last executing test programs: 3.667265073s ago: executing program 2 (id=8422): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) recvmmsg(r0, &(0x7f0000009c40)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x101}], 0x2, 0x0, 0x0) 3.510588062s ago: executing program 2 (id=8424): shutdown(0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @remote}}}}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r0, 0x1, 0x0, 0x6, @link_local}, 0x14) 3.432844287s ago: executing program 2 (id=8425): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c00000002060108000100000000000000004000050005000a000000050001000700000005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e65740000000c00078008001240"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 2.122563117s ago: executing program 3 (id=8438): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000340)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x31, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e24, 0x4e20, 0x1d, 0x0, @wg=@data={0x4, 0x4, 0x3, "6181446505"}}}}, 0x3f) 1.828085969s ago: executing program 3 (id=8439): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000003c0)={0x0, 0x3}, 0x8) 1.559343s ago: executing program 3 (id=8441): r0 = socket$inet6(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0xba01}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=""/243, 0xf3}, 0xf338}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5c}, 0xd}], 0x3fffe16, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) 1.440866435s ago: executing program 2 (id=8444): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000080)={0x2, 0xfff7, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, 0x0, 0x0) 1.178144624s ago: executing program 4 (id=8449): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000340)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x31, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e24, 0x4e20, 0x1d, 0x0, @wg=@data={0x4, 0x4, 0x3, "6181446505"}}}}, 0x3f) 1.135149448s ago: executing program 0 (id=8450): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x24, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xec}}, 0x0) 978.770138ms ago: executing program 2 (id=8452): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x2}, 0xe) 953.148122ms ago: executing program 0 (id=8453): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000040)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x30004001) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000140)="b65eda", 0x3}], 0x2}, 0x40000) 895.785955ms ago: executing program 1 (id=8454): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004b00)=[{{0x0, 0x0, &(0x7f00000010c0)=[{0x0}, {&(0x7f0000000fc0)="e6d9", 0x2}], 0x2}}], 0x1, 0x8000) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2e, &(0x7f0000001140)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 826.173831ms ago: executing program 2 (id=8455): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket(0x40000000015, 0x5, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x54, r4, 0x400, 0x70bd29, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x400a0}, 0x20048840) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r6, &(0x7f00000010c0), &(0x7f0000000140)=@tcp, 0x1}, 0x20) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000010401030000000000000000070000010500010102000000eb0393ab981459369440192ae00d0661e722031add9d019aeaaea28a3a119fd37ab6fed1b9ab8f3ee30735944254c29339c5e0f8e380a1453ab24ff52b8d0b5bab"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close(r2) recvmmsg(r5, &(0x7f0000001080)=[{{&(0x7f0000000680)=@phonet, 0x80, &(0x7f0000000880)=[{&(0x7f0000000740)=""/154, 0x9a}, {&(0x7f0000000800)=""/120, 0x78}], 0x2, &(0x7f0000000900)=""/125, 0x7d}, 0x9}, {{&(0x7f0000000980)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000a00)=""/135, 0x87}], 0x1, &(0x7f0000000b00)=""/146, 0x92}, 0x79bd}, {{&(0x7f0000000bc0)=@nl=@unspec, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000c40)=""/9, 0x9}, {&(0x7f0000000c80)=""/57, 0x39}], 0x2}, 0x40000000}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000d00)=""/32, 0x20}, {&(0x7f0000000d40)=""/152, 0x98}, {&(0x7f0000000e00)=""/24, 0x18}, {&(0x7f0000000e40)=""/5, 0x5}, {&(0x7f0000000e80)=""/193, 0xc1}], 0x5, &(0x7f0000001000)=""/80, 0x50}, 0x6}], 0x4, 0x10021, &(0x7f0000001180)={0x0, 0x989680}) accept$packet(r2, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000400)=0x14) sendmmsg$sock(r1, &(0x7f0000002280)=[{{&(0x7f0000000080)=@l2tp={0x2, 0x0, @rand_addr=0x64010102, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000280)=[@timestamping={{0x14, 0x1, 0x41, 0x7}}], 0x18}}], 0x1, 0x80) 819.931322ms ago: executing program 4 (id=8456): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x3, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x20}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 791.987659ms ago: executing program 0 (id=8457): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 734.856675ms ago: executing program 1 (id=8458): r0 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'batadv_slave_1\x00', 0x1000}) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = socket$pppoe(0x18, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) socket$pppoe(0x18, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) socket$netlink(0x10, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007110480000000000060000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x2) 689.253091ms ago: executing program 4 (id=8459): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002122, 0x0) sendmsg$tipc(r1, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000000)="b6", 0x1}], 0x1, 0x0, 0x0, 0x8008001}, 0x4800) 688.162343ms ago: executing program 0 (id=8460): r0 = socket$inet6(0xa, 0x80000, 0xfffffffc) sendto$inet6(r0, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @remote}, 0x1c) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0xffffffffffffffff, 0xda8e4930a481a1e4, &(0x7f00000000c0)={&(0x7f0000000300)=@getroute={0x0, 0x1a, 0x400, 0x70bd2a, 0x25dfdbfc, {}, ["", ""]}, 0x20}}, 0x0) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@raw=[@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x10}, @map_fd={0x18, 0x1}, @generic={0xfc, 0x8, 0x1, 0x90c, 0xe2}, @map_val={0x18, 0x0, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x3}, @ldst={0x39ba56cd9fb7824d, 0x2, 0x2, 0x7, 0x4, 0xfffffffffffffffe, 0x10}], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010000101800ee70000636f6e6e6c696d69740000000c0002800800014000008000140000001000010000000000000000000084000a"], 0x110}}, 0x0) r5 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r5, 0x1, 0x7, &(0x7f0000000340), 0x4) close(0x3) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) accept4$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000380)=0x14, 0x80000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@gettclass={0x0, 0x2a, 0x0, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x2, 0x2}, {0xe, 0xffe0}, {0x4, 0x8}}, ["", "", "", ""]}, 0xb0}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='gre0\x00'}) 546.784284ms ago: executing program 3 (id=8461): pipe(&(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000980)=[{&(0x7f00000004c0)="18e41dbb2ed7", 0x6}, {&(0x7f0000000080)="846c95", 0x3}, {&(0x7f00000002c0)="de", 0x1}], 0x3, 0xc) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) 530.652331ms ago: executing program 0 (id=8462): unshare(0x20000400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0}, 0x20) 486.37441ms ago: executing program 3 (id=8463): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x24, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xec}}, 0x0) 457.097719ms ago: executing program 4 (id=8464): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(r0, &(0x7f0000000240)=[{&(0x7f00000002c0)='\v{b>`\a', 0x6}, {&(0x7f0000000040)="8a", 0x1}], 0x2) 456.34164ms ago: executing program 1 (id=8465): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000010c0)='cpuacct.stat\x00', 0x0, 0x0) pread64(r1, &(0x7f0000000040)=""/103, 0x67, 0x6) pread64(r1, &(0x7f00000000c0)=""/4085, 0xff5, 0x2df) 314.009951ms ago: executing program 0 (id=8466): unshare(0x62040200) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) r3 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0x7b, &(0x7f0000000000), 0x8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) 313.854954ms ago: executing program 1 (id=8467): bpf$MAP_CREATE(0xb00000000000014, &(0x7f0000004080)=ANY=[], 0x48) 290.792835ms ago: executing program 3 (id=8468): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) 271.367463ms ago: executing program 4 (id=8469): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newsa={0x13c, 0x10, 0x1, 0x70bd28, 0x0, {{@in=@private=0xa010102, @in6=@mcast1, 0x0, 0xecdf, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, {@in=@broadcast, 0x0, 0x33}, @in6=@private1, {0x0, 0xa, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x80000000}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2e}, [@algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0xc040) 209.500321ms ago: executing program 1 (id=8470): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 82.679108ms ago: executing program 4 (id=8471): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 0s ago: executing program 1 (id=8472): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x10000000}}, 0x10) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4000001}}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0) kernel console output (not intermixed with test programs): RSP: 002b:00007fdc9b9c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.111937][T27509] RAX: ffffffffffffffda RBX: 00007fdc9ae15fa0 RCX: 00007fdc9ab9aeb9 [ 514.111950][T27509] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 514.111963][T27509] RBP: 00007fdc9ac08c1f R08: 0000000000000000 R09: 0000000000000000 [ 514.111975][T27509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.111986][T27509] R13: 00007fdc9ae16038 R14: 00007fdc9ae15fa0 R15: 00007ffd5d5dd1d8 [ 514.112015][T27509] [ 514.152233][T27512] syzkaller0: entered promiscuous mode [ 514.572664][T27512] syzkaller0: entered allmulticast mode [ 514.810736][T27528] netlink: 'syz.1.6903': attribute type 1 has an invalid length. [ 514.939636][T27530] veth0_to_bond: left allmulticast mode [ 515.027454][T27524] bond7 (unregistering): Released all slaves [ 515.256073][T27543] netlink: Unknown conntrack attr (0) [ 515.367148][T27550] nftables ruleset with unbound set [ 515.384159][T27549] Cannot find add_set index 65532 as target [ 515.403443][T27552] netlink: 'syz.2.6914': attribute type 1 has an invalid length. [ 515.455293][T27557] netlink: 'syz.2.6914': attribute type 1 has an invalid length. [ 515.485898][T27557] netlink: 'syz.2.6914': attribute type 2 has an invalid length. [ 515.521135][T27552] netlink: 'syz.2.6914': attribute type 2 has an invalid length. [ 515.808353][T27582] syzkaller1: entered promiscuous mode [ 515.834819][T27582] syzkaller1: entered allmulticast mode [ 516.151916][T27599] netlink: Conntrack attr has 4 unknown bytes [ 516.456868][T27619] netlink: 'syz.0.6936': attribute type 2 has an invalid length. [ 516.472591][T27614] syzkaller0: entered promiscuous mode [ 516.478145][T27614] syzkaller0: entered allmulticast mode [ 516.486249][T27614] tipc: Resetting bearer [ 516.781717][T27633] netlink: 'syz.3.6941': attribute type 8 has an invalid length. [ 517.191445][T27658] netlink: 'syz.2.6947': attribute type 1 has an invalid length. [ 517.604812][T27692] netlink: Unknown conntrack attr (0) [ 518.183504][T27731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.216362][T27731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.254086][T27731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.397829][T27742] __nla_validate_parse: 15 callbacks suppressed [ 518.397850][T27742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6969'. [ 518.442100][T27742] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6969'. [ 518.456165][T27745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.638143][T27752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.677114][T27752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.689636][T27756] netlink: 90 bytes leftover after parsing attributes in process `syz.2.6972'. [ 518.764458][T27759] netlink: 'syz.1.6973': attribute type 8 has an invalid length. [ 518.766380][T27762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6972'. [ 518.772265][T27759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6973'. [ 518.777924][T27759] bond0: entered promiscuous mode [ 518.817975][T27759] gretap0: entered promiscuous mode [ 518.835661][T27759] gretap0: left promiscuous mode [ 518.847863][T27759] bond0: left promiscuous mode [ 518.875255][T27767] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 518.901935][T27767] CPU: 1 UID: 0 PID: 27767 Comm: syz.3.6974 Not tainted syzkaller #0 PREEMPT(full) [ 518.901964][T27767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 518.901976][T27767] Call Trace: [ 518.901985][T27767] [ 518.901995][T27767] dump_stack_lvl+0xe8/0x150 [ 518.902026][T27767] sysfs_warn_dup+0x8e/0xa0 [ 518.902056][T27767] sysfs_do_create_link_sd+0xc0/0x110 [ 518.902091][T27767] device_add_class_symlinks+0x1cf/0x240 [ 518.902126][T27767] device_add+0x475/0xb70 [ 518.902158][T27767] wiphy_register+0x1d6c/0x2d50 [ 518.902196][T27767] ? __pfx_wiphy_register+0x10/0x10 [ 518.902216][T27767] ? __pfx_netdev_run_todo+0x10/0x10 [ 518.902243][T27767] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 518.902277][T27767] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 518.902310][T27767] ieee80211_register_hw+0x34d2/0x4150 [ 518.902336][T27767] ? __lock_acquire+0x6b5/0x2cf0 [ 518.902377][T27767] ? ieee80211_register_hw+0x13d1/0x4150 [ 518.902419][T27767] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 518.902462][T27767] ? __hrtimer_setup+0x181/0x200 [ 518.902481][T27767] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 518.902510][T27767] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 518.902567][T27767] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 518.902589][T27767] ? kstrndup+0xbf/0x160 [ 518.902622][T27767] hwsim_new_radio_nl+0xf85/0x1c30 [ 518.902652][T27767] ? __pfx___nla_validate_parse+0x10/0x10 [ 518.902693][T27767] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 518.902724][T27767] ? rcu_is_watching+0x15/0xb0 [ 518.902749][T27767] ? __nla_parse+0x40/0x60 [ 518.902779][T27767] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 518.902814][T27767] genl_family_rcv_msg_doit+0x22a/0x330 [ 518.902847][T27767] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 518.902885][T27767] ? bpf_lsm_capable+0x9/0x20 [ 518.902909][T27767] ? security_capable+0x7e/0x2c0 [ 518.902938][T27767] genl_rcv_msg+0x61c/0x7a0 [ 518.902969][T27767] ? __pfx_genl_rcv_msg+0x10/0x10 [ 518.902993][T27767] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 518.903021][T27767] ? __pfx_ref_tracker_free+0x10/0x10 [ 518.903053][T27767] netlink_rcv_skb+0x232/0x4b0 [ 518.903074][T27767] ? __pfx_genl_rcv_msg+0x10/0x10 [ 518.903101][T27767] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 518.903117][T27767] ? genl_rcv+0x19/0x40 [ 518.903158][T27767] ? down_read+0x272/0x2e0 [ 518.903178][T27767] ? genl_rcv+0xd/0x40 [ 518.903203][T27767] genl_rcv+0x28/0x40 [ 518.903223][T27767] netlink_unicast+0x80f/0x9b0 [ 518.903263][T27767] ? __pfx_netlink_unicast+0x10/0x10 [ 518.903293][T27767] ? netlink_sendmsg+0x650/0xb40 [ 518.903311][T27767] ? skb_put+0x11b/0x210 [ 518.903338][T27767] netlink_sendmsg+0x813/0xb40 [ 518.903370][T27767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.903395][T27767] ? aa_sock_msg_perm+0xf1/0x1b0 [ 518.903426][T27767] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 