388] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1003.671367][ T2387] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9004'. [ 1003.679312][ T2388] netlink: 31 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1003.704403][ T2388] netlink: 'syz.0.9005': attribute type 3 has an invalid length. [ 1003.714065][ T2388] netlink: 'syz.0.9005': attribute type 2 has an invalid length. [ 1003.722770][ T2388] netlink: 31 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1003.734480][ T2388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9005'. [ 1003.792317][ T2392] syzkaller0: entered promiscuous mode [ 1003.797954][ T2392] syzkaller0: entered allmulticast mode [ 1003.899241][ T2397] Timeout policy `syz0' can only be used by L3 protocol number 25 [ 1004.024687][ T2394] lo speed is unknown, defaulting to 1000 [ 1004.070808][ T2394] hsr0 speed is unknown, defaulting to 1000 [ 1004.331937][ T2425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9018'. [ 1005.408818][T16794] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.462624][T16794] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.482950][T16794] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.496253][ T2453] Timeout policy `syz0' can only be used by L3 protocol number 25 [ 1005.509458][T16794] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.539678][T16794] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.556738][T16794] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.636838][T16794] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1005.645592][T16794] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.665532][ T2459] syzkaller0: entered promiscuous mode [ 1005.690626][ T2459] syzkaller0: entered allmulticast mode [ 1005.733468][ T2466] bond0: entered promiscuous mode [ 1005.738570][ T2466] bond_slave_0: entered promiscuous mode [ 1005.767812][ T2466] bond_slave_1: entered promiscuous mode [ 1005.777419][ T2466] batadv_slave_0: entered promiscuous mode [ 1005.784123][ T2466] batadv_slave_0: left promiscuous mode [ 1005.795237][ T2466] bond0: left promiscuous mode [ 1005.810353][ T2466] bond_slave_0: left promiscuous mode [ 1005.816076][ T2466] bond_slave_1: left promiscuous mode [ 1005.828250][ T2482] netlink: 'syz.0.9027': attribute type 3 has an invalid length. [ 1005.837182][ T2472] netlink: 'syz.2.9028': attribute type 1 has an invalid length. [ 1006.232196][ T2502] No such timeout policy "syz0" [ 1006.873654][ T2537] FAULT_INJECTION: forcing a failure. [ 1006.873654][ T2537] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.952550][ T2537] CPU: 1 UID: 0 PID: 2537 Comm: syz.1.9046 Not tainted syzkaller #0 PREEMPT(full) [ 1006.952580][ T2537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1006.952592][ T2537] Call Trace: [ 1006.952601][ T2537] [ 1006.952609][ T2537] dump_stack_lvl+0xe8/0x150 [ 1006.952643][ T2537] should_fail_ex+0x412/0x560 [ 1006.952680][ T2537] should_failslab+0xa8/0x100 [ 1006.952709][ T2537] __kmalloc_noprof+0xe8/0x760 [ 1006.952732][ T2537] ? tomoyo_encode+0x28b/0x550 [ 1006.952760][ T2537] tomoyo_encode+0x28b/0x550 [ 1006.952788][ T2537] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1006.952821][ T2537] ? tomoyo_path_number_perm+0x219/0x630 [ 1006.952850][ T2537] tomoyo_path_number_perm+0x246/0x630 [ 1006.952882][ T2537] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1006.952912][ T2537] ? __lock_acquire+0x6b5/0x2cf0 [ 1006.952951][ T2537] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1006.953002][ T2537] ? __fget_files+0x2a/0x420 [ 1006.953024][ T2537] ? __fget_files+0x2a/0x420 [ 1006.953042][ T2537] ? __fget_files+0x3a0/0x420 [ 1006.953059][ T2537] ? __fget_files+0x2a/0x420 [ 1006.953082][ T2537] security_file_ioctl+0xc3/0x2a0 [ 1006.953110][ T2537] __se_sys_ioctl+0x47/0x170 [ 1006.953138][ T2537] do_syscall_64+0x14d/0xf80 [ 1006.953162][ T2537] ? trace_irq_disable+0x3b/0x150 [ 1006.953181][ T2537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.953202][ T2537] ? clear_bhb_loop+0x40/0x90 [ 1006.953227][ T2537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.953248][ T2537] RIP: 0033:0x7fdc13b9c819 [ 1006.953267][ T2537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1006.953283][ T2537] RSP: 002b:00007fdc149ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1006.953306][ T2537] RAX: ffffffffffffffda RBX: 00007fdc13e15fa0 RCX: 00007fdc13b9c819 [ 1006.953330][ T2537] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 1006.953344][ T2537] RBP: 00007fdc149ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1006.953356][ T2537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1006.953368][ T2537] R13: 00007fdc13e16038 R14: 00007fdc13e15fa0 R15: 00007ffccd6a34a8 [ 1006.953403][ T2537] [ 1006.953426][ T2537] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1007.362127][ T2547] FAULT_INJECTION: forcing a failure. [ 1007.362127][ T2547] name failslab, interval 1, probability 0, space 0, times 0 [ 1007.403032][ T2547] CPU: 0 UID: 0 PID: 2547 Comm: syz.0.9051 Not tainted syzkaller #0 PREEMPT(full) [ 1007.403061][ T2547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1007.403073][ T2547] Call Trace: [ 1007.403082][ T2547] [ 1007.403092][ T2547] dump_stack_lvl+0xe8/0x150 [ 1007.403126][ T2547] should_fail_ex+0x412/0x560 [ 1007.403162][ T2547] should_failslab+0xa8/0x100 [ 1007.403191][ T2547] __kmalloc_noprof+0xe8/0x760 [ 1007.403213][ T2547] ? tomoyo_encode+0x28b/0x550 [ 1007.403241][ T2547] tomoyo_encode+0x28b/0x550 [ 1007.403269][ T2547] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1007.403302][ T2547] ? tomoyo_path_number_perm+0x219/0x630 [ 1007.403330][ T2547] tomoyo_path_number_perm+0x246/0x630 [ 1007.403361][ T2547] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1007.403393][ T2547] ? __lock_acquire+0x6b5/0x2cf0 [ 1007.403431][ T2547] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1007.403489][ T2547] ? __fget_files+0x2a/0x420 [ 1007.403511][ T2547] ? __fget_files+0x2a/0x420 [ 1007.403528][ T2547] ? __fget_files+0x3a0/0x420 [ 1007.403544][ T2547] ? __fget_files+0x2a/0x420 [ 1007.403567][ T2547] security_file_ioctl+0xc3/0x2a0 [ 1007.403596][ T2547] __se_sys_ioctl+0x47/0x170 [ 1007.403623][ T2547] do_syscall_64+0x14d/0xf80 [ 1007.403648][ T2547] ? trace_irq_disable+0x3b/0x150 [ 1007.403665][ T2547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.403685][ T2547] ? clear_bhb_loop+0x40/0x90 [ 1007.403710][ T2547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.403731][ T2547] RIP: 0033:0x7f5aa359c819 [ 1007.403750][ T2547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1007.403767][ T2547] RSP: 002b:00007f5aa449d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1007.403790][ T2547] RAX: ffffffffffffffda RBX: 00007f5aa3815fa0 RCX: 00007f5aa359c819 [ 1007.403805][ T2547] RDX: 0000200000000000 RSI: 00000000400448c9 RDI: 0000000000000004 [ 1007.403819][ T2547] RBP: 00007f5aa449d090 R08: 0000000000000000 R09: 0000000000000000 [ 1007.403831][ T2547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1007.403844][ T2547] R13: 00007f5aa3816038 R14: 00007f5aa3815fa0 R15: 00007ffd659ddec8 [ 1007.403878][ T2547] [ 1007.404508][ T2547] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1007.647665][ T2552] No such timeout policy "syz0" [ 1007.723515][T18750] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1007.740727][T18750] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1007.761968][T18750] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1007.793113][T18750] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1007.803356][ T2562] syzkaller0: entered promiscuous mode [ 1007.809070][ T2562] syzkaller0: entered allmulticast mode [ 1007.816690][T18750] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1007.892328][ T2564] __nla_validate_parse: 10 callbacks suppressed [ 1007.892351][ T2564] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9054'. [ 1007.934233][ T2555] lo speed is unknown, defaulting to 1000 [ 1007.952941][ T2555] hsr0 speed is unknown, defaulting to 1000 [ 1008.229425][ T2571] smc: net device wlan0 erased user defined pnetid SYZ0 [ 1008.262986][ T137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1008.300256][ T137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.305019][ T2573] net_ratelimit: 27 callbacks suppressed [ 1008.305038][ T2573] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1008.377175][ T2573] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9058'. [ 1008.494690][ T137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1008.528734][ T137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.598977][ T2573] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9058'. [ 1008.702205][ T137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1008.730105][ T137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.878421][ T137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1008.910389][ T137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.003686][ T2555] chnl_net:caif_netlink_parms(): no params data found [ 1009.045878][ T2602] No such timeout policy "syz0" [ 1009.176926][ T2605] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9063'. [ 1009.296134][ T2605] vlan2: entered promiscuous mode [ 1009.340662][ T2605] veth0: entered promiscuous mode [ 1009.350340][ T2616] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9066'. [ 1009.461375][ T2619] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9067'. [ 1009.536788][ T2619] xt_hashlimit: size too large, truncated to 1048576 [ 1009.565156][ T2619] xt_hashlimit: max too large, truncated to 1048576 [ 1009.629143][ T2555] bridge0: port 1(bridge_slave_0) entered blocking state [ 1009.662832][ T2555] bridge0: port 1(bridge_slave_0) entered disabled state [ 1009.680538][ T2555] bridge_slave_0: entered allmulticast mode [ 1009.705061][ T2555] bridge_slave_0: entered promiscuous mode [ 1009.749110][ T2555] bridge0: port 2(bridge_slave_1) entered blocking state [ 1009.763811][ T2555] bridge0: port 2(bridge_slave_1) entered disabled state [ 1009.795336][ T2555] bridge_slave_1: entered allmulticast mode [ 1009.817767][ T2555] bridge_slave_1: entered promiscuous mode [ 1009.840634][T24137] Bluetooth: hci3: command tx timeout [ 1009.899129][ T2634] netlink: 68 bytes leftover after parsing attributes in process `syz.1.9071'. [ 1009.996964][ T2555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1010.046147][ T2555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1010.107901][ T137] erspan0: left allmulticast mode [ 1010.116300][ T137] erspan0: left promiscuous mode [ 1010.126641][ T137] bridge6: port 1(erspan0) entered disabled state [ 1010.146531][ T137] dvmrp8: left allmulticast mode [ 1010.153668][ T137] pimreg9: left allmulticast mode [ 1010.252945][ T2646] No such timeout policy "syz0" [ 1010.955820][ T2666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9077'. [ 1011.289279][ T137] bond0 (unregistering): Released all slaves [ 1011.307497][ T137] bond1 (unregistering): Released all slaves [ 1011.331253][ T137] bond2 (unregistering): Released all slaves [ 1011.366012][ T137] bond3 (unregistering): Released all slaves [ 1011.544924][ T2669] lo speed is unknown, defaulting to 1000 [ 1011.566139][ T2555] team0: Port device team_slave_0 added [ 1011.589005][ T2669] hsr0 speed is unknown, defaulting to 1000 [ 1011.602712][ T2555] team0: Port device team_slave_1 added [ 1011.608446][ T137] tipc: Left network mode [ 1011.774356][ T2555] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1011.814029][ T2555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1011.843556][ T2691] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 1011.852631][ T2555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1011.920119][T24137] Bluetooth: hci3: command tx timeout [ 1011.984941][ T2555] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1012.007217][ T2555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1012.219667][ T2555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1012.539061][ T2555] hsr_slave_0: entered promiscuous mode [ 1012.562231][ T2555] hsr_slave_1: entered promiscuous mode [ 1012.568826][ T2555] debugfs: 'hsr0' already exists in 'hsr' [ 1012.596243][ T2555] Cannot create hsr