last executing test programs: 1.411327073s ago: executing program 2 (id=9161): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38, 0x800}}], 0x1, 0x0) 1.27848827s ago: executing program 2 (id=9165): unshare(0x2c020400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x14, &(0x7f0000000040), 0x50) 1.136477109s ago: executing program 2 (id=9170): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x3, 0xffffffffffffffff, 0x4}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '}) 1.021677629s ago: executing program 1 (id=9173): socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000000) listen(0xffffffffffffffff, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, 0x0, 0xa800) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) getsockopt$sock_buf(r0, 0x1, 0x3d, 0x0, &(0x7f0000000100)) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r2, &(0x7f0000000780), 0x12) bind$x25(r1, &(0x7f0000000080), 0x12) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000700)={'bond0\x00'}) 1.006447212s ago: executing program 2 (id=9174): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c57596", 0xf}, {&(0x7f0000000180)="000002b7c702", 0x6}], 0x2) 958.314831ms ago: executing program 4 (id=9175): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x6, 0x34, @random="8768"}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x28}}, 0x0) 910.709224ms ago: executing program 1 (id=9178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$unix(0x1, 0x1, 0x0) socket$phonet(0x23, 0x2, 0x1) pipe(0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x401, 0xfffffffe, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x1503}, [@IFLA_MAP={0x24, 0xe, {0x3, 0xa7c, 0x6, 0xed9, 0xd, 0x7}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000891}, 0x24000010) 806.363985ms ago: executing program 0 (id=9180): r0 = socket(0x28, 0x5, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) 806.157608ms ago: executing program 4 (id=9181): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x44, r1, 0x625, 0x0, 0x7f, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x4, 0x101, 0x800, 0x5, 0x6, 0x0, 0x3]}}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) 792.679326ms ago: executing program 0 (id=9182): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000080)={0x1, 0x40000000, 0x8001}, 0xc) 784.778339ms ago: executing program 3 (id=9183): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000001c00)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x80, 0xff}, {0x6, 0xff}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10) sendto$inet(r1, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 649.855105ms ago: executing program 4 (id=9184): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000300)={0xa, 0x4e21, 0x80000, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ff"], 0x28}, 0x40e0) 649.674964ms ago: executing program 2 (id=9185): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000019000909000000000000000002180000003b0048"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 622.595654ms ago: executing program 0 (id=9186): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000940)={0x68, 0x2, 0x6, 0x5, 0x7, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x4040404) 595.516939ms ago: executing program 3 (id=9187): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)='$', 0x1}], 0x1}}], 0x1, 0x4004800) writev(r0, &(0x7f0000000700)=[{&(0x7f0000000100)="5993", 0x2}], 0x1) 510.013471ms ago: executing program 4 (id=9188): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x38, r1, 0x5, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='|'}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="6ee9cb1e3267"}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4810}, 0x0) 509.856242ms ago: executing program 0 (id=9189): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$netlink(r0, &(0x7f0000003f00)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc, 0x1000}, 0xc, &(0x7f0000003dc0)=[{&(0x7f0000000280)={0x10, 0x21, 0x2, 0x70bd26, 0x25dfdbfd}, 0x10}], 0x1, &(0x7f0000003ec0)=[@cred={{0x20}}], 0x20, 0x20000001}, 0x20008000) 509.764358ms ago: executing program 1 (id=9190): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2c, r1, 0x5, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='|'}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4810}, 0x0) 486.714972ms ago: executing program 2 (id=9191): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000880)="89e7ee2c78dad9b4b473fec988ca", 0xe}], 0x1) 440.6716ms ago: executing program 1 (id=9192): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030080ff00000500030080ff00000500030080ffffff050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 381.901108ms ago: executing program 4 (id=9193): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x14c, 0x24, 0xd0f, 0x0, 0xfffffffd, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "0988fa63eb8cd320a614263eaa3008a9d6a12c269213b5127b7f64552526fa546ed160bd4dd5ec3676a0816a6978f3addb307fd5b5ce337060210ee901d2776ddd050f478417a8fbae5ecfc62afa751d5ef0730b91a289c05afa92042fc17692f47aa0ea89a66437db9e7e4071409a582b3dc60bc2003bc8d4af050000007ed12c1395d32771f376a5b839b62711be5529f62975bec15c9910b040b093954471dd16ec7b547c0a7335a1d5b89292ce0f853963f7a011f00c1d955bd4b50e7c1255ff39c6ebb85cdfc7ee093657e84b60a7a5f75f9bc78cd157a6024f84b2499782cba06f0502aec6d89a061f087bf35f1dffb27200"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x6, 0x8, 0x9, 0xa, 0xe, 0xd, 0x6}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x4000050}, 0x0) 381.744822ms ago: executing program 0 (id=9194): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000140)=0xa80, 0x4) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000003700)=ANY=[@ANYBLOB="e8020000000000002900000004000000005a"], 0x2e8}}], 0x1, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x12020, 0x0, 0x0) 381.634212ms ago: executing program 3 (id=9195): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x300000c, 0x2032, 0xffffffffffffffff, 0x3000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000006c0000006c00000007000000000000000000000d0a0000000000000001000006"], &(0x7f0000000f40)=""/4089, 0x8b, 0xff9, 0x4}, 0x28) 320.635515ms ago: executing program 0 (id=9196): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@ipmr_getroute={0x1c, 0x1a, 0x1, 0x70bd29, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0xff, 0x8}}, 0x1c}}, 0x400c880) 277.248052ms ago: executing program 1 (id=9197): unshare(0x24020400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_int(r0, 0x11a, 0x0, 0x0, 0x0) 201.963907ms ago: executing program 4 (id=9198): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000100)={0xffff, "f94b10"}, 0x6) 178.628032ms ago: executing program 3 (id=9199): bpf$MAP_CREATE(0x300000000000000, 0x0, 0x48) 175.328723ms ago: executing program 1 (id=9200): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 115.2521ms ago: executing program 3 (id=9201): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) unshare(0x22020600) pselect6(0x40, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0xfffffffffffffff9, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1c, 0x26d7, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x6, 0x9}, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=9202): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): T1794] ___sys_sendmsg+0x213/0x360 [ 800.720570][ T1794] ? __lock_acquire+0x6b5/0x2cf0 [ 800.720597][ T1794] ? __pfx____sys_sendmsg+0x10/0x10 [ 800.720626][ T1794] ? kstrtouint+0x6e/0xe0 [ 800.720672][ T1794] ? __fget_files+0x2a/0x420 [ 800.720691][ T1794] ? __fget_files+0x3a0/0x420 [ 800.720720][ T1794] __sys_sendmmsg+0x27c/0x4e0 [ 800.720751][ T1794] ? __pfx___sys_sendmmsg+0x10/0x10 [ 800.720773][ T1794] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 800.720819][ T1794] ? ksys_write+0x242/0x270 [ 800.720846][ T1794] ? __pfx_ksys_write+0x10/0x10 [ 800.720877][ T1794] __x64_sys_sendmmsg+0xa0/0xc0 [ 800.720904][ T1794] do_syscall_64+0xe2/0xf80 [ 800.720925][ T1794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.720944][ T1794] ? trace_irq_disable+0x37/0x100 [ 800.720961][ T1794] ? clear_bhb_loop+0x60/0xb0 [ 800.720984][ T1794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.721002][ T1794] RIP: 0033:0x7f617cd9acb9 [ 800.721019][ T1794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.721036][ T1794] RSP: 002b:00007f617dbe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 800.721056][ T1794] RAX: ffffffffffffffda RBX: 00007f617d015fa0 RCX: 00007f617cd9acb9 [ 800.721070][ T1794] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000005 [ 800.721082][ T1794] RBP: 00007f617dbe1090 R08: 0000000000000000 R09: 0000000000000000 [ 800.721095][ T1794] R10: 000000000000c040 R11: 0000000000000246 R12: 0000000000000001 [ 800.721107][ T1794] R13: 00007f617d016038 R14: 00007f617d015fa0 R15: 00007ffcd9bc8408 [ 800.721137][ T1794] [ 800.737759][ T1784] bond1: option arp_missed_max: allowed values 1 - 255 [ 800.979839][ T1801] FAULT_INJECTION: forcing a failure. [ 800.979839][ T1801] name failslab, interval 1, probability 0, space 0, times 0 [ 801.012750][ T1801] CPU: 0 UID: 0 PID: 1801 Comm: syz.2.7662 Not tainted syzkaller #0 PREEMPT(full) [ 801.012775][ T1801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 801.012786][ T1801] Call Trace: [ 801.012794][ T1801] [ 801.012801][ T1801] dump_stack_lvl+0xe8/0x150 [ 801.012833][ T1801] should_fail_ex+0x412/0x560 [ 801.012857][ T1801] should_failslab+0xa8/0x100 [ 801.012878][ T1801] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 801.012904][ T1801] ? __alloc_skb+0x186/0x7d0 [ 801.012925][ T1801] ? __alloc_skb+0x1d0/0x7d0 [ 801.012943][ T1801] ? __local_bh_enable_ip+0xd0/0x130 [ 801.012964][ T1801] __alloc_skb+0x1d0/0x7d0 [ 801.012985][ T1801] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 801.013008][ T1801] ? do_syscall_64+0xe2/0xf80 [ 801.013031][ T1801] alloc_skb_with_frags+0xca/0x890 [ 801.013067][ T1801] sock_alloc_send_pskb+0x878/0x990 [ 801.013108][ T1801] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 801.013132][ T1801] ? kasan_quarantine_put+0xbb/0x1f0 [ 801.013159][ T1801] ? lockdep_hardirqs_on+0x7a/0x110 [ 801.013184][ T1801] ? kmem_cache_free+0x195/0x610 [ 801.013203][ T1801] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 801.013228][ T1801] unix_dgram_sendmsg+0x460/0x18e0 [ 801.013256][ T1801] ? __pfx_css_rstat_updated+0x10/0x10 [ 801.013279][ T1801] ? do_wp_page+0x3adf/0x5990 [ 801.013314][ T1801] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 801.013335][ T1801] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 801.013364][ T1801] ? count_memcg_event_mm+0x21/0x260 [ 801.013391][ T1801] ? unix_seqpacket_sendmsg+0x111/0x1e0 [ 801.013415][ T1801] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 801.013437][ T1801] ____sys_sendmsg+0xa68/0xad0 [ 801.013461][ T1801] ? __might_fault+0xaf/0x130 [ 801.013491][ T1801] ? __pfx_____sys_sendmsg+0x10/0x10 [ 801.013524][ T1801] ? import_iovec+0x73/0xa0 [ 801.013554][ T1801] ___sys_sendmsg+0x2a5/0x360 [ 801.013583][ T1801] ? __pfx____sys_sendmsg+0x10/0x10 [ 801.013612][ T1801] ? __lock_acquire+0x6b5/0x2cf0 [ 801.013681][ T1801] __sys_sendmmsg+0x27c/0x4e0 [ 801.013710][ T1801] ? __pfx___sys_sendmmsg+0x10/0x10 [ 801.013732][ T1801] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 801.013777][ T1801] ? ksys_write+0x242/0x270 [ 801.013805][ T1801] ? __pfx_ksys_write+0x10/0x10 [ 801.013836][ T1801] __x64_sys_sendmmsg+0xa0/0xc0 [ 801.013863][ T1801] do_syscall_64+0xe2/0xf80 [ 801.013883][ T1801] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.013902][ T1801] ? clear_bhb_loop+0x60/0xb0 [ 801.013924][ T1801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.013942][ T1801] RIP: 0033:0x7fcb7819acb9 [ 801.013960][ T1801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 801.013976][ T1801] RSP: 002b:00007fcb78f8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 801.013996][ T1801] RAX: ffffffffffffffda RBX: 00007fcb78415fa0 RCX: 00007fcb7819acb9 [ 801.014010][ T1801] RDX: 0400000000000292 RSI: 0000200000002c40 RDI: 0000000000000003 [ 801.014023][ T1801] RBP: 00007fcb78f8d090 R08: 0000000000000000 R09: 0000000000000000 [ 801.014035][ T1801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 801.014046][ T1801] R13: 00007fcb78416038 R14: 00007fcb78415fa0 R15: 00007ffccf1440d8 [ 801.014075][ T1801] [ 801.072227][ T1784] bond1 (unregistering): Released all slaves [ 801.652259][ T1821] __nla_validate_parse: 14 callbacks suppressed [ 801.652282][ T1821] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7670'. [ 802.193945][ T1857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7677'. [ 802.222988][ T1857] netlink: 'syz.0.7677': attribute type 7 has an invalid length. [ 802.234338][ T1857] netlink: 'syz.0.7677': attribute type 8 has an invalid length. [ 802.242250][ T1857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7677'. [ 802.598405][ T1869] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7682'. [ 802.832676][ T1887] FAULT_INJECTION: forcing a failure. [ 802.832676][ T1887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 802.877196][ T1887] CPU: 0 UID: 0 PID: 1887 Comm: syz.4.7689 Not tainted syzkaller #0 PREEMPT(full) [ 802.877223][ T1887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 802.877234][ T1887] Call Trace: [ 802.877242][ T1887] [ 802.877251][ T1887] dump_stack_lvl+0xe8/0x150 [ 802.877278][ T1887] should_fail_ex+0x412/0x560 [ 802.877304][ T1887] _copy_from_user+0x2d/0xb0 [ 802.877332][ T1887] ___sys_sendmsg+0x1c6/0x360 [ 802.877355][ T1887] ? __lock_acquire+0x6b5/0x2cf0 [ 802.877381][ T1887] ? __pfx____sys_sendmsg+0x10/0x10 [ 802.877401][ T1887] ? __lock_acquire+0x6b5/0x2cf0 [ 802.877427][ T1887] ? kstrtouint+0x6e/0xe0 [ 802.877484][ T1887] __sys_sendmmsg+0x27c/0x4e0 [ 802.877514][ T1887] ? __pfx___sys_sendmmsg+0x10/0x10 [ 802.877535][ T1887] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 802.877576][ T1887] ? ksys_write+0x242/0x270 [ 802.877603][ T1887] ? __pfx_ksys_write+0x10/0x10 [ 802.877634][ T1887] __x64_sys_sendmmsg+0xa0/0xc0 [ 802.877672][ T1887] do_syscall_64+0xe2/0xf80 [ 802.877692][ T1887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.877709][ T1887] ? trace_irq_disable+0x37/0x100 [ 802.877727][ T1887] ? clear_bhb_loop+0x60/0xb0 [ 802.877748][ T1887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.877765][ T1887] RIP: 0033:0x7feaf659acb9 [ 802.877783][ T1887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.877798][ T1887] RSP: 002b:00007feaf738b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 802.877819][ T1887] RAX: ffffffffffffffda RBX: 00007feaf6815fa0 RCX: 00007feaf659acb9 [ 802.877833][ T1887] RDX: 0000000000034000 RSI: 0000200000004380 RDI: 0000000000000005 [ 802.877846][ T1887] RBP: 00007feaf738b090 R08: 0000000000000000 R09: 0000000000000000 [ 802.877858][ T1887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 802.877869][ T1887] R13: 00007feaf6816038 R14: 00007feaf6815fa0 R15: 00007ffde3e9dd88 [ 802.877898][ T1887] [ 803.265827][ T1902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7697'. [ 803.523364][ T1917] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7700'. [ 804.126370][ T1946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7708'. [ 804.136013][ T1946] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7708'. [ 804.512078][ T1961] x_tables: duplicate underflow at hook 1 [ 804.615050][ T1965] netlink: 'syz.3.7717': attribute type 16 has an invalid length. [ 804.652991][ T1965] netlink: 'syz.3.7717': attribute type 17 has an invalid length. [ 805.366617][ T1984] FAULT_INJECTION: forcing a failure. [ 805.366617][ T1984] name failslab, interval 1, probability 0, space 0, times 0 [ 805.379454][ T1984] CPU: 0 UID: 0 PID: 1984 Comm: syz.2.7722 Not tainted syzkaller #0 PREEMPT(full) [ 