518.903449][T27767] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.903468][T27767] ____sys_sendmsg+0xa68/0xad0 [ 518.903494][T27767] ? __might_fault+0xaf/0x130 [ 518.903527][T27767] ? __pfx_____sys_sendmsg+0x10/0x10 [ 518.903563][T27767] ? import_iovec+0x73/0xa0 [ 518.903595][T27767] ___sys_sendmsg+0x2a5/0x360 [ 518.903618][T27767] ? __lock_acquire+0x6b5/0x2cf0 [ 518.903649][T27767] ? __pfx____sys_sendmsg+0x10/0x10 [ 518.903681][T27767] ? futex_wait+0x29a/0x380 [ 518.903730][T27767] ? __fget_files+0x2a/0x420 [ 518.903750][T27767] ? __fget_files+0x3a0/0x420 [ 518.903782][T27767] __x64_sys_sendmsg+0x1bd/0x2a0 [ 518.903810][T27767] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 518.903846][T27767] ? rcu_is_watching+0x15/0xb0 [ 518.903879][T27767] do_syscall_64+0xe2/0xf80 [ 518.903899][T27767] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.903917][T27767] ? trace_irq_disable+0x37/0x100 [ 518.903935][T27767] ? clear_bhb_loop+0x60/0xb0 [ 518.903959][T27767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.903978][T27767] RIP: 0033:0x7f0ab019aeb9 [ 518.903997][T27767] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 518.904014][T27767] RSP: 002b:00007f0ab1096028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 518.904036][T27767] RAX: ffffffffffffffda RBX: 00007f0ab0415fa0 RCX: 00007f0ab019aeb9 [ 518.904052][T27767] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 518.904065][T27767] RBP: 00007f0ab0208c1f R08: 0000000000000000 R09: 0000000000000000 [ 518.904078][T27767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.904091][T27767] R13: 00007f0ab0416038 R14: 00007f0ab0415fa0 R15: 00007ffc8cbf40c8 [ 518.904126][T27767] [ 519.466704][T27773] SET target dimension over the limit! [ 520.277231][T27808] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6986'. [ 520.289755][T27808] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6986'. [ 587.198908][T27837] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.6993'. [ 587.212203][T27838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6991'. [ 587.253520][T27837] netlink: Conntrack attr has 4 unknown bytes [ 587.335382][ T1104] smc: removing ib device syz0 [ 587.343079][T27838] bond0 (unregistering): Released all slaves [ 587.443934][T27843] tc_dump_action: action bad kind [ 587.666829][T27863] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7001'. [ 587.687610][T27863] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7001'. [ 587.865190][T27865] pimreg: entered allmulticast mode [ 588.066226][T27873] netdevsim netdevsim4: Direct firmware load for . failed with error -2 [ 588.119371][T27873] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 588.158598][T27876] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.7008'. [ 588.202238][T27876] netlink: Conntrack attr has 4 unknown bytes [ 588.387669][T27887] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7010'. [ 589.096579][T27910] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.7021'. [ 589.109626][T27910] netlink: Conntrack attr has 4 unknown bytes [ 589.225447][T27912] netlink: 'syz.2.7023': attribute type 4 has an invalid length. [ 589.231488][T27914] netlink: 'syz.4.7024': attribute type 21 has an invalid length. [ 589.288056][T27917] netlink: 'syz.2.7023': attribute type 4 has an invalid length. [ 589.604442][T27926] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 589.930345][T27947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7035'. [ 589.975510][T27953] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.7037'. [ 589.982939][T27947] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3 [ 589.996770][T27952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7036'. [ 590.007445][T27947] gretap3: default qdisc (pfifo_fast) fail, fallback to noqueue [ 590.011988][T27953] netlink: Conntrack attr has 4 unknown bytes [ 590.016001][T27947] gretap3: entered promiscuous mode [ 590.028086][T27947] gretap3: entered allmulticast mode [ 590.070824][T27958] dvmrp7: entered allmulticast mode [ 590.116487][T27961] netlink: 'syz.1.7039': attribute type 4 has an invalid length. [ 590.131433][T27961] netlink: 'syz.1.7039': attribute type 4 has an invalid length. [ 590.164076][ T5897] lo speed is unknown, defaulting to 1000 [ 590.185367][ T5897] syz2: Port: 1 Link ACTIVE [ 590.594758][T27986] netlink: 'syz.1.7047': attribute type 1 has an invalid length. [ 591.044682][T28003] bond5: option xmit_hash_policy: invalid value (64) [ 591.076030][T28003] bond5 (unregistering): Released all slaves [ 591.753229][T28034] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 591.978568][T28042] x_tables: duplicate underflow at hook 2 [ 592.142109][T28053] xt_nfacct: accounting object `\$9ZM#mU|^c\F9YⳈ' does not exist [ 592.246578][T28059] __nla_validate_parse: 9 callbacks suppressed [ 592.246597][T28059] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7072'. [ 592.280440][T28060] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 592.311439][T28060] netlink: 'syz.2.7073': attribute type 1 has an invalid length. [ 592.357165][T28060] netlink: 224 bytes leftover after parsing attributes in process `syz.2.7073'. [ 592.384571][T28067] openvswitch: netlink: IP tunnel dst address not specified [ 592.576306][T28082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7080'. [ 592.721843][T28087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7080'. [ 592.801262][T28083] team0: Port device team_slave_0 removed [ 592.895697][T28089] 8021q: VLANs not supported on wg2 [ 593.030538][T28102] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7084'. [ 593.103535][T28104] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7083'. [ 593.203960][T28111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7086'. [ 593.615958][T28137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7093'. [ 593.672081][T28139] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7094'. [ 593.773839][T28144] netlink: 56 bytes leftover after parsing attributes in process `syz.2.7095'. [ 593.919105][T28150] netlink: 'syz.4.7098': attribute type 4 has an invalid length. [ 593.930598][T28150] netlink: 'syz.4.7098': attribute type 4 has an invalid length. [ 594.054536][T28157] netlink: 'syz.0.7101': attribute type 30 has an invalid length. [ 594.089382][ T3071] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 594.105402][ T3071] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 594.154546][ T3071] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 594.176169][ T3071] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 594.643844][T28201] netlink: 'syz.3.7110': attribute type 4 has an invalid length. [ 594.706310][T28203] netlink: 'syz.3.7110': attribute type 4 has an invalid length. [ 595.663449][T28218] netlink: Conntrack attr has 4 unknown bytes [ 596.031983][T28234] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 596.168480][T28247] .: renamed from bridge_slave_1 [ 596.987702][T28289] netlink: 'syz.4.7139': attribute type 1 has an invalid length. [ 597.075309][T28297] netlink: 'syz.1.7142': attribute type 1 has an invalid length. [ 597.096462][T28292] netlink: 'syz.2.7140': attribute type 9 has an invalid length. [ 597.149210][T28297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 597.268361][T28302] netlink: 'syz.2.7143': attribute type 2 has an invalid length. [ 597.331806][T28302] : entered promiscuous mode [ 597.570896][T28317] __nla_validate_parse: 11 callbacks suppressed [ 597.570918][T28317] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7148'. [ 597.659844][T28321] netlink: 27 bytes leftover after parsing attributes in process `syz.2.7151'. [ 597.767906][T28324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7152'. [ 597.812589][T28327] Cannot find add_set index 28160 as target [ 597.826375][T28324] dummy0: left allmulticast mode [ 597.859557][T28324] dummy0: left promiscuous mode [ 597.864674][T28324] bridge0: port 4(dummy0) entered disabled state [ 597.874005][T28329] netlink: 'syz.3.7154': attribute type 1 has an invalid length. [ 597.903779][T28324] bridge_slave_0: left allmulticast mode [ 597.909426][T28329] netlink: 224 bytes leftover after parsing attributes in process `syz.3.7154'. [ 597.939732][T28324] bridge_slave_0: left promiscuous mode [ 597.945746][T28324] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.993489][T28324] : (slave .): Releasing backup interface [ 598.008184][T28324] : (slave 32): Releasing backup interface [ 598.024836][T28337] netlink: 'syz.4.7157': attribute type 1 has an invalid length. [ 598.042147][T28324] : (slave bond_slave_1): Releasing backup interface [ 598.061570][T28324] team0: Port device team_slave_1 removed [ 598.075988][T28324] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 598.091019][T28324] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 598.101641][T28324] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 598.204469][T28337] 8021q: adding VLAN 0 to HW filter on device bond8 [ 598.306548][T28341] vlan2: entered allmulticast mode [ 598.333824][T28341] bond8: entered allmulticast mode [ 598.432333][T28351] openvswitch: netlink: Message has 244 unknown bytes. [ 598.446158][T28347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7160'. [ 598.551327][T28354] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7162'. [ 598.626425][T28358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7163'. [ 598.711951][T28364] netlink: 44 bytes leftover after parsing attributes in process `syz.0.7164'. [ 598.930627][T28370] Cannot find add_set index 28672 as target [ 599.225760][T28386] netlink: 'syz.2.7172': attribute type 3 has an invalid length. [ 599.236236][T28388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7173'. [ 599.251105][T28386] netlink: 'syz.2.7172': attribute type 1 has an invalid length. [ 599.267196][T28388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7173'. [ 600.131399][T28442] syzkaller1: entered promiscuous mode [ 600.136910][T28442] syzkaller1: entered allmulticast mode [ 600.186813][T28442] bond10: entered allmulticast mode [ 600.192805][T28442] 8021q: adding VLAN 0 to HW filter on device bond10 [ 600.441172][T28459] netlink: 'syz.2.7194': attribute type 6 has an invalid length. [ 601.040563][T28490] syzkaller1: entered promiscuous mode [ 601.060823][T28490] syzkaller1: entered allmulticast mode [ 601.420612][T28513] openvswitch: netlink: Missing key (keys=40, expected=80) [ 601.495606][T28518] mac80211_hwsim hwsim88 syzkaller0: entered promiscuous mode [ 601.509368][T28518] mac80211_hwsim hwsim88 syzkaller0: entered allmulticast mode [ 601.553722][T28524] bond0: Error: Cannot enslave bond to itself. [ 601.775234][T28535] bond11: (slave ip6_vti0): Device is not bonding slave [ 601.807672][T28535] bond11: option active_slave: invalid value (ip6_vti0) [ 601.843720][T28535] bond11 (unregistering): Released all slaves [ 602.286716][T28577] FAULT_INJECTION: forcing a failure. [ 602.286716][T28577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.357868][T28577] CPU: 0 UID: 0 PID: 28577 Comm: syz.1.7228 Not tainted syzkaller #0 PREEMPT(full) [ 602.357919][T28577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 602.357943][T28577] Call Trace: [ 602.357951][T28577] [ 602.357960][T28577] dump_stack_lvl+0xe8/0x150 [ 602.357991][T28577] should_fail_ex+0x412/0x560 [ 602.358020][T28577] _copy_to_iter+0x1e4/0x17d0 [ 602.358044][T28577] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 602.358077][T28577] ? kernfs_seq_stop+0x17e/0x200 [ 602.358100][T28577] ? __pfx__copy_to_iter+0x10/0x10 [ 602.358125][T28577] ? traverse+0x544/0x580 [ 602.358163][T28577] seq_read_iter+0x2e9/0xe10 [ 602.358191][T28577] ? apparmor_file_permission+0x17f/0x1f0 [ 602.358226][T28577] vfs_read+0x582/0xa70 [ 602.358261][T28577] ? __pfx_vfs_read+0x10/0x10 [ 602.358297][T28577] ? __fget_files+0x2a/0x420 [ 602.358327][T28577] __x64_sys_pread64+0x199/0x230 [ 602.358357][T28577] ? __pfx___x64_sys_pread64+0x10/0x10 [ 602.358397][T28577] do_syscall_64+0xe2/0xf80 [ 602.358416][T28577] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.358434][T28577] ? trace_irq_disable+0x37/0x100 [ 602.358453][T28577] ? clear_bhb_loop+0x60/0xb0 [ 602.358476][T28577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.358495][T28577] RIP: 0033:0x7fdc9ab9aeb9 [ 602.358513][T28577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 602.358530][T28577] RSP: 002b:00007fdc9b9a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 602.358551][T28577] RAX: ffffffffffffffda RBX: 00007fdc9ae16090 RCX: 00007fdc9ab9aeb9 [ 602.358566][T28577] RDX: 0000000000001003 RSI: 0000200000001840 RDI: 0000000000000005 [ 602.358578][T28577] RBP: 00007fdc9b9a6090 R08: 0000000000000000 R09: 0000000000000000 [ 602.358589][T28577] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 602.358600][T28577] R13: 00007fdc9ae16128 R14: 00007fdc9ae16090 R15: 00007ffd5d5dd1d8 [ 602.358632][T28577] [ 602.630383][T28585] bond7: (slave netdevsim0): Enslaving as an active interface with an up link [ 603.034167][T28609] __nla_validate_parse: 21 callbacks suppressed [ 603.034187][T28609] netlink: 80 bytes leftover after parsing attributes in process `syz.3.7235'. [ 603.115569][T28613] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7236'. [ 603.242728][T28618] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7240'. [ 603.466864][T28639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7244'. [ 603.684056][T28650] netlink: 'syz.2.7247': attribute type 64 has an invalid length. [ 603.946336][T28661] SET target dimension over the limit! [ 603.951143][T28657] team0: Refused to change device type [ 603.969682][T28661] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7251'. [ 604.038774][T28659] netlink: 260 bytes leftover after parsing attributes in process `syz.1.7253'. [ 604.232318][T28666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7254'. [ 604.253887][T28668] x_tables: duplicate entry at hook 1 [ 604.269950][T28670] x_tables: duplicate entry at hook 1 [ 604.325384][T28676] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 604.336352][T28676] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 604.346324][T28676] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 604.355583][T28676] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 604.363715][T28676] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 604.472929][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 604.480960][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 604.490192][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 604.501750][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 604.510417][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 604.647909][T28675] lo speed is unknown, defaulting to 1000 [ 604.763163][ T6416] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.866387][T28690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7259'. [ 604.941370][ T6416] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 605.049671][ T6416] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 605.132478][ T6416] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 605.329605][ T6416] bridge_slave_1: left allmulticast mode [ 605.335516][ T6416] bridge_slave_1: left promiscuous mode [ 605.361179][ T6416] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.371229][ T6416] bridge_slave_0: left allmulticast mode [ 605.376903][ T6416] bridge_slave_0: left promiscuous mode [ 605.384334][ T6416] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.600098][ T6416] tipc: Disabling bearer [ 605.686463][ T6416] bond3 (unregistering): (slave gretap2): Releasing active interface [ 605.746412][ T6416] dvmrp7 (unregistering): left allmulticast mode [ 606.063085][ T6416] bond2 (unregistering): (slave bridge5): Releasing backup interface [ 606.073071][ T6416] bridge5 (unregistering): left promiscuous mode [ 606.361465][T28699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7261'. [ 606.370782][T28699] SET target dimension over the limit! [ 606.501794][T28709] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7266'. [ 606.514465][T28709] netlink: 'syz.0.7266': attribute type 3 has an invalid length. [ 606.551602][ T5853] Bluetooth: hci5: command tx timeout [ 606.647455][ T6416] bond1 (unregistering): Released all slaves [ 606.789731][ T6416] bond2 (unregistering): Released all slaves [ 606.808374][ T6416] bond3 (unregistering): Released all slaves [ 606.942363][ T6416] bond4 (unregistering): Released all slaves [ 606.971539][ T6416] bond0 (unregistering): (slave veth3): Releasing active interface [ 606.983080][ T6416] bond0 (unregistering): Released all slaves [ 607.109206][ T6416] bond5 (unregistering): Released all slaves [ 607.242392][ T6416] bond6 (unregistering): Released all slaves [ 607.260298][ T6416] bond7 (unregistering): Released all slaves [ 607.396286][ T6416] bond8 (unregistering): Released all slaves [ 607.428919][T28718] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 607.444445][T28718] syzkaller1: Refused to change device type [ 607.483366][ T5897] infiniband syz1: ib_query_port failed (-19) [ 607.511614][T28703] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 607.534312][T28703] CPU: 0 UID: 0 PID: 28703 Comm: syz.3.7264 Not tainted syzkaller #0 PREEMPT(full) [ 607.534341][T28703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 607.534354][T28703] Call Trace: [ 607.534362][T28703] [ 607.534372][T28703] dump_stack_lvl+0xe8/0x150 [ 607.534404][T28703] sysfs_warn_dup+0x8e/0xa0 [ 607.534432][T28703] sysfs_do_create_link_sd+0xc0/0x110 [ 607.534461][T28703] device_add_class_symlinks+0x1cf/0x240 [ 607.534495][T28703] device_add+0x475/0xb70 [ 607.534529][T28703] wiphy_register+0x1d6c/0x2d50 [ 607.534567][T28703] ? __pfx_wiphy_register+0x10/0x10 [ 607.534587][T28703] ? __pfx_netdev_run_todo+0x10/0x10 [ 607.534615][T28703] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 607.534649][T28703] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 607.534679][T28703] ieee80211_register_hw+0x34d2/0x4150 [ 607.534705][T28703] ? __lock_acquire+0x6b5/0x2cf0 [ 607.534744][T28703] ? ieee80211_register_hw+0x13d1/0x4150 [ 607.534779][T28703] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 607.534823][T28703] ? __hrtimer_setup+0x181/0x200 [ 607.534842][T28703] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 607.534872][T28703] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 607.534927][T28703] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 607.534949][T28703] ? kstrndup+0xbf/0x160 [ 607.534980][T28703] hwsim_new_radio_nl+0xf85/0x1c30 [ 607.535011][T28703] ? __pfx___nla_validate_parse+0x10/0x10 [ 607.535052][T28703] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 607.535083][T28703] ? rcu_is_watching+0x15/0xb0 [ 607.535107][T28703] ? __nla_parse+0x40/0x60 [ 607.535144][T28703] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 607.535181][T28703] genl_family_rcv_msg_doit+0x22a/0x330 [ 607.535215][T28703] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 607.535255][T28703] ? bpf_lsm_capable+0x9/0x20 [ 607.535280][T28703] ? security_capable+0x7e/0x2c0 [ 607.535310][T28703] genl_rcv_msg+0x61c/0x7a0 [ 607.535342][T28703] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.535365][T28703] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 607.535393][T28703] ? __pfx_ref_tracker_free+0x10/0x10 [ 607.535427][T28703] netlink_rcv_skb+0x232/0x4b0 [ 607.535448][T28703] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.535474][T28703] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 607.535492][T28703] ? genl_rcv+0x19/0x40 [ 607.535534][T28703] ? down_read+0x272/0x2e0 [ 607.535554][T28703] ? genl_rcv+0xd/0x40 [ 607.535580][T28703] genl_rcv+0x28/0x40 [ 607.535606][T28703] netlink_unicast+0x80f/0x9b0 [ 607.535644][T28703] ? __pfx_netlink_unicast+0x10/0x10 [ 607.535675][T28703] ? netlink_sendmsg+0x650/0xb40 [ 607.535693][T28703] ? skb_put+0x11b/0x210 [ 607.535721][T28703] netlink_sendmsg+0x813/0xb40 [ 607.535753][T28703] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.535788][T28703] ? aa_sock_msg_perm+0xf1/0x1b0 [ 607.535815][T28703] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 607.535839][T28703] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.535858][T28703] ____sys_sendmsg+0xa68/0xad0 [ 607.535885][T28703] ? __might_fault+0xaf/0x130 [ 607.535921][T28703] ? __pfx_____sys_sendmsg+0x10/0x10 [ 607.535956][T28703] ? import_iovec+0x73/0xa0 [ 607.535989][T28703] ___sys_sendmsg+0x2a5/0x360 [ 607.536013][T28703] ? __lock_acquire+0x6b5/0x2cf0 [ 607.536044][T28703] ? __pfx____sys_sendmsg+0x10/0x10 [ 607.536078][T28703] ? futex_wake+0x4ac/0x580 [ 607.536133][T28703] ? __fget_files+0x2a/0x420 [ 607.536154][T28703] ? __fget_files+0x3a0/0x420 [ 607.536188][T28703] __x64_sys_sendmsg+0x1bd/0x2a0 [ 607.536217][T28703] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 607.536254][T28703] ? rcu_is_watching+0x15/0xb0 [ 607.536286][T28703] do_syscall_64+0xe2/0xf80 [ 607.536306][T28703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.536325][T28703] ? trace_irq_disable+0x37/0x100 [ 607.536343][T28703] ? clear_bhb_loop+0x60/0xb0 [ 607.536367][T28703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.536386][T28703] RIP: 0033:0x7f0ab019aeb9 [ 607.536405][T28703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 607.536423][T28703] RSP: 002b:00007f0ab1096028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 607.536445][T28703] RAX: ffffffffffffffda RBX: 00007f0ab0415fa0 RCX: 00007f0ab019aeb9 [ 607.536460][T28703] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 607.536473][T28703] RBP: 00007f0ab0208c1f R08: 0000000000000000 R09: 0000000000000000 [ 607.536486][T28703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 607.536499][T28703] R13: 00007f0ab0416038 R14: 00007f0ab0415fa0 R15: 00007ffc8cbf40c8 [ 607.536534][T28703] [ 608.106411][ T6416] 9: left promiscuous mode [ 608.206623][ T6416] tipc: Disabling bearer [ 608.228292][ T6416] tipc: Left network mode [ 608.260953][ T6416] IPVS: stopping backup sync thread 14571 ... [ 608.405384][T28675] chnl_net:caif_netlink_parms(): no params data found [ 608.606293][T28675] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.616995][T28675] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.628425][T28675] bridge_slave_0: entered allmulticast mode [ 608.636332][T28675] bridge_slave_0: entered promiscuous mode [ 608.639457][ T5853] Bluetooth: hci5: command tx timeout [ 608.648983][T28675] bridge0: port 2(bridge_slave_1) entered blocking state [ 608.658271][T28675] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.665941][T28675] bridge_slave_1: entered allmulticast mode [ 608.674341][T28675] bridge_slave_1: entered promiscuous mode [ 608.737519][T28675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 608.768108][T28675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 608.825831][T28675] team0: Port device team_slave_0 added [ 608.856724][T28675] team0: Port device team_slave_1 added [ 608.901671][T28675] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 608.908644][T28675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 608.945791][T28675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 608.968945][T28675] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 608.979584][T28675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.009846][T28675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 609.137414][T28675] hsr_slave_0: entered promiscuous mode [ 609.144420][T28675] hsr_slave_1: entered promiscuous mode [ 609.617798][ T6416] hsr_slave_0: left promiscuous mode [ 609.634559][ T6416] hsr_slave_1: left promiscuous mode [ 609.672421][ T6416] pim6reg (unregistering): left allmulticast mode [ 610.166583][T28738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7271'. [ 610.181387][T28739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7274'. [ 610.190849][T28738] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 610.204108][T28739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7274'. [ 610.503704][T28747] netlink: 476 bytes leftover after parsing attributes in process `syz.3.7275'. [ 610.534245][ T150] smc: removing ib device !yz! [ 610.709990][ T5853] Bluetooth: hci5: command tx timeout [ 611.298387][T28760] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 611.337839][T28760] CPU: 1 UID: 0 PID: 28760 Comm: syz.3.7280 Not tainted syzkaller #0 PREEMPT(full) [ 611.337872][T28760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 611.337891][T28760] Call Trace: [ 611.337899][T28760] [ 611.337908][T28760] dump_stack_lvl+0xe8/0x150 [ 611.337939][T28760] sysfs_warn_dup+0x8e/0xa0 [ 611.337967][T28760] sysfs_do_create_link_sd+0xc0/0x110 [ 611.337996][T28760] device_add_class_symlinks+0x1cf/0x240 [ 611.338029][T28760] device_add+0x475/0xb70 [ 611.338061][T28760] wiphy_register+0x1d6c/0x2d50 [ 611.338100][T28760] ? __pfx_wiphy_register+0x10/0x10 [ 611.338120][T28760] ? __pfx_netdev_run_todo+0x10/0x10 [ 611.338149][T28760] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 611.338183][T28760] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 611.338212][T28760] ieee80211_register_hw+0x34d2/0x4150 [ 611.338239][T28760] ? __lock_acquire+0x6b5/0x2cf0 [ 611.338278][T28760] ? ieee80211_register_hw+0x13d1/0x4150 [ 611.338314][T28760] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 611.338359][T28760] ? __hrtimer_setup+0x181/0x200 [ 611.338377][T28760] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 611.338408][T28760] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 611.338462][T28760] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 611.338484][T28760] ? kstrndup+0xbf/0x160 [ 611.338523][T28760] hwsim_new_radio_nl+0xf85/0x1c30 [ 611.338555][T28760] ? __pfx___nla_validate_parse+0x10/0x10 [ 611.338599][T28760] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 611.338630][T28760] ? rcu_is_watching+0x15/0xb0 [ 611.338670][T28760] ? __nla_parse+0x40/0x60 [ 611.338700][T28760] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 611.338736][T28760] genl_family_rcv_msg_doit+0x22a/0x330 [ 611.338769][T28760] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 611.338816][T28760] ? bpf_lsm_capable+0x9/0x20 [ 611.338841][T28760] ? security_capable+0x7e/0x2c0 [ 611.338871][T28760] genl_rcv_msg+0x61c/0x7a0 [ 611.338904][T28760] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.338927][T28760] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 611.338954][T28760] ? __pfx_ref_tracker_free+0x10/0x10 [ 611.338988][T28760] netlink_rcv_skb+0x232/0x4b0 [ 611.339008][T28760] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.339035][T28760] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 611.339051][T28760] ? genl_rcv+0x19/0x40 [ 611.339097][T28760] ? down_read+0x272/0x2e0 [ 611.339117][T28760] ? genl_rcv+0xd/0x40 [ 611.339142][T28760] genl_rcv+0x28/0x40 [ 611.339176][T28760] netlink_unicast+0x80f/0x9b0 [ 611.339215][T28760] ? __pfx_netlink_unicast+0x10/0x10 [ 611.339249][T28760] ? netlink_sendmsg+0x650/0xb40 [ 611.339267][T28760] ? skb_put+0x11b/0x210 [ 611.339290][T28760] netlink_sendmsg+0x813/0xb40 [ 611.339318][T28760] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.339341][T28760] ? aa_sock_msg_perm+0xf1/0x1b0 [ 611.339365][T28760] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 611.339388][T28760] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.339406][T28760] ____sys_sendmsg+0xa68/0xad0 [ 611.339430][T28760] ? __might_fault+0xaf/0x130 [ 611.339464][T28760] ? __pfx_____sys_sendmsg+0x10/0x10 [ 611.339498][T28760] ? import_iovec+0x73/0xa0 [ 611.339530][T28760] ___sys_sendmsg+0x2a5/0x360 [ 611.339553][T28760] ? __lock_acquire+0x6b5/0x2cf0 [ 611.339583][T28760] ? __pfx____sys_sendmsg+0x10/0x10 [ 611.339613][T28760] ? futex_wait+0x29a/0x380 [ 611.339661][T28760] ? __fget_files+0x2a/0x420 [ 611.339682][T28760] ? __fget_files+0x3a0/0x420 [ 611.339714][T28760] __x64_sys_sendmsg+0x1bd/0x2a0 [ 611.339742][T28760] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 611.339778][T28760] ? rcu_is_watching+0x15/0xb0 [ 611.339818][T28760] do_syscall_64+0xe2/0xf80 [ 611.339838][T28760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.339857][T28760] ? trace_irq_disable+0x37/0x100 [ 611.339876][T28760] ? clear_bhb_loop+0x60/0xb0 [ 611.339900][T28760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.339919][T28760] RIP: 0033:0x7f0ab019aeb9 [ 611.339937][T28760] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 611.339954][T28760] RSP: 002b:00007f0ab1096028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 611.339975][T28760] RAX: ffffffffffffffda RBX: 00007f0ab0415fa0 RCX: 00007f0ab019aeb9 [ 611.339991][T28760] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 611.340005][T28760] RBP: 00007f0ab0208c1f R08: 0000000000000000 R09: 0000000000000000 [ 611.340017][T28760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.340030][T28760] R13: 00007f0ab0416038 R14: 00007f0ab0415fa0 R15: 00007ffc8cbf40c8 [ 611.340065][T28760] [ 612.068235][T28753] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7277'. [ 612.789451][ T5853] Bluetooth: hci5: command tx timeout [ 613.484826][T28675] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 613.646042][T28675] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 613.687407][T28675] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 613.720442][ T6416] IPVS: stop unused estimator thread 0... [ 613.765336][T28675] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 613.796750][T28812] netlink: 208 bytes leftover after parsing attributes in process `syz.0.7296'. [ 613.832471][T28809] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 613.873663][T28809] CPU: 0 UID: 0 PID: 28809 Comm: syz.1.7295 Not tainted syzkaller #0 PREEMPT(full) [ 613.873692][T28809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 613.873709][T28809] Call Trace: [ 613.873717][T28809] [ 613.873727][T28809] dump_stack_lvl+0xe8/0x150 [ 613.873758][T28809] sysfs_warn_dup+0x8e/0xa0 [ 613.873786][T28809] sysfs_do_create_link_sd+0xc0/0x110 [ 613.873824][T28809] device_add_class_symlinks+0x1cf/0x240 [ 613.873860][T28809] device_add+0x475/0xb70 [ 613.873894][T28809] wiphy_register+0x1d6c/0x2d50 [ 613.873932][T28809] ? __pfx_wiphy_register+0x10/0x10 [ 613.873953][T28809] ? __pfx_netdev_run_todo+0x10/0x10 [ 613.873980][T28809] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 613.874015][T28809] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 613.874045][T28809] ieee80211_register_hw+0x34d2/0x4150 [ 613.874087][T28809] ? ieee80211_register_hw+0x13d1/0x4150 [ 613.874123][T28809] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 613.874166][T28809] ? __hrtimer_setup+0x181/0x200 [ 613.874185][T28809] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 613.874216][T28809] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 613.874273][T28809] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 613.874296][T28809] ? kstrndup+0xbf/0x160 [ 613.874329][T28809] hwsim_new_radio_nl+0xf85/0x1c30 [ 613.874360][T28809] ? __pfx___nla_validate_parse+0x10/0x10 [ 613.874403][T28809] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 613.874433][T28809] ? rcu_is_watching+0x15/0xb0 [ 613.874458][T28809] ? __nla_parse+0x40/0x60 [ 613.874488][T28809] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 613.874524][T28809] genl_family_rcv_msg_doit+0x22a/0x330 [ 613.874559][T28809] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 613.874599][T28809] ? bpf_lsm_capable+0x9/0x20 [ 613.874624][T28809] ? security_capable+0x7e/0x2c0 [ 613.874653][T28809] genl_rcv_msg+0x61c/0x7a0 [ 613.874686][T28809] ? __pfx_genl_rcv_msg+0x10/0x10 [ 613.874710][T28809] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 613.874738][T28809] ? __pfx_ref_tracker_free+0x10/0x10 [ 613.874771][T28809] netlink_rcv_skb+0x232/0x4b0 [ 613.874797][T28809] ? __pfx_genl_rcv_msg+0x10/0x10 [ 613.874824][T28809] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 613.874841][T28809] ? genl_rcv+0x19/0x40 [ 613.874883][T28809] ? down_read+0x272/0x2e0 [ 613.874903][T28809] ? genl_rcv+0xd/0x40 [ 613.874929][T28809] genl_rcv+0x28/0x40 [ 613.874951][T28809] netlink_unicast+0x80f/0x9b0 [ 613.874988][T28809] ? __pfx_netlink_unicast+0x10/0x10 [ 613.875019][T28809] ? netlink_sendmsg+0x650/0xb40 [ 613.875037][T28809] ? skb_put+0x11b/0x210 [ 613.875064][T28809] netlink_sendmsg+0x813/0xb40 [ 613.875095][T28809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 613.875120][T28809] ? aa_sock_msg_perm+0xf1/0x1b0 [ 613.875145][T28809] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 613.875168][T28809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 613.875188][T28809] ____sys_sendmsg+0xa68/0xad0 [ 613.875214][T28809] ? __might_fault+0xaf/0x130 [ 613.875250][T28809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 613.875286][T28809] ? import_iovec+0x73/0xa0 [ 613.875319][T28809] ___sys_sendmsg+0x2a5/0x360 [ 613.875342][T28809] ? __lock_acquire+0x6b5/0x2cf0 [ 613.875373][T28809] ? __pfx____sys_sendmsg+0x10/0x10 [ 613.875407][T28809] ? futex_wait+0x29a/0x380 [ 613.875456][T28809] ? __fget_files+0x2a/0x420 [ 613.875477][T28809] ? __fget_files+0x3a0/0x420 [ 613.875510][T28809] __x64_sys_sendmsg+0x1bd/0x2a0 [ 613.875538][T28809] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 613.875574][T28809] ? rcu_is_watching+0x15/0xb0 [ 613.875608][T28809] do_syscall_64+0xe2/0xf80 [ 613.875627][T28809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.875646][T28809] ? trace_irq_disable+0x37/0x100 [ 613.875664][T28809] ? clear_bhb_loop+0x60/0xb0 [ 613.875688][T28809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.875707][T28809] RIP: 0033:0x7fdc9ab9aeb9 [ 613.875725][T28809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 613.875742][T28809] RSP: 002b:00007fdc9b9c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 613.875763][T28809] RAX: ffffffffffffffda RBX: 00007fdc9ae15fa0 RCX: 00007fdc9ab9aeb9 [ 613.875780][T28809] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 613.875798][T28809] RBP: 00007fdc9ac08c1f R08: 0000000000000000 R09: 0000000000000000 [ 613.875812][T28809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 613.875824][T28809] R13: 00007fdc9ae16038 R14: 00007fdc9ae15fa0 R15: 00007ffd5d5dd1d8 [ 613.875860][T28809] [ 614.759912][T28839] Cannot find del_set index 49151 as target [ 614.794899][T28835] delete_channel: no stack [ 614.872768][T28676] Bluetooth: hci5: command tx timeout [ 614.915443][T28847] netlink: 'syz.1.7306': attribute type 21 has an invalid length. [ 614.958675][T28675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 614.974093][T28847] netlink: 156 bytes leftover after parsing attributes in process `syz.1.7306'. [ 614.999182][T28850] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 615.058563][T28850] CPU: 0 UID: 0 PID: 28850 Comm: syz.2.7308 Not tainted syzkaller #0 PREEMPT(full) [ 615.058592][T28850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 615.058605][T28850] Call Trace: [ 615.058614][T28850] [ 615.058623][T28850] dump_stack_lvl+0xe8/0x150 [ 615.058654][T28850] sysfs_warn_dup+0x8e/0xa0 [ 615.058683][T28850] sysfs_do_create_link_sd+0xc0/0x110 [ 615.058714][T28850] device_add_class_symlinks+0x1cf/0x240 [ 615.058756][T28850] device_add+0x475/0xb70 [ 615.058790][T28850] wiphy_register+0x1d6c/0x2d50 [ 615.058829][T28850] ? __pfx_wiphy_register+0x10/0x10 [ 615.058849][T28850] ? __pfx_netdev_run_todo+0x10/0x10 [ 615.058877][T28850] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 615.058912][T28850] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 615.058942][T28850] ieee80211_register_hw+0x34d2/0x4150 [ 615.058968][T28850] ? __lock_acquire+0x6b5/0x2cf0 [ 615.059009][T28850] ? ieee80211_register_hw+0x13d1/0x4150 [ 615.059045][T28850] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 615.059090][T28850] ? __hrtimer_setup+0x181/0x200 [ 615.059109][T28850] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 615.059140][T28850] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 615.059197][T28850] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 615.059219][T28850] ? kstrndup+0xbf/0x160 [ 615.059258][T28850] hwsim_new_radio_nl+0xf85/0x1c30 [ 615.059284][T28850] ? __pfx___nla_validate_parse+0x10/0x10 [ 615.059321][T28850] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 615.059347][T28850] ? rcu_is_watching+0x15/0xb0 [ 615.059367][T28850] ? __nla_parse+0x40/0x60 [ 615.059393][T28850] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 615.059423][T28850] genl_family_rcv_msg_doit+0x22a/0x330 [ 615.059452][T28850] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 615.059489][T28850] ? bpf_lsm_capable+0x9/0x20 [ 615.059512][T28850] ? security_capable+0x7e/0x2c0 [ 615.059541][T28850] genl_rcv_msg+0x61c/0x7a0 [ 615.059569][T28850] ? __pfx_genl_rcv_msg+0x10/0x10 [ 615.059590][T28850] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 615.059625][T28850] netlink_rcv_skb+0x232/0x4b0 [ 615.059645][T28850] ? __pfx_genl_rcv_msg+0x10/0x10 [ 615.059670][T28850] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 615.059686][T28850] ? genl_rcv+0x19/0x40 [ 615.059732][T28850] ? down_read+0x272/0x2e0 [ 615.059751][T28850] ? genl_rcv+0xd/0x40 [ 615.059775][T28850] genl_rcv+0x28/0x40 [ 615.059796][T28850] netlink_unicast+0x80f/0x9b0 [ 615.059831][T28850] ? __pfx_netlink_unicast+0x10/0x10 [ 615.059857][T28850] ? netlink_sendmsg+0x650/0xb40 [ 615.059875][T28850] ? skb_put+0x11b/0x210 [ 615.059899][T28850] netlink_sendmsg+0x813/0xb40 [ 615.059931][T28850] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.059955][T28850] ? aa_sock_msg_perm+0xf1/0x1b0 [ 615.059979][T28850] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 615.060001][T28850] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.060019][T28850] ____sys_sendmsg+0xa68/0xad0 [ 615.060045][T28850] ? __might_fault+0xaf/0x130 [ 615.060079][T28850] ? __pfx_____sys_sendmsg+0x10/0x10 [ 615.060115][T28850] ? import_iovec+0x73/0xa0 [ 615.060148][T28850] ___sys_sendmsg+0x2a5/0x360 [ 615.060173][T28850] ? __lock_acquire+0x6b5/0x2cf0 [ 615.060203][T28850] ? __pfx____sys_sendmsg+0x10/0x10 [ 615.060235][T28850] ? futex_wake+0x4ac/0x580 [ 615.060284][T28850] ? __fget_files+0x2a/0x420 [ 615.060305][T28850] ? __fget_files+0x3a0/0x420 [ 615.060338][T28850] __x64_sys_sendmsg+0x1bd/0x2a0 [ 615.060368][T28850] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 615.060405][T28850] ? rcu_is_watching+0x15/0xb0 [ 615.060438][T28850] do_syscall_64+0xe2/0xf80 [ 615.060458][T28850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.060475][T28850] ? trace_irq_disable+0x37/0x100 [ 615.060495][T28850] ? clear_bhb_loop+0x60/0xb0 [ 615.060519][T28850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.060539][T28850] RIP: 0033:0x7f91b939aeb9 [ 615.060559][T28850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 615.060576][T28850] RSP: 002b:00007f91ba2f8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 615.060597][T28850] RAX: ffffffffffffffda RBX: 00007f91b9615fa0 RCX: 00007f91b939aeb9 [ 615.060612][T28850] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 615.060626][T28850] RBP: 00007f91b9408c1f R08: 0000000000000000 R09: 0000000000000000 [ 615.060639][T28850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 615.060652][T28850] R13: 00007f91b9616038 R14: 00007f91b9615fa0 R15: 00007ffcb833ee28 [ 615.060687][T28850] [ 615.720924][T28675] 8021q: adding VLAN 0 to HW filter on device team0 [ 615.736099][ T6421] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.743302][ T6421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 615.829173][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.836439][ T6421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 616.000824][T28873] FAULT_INJECTION: forcing a failure. [ 616.000824][T28873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 616.002744][T28874] Cannot find del_set index 49151 as target [ 616.059437][T28873] CPU: 0 UID: 0 PID: 28873 Comm: syz.2.7313 Not tainted syzkaller #0 PREEMPT(full) [ 616.059463][T28873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 616.059475][T28873] Call Trace: [ 616.059484][T28873] [ 616.059492][T28873] dump_stack_lvl+0xe8/0x150 [ 616.059518][T28873] should_fail_ex+0x412/0x560 [ 616.059549][T28873] _copy_from_iter+0x1d3/0x1670 [ 616.059577][T28873] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 616.059605][T28873] ? __pfx__copy_from_iter+0x10/0x10 [ 616.059628][T28873] ? __build_skb_around+0x22d/0x3c0 [ 616.059654][T28873] ? __alloc_skb+0x193/0x390 [ 616.059674][T28873] ? netlink_sendmsg+0x650/0xb40 [ 616.059691][T28873] ? skb_put+0x11b/0x210 [ 616.059713][T28873] netlink_sendmsg+0x6c0/0xb40 [ 616.059739][T28873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 616.059759][T28873] ? aa_sock_msg_perm+0xf1/0x1b0 [ 616.059779][T28873] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 616.059798][T28873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 616.059815][T28873] ____sys_sendmsg+0xa68/0xad0 [ 616.059838][T28873] ? __might_fault+0xaf/0x130 [ 616.059870][T28873] ? __pfx_____sys_sendmsg+0x10/0x10 [ 616.059901][T28873] ? import_iovec+0x73/0xa0 [ 616.059930][T28873] ___sys_sendmsg+0x2a5/0x360 [ 616.059952][T28873] ? __lock_acquire+0x6b5/0x2cf0 [ 616.059981][T28873] ? __pfx____sys_sendmsg+0x10/0x10 [ 616.060037][T28873] ? __fget_files+0x2a/0x420 [ 616.060056][T28873] ? __fget_files+0x3a0/0x420 [ 616.060085][T28873] __x64_sys_sendmsg+0x1bd/0x2a0 [ 616.060111][T28873] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 616.060143][T28873] ? __pfx_ksys_write+0x10/0x10 [ 616.060180][T28873] do_syscall_64+0xe2/0xf80 [ 616.060199][T28873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.060217][T28873] ? trace_irq_disable+0x37/0x100 [ 616.060235][T28873] ? clear_bhb_loop+0x60/0xb0 [ 616.060257][T28873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.060275][T28873] RIP: 0033:0x7f91b939aeb9 [ 616.060292][T28873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 616.060308][T28873] RSP: 002b:00007f91ba2f8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 616.060328][T28873] RAX: ffffffffffffffda RBX: 00007f91b9615fa0 RCX: 00007f91b939aeb9 [ 616.060342][T28873] RDX: 0000000000008090 RSI: 0000200000001540 RDI: 0000000000000005 [ 616.060362][T28873] RBP: 00007f91ba2f8090 R08: 0000000000000000 R09: 0000000000000000 [ 616.060374][T28873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.060385][T28873] R13: 00007f91b9616038 R14: 00007f91b9615fa0 R15: 00007ffcb833ee28 [ 616.060415][T28873] [ 616.443689][T28879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7316'. [ 616.464008][T28879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7316'. [ 616.571147][T28883] nbd: nbd1 already in use [ 616.593231][T28879] block nbd1: NBD_DISCONNECT [ 616.630990][T28879] block nbd1: Send disconnect failed -32 [ 616.647298][T28879] block nbd1: shutting down sockets [ 616.952511][T28675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 617.008598][T28904] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 617.088320][T28904] CPU: 0 UID: 0 PID: 28904 Comm: syz.2.7322 Not tainted syzkaller #0 PREEMPT(full) [ 617.088350][T28904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 617.088363][T28904] Call Trace: [ 617.088373][T28904] [ 617.088382][T28904] dump_stack_lvl+0xe8/0x150 [ 617.088414][T28904] sysfs_warn_dup+0x8e/0xa0 [ 617.088443][T28904] sysfs_do_create_link_sd+0xc0/0x110 [ 617.088473][T28904] device_add_class_symlinks+0x1cf/0x240 [ 617.088508][T28904] device_add+0x475/0xb70 [ 617.088546][T28904] wiphy_register+0x1d6c/0x2d50 [ 617.088590][T28904] ? __pfx_wiphy_register+0x10/0x10 [ 617.088610][T28904] ? __pfx_netdev_run_todo+0x10/0x10 [ 617.088639][T28904] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 617.088673][T28904] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 617.088704][T28904] ieee80211_register_hw+0x34d2/0x4150 [ 617.088730][T28904] ? __lock_acquire+0x6b5/0x2cf0 [ 617.088771][T28904] ? ieee80211_register_hw+0x13d1/0x4150 [ 617.088807][T28904] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 617.088852][T28904] ? __hrtimer_setup+0x181/0x200 [ 617.088871][T28904] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 617.088901][T28904] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 617.088958][T28904] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 617.088979][T28904] ? kstrndup+0xbf/0x160 [ 617.089012][T28904] hwsim_new_radio_nl+0xf85/0x1c30 [ 617.089043][T28904] ? __pfx___nla_validate_parse+0x10/0x10 [ 617.089083][T28904] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 617.089114][T28904] ? rcu_is_watching+0x15/0xb0 [ 617.089138][T28904] ? __nla_parse+0x40/0x60 [ 617.089168][T28904] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 617.089204][T28904] genl_family_rcv_msg_doit+0x22a/0x330 [ 617.089241][T28904] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 617.089278][T28904] ? bpf_lsm_capable+0x9/0x20 [ 617.089306][T28904] ? security_capable+0x7e/0x2c0 [ 617.089337][T28904] genl_rcv_msg+0x61c/0x7a0 [ 617.089369][T28904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 617.089392][T28904] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 617.089433][T28904] netlink_rcv_skb+0x232/0x4b0 [ 617.089454][T28904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 617.089481][T28904] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 617.089498][T28904] ? genl_rcv+0x19/0x40 [ 617.089540][T28904] ? down_read+0x272/0x2e0 [ 617.089560][T28904] ? genl_rcv+0xd/0x40 [ 617.089586][T28904] genl_rcv+0x28/0x40 [ 617.089607][T28904] netlink_unicast+0x80f/0x9b0 [ 617.089646][T28904] ? __pfx_netlink_unicast+0x10/0x10 [ 617.089677][T28904] ? netlink_sendmsg+0x650/0xb40 [ 617.089695][T28904] ? skb_put+0x11b/0x210 [ 617.089722][T28904] netlink_sendmsg+0x813/0xb40 [ 617.089754][T28904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.089778][T28904] ? aa_sock_msg_perm+0xf1/0x1b0 [ 617.089803][T28904] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 617.089825][T28904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.089844][T28904] ____sys_sendmsg+0xa68/0xad0 [ 617.089870][T28904] ? __might_fault+0xaf/0x130 [ 617.089904][T28904] ? __pfx_____sys_sendmsg+0x10/0x10 [ 617.089939][T28904] ? import_iovec+0x73/0xa0 [ 617.089970][T28904] ___sys_sendmsg+0x2a5/0x360 [ 617.089994][T28904] ? __lock_acquire+0x6b5/0x2cf0 [ 617.090025][T28904] ? __pfx____sys_sendmsg+0x10/0x10 [ 617.090058][T28904] ? futex_wait+0x29a/0x380 [ 617.090106][T28904] ? __fget_files+0x2a/0x420 [ 617.090124][T28904] ? __fget_files+0x3a0/0x420 [ 617.090155][T28904] __x64_sys_sendmsg+0x1bd/0x2a0 [ 617.090181][T28904] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 617.090214][T28904] ? rcu_is_watching+0x15/0xb0 [ 617.090243][T28904] do_syscall_64+0xe2/0xf80 [ 617.090263][T28904] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.090281][T28904] ? trace_irq_disable+0x37/0x100 [ 617.090300][T28904] ? clear_bhb_loop+0x60/0xb0 [ 617.090331][T28904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.090350][T28904] RIP: 0033:0x7f91b939aeb9 [ 617.090368][T28904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 617.090385][T28904] RSP: 002b:00007f91ba2f8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.090407][T28904] RAX: ffffffffffffffda RBX: 00007f91b9615fa0 RCX: 00007f91b939aeb9 [ 617.090422][T28904] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 617.090435][T28904] RBP: 00007f91b9408c1f R08: 0000000000000000 R09: 