debugfs directory [ 1012.602767][ T2709] Timeout policy `syz0' can only be used by L3 protocol number 25 [ 1012.839737][ T2715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9085'. [ 1012.840882][ T2716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9087'. [ 1012.955979][ T2715] bond1: option downdelay: invalid value (18446744073709547007) [ 1012.964102][ T2715] bond1: option downdelay: allowed values 0 - 2147483647 [ 1012.977689][ T2715] bond1 (unregistering): Released all slaves [ 1013.260610][ T2733] netlink: 'syz.2.9088': attribute type 4 has an invalid length. [ 1013.567196][ T2755] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9093'. [ 1013.577604][ T137] hsr_slave_0: left promiscuous mode [ 1013.598443][ T137] hsr_slave_1: left promiscuous mode [ 1013.627590][ T137] vlan1: left promiscuous mode [ 1013.669180][ T137] team0 (unregistering): Port device macvlan2 removed [ 1013.751715][ T2759] netlink: 'syz.4.9095': attribute type 8 has an invalid length. [ 1014.001251][T24137] Bluetooth: hci3: command tx timeout [ 1014.007235][ T2764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9097'. [ 1014.024331][ T137] smc: removing net device hsr0 with user defined pnetid SYZ2 [ 1014.367233][ T797] lo speed is unknown, defaulting to 1000 [ 1014.408331][ T797] infiniband syz2: ib_query_port failed (-19) [ 1014.631704][ T2786] FAULT_INJECTION: forcing a failure. [ 1014.631704][ T2786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1014.658317][ T2786] CPU: 0 UID: 0 PID: 2786 Comm: syz.4.9101 Not tainted syzkaller #0 PREEMPT(full) [ 1014.658347][ T2786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1014.658359][ T2786] Call Trace: [ 1014.658368][ T2786] [ 1014.658376][ T2786] dump_stack_lvl+0xe8/0x150 [ 1014.658411][ T2786] should_fail_ex+0x412/0x560 [ 1014.658457][ T2786] _copy_from_user+0x2d/0xb0 [ 1014.658484][ T2786] nr_rt_ioctl+0x966/0xf90 [ 1014.658515][ T2786] ? kasan_quarantine_put+0xbb/0x1f0 [ 1014.658538][ T2786] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1014.658570][ T2786] ? apparmor_capable+0x126/0x170 [ 1014.658603][ T2786] ? capable+0x88/0xe0 [ 1014.658630][ T2786] ? nr_ioctl+0x1b1/0x3b0 [ 1014.658661][ T2786] sock_do_ioctl+0x101/0x320 [ 1014.658685][ T2786] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1014.658702][ T2786] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1014.658747][ T2786] sock_ioctl+0x5c6/0x7f0 [ 1014.658770][ T2786] ? __pfx_sock_ioctl+0x10/0x10 [ 1014.658790][ T2786] ? __fget_files+0x2a/0x420 [ 1014.658808][ T2786] ? __fget_files+0x3a0/0x420 [ 1014.658826][ T2786] ? __fget_files+0x2a/0x420 [ 1014.658848][ T2786] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1014.658876][ T2786] ? __pfx_sock_ioctl+0x10/0x10 [ 1014.658895][ T2786] __se_sys_ioctl+0xfc/0x170 [ 1014.658923][ T2786] do_syscall_64+0x14d/0xf80 [ 1014.658947][ T2786] ? trace_irq_disable+0x3b/0x150 [ 1014.658965][ T2786] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1014.658985][ T2786] ? clear_bhb_loop+0x40/0x90 [ 1014.659010][ T2786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1014.659030][ T2786] RIP: 0033:0x7fe27b19c819 [ 1014.659050][ T2786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1014.659068][ T2786] RSP: 002b:00007fe27bfe3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1014.659090][ T2786] RAX: ffffffffffffffda RBX: 00007fe27b415fa0 RCX: 00007fe27b19c819 [ 1014.659105][ T2786] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 1014.659119][ T2786] RBP: 00007fe27bfe3090 R08: 0000000000000000 R09: 0000000000000000 [ 1014.659132][ T2786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1014.659146][ T2786] R13: 00007fe27b416038 R14: 00007fe27b415fa0 R15: 00007ffcdfbe2108 [ 1014.659178][ T2786] [ 1015.078274][ T2796] Bluetooth: MGMT ver 1.23 [ 1015.231206][ T2808] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9104'. [ 1015.314745][ T2812] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9107'. [ 1015.761172][ T2842] netlink: 'syz.2.9111': attribute type 1 has an invalid length. [ 1016.082132][ T2842] bond6: entered promiscuous mode [ 1016.087383][ T2842] bond6: entered allmulticast mode [ 1016.093770][T24137] Bluetooth: hci3: command tx timeout [ 1016.100316][ T2842] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1016.113031][ T137] IPVS: stop unused estimator thread 0... [ 1016.119749][ T2843] syzkaller1: entered promiscuous mode [ 1016.125405][ T2843] syzkaller1: entered allmulticast mode [ 1016.258057][ T2857] sch_tbf: burst 0 is lower than device tunl0 mtu (1480) ! [ 1016.593061][ T2867] netlink: 388 bytes leftover after parsing attributes in process `syz.4.9115'. [ 1016.682988][ T2555] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1016.745692][ T2555] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1016.755141][ T2880] netlink: 'syz.1.9116': attribute type 1 has an invalid length. [ 1016.763108][ T2880] netlink: 224 bytes leftover after parsing attributes in process `syz.1.9116'. [ 1016.802865][ T2555] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1016.835371][ T2555] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1016.866864][ T2884] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9119'. [ 1017.172656][ T2555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1017.184255][ T2902] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9121'. [ 1017.243379][ T2555] 8021q: adding VLAN 0 to HW filter on device team0 [ 1017.275488][T16794] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.282821][T16794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1017.404348][T16794] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.411577][T16794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1017.577246][ T2912] xt_policy: neither incoming nor outgoing policy selected [ 1017.747857][ T2925] FAULT_INJECTION: forcing a failure. [ 1017.747857][ T2925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1017.790162][ T2925] CPU: 1 UID: 0 PID: 2925 Comm: syz.1.9125 Not tainted syzkaller #0 PREEMPT(full) [ 1017.790196][ T2925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1017.790208][ T2925] Call Trace: [ 1017.790218][ T2925] [ 1017.790227][ T2925] dump_stack_lvl+0xe8/0x150 [ 1017.790260][ T2925] should_fail_ex+0x412/0x560 [ 1017.790293][ T2925] _copy_from_user+0x2d/0xb0 [ 1017.790318][ T2925] ___sys_recvmsg+0x175/0x590 [ 1017.790343][ T2925] ? __lock_acquire+0x6b5/0x2cf0 [ 1017.790372][ T2925] ? __pfx____sys_recvmsg+0x10/0x10 [ 1017.790435][ T2925] do_recvmmsg+0x334/0x800 [ 1017.790471][ T2925] ? __pfx_do_recvmmsg+0x10/0x10 [ 1017.790508][ T2925] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1017.790551][ T2925] __x64_sys_recvmmsg+0x198/0x250 [ 1017.790582][ T2925] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1017.790621][ T2925] do_syscall_64+0x14d/0xf80 [ 1017.790643][ T2925] ? trace_irq_disable+0x3b/0x150 [ 1017.790660][ T2925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.790680][ T2925] ? clear_bhb_loop+0x40/0x90 [ 1017.790704][ T2925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.790724][ T2925] RIP: 0033:0x7fdc13b9c819 [ 1017.790744][ T2925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1017.790762][ T2925] RSP: 002b:00007fdc11df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1017.790785][ T2925] RAX: ffffffffffffffda RBX: 00007fdc13e16180 RCX: 00007fdc13b9c819 [ 1017.790800][ T2925] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1017.790813][ T2925] RBP: 00007fdc11df6090 R08: 0000000000000000 R09: 0000000000000000 [ 1017.790826][ T2925] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1017.790838][ T2925] R13: 00007fdc13e16218 R14: 00007fdc13e16180 R15: 00007ffccd6a34a8 [ 1017.790870][ T2925] [ 1018.238926][ T2934] syzkaller0: entered promiscuous mode [ 1018.258243][ T2934] syzkaller0: entered allmulticast mode [ 1018.352675][ T2934] tipc: Enabled bearer , priority 0 [ 1018.368851][ T2555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1018.385735][ T2933] tipc: Resetting bearer [ 1018.414054][ T2933] tipc: Disabling bearer [ 1018.655697][ T2555] veth0_vlan: entered promiscuous mode [ 1018.693730][ T2555] veth1_vlan: entered promiscuous mode [ 1018.805187][ T2555] veth0_macvtap: entered promiscuous mode [ 1018.843250][ T2555] veth1_macvtap: entered promiscuous mode [ 1018.904484][ T2555] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1018.948686][ T2555] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1018.997050][T16811] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.027870][T16811] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.056768][T16811] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.110605][T16811] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.119739][ T2964] syzkaller0: entered promiscuous mode [ 1019.138557][ T2964] syzkaller0: entered allmulticast mode [ 1019.286824][ T2970] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9138'. [ 1019.374227][ T2973] syzkaller0: entered promiscuous mode [ 1019.380209][ T2973] syzkaller0: entered allmulticast mode [ 1019.546438][T16810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1019.558589][T16810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1019.687893][T16811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1019.702442][T16811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1020.286950][ T797] IPVS: starting estimator thread 0... [ 1020.397350][ T3010] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9148'. [ 1020.406697][ T3005] IPVS: using max 31 ests per chain, 74400 per kthread [ 1020.717142][T18750] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1020.732674][T18750] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1020.771473][T18750] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1020.789507][T18750] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1020.810309][T18750] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1021.507283][ T3047] FAULT_INJECTION: forcing a failure. [ 1021.507283][ T3047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1021.590308][ T3047] CPU: 0 UID: 0 PID: 3047 Comm: syz.0.9155 Not tainted syzkaller #0 PREEMPT(full) [ 1021.590337][ T3047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1021.590348][ T3047] Call Trace: [ 1021.590357][ T3047] [ 1021.590366][ T3047] dump_stack_lvl+0xe8/0x150 [ 1021.590400][ T3047] should_fail_ex+0x412/0x560 [ 1021.590434][ T3047] _copy_from_user+0x2d/0xb0 [ 1021.590459][ T3047] nr_rt_ioctl+0x966/0xf90 [ 1021.590476][ T3047] ? trace_irq_disable+0x3b/0x150 [ 1021.590503][ T3047] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1021.590532][ T3047] ? apparmor_capable+0x126/0x170 [ 1021.590563][ T3047] ? capable+0x88/0xe0 [ 1021.590588][ T3047] ? nr_ioctl+0x1b1/0x3b0 [ 1021.590616][ T3047] sock_do_ioctl+0x101/0x320 [ 1021.590637][ T3047] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1021.590654][ T3047] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1021.590696][ T3047] sock_ioctl+0x5c6/0x7f0 [ 1021.590716][ T3047] ? __pfx_sock_ioctl+0x10/0x10 [ 1021.590735][ T3047] ? __fget_files+0x2a/0x420 [ 1021.590753][ T3047] ? __fget_files+0x3a0/0x420 [ 1021.590769][ T3047] ? __fget_files+0x2a/0x420 [ 1021.590789][ T3047] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1021.590814][ T3047] ? __pfx_sock_ioctl+0x10/0x10 [ 1021.590832][ T3047] __se_sys_ioctl+0xfc/0x170 [ 1021.590858][ T3047] do_syscall_64+0x14d/0xf80 [ 1021.590883][ T3047] ? trace_irq_disable+0x3b/0x150 [ 1021.590898][ T3047] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.590918][ T3047] ? clear_bhb_loop+0x40/0x90 [ 1021.590940][ T3047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.590960][ T3047] RIP: 0033:0x7f5aa359c819 [ 1021.590978][ T3047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1021.590994][ T3047] RSP: 002b:00007f5aa449d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.591025][ T3047] RAX: ffffffffffffffda RBX: 00007f5aa3815fa0 RCX: 00007f5aa359c819 [ 1021.591038][ T3047] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 1021.591051][ T3047] RBP: 00007f5aa449d090 R08: 0000000000000000 R09: 0000000000000000 [ 1021.591063][ T3047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1021.591074][ T3047] R13: 00007f5aa3816038 