805.379479][ T1984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 805.379489][ T1984] Call Trace: [ 805.379496][ T1984] [ 805.379504][ T1984] dump_stack_lvl+0xe8/0x150 [ 805.379532][ T1984] should_fail_ex+0x412/0x560 [ 805.379558][ T1984] should_failslab+0xa8/0x100 [ 805.379581][ T1984] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 805.379608][ T1984] ? __alloc_skb+0x186/0x7d0 [ 805.379628][ T1984] ? __alloc_skb+0x1d0/0x7d0 [ 805.379647][ T1984] ? __local_bh_enable_ip+0xd0/0x130 [ 805.379668][ T1984] __alloc_skb+0x1d0/0x7d0 [ 805.379688][ T1984] ? netlink_ack_tlv_len+0x6c/0x210 [ 805.379712][ T1984] netlink_ack+0x146/0xa50 [ 805.379730][ T1984] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 805.379749][ T1984] ? ref_tracker_free+0x693/0x840 [ 805.379769][ T1984] ? __copy_skb_header+0xa3/0x4a0 [ 805.379801][ T1984] ? __pfx_ref_tracker_free+0x10/0x10 [ 805.379821][ T1984] ? __skb_clone+0x63/0x7a0 [ 805.379853][ T1984] netlink_rcv_skb+0x2b6/0x4b0 [ 805.379875][ T1984] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 805.379897][ T1984] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 805.379929][ T1984] ? netlink_deliver_tap+0x2e/0x1b0 [ 805.379957][ T1984] netlink_unicast+0x80f/0x9b0 [ 805.379984][ T1984] ? __pfx_netlink_unicast+0x10/0x10 [ 805.380005][ T1984] ? netlink_sendmsg+0x650/0xb40 [ 805.380024][ T1984] ? skb_put+0x11b/0x210 [ 805.380049][ T1984] netlink_sendmsg+0x813/0xb40 [ 805.380109][ T1984] ? __pfx_netlink_sendmsg+0x10/0x10 [ 805.380134][ T1984] ? aa_sock_msg_perm+0xf1/0x1b0 [ 805.380157][ T1984] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 805.380178][ T1984] ? __pfx_netlink_sendmsg+0x10/0x10 [ 805.380198][ T1984] ____sys_sendmsg+0xa68/0xad0 [ 805.380223][ T1984] ? __might_fault+0xaf/0x130 [ 805.380254][ T1984] ? __pfx_____sys_sendmsg+0x10/0x10 [ 805.380287][ T1984] ? import_iovec+0x73/0xa0 [ 805.380318][ T1984] ___sys_sendmsg+0x2a5/0x360 [ 805.380340][ T1984] ? __lock_acquire+0x6b5/0x2cf0 [ 805.380369][ T1984] ? __pfx____sys_sendmsg+0x10/0x10 [ 805.380399][ T1984] ? kstrtouint+0x6e/0xe0 [ 805.380448][ T1984] ? __fget_files+0x2a/0x420 [ 805.380468][ T1984] ? __fget_files+0x3a0/0x420 [ 805.380497][ T1984] __sys_sendmmsg+0x27c/0x4e0 [ 805.380527][ T1984] ? __pfx___sys_sendmmsg+0x10/0x10 [ 805.380549][ T1984] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 805.380595][ T1984] ? ksys_write+0x242/0x270 [ 805.380623][ T1984] ? __pfx_ksys_write+0x10/0x10 [ 805.380654][ T1984] __x64_sys_sendmmsg+0xa0/0xc0 [ 805.380681][ T1984] do_syscall_64+0xe2/0xf80 [ 805.380701][ T1984] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.380719][ T1984] ? trace_irq_disable+0x37/0x100 [ 805.380737][ T1984] ? clear_bhb_loop+0x60/0xb0 [ 805.380759][ T1984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.380778][ T1984] RIP: 0033:0x7fcb7819acb9 [ 805.380795][ T1984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 805.380812][ T1984] RSP: 002b:00007fcb78f8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 805.380831][ T1984] RAX: ffffffffffffffda RBX: 00007fcb78415fa0 RCX: 00007fcb7819acb9 [ 805.380844][ T1984] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000007 [ 805.380858][ T1984] RBP: 00007fcb78f8d090 R08: 0000000000000000 R09: 0000000000000000 [ 805.380870][ T1984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.380881][ T1984] R13: 00007fcb78416038 R14: 00007fcb78415fa0 R15: 00007ffccf1440d8 [ 805.380911][ T1984] [ 805.871391][ T1991] tipc: Enabled bearer , priority 0 [ 805.955891][ T1999] tipc: Enabled bearer , priority 0 [ 805.965130][ T1990] tipc: Disabling bearer [ 805.976525][ T1999] syzkaller0: entered promiscuous mode [ 805.981998][ T1999] syzkaller0: entered allmulticast mode [ 806.206711][ T1999] tipc: Resetting bearer [ 806.265839][ T1997] tipc: Resetting bearer [ 806.274646][ T2020] netlink: 'syz.0.7732': attribute type 3 has an invalid length. [ 806.320925][ T1997] tipc: Disabling bearer [ 806.381306][ T2020] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7732'. [ 806.486766][ T2040] team0 (unregistering): Port device C removed [ 806.532138][ T2040] team0 (unregistering): Port device team_slave_1 removed [ 807.054175][ T2077] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7749'. [ 807.077925][ T2075] netlink: 'syz.3.7751': attribute type 2 has an invalid length. [ 807.084701][ T2077] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7749'. [ 807.124165][ T2075] netlink: 'syz.3.7751': attribute type 3 has an invalid length. [ 807.749868][ T2117] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7764'. [ 807.759950][ T2117] netlink: 'syz.4.7764': attribute type 7 has an invalid length. [ 807.768066][ T2117] netlink: 'syz.4.7764': attribute type 8 has an invalid length. [ 807.776542][ T2117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7764'. [ 807.880908][ T2124] netlink: 'syz.2.7766': attribute type 30 has an invalid length. [ 807.926115][ T2124] bond3: option arp_missed_max: invalid value (0) [ 807.932583][ T2124] bond3: option arp_missed_max: allowed values 1 - 255 [ 807.958867][ T2124] bond3 (unregistering): Released all slaves [ 808.037585][ T2130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7769'. [ 808.093215][ T2132] vlan2: entered promiscuous mode [ 808.098287][ T2132] geneve1: entered promiscuous mode [ 808.105511][ T2134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7769'. [ 808.113088][ T2132] vlan2: entered allmulticast mode [ 808.119602][ T2132] geneve1: entered allmulticast mode [ 808.243549][ T2134] 8021q: adding VLAN 0 to HW filter on device bond3 [ 808.266449][ T2144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7774'. [ 808.472808][ T2154] FAULT_INJECTION: forcing a failure. [ 808.472808][ T2154] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 808.510091][ T2154] CPU: 0 UID: 0 PID: 2154 Comm: syz.0.7776 Not tainted syzkaller #0 PREEMPT(full) [ 808.510118][ T2154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 808.510130][ T2154] Call Trace: [ 808.510138][ T2154] [ 808.510147][ T2154] dump_stack_lvl+0xe8/0x150 [ 808.510174][ T2154] should_fail_ex+0x412/0x560 [ 808.510198][ T2154] _copy_from_iter+0x1d3/0x1670 [ 808.510229][ T2154] ? rcu_is_watching+0x15/0xb0 [ 808.510248][ T2154] ? __pfx__copy_from_iter+0x10/0x10 [ 808.510270][ T2154] ? kmem_cache_alloc_node_noprof+0x473/0x6f0 [ 808.510305][ T2154] ? netlink_sendmsg+0x650/0xb40 [ 808.510325][ T2154] ? skb_put+0x11b/0x210 [ 808.510352][ T2154] netlink_sendmsg+0x6c0/0xb40 [ 808.510379][ T2154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 808.510402][ T2154] ? aa_sock_msg_perm+0xf1/0x1b0 [ 808.510425][ T2154] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 808.510448][ T2154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 808.510468][ T2154] ____sys_sendmsg+0xa68/0xad0 [ 808.510499][ T2154] ? __might_fault+0xaf/0x130 [ 808.510530][ T2154] ? __pfx_____sys_sendmsg+0x10/0x10 [ 808.510562][ T2154] ? import_iovec+0x73/0xa0 [ 808.510591][ T2154] ___sys_sendmsg+0x2a5/0x360 [ 808.510614][ T2154] ? __lock_acquire+0x6b5/0x2cf0 [ 808.510643][ T2154] ? __pfx____sys_sendmsg+0x10/0x10 [ 808.510665][ T2154] ? __lock_acquire+0x6b5/0x2cf0 [ 808.510694][ T2154] ? kstrtouint+0x6e/0xe0 [ 808.510753][ T2154] __sys_sendmmsg+0x27c/0x4e0 [ 808.510783][ T2154] ? __pfx___sys_sendmmsg+0x10/0x10 [ 808.510806][ T2154] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 808.510852][ T2154] ? ksys_write+0x242/0x270 [ 808.510886][ T2154] ? __pfx_ksys_write+0x10/0x10 [ 808.510918][ T2154] __x64_sys_sendmmsg+0xa0/0xc0 [ 808.510945][ T2154] do_syscall_64+0xe2/0xf80 [ 808.510967][ T2154] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.510985][ T2154] ? trace_irq_disable+0x37/0x100 [ 808.511004][ T2154] ? clear_bhb_loop+0x60/0xb0 [ 808.511026][ T2154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.511045][ T2154] RIP: 0033:0x7f617cd9acb9 [ 808.511062][ T2154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 808.511083][ T2154] RSP: 002b:00007f617dbe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 808.511103][ T2154] RAX: ffffffffffffffda RBX: 00007f617d015fa0 RCX: 00007f617cd9acb9 [ 808.511117][ T2154] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000007 [ 808.511131][ T2154] RBP: 00007f617dbe1090 R08: 0000000000000000 R09: 0000000000000000 [ 808.511143][ T2154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 808.511154][ T2154] R13: 00007f617d016038 R14: 00007f617d015fa0 R15: 00007ffcd9bc8408 [ 808.511185][ T2154] [ 808.838386][ T2160] vlan3: entered promiscuous mode [ 808.978896][ T2173] netlink: 'syz.2.7782': attribute type 30 has an invalid length. [ 809.006197][ T2176] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7783'. [ 809.120171][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.130441][ T1301] lec:lec_start_xmit: lec0:No lecd attached [ 809.159831][ T2173] bond3: option arp_missed_max: invalid value (0) [ 809.182155][ T2173] bond3: option arp_missed_max: allowed values 1 - 255 [ 809.211031][ T2173] bond3 (unregistering): Released all slaves [ 809.250321][ T2183] netlink: 15672 bytes leftover after parsing attributes in process `syz.4.7784'. [ 809.263165][ T2183] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7784'. [ 809.975742][ T2231] syzkaller0: entered promiscuous mode [ 809.983724][ T2231] syzkaller0: entered allmulticast mode [ 809.999259][ T2233] netlink: 'syz.4.7799': attribute type 30 has an invalid length. [ 810.111285][ T2233] bond1: option arp_missed_max: invalid value (0) [ 810.153854][ T2233] bond1: option arp_missed_max: allowed values 1 - 255 [ 810.184807][ T2233] bond1 (unregistering): Released all slaves [ 810.605587][ T2261] sctp: [Deprecated]: syz.4.7812 (pid 2261) Use of struct sctp_assoc_value in delayed_ack socket option. [ 810.605587][ T2261] Use struct sctp_sack_info instead [ 810.654465][ T2269] can: request_module (can-proto-0) failed. [ 810.990773][ T2285] netlink: 'syz.4.7817': attribute type 3 has an invalid length. [ 811.256964][ T2304] sctp: [Deprecated]: syz.4.7824 (pid 2304) Use of int in max_burst socket option. [ 811.256964][ T2304] Use struct sctp_assoc_value instead [ 811.760305][ T2331] nbd: must specify an index to disconnect [ 812.025904][ T2345] netlink: 'syz.3.7838': attribute type 12 has an invalid length. [ 812.049807][ T2345] ksmbd: Unknown IPC event: 1, ignore. [ 812.094773][ T2341] __nla_validate_parse: 8 callbacks suppressed [ 812.094792][ T2341] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7837'. [ 812.372178][ T2361] FAULT_INJECTION: forcing a failure. [ 812.372178][ T2361] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 812.406512][ T2361] CPU: 0 UID: 0 PID: 2361 Comm: syz.2.7842 Not tainted syzkaller #0 PREEMPT(full) [ 812.406539][ T2361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 812.406549][ T2361] Call Trace: [ 812.406558][ T2361] [ 812.406566][ T2361] dump_stack_lvl+0xe8/0x150 [ 812.406594][ T2361] should_fail_ex+0x412/0x560 [ 812.406619][ T2361] _copy_from_user+0x2d/0xb0 [ 812.406646][ T2361] ___sys_sendmsg+0x1c6/0x360 [ 812.406678][ T2361] ? __lock_acquire+0x6b5/0x2cf0 [ 812.406704][ T2361] ? __pfx____sys_sendmsg+0x10/0x10 [ 812.406724][ T2361] ? __lock_acquire+0x6b5/0x2cf0 [ 812.406750][ T2361] ? kstrtouint+0x6e/0xe0 [ 812.406803][ T2361] __sys_sendmmsg+0x27c/0x4e0 [ 812.406833][ T2361] ? __pfx___sys_sendmmsg+0x10/0x10 [ 812.406853][ T2361] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 812.406895][ T2361] ? ksys_write+0x242/0x270 [ 812.406921][ T2361] ? __pfx_ksys_write+0x10/0x10 [ 812.406951][ T2361] __x64_sys_sendmmsg+0xa0/0xc0 [ 812.406977][ T2361] do_syscall_64+0xe2/0xf80 [ 812.406997][ T2361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.407014][ T2361] ? trace_irq_disable+0x37/0x100 [ 812.407031][ T2361] ? clear_bhb_loop+0x60/0xb0 [ 812.407051][ T2361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.407068][ T2361] RIP: 0033:0x7fcb7819acb9 [ 812.407084][ T2361] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.407100][ T2361] RSP: 002b:00007fcb78f8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 812.407120][ T2361] RAX: ffffffffffffffda RBX: 00007fcb78415fa0 RCX: 00007fcb7819acb9 [ 812.407133][ T2361] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000007 [ 812.407147][ T2361] RBP: 00007fcb78f8d090 R08: 0000000000000000 R09: 0000000000000000 [ 812.407158][ T2361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 812.407169][ T2361] R13: 00007fcb78416038 R14: 00007fcb78415fa0 R15: 00007ffccf1440d8 [ 812.407199][ T2361] [ 813.130806][ T2391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7859'. [ 813.143772][ T2391] netlink: 'syz.3.7859': attribute type 7 has an invalid length. [ 813.151783][ T2391] netlink: 'syz.3.7859': attribute type 8 has an invalid length. [ 813.156163][ T2396] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7858'. [ 813.160226][ T2391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7859'. [ 813.182288][ T2392] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7857'. [ 813.838797][ T2451] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7875'. [ 814.059869][ T2471] xt_hashlimit: max too large, truncated to 1048576 [ 814.081038][ T2471] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 814.312905][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5180 ms [ 814.321011][ C0] lec:lec_tx_timeout: lec0 [ 814.476223][ T2504] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7888'. [ 815.017908][ T2537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7896'. [ 815.039094][ T2546] netlink: 'syz.4.7900': attribute type 2 has an invalid length. [ 815.055864][ T2541] netlink: 'syz.3.7899': attribute type 15 has an invalid length. [ 815.074588][ T2548] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7896'. [ 815.142004][ T2546] hmac(sha224): entered promiscuous mode [ 815.160546][ T2554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7902'. [ 815.295275][ T2561] netlink: 'syz.3.7904': attribute type 2 has an invalid length. [ 815.367744][ T2537] 8021q: adding VLAN 0 to HW filter on device bond3 [ 815.456989][ T2566] bond5: option resend_igmp: invalid value (68414) [ 815.483640][ T2566] bond5: option resend_igmp: allowed values 0 - 255 [ 815.513662][ T2566] bond5 (unregistering): Released all slaves [ 815.671342][ T2593] netlink: 'syz.0.7914': attribute type 15 has an invalid length. [ 816.202807][ T2627] netlink: 'syz.4.7925': attribute type 15 has an invalid length. [ 816.617009][T27812] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 816.716499][ T2664] syzkaller0: entered promiscuous mode [ 816.722015][ T2664] syzkaller0: entered allmulticast mode [ 816.986574][ T2684] openvswitch: netlink: Missing valid actions attribute. [ 816.994026][ T2684] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 817.599244][ T2700] __nla_validate_parse: 4 callbacks suppressed [ 817.599264][ T2700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7942'. [ 817.944886][ T2721] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 817.965899][ T2721] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 818.004215][ T2721] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 818.045903][ T2730] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7950'. [ 818.193827][ T2738] netlink: 'syz.4.7952': attribute type 30 has an invalid length. [ 818.194121][ T2744] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7954'. [ 818.231148][ T2744] tc_dump_action: action bad kind [ 818.270541][ T2738] bond1: option arp_missed_max: invalid value (0) [ 818.277839][ T2738] bond1: option arp_missed_max: allowed values 1 - 255 [ 818.287169][ T2738] bond1 (unregistering): Released all slaves [ 818.731492][ T2788] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7967'. [ 818.754214][ T2785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7966'. [ 818.846284][ T2795] syzkaller1: entered