0000000000000000 [ 617.090448][T28904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.090460][T28904] R13: 00007f91b9616038 R14: 00007f91b9615fa0 R15: 00007ffcb833ee28 [ 617.090495][T28904] [ 617.980923][T28922] netlink: 'syz.0.7326': attribute type 4 has an invalid length. [ 618.023025][T28922] netlink: 17 bytes leftover after parsing attributes in process `syz.0.7326'. [ 618.353878][T28675] veth0_vlan: entered promiscuous mode [ 618.382130][T28675] veth1_vlan: entered promiscuous mode [ 618.525845][T28675] veth0_macvtap: entered promiscuous mode [ 618.575153][T28675] veth1_macvtap: entered promiscuous mode [ 618.597123][T28950] lo speed is unknown, defaulting to 1000 [ 618.753162][T28675] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 618.789002][T28675] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.847723][ T6416] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.891547][ T6416] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.910596][ T6416] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.938423][T28964] netlink: 180 bytes leftover after parsing attributes in process `syz.3.7337'. [ 618.966792][ T6416] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.155356][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.189691][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.316430][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.349963][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.462874][T28984] netlink: 'syz.0.7346': attribute type 4 has an invalid length. [ 619.559625][T28990] netlink: 'syz.0.7346': attribute type 4 has an invalid length. [ 619.600747][T28991] FAULT_INJECTION: forcing a failure. [ 619.600747][T28991] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 619.657093][T28991] CPU: 0 UID: 0 PID: 28991 Comm: syz.4.7249 Not tainted syzkaller #0 PREEMPT(full) [ 619.657120][T28991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 619.657132][T28991] Call Trace: [ 619.657140][T28991] [ 619.657148][T28991] dump_stack_lvl+0xe8/0x150 [ 619.657176][T28991] should_fail_ex+0x412/0x560 [ 619.657201][T28991] prepare_alloc_pages+0x22a/0x650 [ 619.657231][T28991] __alloc_frozen_pages_noprof+0x12f/0x380 [ 619.657258][T28991] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 619.657288][T28991] ? __pfx_policy_nodemask+0x10/0x10 [ 619.657309][T28991] ? __lock_acquire+0x6b5/0x2cf0 [ 619.657342][T28991] alloc_pages_mpol+0x232/0x4a0 [ 619.657369][T28991] vma_alloc_folio_noprof+0xea/0x210 [ 619.657391][T28991] ? kernel_text_address+0xa5/0xe0 [ 619.657419][T28991] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 619.657441][T28991] ? ___pte_offset_map+0x29/0x240 [ 619.657468][T28991] ? ___pte_offset_map+0x29/0x240 [ 619.657506][T28991] do_pte_missing+0x15a4/0x37a0 [ 619.657538][T28991] ? handle_mm_fault+0xee/0x32a0 [ 619.657568][T28991] handle_mm_fault+0x1b8c/0x32a0 [ 619.657606][T28991] ? handle_mm_fault+0xee/0x32a0 [ 619.657636][T28991] ? __pfx_handle_mm_fault+0x10/0x10 [ 619.657677][T28991] ? __lock_acquire+0x6b5/0x2cf0 [ 619.657705][T28991] ? lock_mm_and_find_vma+0xa7/0x340 [ 619.657726][T28991] do_user_addr_fault+0x75b/0x1360 [ 619.657771][T28991] exc_page_fault+0x6a/0xc0 [ 619.657791][T28991] asm_exc_page_fault+0x26/0x30 [ 619.657811][T28991] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 619.657834][T28991] Code: c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f [ 619.657850][T28991] RSP: 0018:ffffc9001d21fa38 EFLAGS: 00050202 [ 619.657866][T28991] RAX: ffffffff849e360a RBX: ffff8880279be001 RCX: 0000000000000001 [ 619.657880][T28991] RDX: 0000000000000000 RSI: ffff8880279be001 RDI: 0000200000001840 [ 619.657893][T28991] RBP: ffffc9001d21fbb0 R08: ffff8880279be001 R09: 1ffff11004f37c00 [ 619.657922][T28991] R10: dffffc0000000000 R11: ffffed1004f37c01 R12: 1ffff92003a43faf [ 619.657935][T28991] R13: 0000200000001840 R14: ffffc9001d21fd88 R15: 0000000000000001 [ 619.657955][T28991] ? _copy_to_iter+0x13a/0x17d0 [ 619.657986][T28991] _copy_to_iter+0x255/0x17d0 [ 619.658009][T28991] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 619.658048][T28991] ? kernfs_seq_stop+0x17e/0x200 [ 619.658077][T28991] ? __pfx__copy_to_iter+0x10/0x10 [ 619.658105][T28991] ? traverse+0x544/0x580 [ 619.658142][T28991] seq_read_iter+0x2e9/0xe10 [ 619.658170][T28991] ? apparmor_file_permission+0x17f/0x1f0 [ 619.658203][T28991] vfs_read+0x582/0xa70 [ 619.658237][T28991] ? __pfx_vfs_read+0x10/0x10 [ 619.658273][T28991] ? __fget_files+0x2a/0x420 [ 619.658302][T28991] __x64_sys_pread64+0x199/0x230 [ 619.658331][T28991] ? __pfx___x64_sys_pread64+0x10/0x10 [ 619.658369][T28991] do_syscall_64+0xe2/0xf80 [ 619.658388][T28991] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.658406][T28991] ? clear_bhb_loop+0x60/0xb0 [ 619.658428][T28991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.658444][T28991] RIP: 0033:0x7fa5e099aeb9 [ 619.658460][T28991] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 619.658475][T28991] RSP: 002b:00007fa5e190d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 619.658493][T28991] RAX: ffffffffffffffda RBX: 00007fa5e0c16090 RCX: 00007fa5e099aeb9 [ 619.658507][T28991] RDX: 0000000000001003 RSI: 0000200000001840 RDI: 0000000000000005 [ 619.658519][T28991] RBP: 00007fa5e190d090 R08: 0000000000000000 R09: 0000000000000000 [ 619.658530][T28991] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 619.658541][T28991] R13: 00007fa5e0c16128 R14: 00007fa5e0c16090 R15: 00007ffc655b15e8 [ 619.658572][T28991] [ 620.352241][T28676] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 620.363046][T28676] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 620.409104][T28676] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 620.417474][T28676] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 620.425424][T28676] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 620.433410][T28996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7349'. [ 620.823559][T28998] lo speed is unknown, defaulting to 1000 [ 620.866417][T29015] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7353'. [ 620.875878][T29015] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7353'. [ 621.048804][T29023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7357'. [ 621.103410][T29027] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.7359'. [ 621.138535][T29027] netlink: Unknown conntrack attr (0) [ 621.325420][T29040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7363'. [ 621.749043][T29062] __nla_validate_parse: 1 callbacks suppressed [ 621.749064][T29062] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.7371'. [ 621.769797][T29062] netlink: Unknown conntrack attr (0) [ 621.898025][T29065] Cannot find del_set index 49151 as target [ 622.048381][T29071] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7373'. [ 622.234233][T29075] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7375'. [ 622.409622][T29079] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7377'. [ 622.559823][T28676] Bluetooth: hci4: command tx timeout [ 623.794871][T29059] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.831266][T29059] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 623.846524][T29091] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.7381'. [ 623.861579][T29059] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.866427][T29091] netlink: Unknown conntrack attr (0) [ 623.882374][T29059] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 623.909408][T29059] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 19999 - 0 [ 623.971614][T29093] veth1_macvtap: left promiscuous mode [ 623.989239][T29093] macsec0: entered promiscuous mode [ 623.995734][T29093] macsec0: entered allmulticast mode [ 624.104796][T29093] veth1_macvtap: entered promiscuous mode [ 624.110989][T29093] veth1_macvtap: entered allmulticast mode [ 624.117705][T29093] macsec0: left promiscuous mode [ 624.135026][T29093] macsec0: left allmulticast mode [ 624.149698][T29093] veth1_macvtap: left allmulticast mode [ 624.156756][T29104] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7385'. [ 624.216365][T29059] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.249381][T29059] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 624.275243][T29108] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7387'. [ 624.276668][T29059] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.319359][T29059] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 624.342173][T29059] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 19999 - 0 [ 624.630740][T28676] Bluetooth: hci4: command tx timeout [ 624.638419][T29059] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.669527][T29059] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 624.690498][T29059] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.701066][T29059] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 624.712025][T29059] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 19999 - 0 [ 624.883688][T29059] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.894056][T29059] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 624.904606][T29059] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.914961][T29059] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 624.927022][T29059] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 19999 - 0 [ 625.027926][T28998] chnl_net:caif_netlink_parms(): no params data found [ 625.216349][T29140] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7398'. [ 625.238081][T29140] nbd: couldn't find a device at index 0 [ 625.259206][ T6416] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.274711][ T6416] netdevsim netdevsim3 eth0: set [0, 1] type 1 family 0 port 49153 - 0 [ 625.283672][ T6416] netdevsim netdevsim3 eth0: set [0, 2] type 1 family 0 port 256 - 0 [ 625.292566][ T6416] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 625.301165][ T6416] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 625.311214][T28998] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.319493][T28998] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.326748][T28998] bridge_slave_0: entered allmulticast mode [ 625.343833][T28998] bridge_slave_0: entered promiscuous mode [ 625.354053][T28998] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.379993][T28998] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.397541][T28998] bridge_slave_1: entered allmulticast mode [ 625.419208][T28998] bridge_slave_1: entered promiscuous mode [ 625.436069][ T6416] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.444643][ T6416] netdevsim netdevsim3 eth1: set [0, 1] type 1 family 0 port 49153 - 0 [ 625.453744][ T6416] netdevsim netdevsim3 eth1: set [0, 2] type 1 family 0 port 256 - 0 [ 625.463908][ T6416] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 625.473483][ T6416] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 625.593101][ T12] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.609614][ T12] netdevsim netdevsim3 eth2: set [0, 1] type 1 family 0 port 49153 - 0 [ 625.618008][ T12] netdevsim netdevsim3 eth2: set [0, 2] type 1 family 0 port 256 - 0 [ 625.639341][ T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 625.647679][ T12] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 625.683921][T28998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 625.715339][T28998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 625.772193][T29157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7404'. [ 625.789021][ T155] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 625.809317][ T155] netdevsim netdevsim3 eth3: set [0, 1] type 1 family 0 port 49153 - 0 [ 625.817602][ T155] netdevsim netdevsim3 eth3: set [0, 2] type 1 family 0 port 256 - 0 [ 625.859673][ T155] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 625.867969][ T155] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 625.924995][T28998] team0: Port device team_slave_0 added [ 625.942452][T28998] team0: Port device team_slave_1 added [ 626.133260][T28998] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 626.141773][T29168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7409'. [ 626.161312][T28998] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 626.203164][T28998] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 626.233798][T28998] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 626.251640][T28998] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 626.307938][T28998] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 626.501879][T29168] hsr_slave_1 (unregistering): left promiscuous mode [ 626.696281][T28998] hsr_slave_0: entered promiscuous mode [ 626.711258][T28998] hsr_slave_1: entered promiscuous mode [ 626.712436][T28676] Bluetooth: hci4: command tx timeout [ 626.738935][T28998] debugfs: 'hsr0' already exists in 'hsr' [ 626.759454][T28998] Cannot create hsr debugfs directory [ 627.118747][T29197] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7421'. [ 627.144032][T28998] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 627.253114][T28998] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 627.378828][T28998] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 627.489060][T28998] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 627.812130][T28998] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 627.840417][T28998] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 627.861304][T28998] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 627.884220][T28998] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 628.105885][T28998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.139888][T28998] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.189346][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.196510][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.263587][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.270787][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.316194][T29243] tap0: tun_chr_ioctl cmd 1074812117 [ 628.789787][T28676] Bluetooth: hci4: command tx timeout [ 628.873898][T28998] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.983277][T28998] veth0_vlan: entered promiscuous mode [ 629.008118][T28998] veth1_vlan: entered promiscuous mode [ 629.066818][T28998] veth0_macvtap: entered promiscuous mode [ 629.091785][T28998] veth1_macvtap: entered promiscuous mode [ 629.132010][T28998] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 629.161474][T28998] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 629.191286][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.211748][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.239916][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.248661][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.478275][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.504133][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.598379][T29282] syzkaller0: entered promiscuous mode [ 629.620590][T29282] syzkaller0: entered allmulticast mode [ 629.786143][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.798191][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 631.690836][T29296] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7461'. [ 632.212829][T29313] syzkaller0: entered allmulticast mode [ 632.368243][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 632.415056][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 632.424900][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 632.432867][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 632.441718][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 634.479997][ T5853] Bluetooth: hci0: command tx timeout [ 634.628463][T29348] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 634.669870][T29325] lo speed is unknown, defaulting to 1000 [ 634.853915][ T155] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 