R14: 00007f5aa3815fa0 R15: 00007ffd659ddec8 [ 1021.591105][ T3047] [ 1021.960392][ T3022] chnl_net:caif_netlink_parms(): no params data found [ 1022.208109][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 1022.216659][ T3022] bridge0: port 1(bridge_slave_0) entered disabled state [ 1022.224371][ T3022] bridge_slave_0: entered allmulticast mode [ 1022.233401][ T3022] bridge_slave_0: entered promiscuous mode [ 1022.246686][ T3022] bridge0: port 2(bridge_slave_1) entered blocking state [ 1022.254475][ T3022] bridge0: port 2(bridge_slave_1) entered disabled state [ 1022.264730][ T3022] bridge_slave_1: entered allmulticast mode [ 1022.273972][ T3022] bridge_slave_1: entered promiscuous mode [ 1022.333409][ T3022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1022.367848][ T3022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1022.486316][ T3022] team0: Port device team_slave_0 added [ 1022.507554][ T3022] team0: Port device team_slave_1 added [ 1022.631864][ T3022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1022.638964][ T3022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1022.687055][ T3022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1022.700715][ T3022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1022.707697][ T3022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1022.738359][ T3022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1022.816542][ T3022] hsr_slave_0: entered promiscuous mode [ 1022.827589][ T3022] hsr_slave_1: entered promiscuous mode [ 1022.834480][ T3022] debugfs: 'hsr0' already exists in 'hsr' [ 1022.841440][ T3022] Cannot create hsr debugfs directory [ 1022.884818][T18750] Bluetooth: hci4: command tx timeout [ 1023.278951][ T3022] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1023.289443][ T3022] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1023.299344][ T3022] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1023.309296][ T3022] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1023.377903][ T3022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1023.397501][ T3022] 8021q: adding VLAN 0 to HW filter on device team0 [ 1023.412250][T16810] bridge0: port 1(bridge_slave_0) entered blocking state [ 1023.419598][T16810] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1023.435120][T16797] bridge0: port 2(bridge_slave_1) entered blocking state [ 1023.442321][T16797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1023.609298][ T3022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1023.801869][ T3022] veth0_vlan: entered promiscuous mode [ 1023.813576][ T3022] veth1_vlan: entered promiscuous mode [ 1023.839871][ T3022] veth0_macvtap: entered promiscuous mode [ 1023.853076][ T3022] veth1_macvtap: entered promiscuous mode [ 1023.871800][ T3022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1023.888398][ T3022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1023.903297][T16794] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.912564][T16794] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.931557][T16794] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.941428][T16794] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.014866][T16786] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1024.022904][T16786] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1024.057270][T16794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1024.066137][T16794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1024.961789][T18750] Bluetooth: hci4: command tx timeout [ 1027.040886][T18750] Bluetooth: hci4: command tx timeout [ 1029.120822][T18750] Bluetooth: hci4: command tx timeout [ 1037.771894][ T7712] lec:lec_start_xmit: lec0:No lecd attached [ 1043.040177][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5270 ms [ 1043.048423][ C1] lec:lec_tx_timeout: lec0 [ 1054.643794][ T1302] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1054.653767][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1059.043856][ T3119] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9171'. [ 1059.539896][ T3141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9178'. [ 1059.665634][ T3145] netlink: 128 bytes leftover after parsing attributes in process `syz.2.9180'. [ 1059.743008][ T3124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9174'. [ 1059.820574][ T3152] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9183'. [ 1059.841015][ T3154] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9184'. [ 1059.933045][ T3156] gre0: entered promiscuous mode [ 1059.938256][ T3156] gre0: entered allmulticast mode [ 1060.002556][ T3162] geneve2: entered promiscuous mode [ 1060.080032][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5430 ms [ 1060.088142][ C1] lec:lec_tx_timeout: lec0 [ 1060.180389][ T3154] syzkaller0: entered promiscuous mode [ 1060.186112][ T3154] syzkaller0: entered allmulticast mode [ 1060.221865][ T3154] netlink: 576 bytes leftover after parsing attributes in process `syz.3.9184'. [ 1060.405310][ T3173] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9192'. [ 1060.445435][ T3175] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9191'. [ 1060.597753][T24137] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1060.625311][T24137] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1060.657220][T24137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1060.667405][T24137] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1060.676263][T24137] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1061.326861][ T3208] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.9199'. [ 1061.336324][ T3208] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1061.486205][ T3196] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.493911][ T3196] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.798140][ T3196] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1061.822729][ T3196] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1062.235458][ T3194] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1062.238925][ T3203] veth0: entered promiscuous mode [ 1062.264197][ T3204] veth0: left promiscuous mode [ 1062.319678][T16797] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.346399][T16797] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.360273][T16797] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.409645][T16797] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.731742][T18750] Bluetooth: hci5: command tx timeout [ 1062.928819][ T3243] netlink: 'syz.1.9207': attribute type 1 has an invalid length. [ 1062.949564][ T3178] chnl_net:caif_netlink_parms(): no params data found [ 1063.246672][ T3259] veth0: entered promiscuous mode [ 1063.257359][ T3178] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.274701][ T3178] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.283271][ T3178] bridge_slave_0: entered allmulticast mode [ 1063.293830][ T3178] bridge_slave_0: entered promiscuous mode [ 1063.326125][ T3259] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1063.335898][ T3259] veth0: left promiscuous mode [ 1063.356308][ T3178] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.368773][ T3178] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.376265][ T3178] bridge_slave_1: entered allmulticast mode [ 1063.384910][ T3178] bridge_slave_1: entered promiscuous mode [ 1063.447930][ T3268] syzkaller0: entered promiscuous mode [ 1063.453586][ T3268] syzkaller0: entered allmulticast mode [ 1064.810254][T18750] Bluetooth: hci5: command tx timeout [ 1065.506919][ T3178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1065.566432][ T3178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1065.642078][ T3178] team0: Port device team_slave_0 added [ 1065.687437][ T3178] team0: Port device team_slave_1 added [ 1065.764299][ T3178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1065.772917][ T3178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1065.800438][ T3178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1065.817358][ T3178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1065.824827][ T3178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1065.852553][ T3178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1065.944780][ T3298] __nla_validate_parse: 8 callbacks suppressed [ 1065.944802][ T3298] netlink: 80 bytes leftover after parsing attributes in process `syz.3.9222'. [ 1065.961656][ T3298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9222'. [ 1066.007642][ T3178] hsr_slave_0: entered promiscuous mode [ 1066.018546][ T3178] hsr_slave_1: entered promiscuous mode [ 1066.023710][ T3301] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9224'. [ 1066.025319][ T3178] debugfs: 'hsr0' already exists in 'hsr' [ 1066.039216][ T3178] Cannot create hsr debugfs directory [ 1066.111936][ T3303] veth0_to_hsr: Caught tx_queue_len zero misconfig [ 1066.118648][ T3303] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9225'. [ 1066.302295][ T3308] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9227'. [ 1066.644496][ T3320] veth0: entered promiscuous mode [ 1066.775320][ T3320] netlink: 2724 bytes leftover after parsing attributes in process `syz.3.9231'. [ 1066.790338][ T3320] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1066.833089][ T3320] veth0: left promiscuous mode [ 1066.880256][T18750] Bluetooth: hci5: command tx timeout [ 1067.241351][ T3344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9237'. [ 1067.281578][ T3345] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9238'. [ 1067.449426][ T3344] ip6tnl1: entered promiscuous mode [ 1067.618701][ T3178] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1067.669268][ T3178] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1067.756563][ T3178] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1067.813301][ T3178] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1068.309144][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1068.382121][ T3178] 8021q: adding VLAN 0 to HW filter on device team0 [ 1068.417441][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.424783][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1068.504608][T16786] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.511849][T16786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1068.528048][ T3386] syzkaller0: entered promiscuous mode [ 1068.539760][ T3386] syzkaller0: entered allmulticast mode [ 1068.852955][ T3388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9250'. [ 1068.906562][ T3388] team0 (unregistering): Port device team_slave_0 removed [ 1068.933682][ T3388] team0 (unregistering): Port device team_slave_1 removed [ 1068.960732][T18750] Bluetooth: hci5: command tx timeout [ 1068.974285][ T3411] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9255'. [ 1069.122762][ T3417] bond1: option ad_user_port_key: invalid value (65535) [ 1069.129787][ T3417] bond1: option ad_user_port_key: allowed values 0 - 1023 [ 1069.140635][ T3417] bond1 (unregistering): Released all slaves [ 1069.235459][ T3426] lo: Caught tx_queue_len zero misconfig [ 1069.297118][ T3178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1069.337319][ T3430] FAULT_INJECTION: forcing a failure. [ 1069.337319][ T3430] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.350116][ T3430] CPU: 1 UID: 0 PID: 3430 Comm: syz.4.9260 Not tainted syzkaller #0 PREEMPT(full) [ 1069.350144][ T3430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1069.350157][ T3430] Call Trace: [ 1069.350166][ T3430] [ 1069.350175][ T3430] dump_stack_lvl+0xe8/0x150 [ 1069.350211][ T3430] should_fail_ex+0x412/0x560 [ 1069.350247][ T3430] should_failslab+0xa8/0x100 [ 1069.350275][ T3430] kmem_cache_alloc_bulk_noprof+0x8d/0x7e0 [ 1069.350301][ T3430] ? pfn_valid+0x125/0x4c0 [ 1069.350336][ T3430] bpf_test_run_xdp_live+0x179c/0x1cf0 [ 1069.350381][ T3430] ? bpf_test_run_xdp_live+0x438/0x1cf0 [ 1069.350414][ T3430] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 1069.350457][ T3430] ? 