promiscuous mode [ 818.851847][ T2795] syzkaller1: entered allmulticast mode [ 818.942371][ T2800] netlink: 364 bytes leftover after parsing attributes in process `syz.2.7971'. [ 818.974219][ T2797] netlink: 'syz.4.7969': attribute type 9 has an invalid length. [ 818.989301][ T2797] netlink: 'syz.4.7969': attribute type 6 has an invalid length. [ 819.036645][ T2810] netlink: 'syz.3.7973': attribute type 1 has an invalid length. [ 819.191118][ T2827] netlink: 14 bytes leftover after parsing attributes in process `syz.4.7974'. [ 819.222445][ T2823] 8021q: adding VLAN 0 to HW filter on device bond4 [ 819.261203][ T2829] veth3: entered promiscuous mode [ 819.283515][ T2829] bond4: (slave veth3): Enslaving as a backup interface with a down link [ 820.012442][ T2883] pimreg: entered allmulticast mode [ 820.033170][ T2883] pimreg: left allmulticast mode [ 820.491610][ T2911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7997'. [ 820.501494][ T2911] netlink: 'syz.0.7997': attribute type 7 has an invalid length. [ 820.521754][ T2911] netlink: 'syz.0.7997': attribute type 8 has an invalid length. [ 820.552474][ T2911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7997'. [ 820.564156][ T2902] nbd3: detected capacity change from 0 to 63 [ 820.579583][ T2912] block nbd3: NBD_DISCONNECT [ 820.599620][ T2912] block nbd3: Disconnected due to user request. [ 820.611509][ T2911] team0: entered promiscuous mode [ 820.617628][ T2911] team_slave_0: entered promiscuous mode [ 820.626316][ T2911] team_slave_1: entered promiscuous mode [ 820.630630][ T2912] block nbd3: shutting down sockets [ 820.654463][ T2911] team0: left promiscuous mode [ 820.663255][ T2911] team_slave_0: left promiscuous mode [ 820.678583][ T2911] team_slave_1: left promiscuous mode [ 820.696025][ C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.705910][ C0] Buffer I/O error on dev nbd3, logical block 0, async page read [ 820.717980][ C0] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.727566][ C0] Buffer I/O error on dev nbd3, logical block 1, async page read [ 820.791564][ C1] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.801114][ C1] Buffer I/O error on dev nbd3, logical block 2, async page read [ 820.812900][ C1] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.822433][ C1] Buffer I/O error on dev nbd3, logical block 3, async page read [ 820.830675][ T1811] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.849429][ T1811] Buffer I/O error on dev nbd3, logical block 0, async page read [ 820.861637][ T1811] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.871655][ T1811] Buffer I/O error on dev nbd3, logical block 1, async page read [ 820.879735][ T1811] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.889823][ T1811] Buffer I/O error on dev nbd3, logical block 2, async page read [ 820.897888][ T1811] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.907790][ T1811] Buffer I/O error on dev nbd3, logical block 3, async page read [ 820.918441][ T1811] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.931208][ T1811] Buffer I/O error on dev nbd3, logical block 0, async page read [ 820.939690][ T1811] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 820.951504][ T1811] Buffer I/O error on dev nbd3, logical block 1, async page read [ 820.960741][ T1811] ldm_validate_partition_table(): Disk read failed. [ 820.969699][ T1811] Dev nbd3: unable to read RDB block 0 [ 820.979209][ T1811] nbd3: unable to read partition table [ 820.999707][ T1811] ldm_validate_partition_table(): Disk read failed. [ 821.006972][ T1811] Dev nbd3: unable to read RDB block 0 [ 821.014904][ T1811] nbd3: unable to read partition table [ 821.091770][ T2932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8005'. [ 821.216770][ T2943] syzkaller0: entered promiscuous mode [ 821.231489][ T2943] syzkaller0: entered allmulticast mode [ 821.275437][ T2949] FAULT_INJECTION: forcing a failure. [ 821.275437][ T2949] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 821.309011][ T2949] CPU: 1 UID: 0 PID: 2949 Comm: syz.0.8009 Not tainted syzkaller #0 PREEMPT(full) [ 821.309039][ T2949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 821.309051][ T2949] Call Trace: [ 821.309060][ T2949] [ 821.309069][ T2949] dump_stack_lvl+0xe8/0x150 [ 821.309098][ T2949] should_fail_ex+0x412/0x560 [ 821.309126][ T2949] _copy_from_user+0x2d/0xb0 [ 821.309155][ T2949] ___sys_sendmsg+0x1c6/0x360 [ 821.309186][ T2949] ? __pfx____sys_sendmsg+0x10/0x10 [ 821.309210][ T2949] ? __lock_acquire+0x6b5/0x2cf0 [ 821.309286][ T2949] __sys_sendmmsg+0x27c/0x4e0 [ 821.309316][ T2949] ? __pfx___sys_sendmmsg+0x10/0x10 [ 821.309339][ T2949] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 821.309385][ T2949] ? ksys_write+0x242/0x270 [ 821.309414][ T2949] ? __pfx_ksys_write+0x10/0x10 [ 821.309446][ T2949] __x64_sys_sendmmsg+0xa0/0xc0 [ 821.309474][ T2949] do_syscall_64+0xe2/0xf80 [ 821.309495][ T2949] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.309514][ T2949] ? trace_irq_disable+0x37/0x100 [ 821.309532][ T2949] ? clear_bhb_loop+0x60/0xb0 [ 821.309555][ T2949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.309573][ T2949] RIP: 0033:0x7f617cd9acb9 [ 821.309591][ T2949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.309608][ T2949] RSP: 002b:00007f617dbe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 821.309629][ T2949] RAX: ffffffffffffffda RBX: 00007f617d015fa0 RCX: 00007f617cd9acb9 [ 821.309644][ T2949] RDX: 0400000000000292 RSI: 0000200000002c40 RDI: 0000000000000003 [ 821.309657][ T2949] RBP: 00007f617dbe1090 R08: 0000000000000000 R09: 0000000000000000 [ 821.309668][ T2949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 821.309680][ T2949] R13: 00007f617d016038 R14: 00007f617d015fa0 R15: 00007ffcd9bc8408 [ 821.309740][ T2949] [ 821.516473][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 821.522527][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 821.807441][ T2963] netlink: 'syz.0.8015': attribute type 7 has an invalid length. [ 821.815377][ T2963] netlink: 'syz.0.8015': attribute type 8 has an invalid length. [ 821.845319][ T2963] team0: entered promiscuous mode [ 821.862960][ T2963] team_slave_0: entered promiscuous mode [ 821.868809][ T2963] team_slave_1: entered promiscuous mode [ 821.884439][ T2963] team0: left promiscuous mode [ 821.889232][ T2963] team_slave_0: left promiscuous mode [ 821.911639][ T2963] team_slave_1: left promiscuous mode [ 822.287507][ T2982] netlink: 'syz.4.8020': attribute type 7 has an invalid length. [ 822.552221][ T2989] netlink: 'syz.2.8024': attribute type 10 has an invalid length. [ 822.983772][ T3012] netlink: 'syz.4.8028': attribute type 1 has an invalid length. [ 823.109805][ T3018] FAULT_INJECTION: forcing a failure. [ 823.109805][ T3018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 823.125698][ T3018] CPU: 0 UID: 0 PID: 3018 Comm: syz.3.8031 Not tainted syzkaller #0 PREEMPT(full) [ 823.125725][ T3018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 823.125737][ T3018] Call Trace: [ 823.125746][ T3018] [ 823.125754][ T3018] dump_stack_lvl+0xe8/0x150 [ 823.125783][ T3018] should_fail_ex+0x412/0x560 [ 823.125810][ T3018] _copy_from_user+0x2d/0xb0 [ 823.125838][ T3018] ___sys_sendmsg+0x1c6/0x360 [ 823.125869][ T3018] ? __pfx____sys_sendmsg+0x10/0x10 [ 823.125892][ T3018] ? __lock_acquire+0x6b5/0x2cf0 [ 823.125963][ T3018] __sys_sendmmsg+0x27c/0x4e0 [ 823.125992][ T3018] ? __pfx___sys_sendmmsg+0x10/0x10 [ 823.126014][ T3018] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 823.126061][ T3018] ? ksys_write+0x242/0x270 [ 823.126089][ T3018] ? __pfx_ksys_write+0x10/0x10 [ 823.126121][ T3018] __x64_sys_sendmmsg+0xa0/0xc0 [ 823.126147][ T3018] do_syscall_64+0xe2/0xf80 [ 823.126169][ T3018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.126187][ T3018] ? trace_irq_disable+0x37/0x100 [ 823.126205][ T3018] ? clear_bhb_loop+0x60/0xb0 [ 823.126233][ T3018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.126252][ T3018] RIP: 0033:0x7fa28ef9acb9 [ 823.126268][ T3018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 823.126285][ T3018] RSP: 002b:00007fa28fe22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 823.126305][ T3018] RAX: ffffffffffffffda RBX: 00007fa28f215fa0 RCX: 00007fa28ef9acb9 [ 823.126320][ T3018] RDX: 0400000000000292 RSI: 0000200000002c40 RDI: 0000000000000003 [ 823.126333][ T3018] RBP: 00007fa28fe22090 R08: 0000000000000000 R09: 0000000000000000 [ 823.126345][ T3018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 823.126357][ T3018] R13: 00007fa28f216038 R14: 00007fa28f215fa0 R15: 00007fff0116dec8 [ 823.126387][ T3018] [ 823.334173][ T3020] netlink: 'syz.1.8032': attribute type 10 has an invalid length. [ 823.346934][ T3022] No such timeout policy "syz0" [ 823.365389][ T3020] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 823.524964][ T3032] nbd: socks must be embedded in a SOCK_ITEM attr [ 823.626973][ T3039] __nla_validate_parse: 9 callbacks suppressed [ 823.626993][ T3039] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8037'. [ 823.643590][ T3037] netlink: 'syz.3.8036': attribute type 142 has an invalid length. [ 823.653160][ T3037] netlink: 'syz.3.8036': attribute type 1 has an invalid length. [ 823.671961][ T3039] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8037'. [ 824.082389][ T1811] udevd[1811]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory [ 824.239602][ T3063] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.8043'. [ 824.303172][ T3065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8043'. [ 824.407500][ T3069] geneve2: entered promiscuous mode [ 824.425702][T21252] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 824.444169][T21252] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 824.495601][T21252] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 824.518664][T21252] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 824.598739][ T3072] pim6reg: entered allmulticast mode [ 825.541761][ T3105] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8055'. [ 825.656498][ T3114] bond1: (slave bond_slave_1): Device is not our slave [ 825.664705][ T3114] bond1: option active_slave: invalid value (bond_slave_1) [ 825.693442][ T3114] bond1 (unregistering): Released all slaves [ 826.066344][ T3140] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8065'. [ 826.318396][ T3153] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8071'. [ 826.397229][ T3156] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8072'. [ 826.464706][ T3158] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 827.225394][ T3190] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8084'. [ 828.571014][ T3229] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8094'. [ 828.742075][ T3267] __nla_validate_parse: 1 callbacks suppressed [ 828.742093][ T3267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8109'. [ 829.424973][ T3301] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 829.446257][ T3301] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 829.462254][ T3301] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 829.540865][ T3317] validate_nla: 1 callbacks suppressed [ 829.540883][ T3317] netlink: 'syz.4.8119': attribute type 1 has an invalid length. [ 829.768267][ T3328] netlink: 'syz.3.8126': attribute type 3 has an invalid length. [ 829.787683][ T3328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8126'. [ 830.052259][ T3348] netlink: 'syz.1.8134': attribute type 5 has an invalid length. [ 830.062370][ T3348] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.8134'. [ 830.394040][ T3372] netlink: 'syz.4.8141': attribute type 30 has an invalid length. [ 830.499307][ T3372] bond1: option arp_missed_max: invalid value (0) [ 830.532820][ T3372] bond1: option arp_missed_max: allowed values 1 - 255 [ 830.545756][ T3372] bond1 (unregistering): Released all slaves [ 830.616000][ T3386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8140'. [ 830.862059][ T3402] sit0: entered promiscuous mode [ 830.872740][ T3402] netlink: 1 bytes leftover after parsing attributes in process `syz.4.8150'. [ 830.884659][ T3406] hsr0: left promiscuous mode [ 830.889637][ T3406] ip6gretap1: left promiscuous mode [ 830.896464][ T3406] veth3: left promiscuous mode [ 831.038463][ T3420] vlan3: entered promiscuous mode [ 831.224050][ T3433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8159'. [ 831.363927][ T3444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8161'. [ 831.415997][ T3447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8161'. [ 831.530250][ T3450] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 831.578026][ T3453] block nbd4: NBD_DISCONNECT [ 831.743271][ T3465] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8168'. [ 831.769929][ T3465] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8168'. [ 831.805745][ T3465] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 831.840166][ T3475] netlink: 'syz.3.8171': attribute type 10 has an invalid length. [ 831.854796][ T3474] netlink: 'syz.3.8171': attribute type 10 has an invalid length. [ 831.866539][ T3475] bond0: (slave dummy0): Releasing backup interface [ 832.344962][ T3502] x_tables: duplicate underflow at hook 1 [ 832.351794][ T3502] sctp: [Deprecated]: syz.0.8181 (pid 3502) Use of struct sctp_assoc_value in delayed_ack socket option. [ 832.351794][ T3502] Use struct sctp_sack_info instead [ 833.220702][ T3545] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 833.633747][ T3563] netlink: 'syz.1.8200': attribute type 30 has an invalid length. [ 833.713035][ T3563] bond5: option arp_missed_max: invalid value (0) [ 833.741940][ T3563] bond5: option arp_missed_max: allowed values 1 - 255 [ 833.772772][ T3563] bond5 (unregistering): Released all slaves [ 833.848817][ T3581] __nla_validate_parse: 5 callbacks suppressed [ 833.848835][ T3581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8206'. [ 833.881220][ T3581] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8206'. [ 833.928987][ T3575] netlink: 'syz.2.8203': attribute type 1 has an invalid length. [ 834.153243][ T3596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8209'. [ 834.285210][ T3596] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8209'. [ 834.698032][ T3617] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8216'. [ 834.910805][ T3617] 8021q: adding VLAN 0 to HW filter on device bond1 [ 834.954666][ T3630] bond1: (slave bond0): Enslaving as an active interface with an up link [ 835.019826][ T3640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8222'. [ 835.439720][ T3632] bond1 (unregistering): (slave bond0): Releasing backup interface [ 835.461033][ T3632] bond1 (unregistering): Released all slaves [ 835.519281][ T3638] vlan1: entered promiscuous mode [ 835.555659][ T3640] ip6gretap1: entered promiscuous mode [ 835.561332][ T3640] macvlan2: entered promiscuous mode [ 835.578382][ T3640] bond0: entered promiscuous mode [ 835.602922][ T3640] bond_slave_0: entered promiscuous mode [ 835.613445][ T3640] bond_slave_1: entered promiscuous mode [ 835.659197][ T3653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8224'. [ 835.711168][ T3654] FAULT_INJECTION: forcing a failure. [ 835.711168][ T3654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 835.723164][ T3653] macvlan2: entered promiscuous mode [ 835.816963][ T3654] CPU: 0 UID: 0 PID: 3654 Comm: syz.3.8224 Not tainted syzkaller #0 PREEMPT(full) [ 835.816990][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 835.817001][ T3654] Call Trace: [ 835.817009][ T3654] [ 835.817018][ T3654] dump_stack_lvl+0xe8/0x150 [ 835.817046][ T3654] should_fail_ex+0x412/0x560 [ 835.817074][ T3654] _copy_from_user+0x2d/0xb0 [ 835.817102][ T3654] sock_do_ioctl+0x195/0x320 [ 835.817124][ T3654] ? __pfx_sock_do_ioctl+0x10/0x10 [ 