634.902919][ T155] netdevsim netdevsim3 eth3 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 634.933825][ T155] netdevsim netdevsim3 eth3 (unregistering): unset [0, 2] type 1 family 0 port 256 - 0 [ 634.980000][ T155] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 635.026504][ T155] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 635.149742][T29366] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7491'. [ 635.194932][ T155] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 635.259596][ T155] netdevsim netdevsim3 eth2 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 635.296830][ T155] netdevsim netdevsim3 eth2 (unregistering): unset [0, 2] type 1 family 0 port 256 - 0 [ 635.329327][ T155] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 635.339189][ T155] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 635.829044][ T155] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 635.860085][ T155] netdevsim netdevsim3 eth1 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 635.891698][ T155] netdevsim netdevsim3 eth1 (unregistering): unset [0, 2] type 1 family 0 port 256 - 0 [ 635.930281][ T155] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 635.950104][ T155] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 635.975765][T29388] netlink: 'syz.0.7501': attribute type 32 has an invalid length. [ 636.058172][ T155] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 636.099494][ T155] netdevsim netdevsim3 eth0 (unregistering): unset [0, 1] type 1 family 0 port 49153 - 0 [ 636.123679][ T155] netdevsim netdevsim3 eth0 (unregistering): unset [0, 2] type 1 family 0 port 256 - 0 [ 636.145807][ T155] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 636.169998][ T155] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 636.349202][T29406] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7510'. [ 636.486852][T29325] chnl_net:caif_netlink_parms(): no params data found [ 636.549968][ T5853] Bluetooth: hci0: command tx timeout [ 636.687741][ T155] tipc: Resetting bearer [ 637.564711][T29464] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7524'. [ 637.624041][ T155] tipc: Disabling bearer [ 638.406682][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.422229][ T155] bond0 (unregistering): Released all slaves [ 638.543209][ T155] bond1 (unregistering): Released all slaves [ 638.639586][ T5853] Bluetooth: hci0: command tx timeout [ 638.667459][ T155] bond2 (unregistering): Released all slaves [ 638.685469][ T155] bond3 (unregistering): Released all slaves [ 638.706177][ T155] bond4 (unregistering): Released all slaves [ 638.885296][ T155] : left promiscuous mode [ 639.048635][ T155] tipc: Left network mode [ 639.049536][T29325] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.060244][T29325] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.076479][T29325] bridge_slave_0: entered allmulticast mode [ 639.101540][T29325] bridge_slave_0: entered promiscuous mode [ 639.112562][T29325] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.134016][T29325] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.149089][T29325] bridge_slave_1: entered allmulticast mode [ 639.171313][T29325] bridge_slave_1: entered promiscuous mode [ 639.282633][T29325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 639.347913][T29325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 639.784413][T29325] team0: Port device team_slave_0 added [ 639.832865][T29325] team0: Port device team_slave_1 added [ 639.866693][T29507] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7543'. [ 639.876128][T29508] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7542'. [ 640.030251][T29325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 640.037242][T29325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 640.109476][T29325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 640.168636][T29325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 640.189429][T29325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 640.259724][T29325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 640.521854][T29529] netlink: 220 bytes leftover after parsing attributes in process `syz.0.7553'. [ 640.546224][T29325] hsr_slave_0: entered promiscuous mode [ 640.560649][T29325] hsr_slave_1: entered promiscuous mode [ 640.580709][T29325] debugfs: 'hsr0' already exists in 'hsr' [ 640.586481][T29325] Cannot create hsr debugfs directory [ 640.709440][ T5853] Bluetooth: hci0: command tx timeout [ 641.650403][T29579] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7573'. [ 641.853923][ T155] hsr_slave_0: left promiscuous mode [ 641.870187][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 641.877649][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.943054][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 641.960432][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.030707][ T155] veth0_macvtap: left allmulticast mode [ 642.046614][ T155] veth1_vlan: left allmulticast mode [ 642.059731][ T155] veth0_macvtap: left promiscuous mode [ 642.079707][ T155] veth1_vlan: left promiscuous mode [ 642.095571][ T155] veth0_vlan: left promiscuous mode [ 642.643231][ T155] pim6reg527 (unregistering): left allmulticast mode [ 642.783251][ T12] smc: removing ib device  [ 643.113592][ T155] team0 (unregistering): Port device team_slave_1 removed [ 644.500029][T29653] lo speed is unknown, defaulting to 1000 [ 644.505888][T29325] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 644.560149][T29325] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 644.700414][T29325] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 644.826463][T29325] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 645.220020][T29325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 645.346742][T29325] 8021q: adding VLAN 0 to HW filter on device team0 [ 645.388938][ T6421] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.396143][ T6421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 645.474010][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state [ 645.481199][ T6421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 646.069686][T29710] tipc: Enabling not permitted [ 646.085779][T29710] tipc: Enabling of bearer rejected, failed to enable media [ 646.234840][ T155] IPVS: stop unused estimator thread 0... [ 646.273001][T29325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 646.481139][T29724] netlink: 'syz.2.7634': attribute type 10 has an invalid length. [ 646.532291][T29727] netlink: 'syz.2.7634': attribute type 10 has an invalid length. [ 646.565749][T29724] team0: Port device dummy0 added [ 646.601775][T29723] bond0: (slave gre0): Error: Device type is different from other slaves [ 646.635305][T29727] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 646.702062][T29727] team0: Failed to send options change via netlink (err -105) [ 646.734091][T29727] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 646.744449][T29733] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 646.759758][T29727] team0: Port device dummy0 removed [ 646.798157][T29325] veth0_vlan: entered promiscuous mode [ 646.825795][T29325] veth1_vlan: entered promiscuous mode [ 646.958261][T29737] xt_connbytes: Forcing CT accounting to be enabled [ 646.960261][T29325] veth0_macvtap: entered promiscuous mode [ 646.975610][T29325] veth1_macvtap: entered promiscuous mode [ 646.982142][T29737] Cannot find set identified by id 65470 to match [ 647.036222][T29325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 647.065388][T29325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 647.126654][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.148851][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.177108][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.211113][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.409135][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.442931][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.475348][T29757] syz_tun: entered allmulticast mode [ 647.504806][T29756] syz_tun: left allmulticast mode [ 647.555647][ T5082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.589410][ T5082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.689179][T29763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7652'. [ 647.734241][T29765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7654'. [ 647.837705][ T150] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 647.865929][ T150] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 647.905213][ T150] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 647.945669][ T150] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 648.296891][T29793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7664'. [ 648.322315][T28676] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 648.332332][T28676] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 648.346421][T28676] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 648.354640][T28676] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 648.363127][T28676] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 648.384523][T29789] dummy0: entered promiscuous mode [ 648.421112][T29789] vlan2: entered promiscuous mode [ 648.599525][T29793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7664'. [ 648.610245][ T155] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 648.639522][ T155] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 648.679614][ T155] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 648.710947][ T150] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 648.946915][T29790] lo speed is unknown, defaulting to 1000 [ 648.989052][ T5082] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.238896][ T5082] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.325152][T29819] 8021q: adding VLAN 0 to HW filter on device bond1 [ 649.524705][ T5082] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.576278][T29835] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7679'. [ 649.794100][T29834] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.805570][T29834] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.868680][ T5082] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.968618][T29834] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 649.981231][T29834] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.174033][T29834] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 650.207476][T29834] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.383474][T29834] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 650.394465][T28676] Bluetooth: hci3: command tx timeout [ 650.438771][T29834] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.487364][T29790] chnl_net:caif_netlink_parms(): no params data found [ 650.698287][ T5082] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 650.713982][ T5082] bridge0: port 3(wlan0) entered disabled state [ 651.561530][ T5082] bond4 (unregistering): (slave geneve2): Releasing active interface [ 651.853844][ T5082] bond7 (unregistering): (slave netdevsim0): Releasing backup interface [ 652.135488][ T5082]  (unregistering): Released all slaves [ 652.147574][ T5082] bond1 (unregistering): Released all slaves [ 652.168945][ T5082] bond2 (unregistering): Released all slaves [ 652.192583][ T5082] bond3 (unregistering): Released all slaves [ 652.214872][ T5082] bond0 (unregistering): Released all slaves [ 652.357931][ T5082] bond4 (unregistering): Released all slaves [ 652.473898][T28676] Bluetooth: hci3: command tx timeout [ 652.494242][ T5082] bond5 (unregistering): Released all slaves [ 652.621547][ T5082] bond6 (unregistering): Released all slaves [ 652.641400][ T5082] bond7 (unregistering): Released all slaves [ 652.743745][ T150] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 652.766007][ T150] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.863481][ T5082] : left promiscuous mode [ 652.945547][ T6416] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 652.969414][ T6416] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.079105][ T5082] 9: left promiscuous mode [ 653.094230][T29790] bridge0: port 1(bridge_slave_0) entered blocking state [ 653.118841][T29790] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.141247][T29790] bridge_slave_0: entered allmulticast mode [ 653.157963][T29790] bridge_slave_0: entered promiscuous mode [ 653.235058][ T5082] tipc: Left network mode [ 653.235188][T29790] bridge0: port 2(bridge_slave_1) entered blocking state [ 653.254447][T29790] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.275192][T29790] bridge_slave_1: entered allmulticast mode [ 653.294814][T29790] bridge_slave_1: entered promiscuous mode [ 653.315832][ T6416] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 653.331939][ T6416] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.434555][T29899] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7704'. [ 653.509421][T29899] netlink: 'syz.3.7704': attribute type 1 has an invalid length. [ 653.518546][ T6416] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 653.545420][ T6416] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.654189][T29790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.765246][T29790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.964151][T29790] team0: Port device team_slave_0 added [ 654.047931][T29790] team0: Port device team_slave_1 added [ 654.173329][T29790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.189444][T29790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 654.213664][ T5904] hid-generic 0005:16C0:000F.0002: item fetching failed at offset 1/3 [ 654.224322][ T5904] hid-generic 0005:16C0:000F.0002: probe with driver hid-generic failed with error -22 [ 654.257712][T29790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.320227][T29790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.358850][T29790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 654.405008][T29790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 654.552010][T28676] Bluetooth: hci3: command tx timeout [ 654.839972][T29790] hsr_slave_0: entered promiscuous mode [ 654.857151][T29790] hsr_slave_1: entered promiscuous mode [ 654.881043][T29790] debugfs: 'hsr0' already exists in 'hsr' [ 654.887167][T29790] Cannot create hsr debugfs directory [ 655.776963][T29950] tipc: Enabled bearer , priority 0 [ 655.805612][T29949] syzkaller0: entered promiscuous mode [ 655.819086][T29949] syzkaller0: entered allmulticast mode [ 656.051028][T29950] tipc: Resetting bearer [ 656.106237][T29948] tipc: Resetting bearer [ 656.167755][T29948] tipc: Disabling bearer [ 656.307933][T29943] Set syz0 is full, maxelem 0 reached [ 656.468002][T29966] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 656.633844][T28676] Bluetooth: hci3: command tx timeout [ 656.794861][ T5082] hsr_slave_0: left promiscuous mode [ 656.809344][ T5082] hsr_slave_1: left promiscuous mode [ 656.878747][ T5082] pimreg (unregistering): left allmulticast mode [ 659.021491][T29973] tipc: Started in network mode [ 659.026405][T29973] tipc: Node identity ae2329622cc1, cluster identity 4711 [ 659.044496][T29973] tipc: Enabled bearer , priority 0 [ 659.060770][T29978] syzkaller0: entered promiscuous mode [ 659.079422][T29978] syzkaller0: entered allmulticast mode [ 659.114872][T29890] Set syz1 is full, maxelem 65536 reached [ 659.132324][T29987] tipc: Resetting bearer [ 659.217349][T29972] tipc: Resetting bearer [ 659.316273][T29972] tipc: Disabling bearer [ 659.354386][T29989] lo speed is unknown, defaulting to 1000 [ 659.373592][T29790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 659.441294][T29790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 659.476517][T29790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 