0xffffffffa0201a58 [ 1069.350502][ T3430] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1069.350535][ T3430] ? _copy_from_user+0x94/0xb0 [ 1069.350559][ T3430] ? bpf_test_init+0x113/0x150 [ 1069.350577][ T3430] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1069.350602][ T3430] bpf_prog_test_run_xdp+0x81c/0x1160 [ 1069.350642][ T3430] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1069.350669][ T3430] ? __fget_files+0x2a/0x420 [ 1069.350703][ T3430] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1069.350727][ T3430] bpf_prog_test_run+0x2c7/0x340 [ 1069.350752][ T3430] __sys_bpf+0x643/0x950 [ 1069.350774][ T3430] ? __pfx___sys_bpf+0x10/0x10 [ 1069.350820][ T3430] ? ksys_write+0x242/0x270 [ 1069.350846][ T3430] ? __pfx_ksys_write+0x10/0x10 [ 1069.350877][ T3430] __x64_sys_bpf+0x7c/0x90 [ 1069.350906][ T3430] do_syscall_64+0x14d/0xf80 [ 1069.350931][ T3430] ? trace_irq_disable+0x3b/0x150 [ 1069.350949][ T3430] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1069.350969][ T3430] ? clear_bhb_loop+0x40/0x90 [ 1069.350994][ T3430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1069.351014][ T3430] RIP: 0033:0x7fd0a1d9c819 [ 1069.351033][ T3430] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1069.351050][ T3430] RSP: 002b:00007fd09ffee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1069.351072][ T3430] RAX: ffffffffffffffda RBX: 00007fd0a2015fa0 RCX: 00007fd0a1d9c819 [ 1069.351086][ T3430] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 1069.351099][ T3430] RBP: 00007fd09ffee090 R08: 0000000000000000 R09: 0000000000000000 [ 1069.351111][ T3430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1069.351123][ T3430] R13: 00007fd0a2016038 R14: 00007fd0a2015fa0 R15: 00007ffd1688a1b8 [ 1069.351156][ T3430] [ 1069.749920][ T3178] veth0_vlan: entered promiscuous mode [ 1069.772338][ T3178] veth1_vlan: entered promiscuous mode [ 1069.808513][ T3178] veth0_macvtap: entered promiscuous mode [ 1069.823735][ T3178] veth1_macvtap: entered promiscuous mode [ 1069.848690][ T3178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1069.865791][ T3178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1069.887120][ T137] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.938601][ T137] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.958112][ T137] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1070.035927][ T3448] vlan2: entered allmulticast mode [ 1070.041432][ T3448] bridge1: entered allmulticast mode [ 1070.047171][ T137] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1070.128840][ T3442] bridge1: port 1(erspan0) entered blocking state [ 1070.140280][ T3442] bridge1: port 1(erspan0) entered disabled state [ 1070.189748][ T3442] erspan0: entered allmulticast mode [ 1070.214509][ T3442] erspan0: entered promiscuous mode [ 1070.231767][ T3442] bridge1: port 1(erspan0) entered blocking state [ 1070.238365][ T3442] bridge1: port 1(erspan0) entered forwarding state [ 1070.360089][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1070.420122][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1070.637099][T16794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1070.670494][T16794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1070.929909][ T3482] xt_hashlimit: size too large, truncated to 1048576 [ 1070.968496][ T3482] xt_hashlimit: max too large, truncated to 1048576 [ 1071.337382][T24137] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1071.347502][T24137] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1071.356250][T24137] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1071.370735][T24137] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1071.378512][T24137] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1071.505998][ T3492] nbd: must specify an index to disconnect [ 1071.647214][ T3505] __nla_validate_parse: 3 callbacks suppressed [ 1071.647237][ T3505] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9286'. [ 1071.704679][ T3509] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9287'. [ 1071.780112][ T3512] xfrm0: entered promiscuous mode [ 1071.785218][ T3512] xfrm0: entered allmulticast mode [ 1072.018979][ T3522] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9292'. [ 1072.147617][ T3527] netlink: 128 bytes leftover after parsing attributes in process `syz.4.9293'. [ 1072.245604][ T3493] chnl_net:caif_netlink_parms(): no params data found [ 1072.339783][ T3532] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9294'. [ 1072.363065][ T3532] Bluetooth: MGMT ver 1.23 [ 1072.494497][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.504150][ T3493] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.511895][ T3493] bridge_slave_0: entered allmulticast mode [ 1072.521300][ T3493] bridge_slave_0: entered promiscuous mode [ 1072.530716][ T3537] syzkaller0: entered promiscuous mode [ 1072.536638][ T3537] syzkaller0: entered allmulticast mode [ 1072.555442][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.563642][ T3493] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.571584][ T3493] bridge_slave_1: entered allmulticast mode [ 1072.580288][ T3493] bridge_slave_1: entered promiscuous mode [ 1072.642612][ T3493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1072.657725][ T3493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1072.709076][ T3493] team0: Port device team_slave_0 added [ 1072.719124][ T3493] team0: Port device team_slave_1 added [ 1072.764761][ T3493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1072.780458][ T3493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1072.815294][ T3493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1072.846993][ T3493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1072.890060][ T3493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1072.967287][ T3493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1073.078236][ T3493] hsr_slave_0: entered promiscuous mode [ 1073.085933][ T3493] hsr_slave_1: entered promiscuous mode [ 1073.093133][ T3493] debugfs: 'hsr0' already exists in 'hsr' [ 1073.099340][ T3493] Cannot create hsr debugfs directory [ 1073.369383][ T3550] syzkaller0: entered promiscuous mode [ 1073.377103][ T3550] syzkaller0: entered allmulticast mode [ 1073.440341][T18750] Bluetooth: hci1: command tx timeout [ 1073.906237][ T3562] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9301'. [ 1073.939254][ T3562] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9301'. [ 1073.960535][ T3562] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9301'. [ 1074.026350][ T3547] netlink: 48 bytes leftover after parsing attributes in process `syz.3.9298'. [ 1074.645840][ T3493] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1074.673728][ T3493] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1074.695995][ T3493] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1074.726129][ T3493] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1074.811537][ T3577] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9307'. [ 1074.916889][ T3577] vlan2: entered promiscuous mode [ 1075.098553][ T3583] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1075.188875][ T3586] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1075.198662][ T3586] bond1: (slave bond2): Enslaving as an active interface with an up link [ 1075.326226][ T3588] bond1 (unregistering): (slave bond2): Releasing backup interface [ 1075.401677][ T3588] bond1 (unregistering): Released all slaves [ 1075.520605][T18750] Bluetooth: hci1: command tx timeout [ 1075.934554][ T3493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1076.021967][ T3493] 8021q: adding VLAN 0 to HW filter on device team0 [ 1076.051734][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 1076.058897][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1076.096363][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 1076.103679][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1076.226699][ T3621] netlink: 'syz.4.9314': attribute type 1 has an invalid length. [ 1076.551276][ T3631] netlink: 'syz.1.9316': attribute type 3 has an invalid length. [ 1076.559883][ T3631] netlink: 'syz.1.9316': attribute type 2 has an invalid length. [ 1076.560911][ T3493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1076.699700][ T3517] Set syz1 is full, maxelem 65536 reached [ 1076.711143][ T3493] veth0_vlan: entered promiscuous mode [ 1076.746193][ T3493] veth1_vlan: entered promiscuous mode [ 1076.827747][ T3639] batadv_slave_1: entered promiscuous mode [ 1076.845125][ T3639] __nla_validate_parse: 10 callbacks suppressed [ 1076.845146][ T3639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9320'. [ 1076.878932][ T3639] batadv_slave_1 (unregistering): left promiscuous mode [ 1076.889871][ T3639] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1076.935487][ T3643] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9322'. [ 1076.941823][ T3493] veth0_macvtap: entered promiscuous mode [ 1076.956659][ T3493] veth1_macvtap: entered promiscuous mode [ 1076.992895][ T3493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1077.022575][ T3493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.052409][T16790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.061577][T16790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.084004][T16790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.094105][T16790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.171217][ T3650] vlan0: entered promiscuous mode [ 1077.177837][ T3652] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.9325'. [ 1077.212666][ T3652] FAULT_INJECTION: forcing a failure. [ 1077.212666][ T3652] name failslab, interval 1, probability 0, space 0, times 0 [ 1077.250895][ T3652] CPU: 0 UID: 0 PID: 3652 Comm: syz.3.9325 Not tainted syzkaller #0 PREEMPT(full) [ 1077.250924][ T3652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1077.250936][ T3652] Call Trace: [ 1077.250945][ T3652] [ 1077.250954][ T3652] dump_stack_lvl+0xe8/0x150 [ 1077.250988][ T3652] should_fail_ex+0x412/0x560 [ 1077.251025][ T3652] should_failslab+0xa8/0x100 [ 1077.251053][ T3652] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1077.251078][ T3652] ? __alloc_skb+0x1d0/0x7d0 [ 1077.251101][ T3652] ? __local_bh_enable_ip+0xd0/0x130 [ 1077.251133][ T3652] __alloc_skb+0x1d0/0x7d0 [ 1077.251157][ T3652] ? netlink_ack_tlv_len+0x6c/0x210 [ 1077.251183][ T3652] netlink_ack+0x146/0xa50 [ 1077.251202][ T3652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1077.251233][ T3652] ? __lock_acquire+0x6b5/0x2cf0 [ 1077.251270][ T3652] netlink_rcv_skb+0x2b6/0x4b0 [ 1077.251294][ T3652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1077.251323][ T3652] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1077.251365][ T3652] ? down_read+0x272/0x2e0 [ 1077.251392][ T3652] ? genl_rcv+0xd/0x40 [ 1077.251420][ T3652] genl_rcv+0x28/0x40 [ 1077.251445][ T3652] netlink_unicast+0x80f/0x9b0 [ 1077.251475][ T3652] ? __pfx_netlink_unicast+0x10/0x10 [ 1077.251498][ T3652] ? netlink_sendmsg+0x650/0xb40 [ 1077.251527][ T3652] ? skb_put+0x11b/0x210 [ 1077.251556][ T3652] netlink_sendmsg+0x813/0xb40 [ 1077.251589][ T3652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1077.251616][ T3652] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1077.251650][ T3652] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1077.251678][ T3652] ____sys_sendmsg+0x972/0x9f0 [ 1077.251715][ T3652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1077.251754][ T3652] ? import_iovec+0x73/0xa0 [ 1077.251782][ T3652] ___sys_sendmsg+0x2a5/0x360 [ 1077.251816][ T3652] ? __pfx____sys_sendmsg+0x10/0x10 [ 1077.251883][ T3652] ? __fget_files+0x2a/0x420 [ 1077.251901][ T3652] ? __fget_files+0x3a0/0x420 [ 1077.251938][ T3652] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1077.251969][ T3652] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1077.252008][ T3652] ? __pfx_ksys_write+0x10/0x10 [ 1077.252044][ T3652] do_syscall_64+0x14d/0xf80 [ 1077.252070][ T3652] ? trace_irq_disable+0x3b/0x150 [ 1077.252088][ T3652] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.252108][ T3652] ? clear_bhb_loop+0x40/0x90 [ 1077.252133][ T3652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.252154][ T3652] RIP: 0033:0x7f923cb9c819 [ 1077.252173][ T3652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1077.252191][ T3652] RSP: 002b:00007f923db1d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1077.252214][ T3652] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 1077.252229][ T3652] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1077.252242][ T3652] RBP: 00007f923db1d090 R08: 0000000000000000 R09: 0000000000000000 [ 1077.252254][ T3652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1077.252265][ T3652] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffeb98dada8 [ 1077.252299][ T3652] [ 1077.420552][ T3658] FAULT_INJECTION: forcing a failure. [ 1077.420552][ T3658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1077.465876][T16810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.481393][ T3658] CPU: 0 UID: 0 PID: 3658 Comm: syz.0.9329 Not tainted syzkaller #0 PREEMPT(full) [ 1077.481420][ T3658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1077.481431][ T3658] Call Trace: [ 1077.481440][ T3658] [ 1077.481448][ T3658] dump_stack_lvl+0xe8/0x150 [ 1077.481480][ T3658] should_fail_ex+0x412/0x560 [ 1077.481521][ T3658] _copy_from_user+0x2d/0xb0 [ 1077.481543][ T3658] ___sys_sendmsg+0x1c6/0x360 [ 1077.481573][ T3658] ? __pfx____sys_sendmsg+0x10/0x10 [ 1077.481643][ T3658] __sys_sendmmsg+0x27c/0x4e0 [ 1077.481671][ T3658] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1077.481692][ T3658] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1077.481739][ T3658] ? ksys_write+0x242/0x270 [ 1077.481761][ T3658] ? __pfx_ksys_write+0x10/0x10 [ 1077.481788][ T3658] __x64_sys_sendmmsg+0xa0/0xc0 [ 1077.481813][ T3658] do_syscall_64+0x14d/0xf80 [ 1077.481835][ T3658] ? trace_irq_disable+0x3b/0x150 [ 1077.481850][ T3658] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.481867][ T3658] ? clear_bhb_loop+0x40/0x90 [ 1077.481888][ T3658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.481906][ T3658] RIP: 0033:0x7fe64d59c819 [ 1077.481924][ T3658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1077.481939][ T3658] RSP: 002b:00007fe64e433028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1077.481959][ T3658] RAX: ffffffffffffffda RBX: 00007fe64d815fa0 RCX: 00007fe64d59c819 [ 1077.481972][ T3658] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 1077.481984][ T3658] RBP: 00007fe64e433090 R08: 0000000000000000 R09: 0000000000000000 [ 1077.481994][ T3658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1077.482005][ T3658] R13: 00007fe64d816038 R14: 00007fe64d815fa0 R15: 00007ffe1ade6008 [ 1077.482033][ T3658] [ 1077.520323][ T3657] netlink: 84 bytes leftover after parsing attributes in process `syz.1.9327'. [ 1077.537898][T16810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.570864][ T3657] netlink: 84 bytes leftover after parsing attributes in process `syz.1.9327'. [ 1077.610735][ T3661] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9328'. [ 1077.617796][T18750] Bluetooth: hci1: command tx timeout [ 1077.770428][ T3663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9328'. [ 1077.948026][ T3673] netlink: 160 bytes leftover after parsing attributes in process `syz.1.9333'. [ 1078.026309][T16790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1078.047649][T16790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1078.088854][ T3679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9334'. [ 1078.130827][ T3683] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9337'. [ 1078.994201][ T3725] No such timeout policy "syz0" [ 1079.094356][ T3730] netlink: set zone limit has 4 unknown bytes [ 1079.147385][ T3731] ipvlan2: entered promiscuous mode [ 1079.159531][ T3731] ipvlan2: entered allmulticast mode [ 1079.168505][ T3730] netlink: 'syz.1.9354': attribute type 3 has an invalid length. [ 1079.179222][ T3731] team0: entered allmulticast mode [ 1079.188289][ T3731] team_slave_0: entered allmulticast mode [ 1079.195307][ T3731] team_slave_1: entered allmulticast mode [ 1079.202441][ T3731] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1079.211223][ T3731] team0: Device ipvlan2 is already an upper device of the team interface [ 1079.710760][T18750] Bluetooth: hci1: command tx timeout [ 1080.207269][ T3770] IPv6: Can't replace route, no match found [ 1080.221536][ T3772] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1080.401987][ T3774] syzkaller0: entered promiscuous mode [ 1080.428086][ T3774] syzkaller0: entered allmulticast mode [ 1080.681357][ T3789] FAULT_INJECTION: forcing a failure. [ 1080.681357][ T3789] name failslab, interval 1, probability 0, space 0, times 0 [ 1080.710992][ T3789] CPU: 1 UID: 0 PID: 3789 Comm: syz.3.9380 Not tainted syzkaller #0 PREEMPT(full) [ 1080.711020][ T3789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1080.711032][ T3789] Call Trace: [ 1080.711040][ T3789] [ 1080.711049][ T3789] dump_stack_lvl+0xe8/0x150 [ 1080.711083][ T3789] should_fail_ex+0x412/0x560 [ 1080.711114][ T3789] should_failslab+0xa8/0x100 [ 1080.711137][ T3789] ? skb_clone+0x212/0x3a0 [ 1080.711163][ T3789] kmem_cache_alloc_noprof+0x87/0x650 [ 1080.711182][ T3789] ? apparmor_capable+0x126/0x170 [ 1080.711212][ T3789] skb_clone+0x212/0x3a0 [ 1080.711233][ T3789] ? nfnetlink_rcv+0x4b0/0x27b0 [ 1080.711253][ T3789] nfnetlink_rcv+0x4e2/0x27b0 [ 1080.711285][ T3789] ? lockdep_hardirqs_on+0x7a/0x110 [ 1080.711308][ T3789] ? __dev_queue_xmit+0x28b/0x3870 [ 1080.711332][ T3789] ? __local_bh_enable_ip+0xd0/0x130 [ 1080.711358][ T3789] ? __dev_queue_xmit+0x1efe/0x3870 [ 1080.711380][ T3789] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.711411][ T3789] ? __dev_queue_xmit+0x28b/0x3870 [ 1080.711437][ T3789] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1080.711483][ T3789] ? ref_tracker_free+0x693/0x840 [ 1080.711501][ T3789] ? __copy_skb_header+0xa3/0x4a0 [ 1080.711527][ T3789] ? __pfx_ref_tracker_free+0x10/0x10 [ 1080.711562][ T3789] ? skb_clone+0x246/0x3a0 [ 1080.711590][ T3789] ? __netlink_deliver_tap+0x807/0x850 [ 1080.711611][ T3789] ? netlink_deliver_tap+0x2e/0x1b0 [ 1080.711649][ T3789] netlink_unicast+0x80f/0x9b0 [ 1080.711676][ T3789] ? __pfx_netlink_unicast+0x10/0x10 [ 1080.711698][ T3789] ? netlink_sendmsg+0x650/0xb40 [ 1080.711717][ T3789] ? skb_put+0x11b/0x210 [ 1080.711742][ T3789] netlink_sendmsg+0x813/0xb40 [ 1080.711772][ T3789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1080.711797][ T3789] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1080.711828][ T3789] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1080.711855][ T3789] ____sys_sendmsg+0x972/0x9f0 [ 1080.711892][ T3789] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1080.711928][ T3789] ? import_iovec+0x73/0xa0 [ 1080.711955][ T3789] ___sys_sendmsg+0x2a5/0x360 [ 1080.711989][ T3789] ? __pfx____sys_sendmsg+0x10/0x10 [ 1080.712046][ T3789] ? __fget_files+0x2a/0x420 [ 1080.712065][ T3789] ? __fget_files+0x3a0/0x420 [ 1080.712093][ T3789] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1080.712123][ T3789] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1080.712158][ T3789] ? __pfx_ksys_write+0x10/0x10 [ 1080.712194][ T3789] do_syscall_64+0x14d/0xf80 [ 1080.712217][ T3789] ? trace_irq_disable+0x3b/0x150 [ 1080.712232][ T3789] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.712251][ T3789] ? clear_bhb_loop+0x40/0x90 [ 1080.712274][ T3789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.712292][ T3789] RIP: 0033:0x7f923cb9c819 [ 1080.712311][ T3789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1080.712327][ T3789] RSP: 002b:00007f923db1d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1080.712350][ T3789] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 1080.712365][ T3789] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 1080.712378][ T3789] RBP: 00007f923db1d090 R08: 0000000000000000 R09: 0000000000000000 [ 1080.712391][ T3789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1080.712402][ T3789] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffeb98dada8 [ 1080.712433][ T3789] [ 1083.252911][ T3803] syzkaller0: entered promiscuous mode [ 1083.258590][ T3803] syzkaller0: entered allmulticast mode [ 1083.343325][ T3814] __nla_validate_parse: 4 callbacks suppressed [ 1083.343347][ T3814] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9383'. [ 1083.559242][ T3824] veth0: entered promiscuous mode [ 1083.589280][ T3822] x_tables: duplicate underflow at hook 1 [ 1083.603120][ T3824] netlink: 2948 bytes leftover after parsing attributes in process `syz.4.9389'. [ 1083.620139][ T3824] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1083.641377][ T3824] veth0: left promiscuous mode [ 1083.706171][ T3831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9392'. [ 1083.727780][ T3834] netlink: 'syz.3.9393': attribute type 21 has an invalid length. [ 1083.736308][ T3834] netlink: 128 bytes leftover after parsing attributes in process `syz.3.9393'. [ 1083.757449][ T3834] netlink: 'syz.3.9393': attribute type 4 has an invalid length. [ 1083.777828][ T3834] netlink: 3 bytes leftover after parsing attributes in process `syz.3.9393'. [ 1083.842897][ T3834] netlink: 'syz.3.9393': attribute type 1 has an invalid length. [ 1083.864034][ T3834] netlink: 224 bytes leftover after parsing attributes in process `syz.3.9393'. [ 1083.915355][ T3843] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9396'. [ 1083.976626][ T3834] bond1: option lacp_active: mode dependency failed, not supported in mode balance-alb(6) [ 1084.078348][ T3834] bond1 (unregistering): Released all slaves [ 1084.100466][ T3850] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9399'. [ 1084.163646][ T3852] netdevsim netdevsim2 ªªªªª»: renamed from netdevsim0 (while UP) [ 1084.336787][ T3852] bond2 (unregistering): Released all slaves [ 1084.433562][ T3862] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.9404'. [ 1084.458408][ T3861] syzkaller0: entered promiscuous mode [ 1084.464633][ T3861] syzkaller0: entered allmulticast mode [ 1084.771345][ T3866] sctp: [Deprecated]: syz.2.9406 (pid 3866) Use of int in max_burst socket option. [ 1084.771345][ T3866] Use struct sctp_assoc_value instead [ 1085.071097][ T3878] netlink: 'syz.3.9408': attribute type 39 has an invalid length. [ 1085.259176][ T3881] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9410'. [ 1085.853704][ T3904] syzkaller0: entered promiscuous mode [ 1085.879624][ T3904] syzkaller0: entered allmulticast mode [ 1086.427521][ T3841] Set syz1 is full, maxelem 65536 reached [ 1086.955534][ T3937] Bluetooth: MGMT ver 1.23 [ 1087.130271][ T3935] nbd6: detected capacity change from 0 to 63 [ 1087.147482][T18750] block nbd6: Receive control failed (result -104) [ 1087.157706][T24137] block nbd6: Receive control failed (result -32) [ 1087.423936][ T3946] vlan2: entered allmulticast mode [ 1087.429191][ T3946] bridge1: entered allmulticast mode [ 1087.478482][ T3946] bridge1: port 1(erspan0) entered blocking state [ 1087.507290][ T3946] bridge1: port 1(erspan0) entered disabled state [ 1087.530454][ T3946] erspan0: entered allmulticast mode [ 1087.550762][ T3946] erspan0: entered promiscuous mode [ 1087.733793][ T3947] syzkaller0: entered promiscuous mode [ 1087.749695][ T3947] syzkaller0: entered allmulticast mode [ 1087.872416][ T3973] No such timeout policy "syz0" [ 1088.415205][ T3996] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9 [ 1089.314301][ T4003] __nla_validate_parse: 9 callbacks suppressed [ 1089.314324][ T4003] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9453'. [ 1090.252070][ T4011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9455'. [ 1090.385590][ T4015] No such timeout policy "syz0" [ 1090.437033][ T4017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9459'. [ 1090.622346][ T4031] syzkaller0: entered promiscuous mode [ 1090.627995][ T4031] syzkaller0: entered allmulticast mode [ 1090.650571][ T4019] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9460'. [ 1090.674168][ T4034] netlink: set zone limit has 4 unknown bytes [ 1090.694790][ T4034] netlink: 'syz.2.9463': attribute type 3 has an invalid length. [ 1091.209568][ T4043] macsec1: entered promiscuous mode [ 1091.429586][ T4040] syzkaller0: entered promiscuous mode [ 1091.435354][ T4040] syzkaller0: entered allmulticast mode [ 1091.540443][ T4054] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1091.934588][ T4072] No such timeout policy "syz0" [ 1092.227408][ T4081] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9476'. [ 1092.301304][ T4084] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9478'. [ 1092.324296][ T4085] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9479'. [ 1092.432702][ T4087] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9480'. [ 1092.605328][ T4089] syzkaller0: entered promiscuous mode [ 1092.611191][ T4089] syzkaller0: entered allmulticast mode [ 1092.764374][ T4092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9482'. [ 1092.976097][ T4096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9484'. [ 1093.022938][ T4103] No such timeout policy "syz0" [ 1093.161192][ T4105] bond1: option downdelay: invalid value (18446744073709547007) [ 1093.178483][ T4105] bond1: option downdelay: allowed values 0 - 2147483647 [ 1093.250607][ T4105] bond1 (unregistering): Released all slaves [ 1093.504601][ T4117] netlink: 'syz.3.9491': attribute type 3 has an invalid length. [ 1093.520968][ T4117] netlink: 'syz.3.9491': attribute type 2 has an invalid length. [ 1093.663659][ T4121] sch_tbf: burst 0 is lower than device tunl0 mtu (1480) ! [ 1094.480968][ T4164] netlink: 'syz.1.9506': attribute type 1 has an invalid length. [ 1094.912538][ T4186] __nla_validate_parse: 8 callbacks suppressed [ 1094.912561][ T4186] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9511'. [ 1095.025857][ T4169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9505'. [ 1095.092320][ T4197] xfrm0: entered promiscuous mode [ 1095.097431][ T4197] xfrm0: entered allmulticast mode [ 1095.164318][ T4202] netlink: 128 bytes leftover after parsing attributes in process `syz.1.9516'. [ 1095.413744][ T4213] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9521'. [ 1095.546041][ T4220] vlan2: entered allmulticast mode [ 1095.564504][ T4220] bridge1: entered allmulticast mode [ 1095.609308][ T4213] bridge1: port 1(erspan0) entered blocking state [ 1095.625519][ T4228] netlink: 292 bytes leftover after parsing attributes in process `syz.3.9525'. [ 1095.646044][ T4213] bridge1: port 1(erspan0) entered disabled state [ 1095.669614][ T4213] erspan0: entered allmulticast mode [ 1095.702851][ T4213] erspan0: entered promiscuous mode [ 1095.709630][ T4213] bridge1: port 1(erspan0) entered blocking state [ 1095.716254][ T4213] bridge1: port 1(erspan0) entered forwarding state [ 1095.789321][ T4225] syzkaller1: entered promiscuous mode [ 1095.800617][ T4225] syzkaller1: entered allmulticast mode [ 1095.905094][ T4243] bridge_slave_0: left allmulticast mode [ 1095.927984][ T4243] bridge_slave_0: left promiscuous mode [ 1095.954247][ T4243] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.004044][ T4243] bridge_slave_1: left allmulticast mode [ 1096.021050][ T4243] bridge_slave_1: left promiscuous mode [ 1096.041982][ T4243] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.073943][ T4243] bond0: (slave bond_slave_0): Releasing backup interface [ 1096.257885][ T4243] bond0: (slave bond_slave_1): Releasing backup interface [ 1096.381862][ T4243] team0: Port device team_slave_0 removed [ 1096.443452][ T4243] team0: Port device team_slave_1 removed [ 1096.470657][ T4243] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1096.484134][ T4243] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1096.572877][ T4243] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1096.586730][ T4243] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1096.597651][ T4243] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1096.780174][ T4259] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9534'. [ 1096.849858][ T4262] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9535'. [ 1096.876358][ T4262] xt_hashlimit: size too large, truncated to 1048576 [ 1096.890097][ T4262] xt_hashlimit: max too large, truncated to 1048576 [ 1096.925220][ T4267] FAULT_INJECTION: forcing a failure. [ 1096.925220][ T4267] name failslab, interval 1, probability 0, space 0, times 0 [ 1096.940240][ T4267] CPU: 1 UID: 0 PID: 4267 Comm: syz.1.9538 Not tainted syzkaller #0 PREEMPT(full) [ 1096.940269][ T4267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1096.940281][ T4267] Call Trace: [ 1096.940290][ T4267] [ 1096.940299][ T4267] dump_stack_lvl+0xe8/0x150 [ 1096.940335][ T4267] should_fail_ex+0x412/0x560 [ 1096.940372][ T4267] should_failslab+0xa8/0x100 [ 1096.940400][ T4267] __kmalloc_noprof+0xe8/0x760 [ 1096.940423][ T4267] ? tomoyo_encode+0x28b/0x550 [ 1096.940451][ T4267] tomoyo_encode+0x28b/0x550 [ 1096.940478][ T4267] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1096.940511][ T4267] ? tomoyo_path_number_perm+0x219/0x630 [ 1096.940539][ T4267] tomoyo_path_number_perm+0x246/0x630 [ 1096.940570][ T4267] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1096.940600][ T4267] ? __lock_acquire+0x6b5/0x2cf0 [ 1096.940637][ T4267] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1096.940685][ T4267] ? __fget_files+0x2a/0x420 [ 1096.940708][ T4267] ? __fget_files+0x2a/0x420 [ 1096.940725][ T4267] ? __fget_files+0x3a0/0x420 [ 1096.940741][ T4267] ? __fget_files+0x2a/0x420 [ 1096.940762][ T4267] security_file_ioctl+0xc3/0x2a0 [ 1096.940791][ T4267] __se_sys_ioctl+0x47/0x170 [ 1096.940819][ T4267] do_syscall_64+0x14d/0xf80 [ 1096.940843][ T4267] ? trace_irq_disable+0x3b/0x150 [ 1096.940861][ T4267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1096.940882][ T4267] ? clear_bhb_loop+0x40/0x90 [ 1096.940906][ T4267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1096.940926][ T4267] RIP: 0033:0x7fdc13b9c819 [ 1096.940945][ T4267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1096.940961][ T4267] RSP: 002b:00007fdc149ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1096.940985][ T4267] RAX: ffffffffffffffda RBX: 00007fdc13e15fa0 RCX: 00007fdc13b9c819 [ 1096.941008][ T4267] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 1096.941021][ T4267] RBP: 00007fdc149ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1096.941032][ T4267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1096.941042][ T4267] R13: 00007fdc13e16038 R14: 00007fdc13e15fa0 R15: 00007ffccd6a34a8 [ 1096.941063][ T4267] [ 1096.941079][ T4267] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1097.260736][ T4274] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9540'. [ 1097.460412][ T4285] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input10 [ 1097.515147][ T4286] FAULT_INJECTION: forcing a failure. [ 1097.515147][ T4286] name failslab, interval 1, probability 0, space 0, times 0 [ 1097.558858][ T4286] CPU: 0 UID: 0 PID: 4286 Comm: syz.4.9544 Not tainted syzkaller #0 PREEMPT(full) [ 1097.558885][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1097.558897][ T4286] Call Trace: [ 1097.558906][ T4286] [ 1097.558915][ T4286] dump_stack_lvl+0xe8/0x150 [ 1097.558949][ T4286] should_fail_ex+0x412/0x560 [ 1097.558983][ T4286] should_failslab+0xa8/0x100 [ 1097.559012][ T4286] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1097.559034][ T4286] ? __alloc_skb+0x186/0x7d0 [ 1097.559068][ T4286] ? __alloc_skb+0x1d0/0x7d0 [ 1097.559089][ T4286] ? __local_bh_enable_ip+0xd0/0x130 [ 1097.559120][ T4286] __alloc_skb+0x1d0/0x7d0 [ 1097.559143][ T4286] ? hidp_session_find+0xce/0x100 [ 1097.559169][ T4286] hidp_send_message+0xb2/0x230 [ 1097.559197][ T4286] hidp_connection_del+0x10d/0x170 [ 1097.559222][ T4286] hidp_sock_ioctl+0x3ab/0x650 [ 1097.559249][ T4286] ? __pfx_hidp_sock_ioctl+0x10/0x10 [ 1097.559318][ T4286] ? do_vfs_ioctl+0x1166/0x1530 [ 1097.559356][ T4286] sock_do_ioctl+0x101/0x320 [ 1097.559384][ T4286] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1097.559401][ T4286] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1097.559444][ T4286] sock_ioctl+0x5c6/0x7f0 [ 1097.559465][ T4286] ? __pfx_sock_ioctl+0x10/0x10 [ 1097.559486][ T4286] ? __fget_files+0x2a/0x420 [ 1097.559503][ T4286] ? __fget_files+0x3a0/0x420 [ 1097.559521][ T4286] ? __fget_files+0x2a/0x420 [ 1097.559543][ T4286] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1097.559569][ T4286] ? __pfx_sock_ioctl+0x10/0x10 [ 1097.559587][ T4286] __se_sys_ioctl+0xfc/0x170 [ 1097.559614][ T4286] do_syscall_64+0x14d/0xf80 [ 1097.559639][ T4286] ? trace_irq_disable+0x3b/0x150 [ 1097.559655][ T4286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.559675][ T4286] ? clear_bhb_loop+0x40/0x90 [ 1097.559698][ T4286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.559718][ T4286] RIP: 0033:0x7fd0a1d9c819 [ 1097.559738][ T4286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1097.559753][ T4286] RSP: 002b:00007fd09ffcd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1097.559775][ T4286] RAX: ffffffffffffffda RBX: 00007fd0a2016090 RCX: 00007fd0a1d9c819 [ 1097.559790][ T4286] RDX: 0000200000000000 RSI: 00000000400448c9 RDI: 0000000000000004 [ 1097.559802][ T4286] RBP: 00007fd09ffcd090 R08: 0000000000000000 R09: 0000000000000000 [ 1097.559813][ T4286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1097.559825][ T4286] R13: 00007fd0a2016128 R14: 00007fd0a2016090 R15: 00007ffd1688a1b8 [ 1097.559858][ T4286] [ 1097.620595][ T4286] Bluetooth: Can't allocate memory for new frame [ 1097.634639][ T4294] netlink: 292 bytes leftover after parsing attributes in process `syz.3.9546'. [ 1097.944264][ T4303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9551'. [ 1098.119697][ T4313] netlink: 'syz.0.9553': attribute type 1 has an invalid length. [ 1098.128333][ T4313] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1098.308266][ T4319] FAULT_INJECTION: forcing a failure. [ 1098.308266][ T4319] name failslab, interval 1, probability 0, space 0, times 0 [ 1098.353574][ T4319] CPU: 0 UID: 0 PID: 4319 Comm: syz.1.9557 Not tainted syzkaller #0 PREEMPT(full) [ 1098.353603][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1098.353615][ T4319] Call Trace: [ 1098.353624][ T4319] [ 1098.353633][ T4319] dump_stack_lvl+0xe8/0x150 [ 1098.353669][ T4319] should_fail_ex+0x412/0x560 [ 1098.353706][ T4319] should_failslab+0xa8/0x100 [ 1098.353731][ T4319] ? skb_clone+0x212/0x3a0 [ 1098.353759][ T4319] kmem_cache_alloc_noprof+0x87/0x650 [ 1098.353780][ T4319] ? __netlink_lookup+0xc6/0x8b0 [ 1098.353811][ T4319] skb_clone+0x212/0x3a0 [ 1098.353843][ T4319] __netlink_deliver_tap+0x404/0x850 [ 1098.353879][ T4319] ? netlink_deliver_tap+0x2e/0x1b0 [ 1098.353903][ T4319] netlink_deliver_tap+0x19c/0x1b0 [ 1098.353926][ T4319] netlink_unicast+0x7e3/0x9b0 [ 1098.353957][ T4319] ? __pfx_netlink_unicast+0x10/0x10 [ 1098.353978][ T4319] ? netlink_sendmsg+0x650/0xb40 [ 1098.353999][ T4319] ? skb_put+0x11b/0x210 [ 1098.354027][ T4319] netlink_sendmsg+0x813/0xb40 [ 1098.354061][ T4319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.354088][ T4319] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1098.354121][ T4319] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1098.354148][ T4319] ____sys_sendmsg+0x972/0x9f0 [ 1098.354186][ T4319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1098.354233][ T4319] ? import_iovec+0x73/0xa0 [ 1098.354261][ T4319] ___sys_sendmsg+0x2a5/0x360 [ 1098.354295][ T4319] ? __pfx____sys_sendmsg+0x10/0x10 [ 1098.354362][ T4319] ? __fget_files+0x2a/0x420 [ 1098.354381][ T4319] ? __fget_files+0x3a0/0x420 [ 1098.354412][ T4319] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1098.354442][ T4319] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1098.354479][ T4319] ? __pfx_ksys_write+0x10/0x10 [ 1098.354515][ T4319] do_syscall_64+0x14d/0xf80 [ 1098.354541][ T4319] ? trace_irq_disable+0x3b/0x150 [ 1098.354559][ T4319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.354585][ T4319] ? clear_bhb_loop+0x40/0x90 [ 1098.354611][ T4319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.354632][ T4319] RIP: 0033:0x7fdc13b9c819 [ 1098.354652][ T4319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1098.354670][ T4319] RSP: 002b:00007fdc149ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1098.354692][ T4319] RAX: ffffffffffffffda RBX: 00007fdc13e15fa0 RCX: 00007fdc13b9c819 [ 1098.354707][ T4319] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 1098.354720][ T4319] RBP: 00007fdc149ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1098.354733][ T4319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1098.354745][ T4319] R13: 00007fdc13e16038 R14: 00007fdc13e15fa0 R15: 00007ffccd6a34a8 [ 1098.354779][ T4319] [ 1098.814984][ T4332] tipc: Started in network mode [ 1098.820177][ T4332] tipc: Node identity ff020000000000000000000000000001, cluster identity 4711 [ 1098.829151][ T4332] tipc: Enabling of bearer rejected, failed to enable media [ 1098.883002][ T4335] netlink: 'syz.2.9565': attribute type 4 has an invalid length. [ 1098.978377][ T4343] xt_SECMARK: invalid mode: 4 [ 1099.683723][ T4371] netlink: 'syz.1.9576': attribute type 3 has an invalid length. [ 1099.698097][ T4373] netdevsim netdevsim4 ªªªªª»: renamed from netdevsim0 [ 1099.699851][ T4371] nbd: nbd1 already in use [ 1099.712427][ T4371] block nbd1: NBD_DISCONNECT [ 1099.717090][ T4371] block nbd1: Send disconnect failed -32 [ 1099.739354][ T4371] block nbd1: Send disconnect failed -32 [ 1099.827049][ T4373] bond1 (unregistering): Released all slaves [ 1099.873771][ T4380] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 1099.924528][ T4378] bond2: option downdelay: invalid value (18446744073709547007) [ 1099.935764][ T4378] bond2: option downdelay: allowed values 0 - 2147483647 [ 1099.946516][ T4378] bond2 (unregistering): Released all slaves [ 1099.996181][T16811] bond1: left allmulticast mode [ 1100.001723][T16811] bridge0: port 3(bond1) entered disabled state [ 1100.482792][ T4410] __nla_validate_parse: 7 callbacks suppressed [ 1100.482815][ T4410] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9588'. [ 1100.536138][ T4410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9588'. [ 1100.545615][ T4410] netlink: 31 bytes leftover after parsing attributes in process `syz.0.9588'. [ 1100.577786][ T4410] netlink: 'syz.0.9588': attribute type 3 has an invalid length. [ 1100.586218][ T4410] netlink: 'syz.0.9588': attribute type 2 has an invalid length. [ 1100.606817][ T4410] netlink: 31 bytes leftover after parsing attributes in process `syz.0.9588'. [ 1100.624691][ T4410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9588'. [ 1100.760345][ T4412] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9589'. [ 1100.828742][T16811] bond2 (unregistering): (slave geneve2): Releasing active interface [ 1100.997970][T16811] team0: Port device bridge3 removed [ 1101.034777][ T7712] lec:lec_start_xmit: lec0:No lecd attached [ 1101.156796][T16811] bond0 (unregistering): Released all slaves [ 1101.168922][T16811] bond1 (unregistering): Released all slaves [ 1101.182774][T16811] bond2 (unregistering): Released all slaves [ 1101.196626][T16811] bond3 (unregistering): Released all slaves [ 1101.213036][ T4415] No such timeout policy "syz0" [ 1101.220409][T16811] bond4 (unregistering): Released all slaves [ 1101.238890][T16811] bond5 (unregistering): Released all slaves [ 1101.257925][T16811] bond6 (unregistering): Released all slaves [ 1101.431907][ T4419] netlink: set zone limit has 4 unknown bytes [ 1101.443260][ T4419] netlink: 'syz.1.9594': attribute type 3 has an invalid length. [ 1101.496337][T16811] tipc: Left network mode [ 1101.954410][ T4436] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9593'. [ 1102.155601][ T4456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9602'. [ 1102.190770][ T4456] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1102.854247][ T4488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9610'. [ 1103.408816][T16811] hsr_slave_0: left promiscuous mode [ 1103.436142][T16811] hsr_slave_1: left promiscuous mode [ 1103.481411][T16811] vlan1: left promiscuous mode [ 1103.604033][T16811] team0 (unregistering): Port device macvlan2 removed [ 1104.092782][ T4531] netlink: 'syz.4.9624': attribute type 12 has an invalid length. [ 1104.101245][ T4531] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9624'. [ 1104.392671][ T4545] netlink: 'syz.4.9629': attribute type 2 has an invalid length. [ 1104.425177][ T4545] tipc: Started in network mode [ 1104.435366][ T4545] tipc: Node identity 8, cluster identity 4711 [ 1104.455308][ T4545] tipc: Node number set to 8 [ 1105.268807][T16811] IPVS: stop unused estimator thread 0... [ 1105.275527][ T4563] syzkaller0: entered promiscuous mode [ 1105.285357][ T4563] syzkaller0: entered allmulticast mode [ 1105.286219][ T4564] netlink: 'syz.0.9634': attribute type 61 has an invalid length. [ 1105.330020][ T4564] netlink: 'syz.0.9634': attribute type 62 has an invalid length. [ 1105.510697][ T4534] __nla_validate_parse: 1 callbacks suppressed [ 1105.510719][ T4534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9625'. [ 1105.914826][ T4583] No such timeout policy "syz0" [ 1105.986890][ T4585] netlink: 'syz.2.9643': attribute type 2 has an invalid length. [ 1106.080078][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5040 ms [ 1106.088235][ C1] lec:lec_tx_timeout: lec0 [ 1106.113440][ T4592] netlink: set zone limit has 4 unknown bytes [ 1106.132067][ T4592] netlink: 'syz.3.9645': attribute type 3 has an invalid length. [ 1106.317657][ T4600] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9649'. [ 1106.552800][ T4600] FAULT_INJECTION: forcing a failure. [ 1106.552800][ T4600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1106.554716][ T4601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9648'. [ 1106.575714][ T4600] CPU: 1 UID: 0 PID: 4600 Comm: syz.4.9649 Not tainted syzkaller #0 PREEMPT(full) [ 1106.575744][ T4600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1106.575756][ T4600] Call Trace: [ 1106.575765][ T4600] [ 1106.575774][ T4600] dump_stack_lvl+0xe8/0x150 [ 1106.575808][ T4600] should_fail_ex+0x412/0x560 [ 1106.575844][ T4600] _copy_to_user+0x31/0xb0 [ 1106.575872][ T4600] simple_read_from_buffer+0xe1/0x170 [ 1106.575905][ T4600] proc_fail_nth_read+0x1bb/0x230 [ 1106.575938][ T4600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1106.575968][ T4600] ? rw_verify_area+0x2a6/0x4d0 [ 1106.575987][ T4600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1106.576013][ T4600] vfs_read+0x20c/0xa70 [ 1106.576031][ T4600] ? fdget_pos+0x246/0x320 [ 1106.576052][ T4600] ? __pfx___mutex_lock+0x10/0x10 [ 1106.576076][ T4600] ? __pfx_vfs_read+0x10/0x10 [ 1106.576097][ T4600] ? __fget_files+0x2a/0x420 [ 1106.576118][ T4600] ? __fget_files+0x3a0/0x420 [ 1106.576134][ T4600] ? __fget_files+0x2a/0x420 [ 1106.576168][ T4600] ksys_read+0x150/0x270 [ 1106.576190][ T4600] ? __pfx_ksys_read+0x10/0x10 [ 1106.576221][ T4600] do_syscall_64+0x14d/0xf80 [ 1106.576242][ T4600] ? trace_irq_disable+0x3b/0x150 [ 1106.576258][ T4600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.576276][ T4600] ? clear_bhb_loop+0x40/0x90 [ 1106.576297][ T4600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.576315][ T4600] RIP: 0033:0x7fd0a1d5d04e [ 1106.576333][ T4600] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1106.576348][ T4600] RSP: 002b:00007fd09ffedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1106.576369][ T4600] RAX: ffffffffffffffda RBX: 00007fd09ffee6c0 RCX: 00007fd0a1d5d04e [ 1106.576382][ T4600] RDX: 000000000000000f RSI: 00007fd09ffee0a0 RDI: 0000000000000004 [ 1106.576394][ T4600] RBP: 00007fd09ffee090 R08: 0000000000000000 R09: 0000000000000000 [ 1106.576405][ T4600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1106.576416][ T4600] R13: 00007fd0a2016038 R14: 00007fd0a2015fa0 R15: 00007ffd1688a1b8 [ 1106.576446][ T4600] [ 1106.715367][ T4617] netlink: 2976 bytes leftover after parsing attributes in process `syz.3.9652'. [ 1106.832838][ T4617] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1106.833040][ T4607] veth0: entered promiscuous mode [ 1106.929510][ T4608] veth0: left promiscuous mode [ 1106.985195][ T4625] netlink: 'syz.4.9655': attribute type 1 has an invalid length. [ 1107.188205][ T4625] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1107.306747][ T4619] syzkaller0: entered promiscuous mode [ 1107.312529][ T4619] syzkaller0: entered allmulticast mode [ 1107.418130][ T4650] netlink: set zone limit has 4 unknown bytes [ 1107.447568][ T4650] netlink: 'syz.3.9660': attribute type 3 has an invalid length. [ 1107.662380][ T4659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9664'. [ 1110.337970][ T4659] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1110.397439][ T4666] netlink: 175008 bytes leftover after parsing attributes in process `syz.1.9665'. [ 1110.429014][ T4666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9665'. [ 1110.482301][ T4670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9665'. [ 1110.534316][ T4666] netlink: 169588 bytes leftover after parsing attributes in process `syz.1.9665'. [ 1110.581335][ T4675] lo speed is unknown, defaulting to 1000 [ 1110.594426][ T4675] lo speed is unknown, defaulting to 1000 [ 1110.631648][ T4675] lo speed is unknown, defaulting to 1000 [ 1110.698176][ T4682] tipc: Enabled bearer , priority 0 [ 1110.763808][ T4680] syzkaller0: entered promiscuous mode [ 1110.771214][ T4686] netlink: set zone limit has 4 unknown bytes [ 1110.782026][ T4680] syzkaller0: entered allmulticast mode [ 1110.788606][ T4680] tipc: Resetting bearer [ 1110.792754][ T4686] netlink: 'syz.3.9673': attribute type 3 has an invalid length. [ 1110.967008][ T4688] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.036986][ T4679] tipc: Resetting bearer [ 1111.192350][ T4675] infiniband sqz0: set active [ 1111.197193][ T4675] infiniband sqz0: added lo [ 1111.273841][ T4675] RDS/IB: sqz0: added [ 1111.277960][ T4675] smc: adding ib device sqz0 with port count 1 [ 1111.287210][ T4675] smc: ib device sqz0 port 1 has no pnetid [ 1113.259970][ T4679] tipc: Disabling bearer [ 1113.301974][ T4688] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.334525][T20852] lo speed is unknown, defaulting to 1000 [ 1113.340967][ T4675] lo speed is unknown, defaulting to 1000 [ 1113.347040][ T6870] lo speed is unknown, defaulting to 1000 [ 1113.490832][ T4712] netlink: 'syz.3.9679': attribute type 1 has an invalid length. [ 1113.538170][ T4719] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9681'. [ 1113.556915][ T4688] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.685130][ T4688] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.826359][ T4723] syzkaller0: entered promiscuous mode [ 1113.851200][ T4723] syzkaller0: entered allmulticast mode [ 1113.916812][ T4726] netlink: set zone limit has 4 unknown bytes [ 1113.934275][ T4675] lo speed is unknown, defaulting to 1000 [ 1113.944543][ T4726] netlink: 'syz.0.9684': attribute type 3 has an invalid length. [ 1114.194104][T16810] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.253122][T16788] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.460622][T16810] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.485934][T16810] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.678300][ T4675] lo speed is unknown, defaulting to 1000 [ 1115.175599][ T4752] syzkaller0: entered promiscuous mode [ 1115.183221][ T4752] syzkaller0: entered allmulticast mode [ 1115.213357][ T4675] lo speed is unknown, defaulting to 1000 [ 1115.655716][ T4675] lo speed is unknown, defaulting to 1000 [ 1116.045275][ T4779] netlink: 'syz.0.9702': attribute type 13 has an invalid length. [ 1116.080294][ T4779] netlink: 'syz.0.9702': attribute type 17 has an invalid length. [ 1116.085704][ T1302] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1116.102964][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1116.105789][ T4773] bridge1: port 1(erspan0) entered disabled state [ 1116.213545][ T4773] bridge0: port 2(bridge_slave_1) entered disabled state [ 1116.221386][ T4773] bridge0: port 1(bridge_slave_0) entered disabled state [ 1116.332992][ T4773] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1116.344377][ T4790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9706'. [ 1116.353897][ T4790] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 1116.354559][ T4773] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1116.507643][ T4779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1116.516072][ T4779] 8021q: adding VLAN 0 to HW filter on device team0 [ 1116.526654][ T4779] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.554088][ T4675] lo speed is unknown, defaulting to 1000 [ 