835.817139][ T3654] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 835.817176][ T3654] sock_ioctl+0x5c6/0x7f0 [ 835.817196][ T3654] ? __pfx_sock_ioctl+0x10/0x10 [ 835.817214][ T3654] ? __fget_files+0x2a/0x420 [ 835.817233][ T3654] ? __fget_files+0x3a0/0x420 [ 835.817252][ T3654] ? __fget_files+0x2a/0x420 [ 835.817274][ T3654] ? bpf_lsm_file_ioctl+0x9/0x20 [ 835.817297][ T3654] ? __pfx_sock_ioctl+0x10/0x10 [ 835.817314][ T3654] __se_sys_ioctl+0xfc/0x170 [ 835.817341][ T3654] do_syscall_64+0xe2/0xf80 [ 835.817362][ T3654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.817387][ T3654] ? trace_irq_disable+0x37/0x100 [ 835.817405][ T3654] ? clear_bhb_loop+0x60/0xb0 [ 835.817427][ T3654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.817445][ T3654] RIP: 0033:0x7fa28ef9acb9 [ 835.817462][ T3654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 835.817479][ T3654] RSP: 002b:00007fa28fe01028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 835.817499][ T3654] RAX: ffffffffffffffda RBX: 00007fa28f216090 RCX: 00007fa28ef9acb9 [ 835.817514][ T3654] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 835.817526][ T3654] RBP: 00007fa28fe01090 R08: 0000000000000000 R09: 0000000000000000 [ 835.817538][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 835.817550][ T3654] R13: 00007fa28f216128 R14: 00007fa28f216090 R15: 00007fff0116dec8 [ 835.817581][ T3654] [ 836.334652][ T3677] netlink: 'syz.3.8232': attribute type 1 has an invalid length. [ 836.495580][ T3683] vlan2: entered promiscuous mode [ 836.641180][ T3693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8240'. [ 836.689921][ T3693] macvlan3: entered promiscuous mode [ 836.702958][ T3693] bond0: entered promiscuous mode [ 836.718075][ T3693] bond_slave_0: entered promiscuous mode [ 836.738941][ T3695] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8238'. [ 836.748209][ T3695] netlink: 'syz.3.8238': attribute type 7 has an invalid length. [ 836.757955][ T3695] netlink: 'syz.3.8238': attribute type 8 has an invalid length. [ 836.767367][ T3693] bond_slave_1: entered promiscuous mode [ 836.776584][ T3693] mac80211_hwsim hwsim106 wlan1: entered promiscuous mode [ 836.788274][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8238'. [ 836.803704][ T3699] FAULT_INJECTION: forcing a failure. [ 836.803704][ T3699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 836.893504][ T3699] CPU: 1 UID: 0 PID: 3699 Comm: syz.1.8240 Not tainted syzkaller #0 PREEMPT(full) [ 836.893530][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 836.893541][ T3699] Call Trace: [ 836.893549][ T3699] [ 836.893557][ T3699] dump_stack_lvl+0xe8/0x150 [ 836.893582][ T3699] should_fail_ex+0x412/0x560 [ 836.893606][ T3699] _copy_from_user+0x2d/0xb0 [ 836.893633][ T3699] dev_ethtool+0xcf/0x1ae0 [ 836.893664][ T3699] ? kasan_quarantine_put+0xbb/0x1f0 [ 836.893693][ T3699] ? __pfx_dev_ethtool+0x10/0x10 [ 836.893713][ T3699] ? dev_load+0x21/0x1f0 [ 836.893743][ T3699] ? dev_load+0x21/0x1f0 [ 836.893763][ T3699] ? dev_load+0x21/0x1f0 [ 836.893781][ T3699] dev_ioctl+0x392/0x1150 [ 836.893804][ T3699] sock_do_ioctl+0x23e/0x320 [ 836.893823][ T3699] ? __pfx_sock_do_ioctl+0x10/0x10 [ 836.893838][ T3699] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 836.893873][ T3699] sock_ioctl+0x5c6/0x7f0 [ 836.893891][ T3699] ? __pfx_sock_ioctl+0x10/0x10 [ 836.893907][ T3699] ? __fget_files+0x2a/0x420 [ 836.893925][ T3699] ? __fget_files+0x3a0/0x420 [ 836.893943][ T3699] ? __fget_files+0x2a/0x420 [ 836.893963][ T3699] ? bpf_lsm_file_ioctl+0x9/0x20 [ 836.893984][ T3699] ? __pfx_sock_ioctl+0x10/0x10 [ 836.894000][ T3699] __se_sys_ioctl+0xfc/0x170 [ 836.894026][ T3699] do_syscall_64+0xe2/0xf80 [ 836.894047][ T3699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.894065][ T3699] ? trace_irq_disable+0x37/0x100 [ 836.894081][ T3699] ? clear_bhb_loop+0x60/0xb0 [ 836.894112][ T3699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.894129][ T3699] RIP: 0033:0x7f8bea99acb9 [ 836.894145][ T3699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 836.894161][ T3699] RSP: 002b:00007f8beb89a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.894181][ T3699] RAX: ffffffffffffffda RBX: 00007f8beac16090 RCX: 00007f8bea99acb9 [ 836.894194][ T3699] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 836.894207][ T3699] RBP: 00007f8beb89a090 R08: 0000000000000000 R09: 0000000000000000 [ 836.894218][ T3699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 836.894229][ T3699] R13: 00007f8beac16128 R14: 00007f8beac16090 R15: 00007ffeac9d62b8 [ 836.894259][ T3699] [ 837.253735][ T3712] xt_bpf: check failed: parse error [ 837.290574][ T3705] netlink: 'syz.1.8246': attribute type 1 has an invalid length. [ 837.380597][T22993] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80 [ 837.408046][ T3727] macvlan4: entered promiscuous mode [ 837.500440][ T3734] netlink: 'syz.3.8255': attribute type 7 has an invalid length. [ 837.511254][ T3734] netlink: 'syz.3.8255': attribute type 8 has an invalid length. [ 837.587928][ T3739] macvlan5: entered promiscuous mode [ 837.613995][ T3739] FAULT_INJECTION: forcing a failure. [ 837.613995][ T3739] name failslab, interval 1, probability 0, space 0, times 0 [ 837.641392][ T3739] CPU: 0 UID: 0 PID: 3739 Comm: syz.1.8257 Not tainted syzkaller #0 PREEMPT(full) [ 837.641418][ T3739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 837.641430][ T3739] Call Trace: [ 837.641438][ T3739] [ 837.641446][ T3739] dump_stack_lvl+0xe8/0x150 [ 837.641475][ T3739] should_fail_ex+0x412/0x560 [ 837.641502][ T3739] should_failslab+0xa8/0x100 [ 837.641536][ T3739] __kmalloc_cache_noprof+0x83/0x6e0 [ 837.641556][ T3739] ? dev_ethtool+0x132/0x1ae0 [ 837.641584][ T3739] dev_ethtool+0x132/0x1ae0 [ 837.641615][ T3739] ? kasan_quarantine_put+0xbb/0x1f0 [ 837.641644][ T3739] ? __pfx_dev_ethtool+0x10/0x10 [ 837.641666][ T3739] ? dev_load+0x21/0x1f0 [ 837.641697][ T3739] ? dev_load+0x21/0x1f0 [ 837.641718][ T3739] ? dev_load+0x21/0x1f0 [ 837.641737][ T3739] dev_ioctl+0x392/0x1150 [ 837.641760][ T3739] sock_do_ioctl+0x23e/0x320 [ 837.641781][ T3739] ? __pfx_sock_do_ioctl+0x10/0x10 [ 837.641797][ T3739] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 837.641835][ T3739] sock_ioctl+0x5c6/0x7f0 [ 837.641854][ T3739] ? __pfx_sock_ioctl+0x10/0x10 [ 837.641871][ T3739] ? __fget_files+0x2a/0x420 [ 837.641890][ T3739] ? __fget_files+0x3a0/0x420 [ 837.641909][ T3739] ? __fget_files+0x2a/0x420 [ 837.641932][ T3739] ? bpf_lsm_file_ioctl+0x9/0x20 [ 837.641955][ T3739] ? __pfx_sock_ioctl+0x10/0x10 [ 837.641972][ T3739] __se_sys_ioctl+0xfc/0x170 [ 837.642000][ T3739] do_syscall_64+0xe2/0xf80 [ 837.642021][ T3739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.642040][ T3739] ? trace_irq_disable+0x37/0x100 [ 837.642058][ T3739] ? clear_bhb_loop+0x60/0xb0 [ 837.642079][ T3739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.642098][ T3739] RIP: 0033:0x7f8bea99acb9 [ 837.642115][ T3739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 837.642133][ T3739] RSP: 002b:00007f8beb8bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 837.642152][ T3739] RAX: ffffffffffffffda RBX: 00007f8beac15fa0 RCX: 00007f8bea99acb9 [ 837.642165][ T3739] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 837.642177][ T3739] RBP: 00007f8beb8bb090 R08: 0000000000000000 R09: 0000000000000000 [ 837.642189][ T3739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 837.642200][ T3739] R13: 00007f8beac16038 R14: 00007f8beac15fa0 R15: 00007ffeac9d62b8 [ 837.642228][ T3739] [ 838.030435][ T3756] macvlan3: entered promiscuous mode [ 838.207220][ T3764] netlink: 'syz.1.8269': attribute type 7 has an invalid length. [ 838.226526][ T3764] netlink: 'syz.1.8269': attribute type 8 has an invalid length. [ 838.227987][ T3767] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 838.316733][ T3773] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 838.362258][ T3781] ip6gretap2: entered promiscuous mode [ 838.384066][ T3781] ip6gretap2: entered allmulticast mode [ 838.487769][ T3790] macvlan4: entered promiscuous mode [ 838.502447][ T3790] FAULT_INJECTION: forcing a failure. [ 838.502447][ T3790] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 838.516493][ T3790] CPU: 0 UID: 0 PID: 3790 Comm: syz.3.8275 Not tainted syzkaller #0 PREEMPT(full) [ 838.516517][ T3790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 838.516528][ T3790] Call Trace: [ 838.516536][ T3790] [ 838.516544][ T3790] dump_stack_lvl+0xe8/0x150 [ 838.516574][ T3790] should_fail_ex+0x412/0x560 [ 838.516601][ T3790] _copy_from_user+0x2d/0xb0 [ 838.516629][ T3790] ethtool_set_features+0xbc/0x300 [ 838.516651][ T3790] ? __pfx_ethtool_set_features+0x10/0x10 [ 838.516668][ T3790] ? apparmor_capable+0x137/0x1a0 [ 838.516697][ T3790] ? security_capable+0x7e/0x2c0 [ 838.516725][ T3790] dev_ethtool+0xfa5/0x1ae0 [ 838.516762][ T3790] ? __pfx_dev_ethtool+0x10/0x10 [ 838.516784][ T3790] ? dev_load+0x21/0x1f0 [ 838.516819][ T3790] ? dev_load+0x21/0x1f0 [ 838.516840][ T3790] dev_ioctl+0x392/0x1150 [ 838.516865][ T3790] sock_do_ioctl+0x23e/0x320 [ 838.516886][ T3790] ? __pfx_sock_do_ioctl+0x10/0x10 [ 838.516902][ T3790] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 838.516940][ T3790] sock_ioctl+0x5c6/0x7f0 [ 838.516960][ T3790] ? __pfx_sock_ioctl+0x10/0x10 [ 838.516977][ T3790] ? __fget_files+0x2a/0x420 [ 838.516997][ T3790] ? __fget_files+0x3a0/0x420 [ 838.517015][ T3790] ? __fget_files+0x2a/0x420 [ 838.517046][ T3790] ? bpf_lsm_file_ioctl+0x9/0x20 [ 838.517068][ T3790] ? __pfx_sock_ioctl+0x10/0x10 [ 838.517086][ T3790] __se_sys_ioctl+0xfc/0x170 [ 838.517113][ T3790] do_syscall_64+0xe2/0xf80 [ 838.517134][ T3790] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.517152][ T3790] ? trace_irq_disable+0x37/0x100 [ 838.517169][ T3790] ? clear_bhb_loop+0x60/0xb0 [ 838.517191][ T3790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.517210][ T3790] RIP: 0033:0x7fa28ef9acb9 [ 838.517227][ T3790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 838.517243][ T3790] RSP: 002b:00007fa28fe22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 838.517263][ T3790] RAX: ffffffffffffffda RBX: 00007fa28f215fa0 RCX: 00007fa28ef9acb9 [ 838.517277][ T3790] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 838.517287][ T3790] RBP: 00007fa28fe22090 R08: 0000000000000000 R09: 0000000000000000 [ 838.517299][ T3790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 838.517310][ T3790] R13: 00007fa28f216038 R14: 00007fa28f215fa0 R15: 00007fff0116dec8 [ 838.517341][ T3790] [ 839.099507][ T3819] __nla_validate_parse: 11 callbacks suppressed [ 839.099528][ T3819] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8285'. [ 839.491594][ T3835] vlan2: entered promiscuous mode [ 839.549557][ T3843] syzkaller0: entered promiscuous mode [ 839.563911][ T3843] syzkaller0: entered allmulticast mode [ 839.676036][ T3850] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8294'. [ 839.685449][ T3850] nbd: must specify at least one socket [ 839.691444][ T3850] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8294'. [ 839.705966][ T3850] nbd: must specify at least one socket [ 840.019087][ T3872] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8301'. [ 840.048347][ T3855] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8296'. [ 840.225361][ T3880] vlan2: entered promiscuous mode [ 840.299350][ T3887] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8306'. [ 840.456189][ T3892] netlink: 'syz.3.8308': attribute type 3 has an invalid length. [ 840.464613][ T3892] netlink: 666 bytes leftover after parsing attributes in process `syz.3.8308'. [ 840.495866][ T3892] netlink: 'syz.3.8308': attribute type 13 has an invalid length. [ 840.501783][ T3900] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8311'. [ 840.530562][ T3900] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8311'. [ 840.835614][ T3922] macvtap1: entered promiscuous mode [ 840.842980][ T3922] bridge0: entered promiscuous mode [ 840.848570][ T3922] macvtap1: entered allmulticast mode [ 840.854748][ T3925] FAULT_INJECTION: forcing a failure. [ 840.854748][ T3925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 840.868009][ T3922] bridge0: entered allmulticast mode [ 840.868752][ T3922] bridge0: port 3(macvtap1) entered blocking state [ 840.869081][ T3922] bridge0: port 3(macvtap1) entered disabled state [ 840.900770][ T3925] CPU: 0 UID: 0 PID: 3925 Comm: syz.4.8319 Not tainted syzkaller #0 PREEMPT(full) [ 840.900794][ T3925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 840.900805][ T3925] Call Trace: [ 840.900813][ T3925] [ 840.900821][ T3925] dump_stack_lvl+0xe8/0x150 [ 840.900849][ T3925] should_fail_ex+0x412/0x560 [ 840.900876][ T3925] _copy_from_user+0x2d/0xb0 [ 840.900902][ T3925] __sys_sendto+0x2af/0x7a0 [ 840.900928][ T3925] ? __pfx___sys_sendto+0x10/0x10 [ 840.900947][ T3925] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 840.900978][ T3925] ? __fget_files+0x3a0/0x420 [ 840.901005][ T3925] ? ksys_write+0x242/0x270 [ 840.901030][ T3925] ? __pfx_ksys_write+0x10/0x10 [ 840.901059][ T3925] __x64_sys_sendto+0xde/0x100 [ 840.901083][ T3925] do_syscall_64+0xe2/0xf80 [ 840.901101][ T3925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.901127][ T3925] ? trace_irq_disable+0x37/0x100 [ 840.901145][ T3925] ? clear_bhb_loop+0x60/0xb0 [ 840.901168][ T3925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.901185][ T3925] RIP: 0033:0x7feaf659acb9 [ 840.901202][ T3925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 840.901217][ T3925] RSP: 002b:00007feaf738b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 840.901237][ T3925] RAX: ffffffffffffffda RBX: 00007feaf6815fa0 RCX: 00007feaf659acb9 [ 840.901251][ T3925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 840.901262][ T3925] RBP: 00007feaf738b090 R08: 0000200000000700 R09: 0000000000000080 [ 840.901275][ T3925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 840.901286][ T3925] R13: 00007feaf6816038 R14: 00007feaf6815fa0 R15: 00007ffde3e9dd88 [ 840.901314][ T3925] [ 841.163038][ T3922] bridge0: left allmulticast mode [ 841.168215][ T3922] bridge0: left promiscuous mode [ 841.769982][ T3976] netlink: 'syz.0.8334': attribute type 30 has an invalid length. [ 841.807199][ T3979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8335'. [ 841.851771][ T3976] bond1: option arp_missed_max: invalid value (0) [ 841.859527][ T3976] bond1: option arp_missed_max: allowed values 1 - 255 [ 841.891267][ T3976] bond1 (unregistering): Released all slaves [ 842.099360][ T3988] netlink: 'syz.2.8336': attribute type 7 has an invalid length. [ 842.151047][ T3988] netlink: 'syz.2.8336': attribute type 8 has an invalid length. [ 842.219111][ T3994] netlink: 'syz.4.8340': attribute type 33 has an invalid length. [ 842.441767][ T4004] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 842.784486][ T4032] netlink: 'syz.3.8347': attribute type 1 has an invalid length. [ 842.809933][ T4033] netlink: 'syz.0.8350': attribute type 1 has an invalid length. [ 842.916611][ T4033] 8021q: adding VLAN 0 to HW filter on device bond1 [ 843.209158][ T4046] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 843.261084][ T4046] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 843.720058][ T4082] netlink: 'syz.3.8365': attribute type 30 has an invalid length. [ 843.809283][ T4082] bond5: option arp_missed_max: invalid value (0) [ 843.823337][ T4082] bond5: option arp_missed_max: allowed values 1 - 255 [ 843.867131][ T4082] bond5 (unregistering): Released all slaves [ 843.868928][ T4091] netlink: 'syz.1.8368': attribute type 7 has an invalid length. [ 843.881375][ T4091] netlink: 'syz.1.8368': attribute type 8 has an invalid length. [ 844.083480][ T4102] sctp: [Deprecated]: syz.4.8372 (pid 4102) Use of int in maxseg socket option. [ 844.083480][ T4102] Use