659.567162][T29790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 659.710248][ T5082] IPVS: stop unused estimator thread 0... [ 659.842711][T30016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7743'. [ 659.958603][T30020] netlink: 'syz.3.7745': attribute type 10 has an invalid length. [ 659.984574][T30020] team0: Port device dummy0 added [ 660.007626][T29790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 660.052836][T29790] 8021q: adding VLAN 0 to HW filter on device team0 [ 660.095463][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.102705][ T5082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 660.142594][ T6428] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.149803][ T6428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 660.341661][ T6428] bridge_slave_0: left allmulticast mode [ 660.356297][ T6428] bridge_slave_0: left promiscuous mode [ 660.381328][ T6428] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.916457][T30042] netlink: 'syz.1.7754': attribute type 1 has an invalid length. [ 662.145675][ T6428] bond1 (unregistering): Released all slaves [ 662.165948][ T6428] bond2 (unregistering): Released all slaves [ 662.184106][ T6428] bond3 (unregistering): Released all slaves [ 662.212691][ T6428] bond4 (unregistering): Released all slaves [ 662.275021][ T6428] bond5 (unregistering): Released all slaves [ 662.292036][ T6428] bond6 (unregistering): Released all slaves [ 662.432211][ T6428] bond0 (unregistering): Released all slaves [ 662.460167][T30042] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 662.525521][T30046] mac80211_hwsim hwsim108 wlan0: entered promiscuous mode [ 662.750455][T30061] geneve3: left promiscuous mode [ 662.783237][T30061] sit3: left promiscuous mode [ 662.789962][T30061] sit3: left allmulticast mode [ 662.857821][T30061] bond9: left promiscuous mode [ 662.910255][T30061] gretap3: left promiscuous mode [ 662.918730][T30061] gretap3: left allmulticast mode [ 662.951121][T30061] bond10: left allmulticast mode [ 662.985464][ T6428] tipc: Left network mode [ 663.007297][ T65] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 20002 - 0 [ 663.038323][ T65] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 663.064014][ T65] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 20002 - 0 [ 663.091313][ T65] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 663.119421][ T65] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 20002 - 0 [ 663.147301][ T65] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 663.188803][ T65] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 20002 - 0 [ 663.205714][ T65] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 663.251211][T29790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 663.517975][T29790] veth0_vlan: entered promiscuous mode [ 663.625724][T29790] veth1_vlan: entered promiscuous mode [ 663.786148][T29790] veth0_macvtap: entered promiscuous mode [ 663.874438][T29790] veth1_macvtap: entered promiscuous mode [ 663.962234][T29790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 664.051454][T29790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 664.130018][ T5082] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.139216][ T5082] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.175716][ T5082] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.260373][ T5082] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.672941][T30135] block nbd1: Unsupported socket: should be TCP or UNIX. [ 664.704306][T30135] nbd: socks must be embedded in a SOCK_ITEM attr [ 664.961476][ T5082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.990979][ T5082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.251127][ T5082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 665.284574][ T5082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.436368][T30159] netlink: 148 bytes leftover after parsing attributes in process `syz.3.7801'. [ 665.490493][T30163] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 665.870117][ T6428] hsr_slave_0: left promiscuous mode [ 665.891728][ T6428] hsr_slave_1: left promiscuous mode [ 666.053139][ T6428] pim6reg (unregistering): left allmulticast mode [ 666.066268][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 666.077535][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 666.087046][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 666.095085][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 666.103535][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 666.765038][ T6428] team0 (unregistering): Port device team_slave_1 removed [ 666.829974][ T6428] team0 (unregistering): Port device team_slave_0 removed [ 667.116089][ T6428] smc: removing net device caif0 with user defined pnetid SYZ2 [ 667.177611][ T6428] smc: removing net device team0 with user defined pnetid SYZ2 [ 667.218492][T29352] lo speed is unknown, defaulting to 1000 [ 667.238077][T29352] syz2: Port: 1 Link DOWN [ 667.411373][T30187] bridge0: port 2(bridge_slave_1) entered disabled state [ 667.413928][T30195] netlink: 'syz.1.7813': attribute type 10 has an invalid length. [ 667.419042][T30187] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.542124][T30187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 667.562622][T30187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.704646][ T5082] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.763179][ T5082] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.804483][ T5082] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.873238][ T5082] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.149924][T28676] Bluetooth: hci2: command tx timeout [ 668.187054][T30178] chnl_net:caif_netlink_parms(): no params data found [ 668.269110][T30208] netlink: 148 bytes leftover after parsing attributes in process `syz.0.7820'. [ 668.552154][T30178] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.577962][T30178] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.597657][T30178] bridge_slave_0: entered allmulticast mode [ 668.616999][T30178] bridge_slave_0: entered promiscuous mode [ 668.734607][T30227] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.800790][T30178] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.813642][T30178] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.836688][T30178] bridge_slave_1: entered allmulticast mode [ 668.843355][T30233] netlink: 'syz.1.7830': attribute type 10 has an invalid length. [ 668.861008][T30178] bridge_slave_1: entered promiscuous mode [ 668.881525][T30231] bond0: (slave rose0): Releasing backup interface [ 668.920026][T30233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 668.947189][T30233] team0: Port device bond0 added [ 669.006714][T30227] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.092130][T30227] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.116696][T30178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 669.130428][T30178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 669.177997][T30178] team0: Port device team_slave_0 added [ 669.221909][T30227] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.246511][T30178] team0: Port device team_slave_1 added [ 669.295716][T30178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.303096][T30178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 669.330558][T30178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.352459][T30178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 669.365465][T30178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 669.392951][T30178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 669.529158][T30178] hsr_slave_0: entered promiscuous mode [ 669.536213][T30178] hsr_slave_1: entered promiscuous mode [ 669.554886][T30178] debugfs: 'hsr0' already exists in 'hsr' [ 669.566302][T30178] Cannot create hsr debugfs directory [ 669.575875][ T5082] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.694192][ T5082] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.723327][ T6428] IPVS: stop unused estimator thread 0... [ 669.774268][ T6419] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.866340][ T6419] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.229476][T28676] Bluetooth: hci2: command tx timeout [ 671.068080][T30178] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 671.108195][T30178] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 671.184732][T30178] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 671.204957][T30178] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 671.293336][T30292] Bluetooth: MGMT ver 1.23 [ 671.555847][T30178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 671.628593][T30178] 8021q: adding VLAN 0 to HW filter on device team0 [ 671.656574][ T6419] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.663797][ T6419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 671.739772][T30314] netlink: 'syz.3.7863': attribute type 10 has an invalid length. [ 671.744397][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.754764][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 671.923885][T30321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7866'. [ 672.090011][T30327] netlink: 148 bytes leftover after parsing attributes in process `syz.0.7868'. [ 672.309474][T28676] Bluetooth: hci2: command tx timeout [ 672.408874][T30178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.527800][T30349] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6 [ 673.249063][T30178] veth0_vlan: entered promiscuous mode [ 673.296295][T30178] veth1_vlan: entered promiscuous mode [ 673.306154][T30365] : renamed from vlan0 [ 673.345011][T30366] netlink: 148 bytes leftover after parsing attributes in process `syz.4.7883'. [ 673.362994][T30362] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 673.399297][T30362] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.446334][T30371] netlink: 56 bytes leftover after parsing attributes in process `syz.3.7886'. [ 673.503065][T30362] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 673.532694][T30362] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.615089][T30376] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7887'. [ 673.684659][T30362] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 673.689050][T30378] netlink: 'syz.0.7888': attribute type 6 has an invalid length. [ 673.709959][T30362] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.715837][T30378] netlink: 64 bytes leftover after parsing attributes in process `syz.0.7888'. [ 673.751540][T30374] syzkaller1: entered promiscuous mode [ 673.754717][T30378] nbd: couldn't find a device at index 0 [ 673.757394][T30374] syzkaller1: entered allmulticast mode [ 673.793613][T30362] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 673.831420][T30362] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.918796][T30178] veth0_macvtap: entered promiscuous mode [ 673.945662][T30178] veth1_macvtap: entered promiscuous mode [ 674.009224][T30178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 674.052598][T30178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 674.096233][ T65] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.137695][ T65] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.165484][ T6421] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.184078][ T6421] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.389167][ T6421] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.400010][T28676] Bluetooth: hci2: command tx timeout [ 674.444992][ T6421] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.454972][ T6421] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.463633][ T6421] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.496572][ T6421] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.529317][ T6421] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.613644][ T6428] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 674.630557][T30395] netlink: 148 bytes leftover after parsing attributes in process `syz.4.7896'. [ 674.639865][ T6428] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.661162][T30392] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.682089][T30392] bridge_slave_1: left allmulticast mode [ 674.689444][T30392] bridge_slave_1: left promiscuous mode [ 674.702282][T30392] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.754197][T30392] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 674.774870][T30401] netlink: 'syz.0.7898': attribute type 4 has an invalid length. [ 674.861198][T30404] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 674.924214][ T5082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.935848][ T5082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.019952][ T6421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.027818][ T6421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.242974][T30421] netlink: 148 bytes leftover after parsing attributes in process `syz.1.7908'. [ 675.351629][T30428] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7910'. [ 675.531980][T30437] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7915'. [ 675.566810][T30437] bridge_slave_1: left allmulticast mode [ 675.574682][T30437] bridge_slave_1: left promiscuous mode [ 675.589948][T30437] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.613373][T30437] bridge_slave_0: left allmulticast mode [ 675.633186][T30437] bridge_slave_0: left promiscuous mode [ 675.639090][T30437] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.973661][ T6419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.977251][T30457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 676.004978][ T6419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 676.319679][ T30] audit: type=1800 audit(1769433536.866:9): pid=30435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.7912" name="memory.events" dev="tmpfs" ino=469 res=0 errno=0 [ 677.126134][T30504] syzkaller0: entered promiscuous mode [ 677.152666][T30504] syzkaller0: entered allmulticast mode [ 677.562774][T30525] netlink: 'syz.2.7942': attribute type 1 has an invalid length. [ 677.666670][T30527] __nla_validate_parse: 1 callbacks suppressed [ 677.666690][T30527] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7942'. [ 677.940071][T30532] geneve2: entered promiscuous mode [ 677.962008][T30539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7945'. [ 677.971637][T30532] geneve2: entered allmulticast mode [ 678.019980][T30539] bridge_slave_0: left allmulticast mode [ 678.049387][T30539] bridge_slave_0: left promiscuous mode [ 678.055272][T30539] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.321545][T30551] netlink: 'syz.2.7951': attribute type 13 has an invalid length. [ 678.354201][T30553] Bluetooth: MGMT ver 1.23 [ 678.363791][T30553] netlink: 44 bytes leftover after parsing attributes in process `syz.0.7952'. [ 678.634450][T30551] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 678.642307][T30567] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.7958'. [ 678.650273][T30551] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 678.653097][T30566] netlink: 'syz.0.7957': attribute type 10 has an invalid length. [ 678.983037][ T65] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.002114][ T65] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.019539][ T65] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.054975][ T65] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.103536][T30576] netlink: 'syz.2.7962': attribute type 89 has an invalid length. [ 679.148054][T30574] syzkaller0: entered promiscuous mode [ 679.153749][T30574] syzkaller0: entered allmulticast mode [ 679.529837][T30592] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7967'. [ 679.679520][T30598] netlink: 'syz.3.7972': attribute type 1 has an invalid length. [ 