1116.560730][T16794] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.575394][T16794] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.634884][ T4784] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.669405][T16794] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.681127][T16794] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.723545][ T4784] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.848559][ T4784] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.892945][ T4675] lo speed is unknown, defaulting to 1000 [ 1116.977097][ T4784] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.207581][T16797] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1117.238429][T16797] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1117.287040][T16797] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1117.331758][T16788] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1117.360501][T30406] block nbd6: Connection timed out, retrying (0/2 alive) [ 1117.367756][T30406] block nbd6: Connection timed out, retrying (0/2 alive) [ 1117.377716][ T11] block nbd6: Dead connection, failed to find a fallback [ 1117.378111][ T4675] lo speed is unknown, defaulting to 1000 [ 1117.385382][ T11] block nbd6: shutting down sockets [ 1117.396713][T30406] block nbd6: Connection timed out, retrying (0/2 alive) [ 1117.404350][ T11] blk_print_req_error: 137 callbacks suppressed [ 1117.404367][ T11] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.421455][T30406] block nbd6: Connection timed out, retrying (0/2 alive) [ 1117.428686][ T11] buffer_io_error: 137 callbacks suppressed [ 1117.428706][ T11] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1117.443772][ T11] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.453720][ T11] Buffer I/O error on dev nbd6, logical block 3, async page read [ 1117.455943][ T4804] netlink: 'syz.4.9710': attribute type 2 has an invalid length. [ 1117.462809][ T11] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.480548][ T11] Buffer I/O error on dev nbd6, logical block 2, async page read [ 1117.488417][ T11] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.498281][ T11] Buffer I/O error on dev nbd6, logical block 1, async page read [ 1117.506604][ T3874] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.516480][ T3874] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1117.524638][ T3874] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.534439][ T3874] Buffer I/O error on dev nbd6, logical block 1, async page read [ 1117.542452][ T3874] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.552055][ T3874] Buffer I/O error on dev nbd6, logical block 2, async page read [ 1117.559875][ T3874] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.569714][ T3874] Buffer I/O error on dev nbd6, logical block 3, async page read [ 1117.577890][ T3874] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.587595][ T3874] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1117.595537][ T3874] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1117.606223][ T3874] Buffer I/O error on dev nbd6, logical block 1, async page read [ 1117.615016][ T3874] ldm_validate_partition_table(): Disk read failed. [ 1117.622480][ T3874] Dev nbd6: unable to read RDB block 0 [ 1117.628637][ T3874] nbd6: unable to read partition table [ 1117.640698][ T3874] ldm_validate_partition_table(): Disk read failed. [ 1117.647846][ T3874] Dev nbd6: unable to read RDB block 0 [ 1117.654259][ T3874] nbd6: unable to read partition table [ 1118.073801][ T4675] lo speed is unknown, defaulting to 1000 [ 1118.427245][ T4835] netlink: 'syz.1.9721': attribute type 16 has an invalid length. [ 1118.490556][ T4835] netlink: 'syz.1.9721': attribute type 17 has an invalid length. [ 1118.690294][ T4835] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1118.767192][ T4840] netlink: 'syz.0.9724': attribute type 3 has an invalid length. [ 1118.791074][ T4840] netlink: 'syz.0.9724': attribute type 3 has an invalid length. [ 1118.825669][ T4847] syzkaller0: entered promiscuous mode [ 1118.847983][ T4847] syzkaller0: entered allmulticast mode [ 1118.965367][ T4858] [ 1118.967771][ T4858] ====================================================== [ 1118.974824][ T4858] WARNING: possible circular locking dependency detected [ 1118.981870][ T4858] syzkaller #0 Not tainted [ 1118.986315][ T4858] ------------------------------------------------------ [ 1118.993333][ T4858] syz.2.9727/4858 is trying to acquire lock: [ 1118.999398][ T4858] ffffffff8fd46298 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0 [ 1119.008718][ T4858] [ 1119.008718][ T4858] but task is already holding lock: [ 1119.016084][ T4858] ffff8880646da370 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x1039/0x2630 [ 1119.025495][ T4858] [ 1119.025495][ T4858] which lock already depends on the new lock. [ 1119.025495][ T4858] [ 1119.035917][ T4858] [ 1119.035917][ T4858] the existing dependency chain (in reverse order) is: [ 1119.045021][ T4858] [ 1119.045021][ T4858] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 1119.053049][ T4858] _raw_spin_lock_bh+0x36/0x50 [ 1119.058346][ T4858] nr_rt_device_down+0x153/0x860 [ 1119.063994][ T4858] nr_device_event+0x137/0x150 [ 1119.069287][ T4858] notifier_call_chain+0x1be/0x400 [ 1119.074983][ T4858] netif_close_many+0x2ae/0x420 [ 1119.080397][ T4858] netif_close+0x160/0x220 [ 1119.085335][ T4858] dev_close+0x10a/0x220 [ 1119.090104][ T4858] bpq_device_event+0x377/0x6a0 [ 1119.095475][ T4858] notifier_call_chain+0x1be/0x400 [ 1119.101113][ T4858] netif_close_many+0x2ae/0x420 [ 1119.106486][ T4858] netif_close+0x160/0x220 [ 1119.111426][ T4858] dev_close+0x10a/0x220 [ 1119.116192][ T4858] bond_setup_by_slave+0x5f/0x3e0 [ 1119.121743][ T4858] bond_enslave+0x847/0x3c10 [ 1119.127331][ T4858] bond_do_ioctl+0x6ec/0x8d0 [ 1119.132440][ T4858] dev_ifsioc+0x961/0x1280 [ 1119.137380][ T4858] dev_ioctl+0x7b4/0x1150 [ 1119.142333][ T4858] sock_do_ioctl+0x23e/0x320 [ 1119.147473][ T4858] sock_ioctl+0x5c6/0x7f0 [ 1119.152329][ T4858] __se_sys_ioctl+0xfc/0x170 [ 1119.157452][ T4858] do_syscall_64+0x14d/0xf80 [ 1119.162747][ T4858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.169162][ T4858] [ 1119.169162][ T4858] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 1119.176996][ T4858] _raw_spin_lock_bh+0x36/0x50 [ 1119.182294][ T4858] nr_rt_device_down+0xbe/0x860 [ 1119.187668][ T4858] nr_device_event+0x137/0x150 [ 1119.193000][ T4858] notifier_call_chain+0x1be/0x400 [ 1119.198643][ T4858] netif_close_many+0x2ae/0x420 [ 1119.204021][ T4858] netif_close+0x160/0x220 [ 1119.208999][ T4858] dev_close+0x10a/0x220 [ 1119.213777][ T4858] bpq_device_event+0x377/0x6a0 [ 1119.219179][ T4858] notifier_call_chain+0x1be/0x400 [ 1119.224820][ T4858] netif_close_many+0x2ae/0x420 [ 1119.230197][ T4858] netif_close+0x160/0x220 [ 1119.235143][ T4858] dev_close+0x10a/0x220 [ 1119.239909][ T4858] bond_setup_by_slave+0x5f/0x3e0 [ 1119.245471][ T4858] bond_enslave+0x847/0x3c10 [ 1119.250585][ T4858] bond_do_ioctl+0x6ec/0x8d0 [ 1119.255697][ T4858] dev_ifsioc+0x961/0x1280 [ 1119.260812][ T4858] dev_ioctl+0x7b4/0x1150 [ 1119.266183][ T4858] sock_do_ioctl+0x23e/0x320 [ 1119.271474][ T4858] sock_ioctl+0x5c6/0x7f0 [ 1119.276326][ T4858] __se_sys_ioctl+0xfc/0x170 [ 1119.281440][ T4858] do_syscall_64+0x14d/0xf80 [ 1119.286659][ T4858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.293078][ T4858] [ 1119.293078][ T4858] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 1119.301002][ T4858] __lock_acquire+0x15a5/0x2cf0 [ 1119.306421][ T4858] lock_acquire+0xf0/0x2e0 [ 1119.311359][ T4858] _raw_spin_lock_bh+0x36/0x50 [ 1119.316833][ T4858] nr_remove_neigh+0x25/0xe0 [ 1119.321972][ T4858] nr_add_node+0x1e41/0x2630 [ 1119.327094][ T4858] nr_rt_ioctl+0xe59/0xf90 [ 1119.332032][ T4858] sock_do_ioctl+0x101/0x320 [ 1119.337151][ T4858] sock_ioctl+0x5c6/0x7f0 [ 1119.342011][ T4858] __se_sys_ioctl+0xfc/0x170 [ 1119.347150][ T4858] do_syscall_64+0x14d/0xf80 [ 1119.352285][ T4858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.358716][ T4858] [ 1119.358716][ T4858] other info that might help us debug this: [ 1119.358716][ T4858] [ 1119.369031][ T4858] Chain exists of: [ 1119.369031][ T4858] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 1119.369031][ T4858] [ 1119.382861][ T4858] Possible unsafe locking scenario: [ 1119.382861][ T4858] [ 1119.390317][ T4858] CPU0 CPU1 [ 1119.395685][ T4858] ---- ---- [ 1119.401047][ T4858] lock(&nr_node->node_lock); [ 1119.405820][ T4858] lock(nr_node_list_lock); [ 1119.412932][ T4858] lock(&nr_node->node_lock); [ 1119.420246][ T4858] lock(nr_neigh_list_lock); [ 1119.424932][ T4858] [ 1119.424932][ T4858] *** DEADLOCK *** [ 1119.424932][ T4858] [ 1119.433081][ T4858] 1 lock held by syz.2.9727/4858: [ 1119.438132][ T4858] #0: ffff8880646da370 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x1039/0x2630 [ 1119.447976][ T4858] [ 1119.447976][ T4858] stack backtrace: [ 1119.453961][ T4858] CPU: 1 UID: 0 PID: 4858 Comm: syz.2.9727 Not tainted syzkaller #0 PREEMPT(full) [ 1119.453980][ T4858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1119.453990][ T4858] Call Trace: [ 1119.453999][ T4858] [ 1119.454007][ T4858] dump_stack_lvl+0xe8/0x150 [ 1119.454030][ T4858] print_circular_bug+0x2e1/0x300 [ 1119.454055][ T4858] check_noncircular+0x12e/0x150 [ 1119.454079][ T4858] __lock_acquire+0x15a5/0x2cf0 [ 1119.454106][ T4858] lock_acquire+0xf0/0x2e0 [ 1119.454124][ T4858] ? nr_remove_neigh+0x25/0xe0 [ 1119.454141][ T4858] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1119.454157][ T4858] ? nr_remove_neigh+0x25/0xe0 [ 1119.454171][ T4858] _raw_spin_lock_bh+0x36/0x50 [ 1119.454188][ T4858] ? nr_remove_neigh+0x25/0xe0 [ 1119.454202][ T4858] nr_remove_neigh+0x25/0xe0 [ 1119.454218][ T4858] nr_add_node+0x1e41/0x2630 [ 1119.454234][ T4858] ? nr_call_to_digi+0x126/0x1b0 [ 1119.454250][ T4858] nr_rt_ioctl+0xe59/0xf90 [ 1119.454267][ T4858] ? kasan_quarantine_put+0xbb/0x1f0 [ 1119.454283][ T4858] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1119.454301][ T4858] ? apparmor_capable+0x126/0x170 [ 1119.454321][ T4858] ? capable+0x88/0xe0 [ 1119.454340][ T4858] ? nr_ioctl+0x1b1/0x3b0 [ 1119.454361][ T4858] sock_do_ioctl+0x101/0x320 [ 1119.454378][ T4858] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1119.454390][ T4858] ? do_futex+0x333/0x420 [ 1119.454414][ T4858] sock_ioctl+0x5c6/0x7f0 [ 1119.454428][ T4858] ? __pfx_sock_ioctl+0x10/0x10 [ 1119.454441][ T4858] ? __fget_files+0x2a/0x420 [ 1119.454455][ T4858] ? __fget_files+0x3a0/0x420 [ 1119.454467][ T4858] ? __fget_files+0x2a/0x420 [ 1119.454481][ T4858] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1119.454500][ T4858] ? __pfx_sock_ioctl+0x10/0x10 [ 1119.454513][ T4858] __se_sys_ioctl+0xfc/0x170 [ 1119.454532][ T4858] do_syscall_64+0x14d/0xf80 [ 1119.454551][ T4858] ? trace_irq_disable+0x3b/0x150 [ 1119.454564][ T4858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.454579][ T4858] ? clear_bhb_loop+0x40/0x90 [ 1119.454596][ T4858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.454611][ T4858] RIP: 0033:0x7ffb8cf9c819 [ 1119.454627][ T4858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1119.454641][ T4858] RSP: 002b:00007ffb8de0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1119.454658][ T4858] RAX: ffffffffffffffda RBX: 00007ffb8d215fa0 RCX: 00007ffb8cf9c819 [ 1119.454669][ T4858] RDX: 0000200000000080 RSI: 000000000000890b RDI: 0000000000000004 [ 1119.454679][ T4858] RBP: 00007ffb8d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1119.454689][ T4858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1119.454700][ T4858] R13: 00007ffb8d216038 R14: 00007ffb8d215fa0 R15: 00007ffdca235458 [ 1119.454716][ T4858] [ 1119.745561][ T4861] netlink: 128 bytes leftover after parsing attributes in process `syz.4.9729'. [ 1119.804865][ T4859] netlink: 80 bytes leftover after parsing attributes in process `syz.1.9728'. [ 1119.814290][ T4859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9728'. [ 1119.845006][ T4859] lo speed is unknown, defaulting to 1000 [ 1121.110017][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 1121.118045][ C1] lec:lec_tx_timeout: lec0 [ 1128.410037][T24137] Bluetooth: hci0: command 0x0406 tx timeout