struct sctp_assoc_value instead [ 844.175591][ T4111] xt_bpf: check failed: parse error [ 844.336611][ T4121] __nla_validate_parse: 11 callbacks suppressed [ 844.336636][ T4121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8379'. [ 844.357435][ T4121] openvswitch: netlink: ufid size 4235 bytes exceeds the range (1, 16) [ 844.367436][ T4121] openvswitch: netlink: Message has 8 unknown bytes. [ 844.514430][ T4137] netlink: 'syz.4.8383': attribute type 30 has an invalid length. [ 844.647005][ T4137] bond1: option arp_missed_max: invalid value (0) [ 844.653569][ T4137] bond1: option arp_missed_max: allowed values 1 - 255 [ 844.707368][ T4137] bond1 (unregistering): Released all slaves [ 844.801482][ T4152] xt_bpf: check failed: parse error [ 844.907767][ T4156] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8390'. [ 845.640387][ T4207] netlink: 68 bytes leftover after parsing attributes in process `syz.1.8406'. [ 845.818678][ T4216] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8410'. [ 845.827861][ T4216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8410'. [ 845.945569][ T4211] bond0: left promiscuous mode [ 845.961654][ T4211] bond_slave_0: left promiscuous mode [ 845.965975][ T4227] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8411'. [ 845.976461][ T4211] bond_slave_1: left promiscuous mode [ 845.992736][ T4211] ip6gretap1: left promiscuous mode [ 846.066880][ T1334] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 846.094509][ T1334] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 20001 - 0 [ 846.111287][ T1334] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 846.131981][ T1334] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 20001 - 0 [ 846.161461][ T1334] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 846.175674][ T1334] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 20001 - 0 [ 846.205523][ T1334] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 846.213357][ T4232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8415'. [ 846.234006][ T1334] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 20001 - 0 [ 846.330849][ T4246] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8416'. [ 846.719953][ T4270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8423'. [ 847.291275][ T4308] netlink: 68 bytes leftover after parsing attributes in process `syz.0.8431'. [ 847.682639][ T4338] xt_bpf: check failed: parse error [ 847.691404][ T4339] validate_nla: 5 callbacks suppressed [ 847.691423][ T4339] netlink: 'syz.4.8439': attribute type 7 has an invalid length. [ 847.729655][ T4339] netlink: 'syz.4.8439': attribute type 8 has an invalid length. [ 847.732292][ T4343] xt_bpf: check failed: parse error [ 848.106994][ T4357] dvmrp0: entered allmulticast mode [ 848.380567][ T4387] xt_bpf: check failed: parse error [ 848.412572][ T4389] netlink: 'syz.4.8454': attribute type 7 has an invalid length. [ 848.430994][ T4389] netlink: 'syz.4.8454': attribute type 8 has an invalid length. [ 848.691745][ T4412] netlink: 'syz.3.8460': attribute type 30 has an invalid length. [ 848.748136][ T4412] bond5: option arp_missed_max: invalid value (0) [ 848.754814][ T4412] bond5: option arp_missed_max: allowed values 1 - 255 [ 848.772345][ T4412] bond5 (unregistering): Released all slaves [ 849.034325][ T4436] xt_bpf: check failed: parse error [ 849.106797][ T4440] netlink: 'syz.2.8468': attribute type 7 has an invalid length. [ 849.116194][ T4440] netlink: 'syz.2.8468': attribute type 8 has an invalid length. [ 849.373713][ T4401] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 849.494195][ T4468] netlink: 'syz.0.8475': attribute type 30 has an invalid length. [ 849.536121][ T4468] bond2: option arp_missed_max: invalid value (0) [ 849.542687][ T4468] bond2: option arp_missed_max: allowed values 1 - 255 [ 849.564217][ T4468] bond2 (unregistering): Released all slaves [ 849.780708][ T4485] __nla_validate_parse: 18 callbacks suppressed [ 849.780726][ T4485] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8483'. [ 849.796409][ T4486] TCP: TCP_TX_DELAY enabled [ 849.931412][ T4498] netlink: 'syz.0.8487': attribute type 58 has an invalid length. [ 849.953523][ T4499] netlink: 'syz.0.8487': attribute type 58 has an invalid length. [ 849.974876][ T4498] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8487'. [ 849.987159][ T4499] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8487'. [ 850.633106][ T5832] Bluetooth: hci1: command 0x0401 tx timeout [ 850.652981][ T4520] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8493'. [ 850.657556][ T4515] netlink: 148 bytes leftover after parsing attributes in process `syz.2.8493'. [ 850.674182][ T4515] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 850.713381][ T4520] nbd: couldn't find a device at index 0 [ 850.889445][ T4533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8499'. [ 850.912611][ T4534] ip6erspan0: entered promiscuous mode [ 851.146368][ T4543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8501'. [ 851.417110][ T4575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8508'. [ 851.454108][ T4565] bond5: entered promiscuous mode [ 851.459205][ T4565] bond5: entered allmulticast mode [ 851.646851][ T4584] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 851.654162][ T4584] IPv6: NLM_F_CREATE should be set when creating new route [ 851.956280][ T6929] lec:lec_start_xmit: lec0:No lecd attached [ 852.177752][ T4625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8528'. [ 852.197526][ T4630] netlink: 156 bytes leftover after parsing attributes in process `syz.2.8529'. [ 852.221339][ T4625] macvlan5: entered promiscuous mode [ 852.968938][ T4686] openvswitch: netlink: Flow actions attr not present in new flow. [ 853.109827][ T4693] validate_nla: 3 callbacks suppressed [ 853.109849][ T4693] netlink: 'syz.0.8544': attribute type 7 has an invalid length. [ 853.123909][ T4693] netlink: 'syz.0.8544': attribute type 8 has an invalid length. [ 853.139271][ T4693] team0: entered promiscuous mode [ 853.144523][ T4693] team_slave_0: entered promiscuous mode [ 853.150359][ T4693] team_slave_1: entered promiscuous mode [ 853.187194][ T4693] team0: left promiscuous mode [ 853.203047][ T4693] team_slave_0: left promiscuous mode [ 853.214216][ T4693] team_slave_1: left promiscuous mode [ 853.418907][ T4712] netlink: 'syz.4.8547': attribute type 30 has an invalid length. [ 853.479545][ T4712] bond1: option arp_missed_max: invalid value (0) [ 853.487544][ T4712] bond1: option arp_missed_max: allowed values 1 - 255 [ 853.515017][ T4712] bond1 (unregistering): Released all slaves [ 854.060840][ T4753] netlink: 'syz.4.8560': attribute type 7 has an invalid length. [ 854.081285][ T4753] netlink: 'syz.4.8560': attribute type 8 has an invalid length. [ 854.389977][ T4771] netlink: 'syz.2.8567': attribute type 30 has an invalid length. [ 854.432470][ T4771] bond5: option arp_missed_max: invalid value (0) [ 854.439594][ T4771] bond5: option arp_missed_max: allowed values 1 - 255 [ 854.448065][ T4771] bond5 (unregistering): Released all slaves [ 854.845426][ T4784] __nla_validate_parse: 5 callbacks suppressed [ 854.845444][ T4784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8569'. [ 854.863559][ T4784] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8569'. [ 854.872536][ T4784] netlink: 'syz.3.8569': attribute type 20 has an invalid length. [ 854.898672][T21175] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 854.956415][ T4784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8569'. [ 854.971042][T21175] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 854.995833][ T4784] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8569'. [ 855.034705][T21175] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 855.045479][ T4784] netlink: 'syz.3.8569': attribute type 20 has an invalid length. [ 855.067204][T21175] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 855.259896][ T4805] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8574'. [ 855.473596][ T4815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8576'. [ 855.493693][ T4817] IPVS: length: 35 != 24 [ 855.531718][ T4820] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72 [ 855.550417][ T4820] netlink: 'syz.2.8577': attribute type 1 has an invalid length. [ 855.696804][ T4830] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 855.704097][ T4830] IPv6: NLM_F_CREATE should be set when creating new route [ 855.711334][ T4830] IPv6: NLM_F_CREATE should be set when creating new route [ 855.717390][ T4820] bond5: entered promiscuous mode [ 855.725111][ T4820] 8021q: adding VLAN 0 to HW filter on device bond5 [ 855.733650][ T4831] xt_bpf: check failed: parse error [ 855.769350][ T4830] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 855.810507][ T4835] netlink: 'syz.0.8582': attribute type 30 has an invalid length. [ 855.901528][ T4835] bond2: option arp_missed_max: invalid value (0) [ 855.966514][ T4835] bond2: option arp_missed_max: allowed values 1 - 255 [ 855.979421][ T4845] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8585'. [ 856.022383][ T4835] bond2 (unregistering): Released all slaves [ 856.356355][ T4852] syzkaller0: entered promiscuous mode [ 856.361866][ T4852] syzkaller0: entered allmulticast mode [ 856.624773][ T4877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8597'. [ 856.658288][ T4877] openvswitch: netlink: Invalid VLAN frame [ 856.679594][ T4879] sock: sock_timestamping_bind_phc: sock not bind to device [ 856.687144][ T4880] sock: sock_timestamping_bind_phc: sock not bind to device [ 856.724990][ T4882] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8597'. [ 856.736191][ T4882] openvswitch: netlink: Invalid VLAN frame [ 857.003241][ T4849] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 857.009526][ T4849] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 857.026207][ T4849] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 857.032284][ T4849] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 857.066919][ T4897] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8603'. [ 857.085162][ T4897] batadv1: entered promiscuous mode [ 857.094682][ T4897] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 857.109154][ T4849] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 857.117023][ T4849] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 857.166186][ T4849] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 857.182646][ T4849] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 857.207539][ T4849] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 857.217995][ T4849] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 857.277105][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 857.297322][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 857.311642][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 857.324356][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 857.331975][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 857.353184][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5400 ms [ 857.361212][ C0] lec:lec_tx_timeout: lec0 [ 857.398595][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 857.407540][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 857.415426][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 857.424232][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 857.435517][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 857.574646][ T4921] xt_bpf: check failed: parse error [ 857.640977][T22989] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 857.788433][T22989] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 857.925597][T22989] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 858.071158][T22989] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 858.518699][ T4972] xt_bpf: check failed: parse error [ 858.564615][T22989] bridge_slave_1: left allmulticast mode [ 858.570310][T22989] bridge_slave_1: left promiscuous mode [ 858.601208][T22989] bridge0: port 2(bridge_slave_1) entered disabled state [ 858.651030][T22989] bridge_slave_0: left promiscuous mode [ 858.663421][T22989] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.456053][T22989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 859.465151][T22989] bond_slave_0: left promiscuous mode [ 859.472194][T22989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 859.483683][T22989] bond_slave_1: left promiscuous mode [ 859.489708][T22989] bond0 (unregistering): Released all slaves [ 859.502402][T22989] bond1 (unregistering): Released all slaves [ 859.513187][ T5832] Bluetooth: hci4: command tx timeout [ 859.527115][T22989] bond2 (unregistering): Released all slaves [ 859.651926][T22989] bond3 (unregistering): Released all slaves [ 859.762051][T22989] bond4 (unregistering): (slave veth3): Releasing backup interface [ 859.770968][T22989] bond4 (unregistering): Released all slaves [ 859.783451][T22989] bond5 (unregistering): Released all slaves [ 859.829403][ T4868] chnl_net:caif_netlink_parms(): no params data found [ 859.936491][T22989] tipc: Left network mode [ 859.987775][T22989] IPVS: stopping master sync thread 28850 ... [ 860.180749][ T4868] bridge0: port 1(bridge_slave_0) entered blocking state [ 860.191814][ T4868] bridge0: port 1(bridge_slave_0) entered disabled state [ 860.202699][ T4868] bridge_slave_0: entered allmulticast mode [ 860.211241][ T4868] bridge_slave_0: entered promiscuous mode [ 860.220263][ T4868] bridge0: port 2(bridge_slave_1) entered blocking state [ 860.227661][ T4868] bridge0: port 2(bridge_slave_1) entered disabled state [ 860.244912][ T4868] bridge_slave_1: entered allmulticast mode [ 860.256609][ T4868] bridge_slave_1: entered promiscuous mode [ 860.378619][ T4868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 860.430521][ T4868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 860.496655][ T5045] vti0: entered promiscuous mode [ 860.536739][ T4868] team0: Port device team_slave_0 added [ 860.619216][ T4868] team0: Port device team_slave_1 added [ 860.685034][ T4868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 860.705069][ T4868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 860.798876][ T4868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 860.893539][ T4868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 860.901533][ T4868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 860.935983][ T4868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 860.940094][ T5072] netlink: 'syz.2.8645': attribute type 30 has an invalid length. [ 861.098429][ T5072] bond6: option arp_missed_max: invalid value (0) [ 861.105454][ T5072] bond6: option arp_missed_max: allowed values 1 - 255 [ 861.135137][ T5072] bond6 (unregistering): Released all slaves [ 861.418027][T22989] hsr_slave_0: left promiscuous mode [ 861.431612][T22989] hsr_slave_1: left promiscuous mode [ 861.450464][T22989] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 861.593826][ T5832] Bluetooth: hci4: command tx timeout [ 861.821663][ T5118] __nla_validate_parse: 6 callbacks suppressed [ 861.821684][ T5118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8650'. [ 862.412717][ T5123] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8655'. [ 862.431075][ T5114] vlan2: entered promiscuous mode [ 862.505470][ T5115] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.769991][ T5115] veth0_to_batadv: left allmulticast mode [ 862.785889][ T5115] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 862.834456][ T5115] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 862.961547][ T5157] sctp: [Deprecated]: syz.0.8663 (pid 5157) Use of int in maxseg socket option. [ 862.961547][ T5157] Use struct sctp_assoc_value instead [ 863.374419][ T5115] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 863.507416][ T5115] ip6gretap1: left promiscuous mode [ 863.515086][ T5115] ip6gretap1: left allmulticast mode [ 863.530482][ T5115] bond1: left promiscuous mode [ 863.538024][ T5115] bond2: left promiscuous mode [ 863.546854][ T5115] bridge2: left promiscuous mode [ 863.551924][ T5115] bridge2: left allmulticast mode [ 863.558653][ T5115] bridge3: left promiscuous mode [ 863.567422][ T5115] bridge3: left allmulticast mode [ 863.574038][ T5115] vlan2: left promiscuous mode [ 863.578909][ T5115] geneve1: left promiscuous mode [ 863.585199][ T5115] vlan2: left allmulticast mode [ 863.590076][ T5115] geneve1: left allmulticast mode [ 863.602016][ T5115] bond5: left promiscuous mode [ 863.608200][ T5115] vti0: left promiscuous mode [ 863.614837][ T5118] hsr_slave_0: left promiscuous mode [ 863.621020][ T5118] hsr_slave_1: left promiscuous mode [ 863.655278][ T5170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8666'. [ 863.665193][T12874] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 863.673368][ T5832] Bluetooth: hci4: command tx timeout [ 863.678260][T12874] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.691316][T12874] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 863.723822][T12874] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.779353][ T4868] hsr_slave_0: entered promiscuous mode [ 863.786826][ T4868] hsr_slave_1: entered promiscuous mode [ 863.794090][ T4868] debugfs: 'hsr0' already exists in 'hsr' [ 863.799911][ T4868] Cannot create hsr debugfs directory [ 863.811348][T12874] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 863.833029][T12874] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.840182][ T5187] netlink: 'syz.1.8670': attribute type 30 has an invalid length. [ 863.841961][T12874] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 863.859184][T12874] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 863.958719][ T5187] bond5: option arp_missed_max: invalid value (0) [ 863.970470][ T5187] bond5: option arp_missed_max: allowed values 1 - 255 [ 863.999835][ T5187] bond5 (unregistering): Released all slaves [ 864.294221][ T5209] netlink: 'syz.1.8677': attribute type 1 has an invalid length. [ 864.311613][ T5213] vlan0: entered promiscuous mode [ 864.315684][ T5209] netlink: 224 bytes leftover after parsing attributes in process `syz.1.8677'. [ 864.332594][T22989] IPVS: stop unused estimator thread 0... [ 864.459385][ T5225] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 864.881994][ T5248] vlan3: entered promiscuous mode [ 864.920179][ T5245] syzkaller0: entered promiscuous mode [ 864.927250][ T5245] syzkaller0: entered allmulticast mode [ 864.938772][ T5245] tipc: Enabled bearer , priority 0 [ 864.953927][ T5245] tipc: Resetting bearer [ 864.971019][ T5243] tipc: Resetting bearer [ 865.022384][ T5243] tipc: Disabling bearer [ 865.257343][ T4868] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 865.338026][ T4868] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 865.359620][ T4868] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 865.370129][ T5261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8689'. [ 865.380291][ T4868] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 865.406900][ T5261] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 865.424235][ T5261] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 865.467493][ T5261] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 865.627537][ T4868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 865.671512][ T4868] 8021q: adding VLAN 0 to HW filter on device team0 [ 865.701876][T22989] bridge0: port 1(bridge_slave_0) entered blocking state [ 865.709110][T22989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 865.753988][ T5832] Bluetooth: hci4: command tx timeout [ 865.767946][T22989] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.775205][T22989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 865.986672][ T5306] netlink: 'syz.1.8698': attribute type 39 has an invalid length. [ 866.038005][ T5308] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8698'. [ 866.069285][ T5308] netlink: 43 bytes leftover after parsing attributes in process `syz.1.8698'. [ 866.092416][ T5308] netlink: 'syz.1.8698': attribute type 5 has an invalid length. [ 866.110619][ T5308] netlink: 43 bytes leftover after parsing attributes in process `syz.1.8698'. [ 866.150605][ T5312] vlan2: entered allmulticast mode [ 866.226645][ T4868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 866.344722][ T4868] veth0_vlan: entered promiscuous mode [ 866.385545][ T4868] veth1_vlan: entered promiscuous mode [ 866.485754][ T4868] veth0_macvtap: entered promiscuous mode [ 866.526655][ T4868] veth1_macvtap: entered promiscuous mode [ 866.570830][ T5326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8703'. [ 866.589576][ T5329] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8702'. [ 866.608832][ T4868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 866.642739][ T5326] geneve2: entered promiscuous mode [ 866.648304][ T5326] geneve2: entered allmulticast mode [ 866.690784][ T4868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 866.826123][ T5344] xt_bpf: check failed: parse error [ 866.856653][T12874] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.869803][T12874] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.901723][T12874] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.949656][T12874] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.997705][T12874] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.014075][ T5349] IPVS: set_ctl: invalid protocol: 47 10.1.1.1:20001 [ 867.028188][T12874] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.066777][T12874] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.087484][T12874] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.339673][T21249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.395046][T21249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.401070][ T5369] netlink: 68 bytes leftover after parsing attributes in process `syz.2.8715'. [ 867.414116][ T5367] sit0: entered promiscuous mode [ 867.424126][ T5367] netlink: 'syz.0.8714': attribute type 1 has an invalid length. [ 867.431877][ T5367] netlink: 1 bytes leftover after parsing attributes in process `syz.0.8714'. [ 867.521532][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.556666][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.623760][ T5379] netlink: 76 bytes leftover after parsing attributes in process `syz.0.8718'. [ 867.916066][ T5394] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8722'. [ 867.937152][ T5401] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8722'. [ 868.003816][ T5405] netlink: 'syz.1.8725': attribute type 10 has an invalid length. [ 868.077384][ T5408] netlink: 'syz.1.8725': attribute type 1 has an invalid length. [ 868.085680][ T5408] netlink: 96 bytes leftover after parsing attributes in process `syz.1.8725'. [ 868.105879][ T5408] netlink: 1 bytes leftover after parsing attributes in process `syz.1.8725'. [ 868.650080][ T5429] x_tables: duplicate entry at hook 1 [ 868.687874][ T5432] netlink: 'syz.3.8731': attribute type 1 has an invalid length. [ 868.733396][ T5432] netlink: 'syz.3.8731': attribute type 11 has an invalid length. [ 868.741255][ T5432] netlink: 224 bytes leftover after parsing attributes in process `syz.3.8731'. [ 868.958583][ T5437] vlan2: entered promiscuous mode [ 869.150249][ T5457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8737'. [ 869.359392][ T5466] FAULT_INJECTION: forcing a failure. [ 869.359392][ T5466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 869.380328][ T5466] CPU: 1 UID: 0 PID: 5466 Comm: syz.0.8740 Not tainted syzkaller #0 PREEMPT(full) [ 869.380345][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 869.380352][ T5466] Call Trace: [ 869.380357][ T5466] [ 869.380362][ T5466] dump_stack_lvl+0xe8/0x150 [ 869.380389][ T5466] should_fail_ex+0x412/0x560 [ 869.380415][ T5466] _copy_from_user+0x2d/0xb0 [ 869.380442][ T5466] ___sys_sendmsg+0x1c6/0x360 [ 869.380466][ T5466] ? __lock_acquire+0x6b5/0x2cf0 [ 869.380485][ T5466] ? __pfx____sys_sendmsg+0x10/0x10 [ 869.380501][ T5466] ? kstrtouint+0x6e/0xe0 [ 869.380525][ T5466] ? __fget_files+0x2a/0x420 [ 869.380537][ T5466] ? __fget_files+0x3a0/0x420 [ 869.380553][ T5466] __sys_sendmmsg+0x27c/0x4e0 [ 869.380569][ T5466] ? __pfx___sys_sendmmsg+0x10/0x10 [ 869.380582][ T5466] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 869.380607][ T5466] ? ksys_write+0x242/0x270 [ 869.380623][ T5466] ? __pfx_ksys_write+0x10/0x10 [ 869.380641][ T5466] __x64_sys_sendmmsg+0xa0/0xc0 [ 869.380656][ T5466] do_syscall_64+0xe2/0xf80 [ 869.380668][ T5466] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.380684][ T5466] ? trace_irq_disable+0x37/0x100 [ 869.380700][ T5466] ? clear_bhb_loop+0x60/0xb0 [ 869.380720][ T5466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.380737][ T5466] RIP: 0033:0x7f617cd9acb9 [ 869.380753][ T5466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 869.380762][ T5466] RSP: 002b:00007f617dbe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 869.380775][ T5466] RAX: ffffffffffffffda RBX: 00007f617d015fa0 RCX: 00007f617cd9acb9 [ 869.380783][ T5466] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000005 [ 869.380790][ T5466] RBP: 00007f617dbe1090 R08: 0000000000000000 R09: 0000000000000000 [ 869.380796][ T5466] R10: 000000000000c040 R11: 0000000000000246 R12: 0000000000000001 [ 869.380802][ T5466] R13: 00007f617d016038 R14: 00007f617d015fa0 R15: 00007ffcd9bc8408 [ 869.380818][ T5466] [ 869.787671][ T5482] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72 [ 869.951022][ T5503] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8751'. [ 870.004648][T18720] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80 [ 870.313949][T21175] wlan0: Trigger new scan to find an IBSS to join [ 870.558265][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.566107][ T1301] lec:lec_start_xmit: lec0:No lecd attached [ 871.220364][ T5552] tipc: Started in network mode [ 871.240316][ T5552] tipc: Node identity 9, cluster identity 4711 [ 871.268684][ T5552] tipc: Node number set to 9 [ 871.867855][ T5583] netlink: 'syz.3.8772': attribute type 10 has an invalid length. [ 871.899412][ T5583] team0: Failed to send options change via netlink (err -105) [ 871.917984][ T5583] team0: Port device dummy0 added [ 871.948477][ T5583] netlink: 'syz.3.8772': attribute type 10 has an invalid length. [ 871.969557][ T5583] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 871.996562][ T5583] team0: Failed to send options change via netlink (err -105) [ 872.004996][ T5583] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 872.018566][ T5583] team0: Port device dummy0 removed [ 872.031976][ T5583] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 872.175840][ T5597] netlink: 'syz.3.8776': attribute type 4 has an invalid length. [ 872.185425][ T5597] netlink: 'syz.3.8776': attribute type 1 has an invalid length. [ 872.926887][ T5645] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 872.953763][ T5640] syzkaller0: entered promiscuous mode [ 872.959317][ T5640] syzkaller0: entered allmulticast mode [ 873.042644][ T5655] netlink: 'syz.1.8794': attribute type 4 has an invalid length. [ 873.050670][ T5654] netlink: 'syz.1.8794': attribute type 4 has an invalid length. [ 873.058486][ T5654] __nla_validate_parse: 5 callbacks suppressed [ 873.058501][ T5654] netlink: 164 bytes leftover after parsing attributes in process `syz.1.8794'. [ 873.099759][ T5655] netlink: 164 bytes leftover after parsing attributes in process `syz.1.8794'. [ 873.275491][T27839] wlan0: Trigger new scan to find an IBSS to join [ 873.361274][ T5677] netlink: 'syz.0.8800': attribute type 1 has an invalid length. [ 873.391739][ T5677] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8800'. [ 873.405240][ T5677] netlink: 'syz.0.8800': attribute type 7 has an invalid length. [ 873.413666][ T5677] netlink: 'syz.0.8800': attribute type 8 has an invalid length. [ 873.474993][ T5677] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8800'. [ 873.489861][ T5685] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8804'. [ 873.506773][ T5688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8805'. [ 873.875922][ T5707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8807'. [ 873.902270][ T5709] netlink: 'syz.0.8811': attribute type 1 has an invalid length. [ 873.961669][ T5709] netlink: 2108 bytes leftover after parsing attributes in process `syz.0.8811'. [ 874.010562][ T5702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8807'. [ 874.240470][ T5726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8816'. [ 874.742809][ T5752] sctp: [Deprecated]: syz.4.8822 (pid 5752) Use of int in max_burst socket option. [ 874.742809][ T5752] Use struct sctp_assoc_value instead [ 875.820727][ T5795] sit0: left promiscuous mode [ 875.947053][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 875.974035][ T5795] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 875.975411][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 876.001745][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 876.010376][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 876.018712][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 876.036297][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 876.312930][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5750 ms [ 876.321033][ C0] lec:lec_tx_timeout: lec0 [ 876.331008][ T9312] wlan0: Trigger new scan to find an IBSS to join [ 876.469814][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 876.826499][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.846330][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.860776][ T5802] bridge_slave_0: entered allmulticast mode [ 876.872806][ T5802] bridge_slave_0: entered promiscuous mode [ 876.904090][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.923994][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.935291][ T5802] bridge_slave_1: entered allmulticast mode [ 876.953695][ T5802] bridge_slave_1: entered promiscuous mode [ 877.045534][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 877.060928][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 877.083495][ T5865] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input7 [ 877.133157][ T5802] team0: Port device team_slave_0 added [ 877.142467][ T5802] team0: Port device team_slave_1 added [ 877.246313][ T9312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 877.306039][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 877.393838][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 877.464194][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 877.548514][ T5887] validate_nla: 5 callbacks suppressed [ 877.548533][ T5887] netlink: 'syz.0.8861': attribute type 5 has an invalid length. [ 877.562968][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 877.569915][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 877.599394][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 877.736222][ T5802] hsr_slave_0: entered promiscuous mode [ 877.795249][ T5802] hsr_slave_1: entered promiscuous mode [ 877.807051][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 877.820075][ T5802] Cannot create hsr debugfs directory [ 878.076484][ T5835] Bluetooth: hci0: command tx timeout [ 878.177927][ T5923] syzkaller0: entered promiscuous mode [ 878.197903][ T5923] syzkaller0: entered allmulticast mode [ 878.296561][ T5926] syzkaller0: entered promiscuous mode [ 878.304985][ T5926] syzkaller0: entered allmulticast mode [ 880.156953][ T5835] Bluetooth: hci0: command tx timeout [ 880.566337][ T5972] netlink: 'syz.3.8878': attribute type 30 has an invalid length. [ 880.626733][ T5972] bond1: option