679.732580][T30599] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7971'. [ 679.800978][T30602] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7972'. [ 680.080397][T30600] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 680.118483][T30600] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 680.163164][T30610] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7975'. [ 680.235993][T30602] bond1: (slave bridge1): Enslaving as an active interface with a down link [ 680.305501][T30603] geneve2: entered promiscuous mode [ 680.331576][T30603] geneve2: entered allmulticast mode [ 680.360592][T30603] bond1: (slave geneve2): making interface the new active one [ 680.394196][T30603] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 680.417798][ T6428] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.430123][ T6428] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.449056][ T6428] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.472140][ T6428] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.640054][T30625] netlink: 'syz.3.7980': attribute type 10 has an invalid length. [ 680.725538][T30629] tipc: Started in network mode [ 680.738746][T30631] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7984'. [ 680.741693][T30629] tipc: Node identity , cluster identity 4711 [ 680.754806][T30629] tipc: Failed to obtain node identity [ 680.775115][T30629] tipc: Enabling of bearer rejected, failed to enable media [ 680.811584][T30632] syzkaller0: entered promiscuous mode [ 680.817095][T30632] syzkaller0: entered allmulticast mode [ 680.836716][T30634] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7985'. [ 684.008435][T30740] __nla_validate_parse: 1 callbacks suppressed [ 684.008453][T30740] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8030'. [ 684.180942][T30740] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8030'. [ 684.212220][T30744] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7 [ 684.523868][T30755] netlink: 'syz.4.8036': attribute type 9 has an invalid length. [ 684.563517][T30755] netlink: 'syz.4.8036': attribute type 11 has an invalid length. [ 684.589729][T30755] netlink: 'syz.4.8036': attribute type 12 has an invalid length. [ 684.618093][T30755] netlink: 210020 bytes leftover after parsing attributes in process `syz.4.8036'. [ 684.722692][T30755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8036'. [ 684.982979][T30775] Cannot find set identified by id 65534 to match [ 685.384198][T30782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8047'. [ 685.493154][T30782] vlan2: entered promiscuous mode [ 685.498234][T30782] syz_tun: entered promiscuous mode [ 685.574089][T28840] IPVS: starting estimator thread 0... [ 685.669644][T30791] IPVS: using max 28 ests per chain, 67200 per kthread [ 685.970667][T30810] netlink: 'syz.2.8058': attribute type 11 has an invalid length. [ 686.092687][T30817] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.148082][T30818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8059'. [ 686.185027][T30822] syzkaller0: entered promiscuous mode [ 686.199281][T30822] syzkaller0: entered allmulticast mode [ 686.234132][T30817] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.316593][T30817] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.458386][T30817] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.478829][T30835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8066'. [ 686.641604][T30842] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8069'. [ 686.697358][ T6419] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.743321][ T6419] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.792523][ T6419] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.843398][ T6419] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.106007][T30858] syzkaller0: entered promiscuous mode [ 687.140007][T30858] syzkaller0: entered allmulticast mode [ 687.879819][T30877] syzkaller0: entered promiscuous mode [ 687.885339][T30877] syzkaller0: entered allmulticast mode [ 688.738228][T30912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8096'. [ 689.257858][T30925] erspan0: entered promiscuous mode [ 689.747488][T30942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8109'. [ 689.924380][T30952] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8114'. [ 689.958225][T30952] vlan0: entered promiscuous mode [ 690.002244][T30952] bond0: entered promiscuous mode [ 690.012278][T30952] bond_slave_0: entered promiscuous mode [ 690.027193][T30952] bond_slave_1: entered promiscuous mode [ 690.204358][T30953] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.373417][T30953] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.880184][T30989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8126'. [ 691.067913][T30953] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.209913][T30953] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.289625][T30999] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8131'. [ 691.330572][T30999] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 691.498859][T31007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8134'. [ 691.525323][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.575970][ T6428] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.691957][ T6421] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.790459][T31025] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 691.797709][ T24] IPVS: starting estimator thread 0... [ 691.851300][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.895675][T31026] IPVS: using max 32 ests per chain, 76800 per kthread [ 692.623814][T31044] netlink: 2 bytes leftover after parsing attributes in process `syz.3.8145'. [ 692.802063][T31058] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8151'. [ 692.812137][T31055] tipc: Enabled bearer , priority 0 [ 692.820447][T31055] syzkaller0: entered promiscuous mode [ 692.826408][T31055] syzkaller0: entered allmulticast mode [ 692.862776][T31053] tipc: Resetting bearer [ 692.906351][T31053] tipc: Disabling bearer [ 693.884010][T31088] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8162'. [ 695.278689][T31130] tipc: Enabled bearer , priority 0 [ 695.290189][T31130] syzkaller0: entered promiscuous mode [ 695.295694][T31130] syzkaller0: entered allmulticast mode [ 695.371250][T31129] tipc: Resetting bearer [ 695.404574][T31129] tipc: Disabling bearer [ 695.641420][T31144] syzkaller0: entered promiscuous mode [ 695.647597][T31144] syzkaller0: entered allmulticast mode [ 696.762191][T31197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8205'. [ 697.243453][T31214] netlink: 'syz.4.8212': attribute type 1 has an invalid length. [ 697.368806][T31216] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 697.432141][T31216] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 697.596482][T31214] geneve2: entered promiscuous mode [ 697.622335][T31214] geneve2: entered allmulticast mode [ 697.654709][T31214] bond2: (slave geneve2): making interface the new active one [ 697.687544][T31214] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 699.094251][T31302] syzkaller1: entered promiscuous mode [ 699.129556][T31302] syzkaller1: entered allmulticast mode [ 699.884236][T31345] syzkaller1: entered promiscuous mode [ 699.929364][T31345] syzkaller1: entered allmulticast mode [ 700.183419][T31365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8271'. [ 700.193238][T31365] bridge_slave_1: left allmulticast mode [ 700.199998][T31365] bridge_slave_1: left promiscuous mode [ 700.210331][T31365] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.222998][T31365] bridge_slave_0: left allmulticast mode [ 700.234625][T31365] bridge_slave_0: left promiscuous mode [ 700.242855][T31365] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.897027][T31388] syzkaller0: entered promiscuous mode [ 700.921079][T31388] syzkaller0: entered allmulticast mode [ 701.105900][T31395] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8284'. [ 701.273451][T31400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8285'. [ 702.170062][T31415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 702.750468][T31443] netlink: 'syz.1.8300': attribute type 89 has an invalid length. [ 702.890847][T31448] syzkaller0: entered promiscuous mode [ 702.898418][T31448] syzkaller0: entered allmulticast mode [ 704.368035][T31502] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.375738][T31502] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.507429][T31502] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 704.523802][T31502] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.709130][T31506] sch_tbf: peakrate 4371928080232180342 is lower than or equals to rate 17839573476630410903 ! [ 704.731704][ T6419] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.838720][ T6419] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 704.875920][ T6419] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.787634][ T6419] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 705.920905][T31540] bond0: (slave rose0): Enslaving as an active interface with an up link [ 706.363633][T31573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8344'. [ 706.413815][T31573] bridge_slave_1: left allmulticast mode [ 706.427767][T31573] bridge_slave_1: left promiscuous mode [ 706.443019][T31573] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.473977][T31573] bridge_slave_0: left allmulticast mode [ 706.488169][T31573] bridge_slave_0: left promiscuous mode [ 706.497625][T31573] bridge0: port 1(bridge_slave_0) entered disabled state [ 707.602243][T31625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8362'. [ 708.115313][T31616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 708.759846][T31672] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8377'. [ 709.639050][T31709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8394'. [ 709.866361][T31715] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8 [ 709.928950][T31717] syzkaller0: entered promiscuous mode [ 709.982606][T31717] syzkaller0: entered allmulticast mode [ 710.674145][T31740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8402'. [ 710.692786][T31740] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8402'. [ 710.710961][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 710.711070][T31740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8402'. [ 710.728276][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 710.728318][ T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 710.728351][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 710.759387][T31740] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8402'. [ 711.083137][T31752] syzkaller0: entered promiscuous mode [ 711.095508][T31752] syzkaller0: entered allmulticast mode [ 711.195239][T31756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8406'. [ 711.346309][T31649] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 711.642236][T31768] TCP: tcp_parse_options: Illegal window scaling value 215 > 14 received [ 711.851230][T31780] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 711.874812][T31780] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.976702][T31780] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 712.025787][T31780] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.101207][T31780] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 712.149796][T31780] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.261469][T31780] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 712.290071][T31780] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.452351][ T6428] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 712.475102][ T6428] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.510503][T31810] xt_hashlimit: size too large, truncated to 1048576 [ 712.541568][ T6428] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 712.567756][ T6428] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.623250][ T50] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 712.651049][T31811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8426'. [ 712.655690][ T50] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.903908][ T50] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 712.967524][ T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.982411][T31813] mac80211_hwsim hwsim110 syzkaller0: entered promiscuous mode [ 712.998124][T31813] mac80211_hwsim hwsim110 syzkaller0: entered allmulticast mode [ 713.726720][T31843] netlink: 64 bytes leftover after parsing attributes in process `syz.3.8438'. [ 714.698108][T31883] netlink: 64 bytes leftover after parsing attributes in process `syz.4.8449'. [ 715.731996][T31938] [ 715.734554][T31938] ============================= [ 715.739737][T31938] WARNING: suspicious RCU usage [ 715.744877][T31938] syzkaller #0 Not tainted [ 715.749834][T31938] ----------------------------- [ 715.754696][T31938] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 715.763487][T31938] [ 715.763487][T31938] other info that might help us debug this: [ 715.763487][T31938] [ 715.774066][T31938] [ 715.774066][T31938] rcu_scheduler_active = 2, debug_locks = 1 [ 715.783041][T31938] 1 lock held by syz.4.8471/31938: [ 715.788891][T31938] #0: ffffffff8e55a540 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x80 [ 715.799411][T31938] [ 715.799411][T31938] stack backtrace: [ 715.805316][T31938] CPU: 1 UID: 0 PID: 31938 Comm: syz.4.8471 Not tainted syzkaller #0 PREEMPT(full) [ 715.805343][T31938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 715.805356][T31938] Call Trace: [ 715.805365][T31938] [ 715.805373][T31938] dump_stack_lvl+0xe8/0x150 [ 715.805405][T31938] lockdep_rcu_suspicious+0x13f/0x1d0 [ 715.805441][T31938] get_callchain_entry+0x2b6/0x3c0 [ 715.805473][T31938] get_perf_callchain+0xcb/0x830 [ 715.805506][T31938] ? __pfx_get_perf_callchain+0x10/0x10 [ 715.805537][T31938] ? __resched_curr+0x202/0x3f0 [ 715.805561][T31938] __bpf_get_stack+0x445/0xab0 [ 715.805606][T31938] ? __pfx___bpf_get_stack+0x10/0x10 [ 715.805637][T31938] ? __lock_acquire+0x6b5/0x2cf0 [ 715.805668][T31938] bpf_get_stack+0x33/0x50 [ 715.805693][T31938] ? bpf_prog_42db8cfdf50901c9+0x46/0x4e [ 715.805712][T31938] bpf_get_stack_raw_tp+0x1a9/0x220 [ 715.805745][T31938] bpf_prog_42db8cfdf50901c9+0x46/0x4e [ 715.805765][T31938] bpf_prog_run_pin_on_cpu+0x3b4/0x470 [ 715.805794][T31938] bpf_prog_test_run_syscall+0x318/0x4c0 [ 715.805819][T31938] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 715.805840][T31938] ? __fget_files+0x2a/0x420 [ 715.805865][T31938] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 715.805886][T31938] bpf_prog_test_run+0x2c7/0x340 [ 715.805909][T31938] __sys_bpf+0x5cb/0x920 [ 715.805929][T31938] ? __pfx___sys_bpf+0x10/0x10 [ 715.805965][T31938] ? rcu_is_watching+0x15/0xb0 [ 715.805992][T31938] __x64_sys_bpf+0x7c/0x90 [ 715.806019][T31938] do_syscall_64+0xe2/0xf80 [ 715.806037][T31938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.806057][T31938] ? trace_irq_disable+0x37/0x100 [ 715.806076][T31938] ? clear_bhb_loop+0x60/0xb0 [ 715.806099][T31938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.806119][T31938] RIP: 0033:0x7fa5e099aeb9 [ 715.806138][T31938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 715.806156][T31938] RSP: 002b:00007fa5e192e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 715.806177][T31938] RAX: ffffffffffffffda RBX: 00007fa5e0c15fa0 RCX: 00007fa5e099aeb9 [ 715.806193][T31938] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 715.806207][T31938] RBP: 00007fa5e0a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 715.806220][T31938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.806232][T31938] R13: 00007fa5e0c16038 R14: 00007fa5e0c15fa0 R15: 00007ffc655b15e8 [ 715.806265][T31938]