arp_missed_max: invalid value (0) [ 880.643579][ T5972] bond1: option arp_missed_max: allowed values 1 - 255 [ 880.677437][ T5972] bond1 (unregistering): Released all slaves [ 880.682115][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.695486][ T5982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 880.716502][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.744834][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.763377][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.785153][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.820660][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.838640][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.848421][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.860505][ T5980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 880.900057][ T5802] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 880.936451][ T5802] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 880.969000][ T5802] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 880.985184][ T5989] __nla_validate_parse: 7 callbacks suppressed [ 880.985203][ T5989] netlink: 212336 bytes leftover after parsing attributes in process `syz.1.8884'. [ 881.031519][ T5802] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 881.272759][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 881.327987][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 881.367419][T18720] bridge0: port 1(bridge_slave_0) entered blocking state [ 881.374620][T18720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 881.426790][T18720] bridge0: port 2(bridge_slave_1) entered blocking state [ 881.433988][T18720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 881.720073][ T6040] FAULT_INJECTION: forcing a failure. [ 881.720073][ T6040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 881.763497][ T6040] CPU: 0 UID: 0 PID: 6040 Comm: syz.3.8896 Not tainted syzkaller #0 PREEMPT(full) [ 881.763524][ T6040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 881.763536][ T6040] Call Trace: [ 881.763543][ T6040] [ 881.763552][ T6040] dump_stack_lvl+0xe8/0x150 [ 881.763579][ T6040] should_fail_ex+0x412/0x560 [ 881.763615][ T6040] _copy_from_user+0x2d/0xb0 [ 881.763643][ T6040] ___sys_recvmsg+0x175/0x590 [ 881.763671][ T6040] ? __pfx____sys_recvmsg+0x10/0x10 [ 881.763698][ T6040] ? __fget_files+0x2a/0x420 [ 881.763744][ T6040] do_recvmmsg+0x334/0x800 [ 881.763774][ T6040] ? __pfx_do_recvmmsg+0x10/0x10 [ 881.763810][ T6040] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 881.763849][ T6040] __x64_sys_recvmmsg+0x198/0x250 [ 881.763878][ T6040] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 881.763914][ T6040] do_syscall_64+0xe2/0xf80 [ 881.763936][ T6040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.763955][ T6040] ? trace_irq_disable+0x37/0x100 [ 881.763973][ T6040] ? clear_bhb_loop+0x60/0xb0 [ 881.763995][ T6040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.764013][ T6040] RIP: 0033:0x7fcc4af9acb9 [ 881.764032][ T6040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.764048][ T6040] RSP: 002b:00007fcc4be3e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 881.764070][ T6040] RAX: ffffffffffffffda RBX: 00007fcc4b215fa0 RCX: 00007fcc4af9acb9 [ 881.764084][ T6040] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004 [ 881.764097][ T6040] RBP: 00007fcc4be3e090 R08: 0000000000000000 R09: 0000000000000000 [ 881.764110][ T6040] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002 [ 881.764122][ T6040] R13: 00007fcc4b216038 R14: 00007fcc4b215fa0 R15: 00007ffddc06ae88 [ 881.764153][ T6040] [ 881.988756][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 882.005269][ T6043] netlink: 'syz.4.8897': attribute type 28 has an invalid length. [ 882.016143][ T6043] netlink: 'syz.4.8897': attribute type 1 has an invalid length. [ 882.096817][ T5802] veth0_vlan: entered promiscuous mode [ 882.109516][ T5802] veth1_vlan: entered promiscuous mode [ 882.147618][ T5802] veth0_macvtap: entered promiscuous mode [ 882.179653][ T5802] veth1_macvtap: entered promiscuous mode [ 882.242386][ T5835] Bluetooth: hci0: command tx timeout [ 882.285894][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 882.344476][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 882.404626][T21247] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.437812][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.451695][ T6058] xt_CT: No such helper "snmp" [ 882.455421][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.481614][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.544843][ T6071] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8907'. [ 882.547603][ T6069] bond0: (slave rose0): Error: Device can not be enslaved while up [ 882.704730][ T6078] netlink: 'syz.0.8910': attribute type 12 has an invalid length. [ 882.721586][ T6078] netlink: 190972 bytes leftover after parsing attributes in process `syz.0.8910'. [ 882.751239][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.768685][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.841515][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.853795][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.854422][ T6087] gretap0: entered promiscuous mode [ 882.867143][ T6087] vlan2: entered promiscuous mode [ 882.868019][ T6088] netlink: 'syz.0.8913': attribute type 1 has an invalid length. [ 882.989122][ T6088] 8021q: adding VLAN 0 to HW filter on device bond2 [ 883.036076][ T6089] can: request_module (can-proto-0) failed. [ 883.105494][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8916'. [ 883.167463][ T6107] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8837'. [ 883.234063][ T6111] FAULT_INJECTION: forcing a failure. [ 883.234063][ T6111] name failslab, interval 1, probability 0, space 0, times 0 [ 883.247199][ T6111] CPU: 0 UID: 0 PID: 6111 Comm: syz.3.8919 Not tainted syzkaller #0 PREEMPT(full) [ 883.247224][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 883.247235][ T6111] Call Trace: [ 883.247244][ T6111] [ 883.247253][ T6111] dump_stack_lvl+0xe8/0x150 [ 883.247282][ T6111] should_fail_ex+0x412/0x560 [ 883.247310][ T6111] should_failslab+0xa8/0x100 [ 883.247333][ T6111] kmem_cache_alloc_noprof+0x87/0x6e0 [ 883.247362][ T6111] ? dst_alloc+0x105/0x170 [ 883.247391][ T6111] dst_alloc+0x105/0x170 [ 883.247415][ T6111] ? __pfx_nf_hook+0x10/0x10 [ 883.247441][ T6111] rt_dst_clone+0x52/0x680 [ 883.247467][ T6111] ip_mc_finish_output+0xe9/0x2d0 [ 883.247502][ T6111] ip_mc_output+0x3a3/0x590 [ 883.247528][ T6111] ? __ip_queue_xmit+0x5c/0x1be0 [ 883.247550][ T6111] __ip_queue_xmit+0x1198/0x1be0 [ 883.247572][ T6111] ? csum_tcpudp_nofold+0x1f/0x60 [ 883.247604][ T6111] ? __ip_queue_xmit+0x5c/0x1be0 [ 883.247633][ T6111] l2tp_xmit_skb+0xf2c/0x16b0 [ 883.247674][ T6111] ? pppol2tp_sendmsg+0x3f0/0x5f0 [ 883.247700][ T6111] pppol2tp_sendmsg+0x40a/0x5f0 [ 883.247734][ T6111] ? __pfx_pppol2tp_sendmsg+0x10/0x10 [ 883.247758][ T6111] ____sys_sendmsg+0xa68/0xad0 [ 883.247783][ T6111] ? __might_fault+0xaf/0x130 [ 883.247815][ T6111] ? __pfx_____sys_sendmsg+0x10/0x10 [ 883.247850][ T6111] ? import_iovec+0x73/0xa0 [ 883.247880][ T6111] ___sys_sendmsg+0x2a5/0x360 [ 883.247903][ T6111] ? __lock_acquire+0x6b5/0x2cf0 [ 883.247932][ T6111] ? __pfx____sys_sendmsg+0x10/0x10 [ 883.247954][ T6111] ? __lock_acquire+0x6b5/0x2cf0 [ 883.247983][ T6111] ? kstrtouint+0x6e/0xe0 [ 883.248045][ T6111] __sys_sendmmsg+0x27c/0x4e0 [ 883.248076][ T6111] ? __pfx___sys_sendmmsg+0x10/0x10 [ 883.248098][ T6111] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 883.248147][ T6111] ? ksys_write+0x242/0x270 [ 883.248175][ T6111] ? __pfx_ksys_write+0x10/0x10 [ 883.248207][ T6111] __x64_sys_sendmmsg+0xa0/0xc0 [ 883.248234][ T6111] do_syscall_64+0xe2/0xf80 [ 883.248255][ T6111] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.248274][ T6111] ? clear_bhb_loop+0x60/0xb0 [ 883.248296][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.248315][ T6111] RIP: 0033:0x7fcc4af9acb9 [ 883.248332][ T6111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 883.248349][ T6111] RSP: 002b:00007fcc4be3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 883.248369][ T6111] RAX: ffffffffffffffda RBX: 00007fcc4b215fa0 RCX: 00007fcc4af9acb9 [ 883.248383][ T6111] RDX: 0000000000034000 RSI: 0000200000004380 RDI: 0000000000000005 [ 883.248396][ T6111] RBP: 00007fcc4be3e090 R08: 0000000000000000 R09: 0000000000000000 [ 883.248409][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 883.248420][ T6111] R13: 00007fcc4b216038 R14: 00007fcc4b215fa0 R15: 00007ffddc06ae88 [ 883.248451][ T6111] [ 883.569084][ T6107] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8837'. [ 883.687273][ T6112] syzkaller0: entered promiscuous mode [ 883.711427][ T6112] syzkaller0: entered allmulticast mode [ 883.755251][ T12] syzkaller0: tun_net_xmit 48 [ 883.824321][ T6120] geneve2: entered promiscuous mode [ 883.865736][ T6112] syzkaller0: tun_net_xmit 1280 [ 883.871047][ T6112] syzkaller0: create flow: hash 3613753154 index 1 [ 884.071953][ T6129] netlink: 'syz.4.8923': attribute type 1 has an invalid length. [ 884.088988][ T6129] netlink: 224 bytes leftover after parsing attributes in process `syz.4.8923'. [ 884.097617][ T6109] syzkaller0: delete flow: hash 3613753154 index 1 [ 884.324773][ T5835] Bluetooth: hci0: command tx timeout [ 884.914470][ T6142] nbd: must specify a size in bytes for the device [ 885.355421][ T6153] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8930'. [ 885.365542][ T6153] netlink: 580 bytes leftover after parsing attributes in process `syz.4.8930'. [ 885.378199][ T6153] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8930'. [ 886.286116][ T6130] syzkaller1: entered promiscuous mode [ 886.291686][ T6130] syzkaller1: entered allmulticast mode [ 886.401624][ T6156] tipc: Enabling of bearer rejected, failed to enable media [ 886.744572][ T6171] FAULT_INJECTION: forcing a failure. [ 886.744572][ T6171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 886.758788][ T6171] CPU: 0 UID: 0 PID: 6171 Comm: syz.1.8937 Not tainted syzkaller #0 PREEMPT(full) [ 886.758836][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 886.758861][ T6171] Call Trace: [ 886.758877][ T6171] [ 886.758894][ T6171] dump_stack_lvl+0xe8/0x150 [ 886.758948][ T6171] should_fail_ex+0x412/0x560 [ 886.759007][ T6171] _copy_from_user+0x2d/0xb0 [ 886.759063][ T6171] ___sys_recvmsg+0x175/0x590 [ 886.759095][ T6171] ? __pfx____sys_recvmsg+0x10/0x10 [ 886.759124][ T6171] ? __fget_files+0x2a/0x420 [ 886.759173][ T6171] do_recvmmsg+0x334/0x800 [ 886.759207][ T6171] ? __pfx_do_recvmmsg+0x10/0x10 [ 886.759248][ T6171] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 886.759288][ T6171] __x64_sys_recvmmsg+0x198/0x250 [ 886.759323][ T6171] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 886.759360][ T6171] do_syscall_64+0xe2/0xf80 [ 886.759381][ T6171] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.759399][ T6171] ? trace_irq_disable+0x37/0x100 [ 886.759417][ T6171] ? clear_bhb_loop+0x60/0xb0 [ 886.759439][ T6171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.759457][ T6171] RIP: 0033:0x7f8bea99acb9 [ 886.759474][ T6171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.759490][ T6171] RSP: 002b:00007f8beb8bb028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 886.759511][ T6171] RAX: ffffffffffffffda RBX: 00007f8beac15fa0 RCX: 00007f8bea99acb9 [ 886.759525][ T6171] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004 [ 886.759537][ T6171] RBP: 00007f8beb8bb090 R08: 0000000000000000 R09: 0000000000000000 [ 886.759549][ T6171] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002 [ 886.759561][ T6171] R13: 00007f8beac16038 R14: 00007f8beac15fa0 R15: 00007ffeac9d62b8 [ 886.759592][ T6171] [ 887.111743][ T6175] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8939'. [ 887.539828][ T6197] vlan2: entered promiscuous mode [ 887.545872][ T6197] team0: entered promiscuous mode [ 887.550929][ T6197] team_slave_0: entered promiscuous mode [ 887.560861][ T6197] team_slave_1: entered promiscuous mode [ 887.597079][ T6208] team_slave_0: entered promiscuous mode [ 887.602910][ T6208] team_slave_1: entered promiscuous mode [ 887.609418][ T6208] vlan2: entered promiscuous mode [ 887.617443][ T6208] team0: entered promiscuous mode [ 888.053801][ T6239] netlink: 'syz.0.8962': attribute type 30 has an invalid length. [ 888.171310][ T6239] bond3: option arp_missed_max: invalid value (0) [ 888.223283][ T6239] bond3: option arp_missed_max: allowed values 1 - 255 [ 888.267811][ T6239] bond3 (unregistering): Released all slaves [ 888.355356][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8970'. [ 888.365618][ T6259] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8970'. [ 888.400553][ T6259] netlink: 308 bytes leftover after parsing attributes in process `syz.3.8970'. [ 888.991493][ T6286] xt_CT: No such helper "snmp" [ 889.059376][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 889.059509][ T6293] netlink: 'syz.2.8980': attribute type 83 has an invalid length. [ 889.070949][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 889.087168][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 889.096816][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 889.104754][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 889.421569][ T6310] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8984'. [ 889.678701][ T6321] syz_tun: entered promiscuous mode [ 889.698393][ T6321] syz_tun: refused to change device tx_queue_len [ 889.777484][ T6321] net_ratelimit: 24 callbacks suppressed [ 889.777503][ T6321] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 889.823458][ T6291] chnl_net:caif_netlink_parms(): no params data found [ 889.858456][ T6332] vlan2: entered promiscuous mode [ 889.864064][ T6332] batadv0: entered promiscuous mode [ 889.888358][ T6335] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8990'. [ 890.134446][ T6353] netlink: 'syz.0.8995': attribute type 30 has an invalid length. [ 890.191379][ T6291] bridge0: port 1(bridge_slave_0) entered blocking state [ 890.209767][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.231515][ T6291] bridge_slave_0: entered allmulticast mode [ 890.249990][ T6291] bridge_slave_0: entered promiscuous mode [ 890.263267][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8996'. [ 890.272156][ T6360] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8996'. [ 890.336747][ T6353] bond3: option arp_missed_max: invalid value (0) [ 890.344273][ T6353] bond3: option arp_missed_max: allowed values 1 - 255 [ 890.354132][ T6353] bond3 (unregistering): Released all slaves [ 890.391048][ T6291] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.420048][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.441866][ T6371] xt_limit: Overflow, try lower: 268435456/134217728 [ 890.448973][ T6291] bridge_slave_1: entered allmulticast mode [ 890.459885][ T6291] bridge_slave_1: entered promiscuous mode [ 890.466188][ T6371] Bluetooth: MGMT ver 1.23 [ 890.472366][ T6374] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 890.488841][ T6374] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 890.491833][ T6363] team_slave_0: entered promiscuous mode [ 890.502876][ T6363] team_slave_1: entered promiscuous mode [ 890.559289][ T6363] vlan2: entered promiscuous mode [ 890.564870][ T6363] team0: entered promiscuous mode [ 890.715059][ T6291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 890.759000][ T6291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 890.878287][ T6291] team0: Port device team_slave_0 added [ 890.913858][ T6291] team0: Port device team_slave_1 added [ 890.952007][ T6396] xt_CT: No such helper "snmp" [ 890.981795][ T6291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 890.990435][ T6291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 891.043406][ T6291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 891.108701][ T6291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 891.125059][ T6291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 891.165201][ T6291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 891.193822][ T5835] Bluetooth: hci5: command tx timeout [ 891.228599][ T6414] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9012'. [ 891.254912][ T6413] netlink: 68 bytes leftover after parsing attributes in process `syz.2.9015'. [ 891.355546][ T6417] netlink: 'syz.0.9016': attribute type 322 has an invalid length. [ 891.380248][ T6291] hsr_slave_0: entered promiscuous mode [ 891.402784][ T6291] hsr_slave_1: entered promiscuous mode [ 891.409543][ T6291] debugfs: 'hsr0' already exists in 'hsr' [ 891.417208][ T6291] Cannot create hsr debugfs directory [ 891.480416][ T6426] FAULT_INJECTION: forcing a failure. [ 891.480416][ T6426] name failslab, interval 1, probability 0, space 0, times 0 [ 891.518503][ T6426] CPU: 1 UID: 0 PID: 6426 Comm: syz.2.9018 Not tainted syzkaller #0 PREEMPT(full) [ 891.518528][ T6426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 891.518540][ T6426] Call Trace: [ 891.518548][ T6426] [ 891.518557][ T6426] dump_stack_lvl+0xe8/0x150 [ 891.518583][ T6426] should_fail_ex+0x412/0x560 [ 891.518609][ T6426] should_failslab+0xa8/0x100 [ 891.518631][ T6426] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 891.518658][ T6426] ? __alloc_skb+0x186/0x7d0 [ 891.518678][ T6426] ? __alloc_skb+0x1d0/0x7d0 [ 891.518706][ T6426] ? __local_bh_enable_ip+0xd0/0x130 [ 891.518729][ T6426] __alloc_skb+0x1d0/0x7d0 [ 891.518752][ T6426] netlink_sendmsg+0x5d4/0xb40 [ 891.518782][ T6426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 891.518807][ T6426] ? aa_sock_msg_perm+0xf1/0x1b0 [ 891.518831][ T6426] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 891.518853][ T6426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 891.518873][ T6426] ____sys_sendmsg+0xa68/0xad0 [ 891.518898][ T6426] ? __might_fault+0xaf/0x130 [ 891.518929][ T6426] ? __pfx_____sys_sendmsg+0x10/0x10 [ 891.518960][ T6426] ? import_iovec+0x73/0xa0 [ 891.518990][ T6426] ___sys_sendmsg+0x2a5/0x360 [ 891.519013][ T6426] ? __lock_acquire+0x6b5/0x2cf0 [ 891.519042][ T6426] ? __pfx____sys_sendmsg+0x10/0x10 [ 891.519094][ T6426] ? __fget_files+0x2a/0x420 [ 891.519113][ T6426] ? __fget_files+0x3a0/0x420 [ 891.519141][ T6426] __x64_sys_sendmsg+0x1bd/0x2a0 [ 891.519168][ T6426] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 891.519201][ T6426] ? __pfx_ksys_write+0x10/0x10 [ 891.519237][ T6426] do_syscall_64+0xe2/0xf80 [ 891.519258][ T6426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.519276][ T6426] ? trace_irq_disable+0x37/0x100 [ 891.519294][ T6426] ? clear_bhb_loop+0x60/0xb0 [ 891.519317][ T6426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.519335][ T6426] RIP: 0033:0x7f95a039acb9 [ 891.519352][ T6426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.519369][ T6426] RSP: 002b:00007f95a129b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 891.519389][ T6426] RAX: ffffffffffffffda RBX: 00007f95a0615fa0 RCX: 00007f95a039acb9 [ 891.519404][ T6426] RDX: 0000000020000000 RSI: 0000200000000dc0 RDI: 0000000000000003 [ 891.519417][ T6426] RBP: 00007f95a129b090 R08: 0000000000000000 R09: 0000000000000000 [ 891.519429][ T6426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 891.519441][ T6426] R13: 00007f95a0616038 R14: 00007f95a0615fa0 R15: 00007ffd806ebc18 [ 891.519471][ T6426] [ 891.930584][ T6434] xt_CT: No such helper "snmp" [ 891.930938][ T6440] FAULT_INJECTION: forcing a failure. [ 891.930938][ T6440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 891.948929][ T6440] CPU: 1 UID: 0 PID: 6440 Comm: syz.0.9023 Not tainted syzkaller #0 PREEMPT(full) [ 891.948955][ T6440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 891.948968][ T6440] Call Trace: [ 891.948976][ T6440] [ 891.948984][ T6440] dump_stack_lvl+0xe8/0x150 [ 891.949013][ T6440] should_fail_ex+0x412/0x560 [ 891.949041][ T6440] _copy_from_user+0x2d/0xb0 [ 891.949069][ T6440] ___sys_recvmsg+0x175/0x590 [ 891.949101][ T6440] ? __pfx____sys_recvmsg+0x10/0x10 [ 891.949130][ T6440] ? __fget_files+0x2a/0x420 [ 891.949179][ T6440] do_recvmmsg+0x334/0x800 [ 891.949211][ T6440] ? __pfx_do_recvmmsg+0x10/0x10 [ 891.949246][ T6440] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 891.949283][ T6440] __x64_sys_recvmmsg+0x198/0x250 [ 891.949313][ T6440] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 891.949348][ T6440] do_syscall_64+0xe2/0xf80 [ 891.949369][ T6440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.949387][ T6440] ? trace_irq_disable+0x37/0x100 [ 891.949404][ T6440] ? clear_bhb_loop+0x60/0xb0 [ 891.949424][ T6440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.949441][ T6440] RIP: 0033:0x7f617cd9acb9 [ 891.949458][ T6440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.949474][ T6440] RSP: 002b:00007f617dbe1028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 891.949494][ T6440] RAX: ffffffffffffffda RBX: 00007f617d015fa0 RCX: 00007f617cd9acb9 [ 891.949508][ T6440] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004 [ 891.949521][ T6440] RBP: 00007f617dbe1090 R08: 0000000000000000 R09: 0000000000000000 [ 891.949534][ T6440] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002 [ 891.949546][ T6440] R13: 00007f617d016038 R14: 00007f617d015fa0 R15: 00007ffcd9bc8408 [ 891.949576][ T6440] [ 892.269440][ T6453] __nla_validate_parse: 3 callbacks suppressed [ 892.269460][ T6453] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9025'. [ 892.314608][ T6454] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 892.321860][ T6454] IPv6: NLM_F_CREATE should be set when creating new route [ 892.826276][ T6291] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 892.871116][ T6478] xt_CT: No such helper "snmp" [ 892.908931][ T6291] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 892.950133][ T6482] vlan2: entered promiscuous mode [ 892.964666][ T6484] FAULT_INJECTION: forcing a failure. [ 892.964666][ T6484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 892.991977][ T6484] CPU: 1 UID: 0 PID: 6484 Comm: syz.2.9036 Not tainted syzkaller #0 PREEMPT(full) [ 892.992001][ T6484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 892.992013][ T6484] Call Trace: [ 892.992021][ T6484] [ 892.992029][ T6484] dump_stack_lvl+0xe8/0x150 [ 892.992056][ T6484] should_fail_ex+0x412/0x560 [ 892.992082][ T6484] _copy_from_user+0x2d/0xb0 [ 892.992091][ T5896] IPVS: starting estimator thread 0... [ 892.992109][ T6484] ___sys_recvmsg+0x175/0x590 [ 892.992134][ T6484] ? __pfx____sys_recvmsg+0x10/0x10 [ 892.992159][ T6484] ? __fget_files+0x2a/0x420 [ 892.992206][ T6484] do_recvmmsg+0x334/0x800 [ 892.992238][ T6484] ? __pfx_do_recvmmsg+0x10/0x10 [ 892.992271][ T6484] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 892.992308][ T6484] __x64_sys_recvmmsg+0x198/0x250 [ 892.992336][ T6484] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 892.992371][ T6484] do_syscall_64+0xe2/0xf80 [ 892.992392][ T6484] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.992409][ T6484] ? trace_irq_disable+0x37/0x100 [ 892.992426][ T6484] ? clear_bhb_loop+0x60/0xb0 [ 892.992447][ T6484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.992465][ T6484] RIP: 0033:0x7f95a039acb9 [ 892.992481][ T6484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 892.992498][ T6484] RSP: 002b:00007f95a129b028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 892.992517][ T6484] RAX: ffffffffffffffda RBX: 00007f95a0615fa0 RCX: 00007f95a039acb9 [ 892.992531][ T6484] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004 [ 892.992544][ T6484] RBP: 00007f95a129b090 R08: 0000000000000000 R09: 0000000000000000 [ 892.992556][ T6484] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002 [ 892.992567][ T6484] R13: 00007f95a0616038 R14: 00007f95a0615fa0 R15: 00007ffd806ebc18 [ 892.992597][ T6484] [ 893.222439][ T6452] nr4: entered promiscuous mode [ 893.227510][ T6452] nr4: entered allmulticast mode [ 893.265143][ T6291] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 893.267651][ T6494] netlink: 'syz.0.9040': attribute type 30 has an invalid length. [ 893.283442][ T5835] Bluetooth: hci5: command tx timeout [ 893.343855][ T6485] IPVS: using max 34 ests per chain, 81600 per kthread [ 893.418446][ T6494] bond3: option arp_missed_max: invalid value (0) [ 893.455849][ T6494] bond3: option arp_missed_max: allowed values 1 - 255 [ 893.484696][ T6494] bond3 (unregistering): Released all slaves [ 893.502692][ T6506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 893.522456][ T6291] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 893.787571][ T6513] xt_CT: No such helper "snmp" [ 893.947725][T24529] IPVS: stop unused estimator thread 0... [ 894.017733][ T6291] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 894.036049][ T6291] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 894.042608][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9050'. [ 894.058833][ T6291] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 894.079036][ T6291] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 894.122245][ T5896] IPVS: starting estimator thread 0... [ 894.212964][ T6532] IPVS: using max 35 ests per chain, 84000 per kthread [ 894.318718][ T6291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 894.351397][ T6291] 8021q: adding VLAN 0 to HW filter on device team0 [ 894.356670][ T6545] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9054'. [ 894.365304][ T1318] bridge0: port 1(bridge_slave_0) entered blocking state [ 894.374132][ T1318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 894.401263][T21247] bridge0: port 2(bridge_slave_1) entered blocking state [ 894.408485][T21247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 895.069093][ T6573] netlink: 68 bytes leftover after parsing attributes in process `syz.0.9061'. [ 895.198426][ T6578] batadv0: entered promiscuous mode [ 895.225086][ T6578] vlan2: entered promiscuous mode [ 895.349999][ T6291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 895.357737][ T5835] Bluetooth: hci5: command tx timeout [ 895.477084][ T6589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 895.624489][ T6291] veth0_vlan: entered promiscuous mode [ 895.655079][ T6291] veth1_vlan: entered promiscuous mode [ 895.744507][ T6291] veth0_macvtap: entered promiscuous mode [ 895.776840][ T6291] veth1_macvtap: entered promiscuous mode [ 895.819236][ T6291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 895.845953][ T6291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 895.876372][T10976] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.886772][T10976] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.910003][T10976] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.922202][T10976] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.022147][ T6606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9069'. [ 896.028386][T10976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.046611][T10976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.061129][ T6606] bond1: entered promiscuous mode [ 896.066833][ T6606] 8021q: adding VLAN 0 to HW filter on device bond1 [ 896.115517][ T9312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.123841][ T9312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.290152][ T6611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8976'. [ 896.453667][ T6615] syz_tun: entered allmulticast mode [ 896.470965][ T6614] syz_tun: left allmulticast mode [ 896.921693][ T6639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9083'. [ 896.978433][ T6644] netlink: 'syz.1.9085': attribute type 4 has an invalid length. [ 897.434497][ T5835] Bluetooth: hci5: command tx timeout [ 897.707382][ T6692] syzkaller0: entered promiscuous mode [ 897.719986][ T6692] syzkaller0: entered allmulticast mode [ 897.733585][ T177] nci: nci_rsp_packet: unknown rsp opcode 0x39 [ 897.946247][ T6709] netlink: 876 bytes leftover after parsing attributes in process `syz.2.9114'. [ 897.956123][ T6709] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9114'. [ 899.381095][ T6773] syz_tun: entered allmulticast mode [ 899.418331][ T6773] dvmrp6: entered allmulticast mode [ 899.441923][ T6770] syz_tun: left allmulticast mode [ 899.929583][ T6808] netlink: 'syz.4.9158': attribute type 39 has an invalid length. [ 900.741902][ T6866] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9185'. [ 901.327386][ T6905] [ 901.330523][ T6905] ============================= [ 901.335808][ T6905] WARNING: suspicious RCU usage [ 901.340678][ T6905] syzkaller #0 Not tainted [ 901.345949][ T6905] ----------------------------- [ 901.351331][ T6905] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 901.360690][ T6905] [ 901.360690][ T6905] other info that might help us debug this: [ 901.360690][ T6905] [ 901.371591][ T6905] [ 901.371591][ T6905] rcu_scheduler_active = 2, debug_locks = 1 [ 901.379759][ T6905] 1 lock held by syz.3.9202/6905: [ 901.385276][ T6905] #0: ffffffff8e55a540 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x80 [ 901.395558][ T6905] [ 901.395558][ T6905] stack backtrace: [ 901.401449][ T6905] CPU: 1 UID: 0 PID: 6905 Comm: syz.3.9202 Not tainted syzkaller #0 PREEMPT(full) [ 901.401474][ T6905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 901.401487][ T6905] Call Trace: [ 901.401495][ T6905] [ 901.401505][ T6905] dump_stack_lvl+0xe8/0x150 [ 901.401533][ T6905] lockdep_rcu_suspicious+0x13f/0x1d0 [ 901.401568][ T6905] get_callchain_entry+0x2b6/0x3c0 [ 901.401597][ T6905] get_perf_callchain+0xcb/0x830 [ 901.401623][ T6905] ? __pfx_get_perf_callchain+0x10/0x10 [ 901.401648][ T6905] ? __resched_curr+0x202/0x3f0 [ 901.401668][ T6905] __bpf_get_stack+0x445/0xab0 [ 901.401697][ T6905] ? __pfx___bpf_get_stack+0x10/0x10 [ 901.401722][ T6905] ? __lock_acquire+0x6b5/0x2cf0 [ 901.401745][ T6905] bpf_get_stack+0x33/0x50 [ 901.401764][ T6905] ? bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 901.401779][ T6905] bpf_get_stack_raw_tp+0x1a9/0x220 [ 901.401806][ T6905] bpf_prog_e8e6327ccf46c9a7+0x46/0x4e [ 901.401821][ T6905] bpf_prog_run_pin_on_cpu+0x142/0x470 [ 901.401845][ T6905] bpf_prog_test_run_syscall+0x318/0x4c0 [ 901.401867][ T6905] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 901.401885][ T6905] ? __fget_files+0x2a/0x420 [ 901.401906][ T6905] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 901.401926][ T6905] bpf_prog_test_run+0x2c7/0x340 [ 901.401946][ T6905] __sys_bpf+0x5cb/0x920 [ 901.401962][ T6905] ? __pfx___sys_bpf+0x10/0x10 [ 901.401976][ T6905] ? __fget_files+0x2a/0x420 [ 901.402007][ T6905] ? rcu_is_watching+0x15/0xb0 [ 901.402028][ T6905] __x64_sys_bpf+0x7c/0x90 [ 901.402050][ T6905] do_syscall_64+0xe2/0xf80 [ 901.402068][ T6905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.402085][ T6905] ? trace_irq_disable+0x37/0x100 [ 901.402100][ T6905] ? clear_bhb_loop+0x60/0xb0 [ 901.402118][ T6905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.402134][ T6905] RIP: 0033:0x7fcc4af9acb9 [ 901.402150][ T6905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 901.402164][ T6905] RSP: 002b:00007fcc4be3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 901.402181][ T6905] RAX: ffffffffffffffda RBX: 00007fcc4b215fa0 RCX: 00007fcc4af9acb9 [ 901.402192][ T6905] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 901.402203][ T6905] RBP: 00007fcc4b008bf7 R08: 0000000000000000 R09: 0000000000000000 [ 901.402213][ T6905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 901.402222][ T6905] R13: 00007fcc4b216038 R14: 00007fcc4b215fa0 R15: 00007ffddc06ae88 [ 901.402246][ T6905] [ 909.595957][T25385] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)