last executing test programs: 3.3752076s ago: executing program 0 (id=2438): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private2, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x1, 0x1}, {{@in6=@mcast2, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 3.281916448s ago: executing program 0 (id=2439): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x34, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVKEY={0x18, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x202}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x80) 2.408892427s ago: executing program 0 (id=2447): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x15, 0x0, &(0x7f0000000380)="f6f4e9a1d78ad62ceef1884386dd78bb3fb7dbfc81", 0x0, 0xa1b, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) 2.249740245s ago: executing program 0 (id=2451): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0xb0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3d, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0xfffffffffffffffe, @random=0x7, 0x1, @void, @void, @void, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa706}}, @void, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_BEACON_TAIL={0x3c, 0xf, [@random={0x1, 0x36, "4e39eb2fa0ebfa37a9e75bb5031cccaaa606f18768168a17a99b757a2439fb000000063e8c595e9d976e66fd76e26506a3f338eee006"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 1.909449309s ago: executing program 1 (id=2462): sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x28, 0x10, 0x0, 0x101, 0x0, 0x25dfdbfe, {0x7}, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x6}, @nested={0xc, 0xe8, 0x0, 0x1, [@typed={0x8, 0x31, 0x0, 0x0, @uid}]}]}, 0x28}}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0xfe33) 1.879436994s ago: executing program 0 (id=2464): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004010100000000000002000000020000df"], 0x0, 0x3e, 0x0, 0x1}, 0x28) 1.860980946s ago: executing program 1 (id=2465): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r3}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff2, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000005840)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {0x2, 0xf}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800) 1.653923039s ago: executing program 1 (id=2469): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fddbdf252100000008000300", @ANYRES32=r3], 0x24}}, 0x40084) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x480d5}, 0x0) 1.600141681s ago: executing program 1 (id=2473): socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0xfffffffffffffee7, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x40}, 0x404c850) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) connect$unix(r3, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 1.417277829s ago: executing program 3 (id=2479): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@ipv6_newrule={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x81, 0x80, 0x80}}, 0x1c}}, 0x0) 1.374964892s ago: executing program 0 (id=2480): socket$packet(0x11, 0x2, 0x300) unshare(0x20040600) r0 = socket$inet(0x2, 0x1, 0x100) listen(r0, 0x7fff) pselect6(0x40, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x4}, 0x0, 0x0) 1.269887573s ago: executing program 3 (id=2482): r0 = socket(0x2a, 0x2, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000680)=ANY=[], 0x44}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, '.,\\-\\}d'}, @TCA_DEF_PARMS={0x18, 0x2, {0x55b, 0x2, 0x10000000, 0x7, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0xd}}]}, 0x98}}, 0x40801) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.249026156s ago: executing program 3 (id=2484): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x2a020400) ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0) 1.144281395s ago: executing program 3 (id=2489): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@bridge_setlink={0x44, 0x13, 0xa2f, 0x70bd2b, 0x25cfdbfd, {0x7, 0x0, 0x68, r1, 0x16318, 0x68a}, [@IFLA_LINKINFO={0x24, 0x1a, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x4, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xb8, 0x2}}]}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x8004) 939.338466ms ago: executing program 3 (id=2493): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$nci(r0, 0x0, 0xfffffeea) 813.392009ms ago: executing program 3 (id=2496): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'macsec0\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'macsec0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x20008050) 723.98346ms ago: executing program 4 (id=2498): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004e40)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYBLOB="00008000000000001800348005"], 0x38}, 0x1, 0x300}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 657.930093ms ago: executing program 2 (id=2499): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @empty, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x6071, 0x0, 0x9}}}}}}, 0x0) 657.784936ms ago: executing program 1 (id=2500): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={0x0, 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a14000000020a497f75241d4e1deb00000500000614000000110001"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0xc050) 642.806572ms ago: executing program 4 (id=2501): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000007500000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x18) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@empty, {0x0, 0x0, 0x0, 0x8, 0x0, 0x100, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {}, 0x70bd28, 0x3500, 0xa, 0x4}}, 0xf0}, 0x1, 0x0, 0x0, 0x880}, 0x0) 573.780911ms ago: executing program 1 (id=2503): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) accept$inet6(r1, 0x0, 0x0) 505.652359ms ago: executing program 2 (id=2504): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x40, 0x2}}}}}}, 0x0) 505.475389ms ago: executing program 4 (id=2505): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002"], 0x90}}, 0x0) 410.248099ms ago: executing program 2 (id=2506): socket(0x8000000010, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="300000001c00357428bd7000fed3df2502000000", @ANYRES32=r1, @ANYBLOB="050007040a0001000180c2000001000008000f0001"], 0x76}}, 0x80c0) 364.857305ms ago: executing program 4 (id=2507): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003"], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0) 273.425861ms ago: executing program 2 (id=2508): sendmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000090000007497d28bb4bd6000f000000000000000000000000000000005592f873b8602c42bf95ce259ab5b5d28f66122d2df218e301fad9b5fbfee69be4bf055cfdd118a4d5d66e9f8d31be15c0f21af4d5b036184e0b5fc73b760a651c107fae078db0fbb0e195dd52fb26da984ae503214c4a120d04a24a29f33be9873a7290dabf48dd88dcd4356d6e22a74bb"], 0x208}}], 0x1, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 120.99778ms ago: executing program 2 (id=2509): bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x18}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 58.278926ms ago: executing program 4 (id=2510): syz_emit_ethernet(0x5a, &(0x7f0000000ac0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x2, 0x10, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e23, 0x38, 0x0, @gue={{0x2, 0x1, 0x3, 0x4, 0x100}, "39d385e3df668f339a422a9b97b6e62eac41f3df78932adfb308c570927df5ef18818efd0ac910ae"}}}}}}, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000080)={@random="e90c610faca2", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "c920c558a24cccfd32f59f5f4448d864f8cbae18e20f152b", "9edf2ab500b0896640989ed957001d81e420396b314c780c92ee523d7990dac5"}}}}}}, 0x0) 13.987429ms ago: executing program 2 (id=2511): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)) 0s ago: executing program 4 (id=2512): socket$rxrpc(0x21, 0x2, 0xa) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)=r1}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2}, 0x14) syz_emit_ethernet(0x7a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "bc4a06", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x14}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x3, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}, 0x0) kernel console output (not intermixed with test programs): er after parsing attributes in process `syz.2.53'. [ 83.649956][ T6180] dummy0: entered promiscuous mode [ 83.660525][ T6180] bridge0: port 3(dummy0) entered blocking state [ 83.672452][ T6180] bridge0: port 3(dummy0) entered disabled state [ 83.685485][ T6180] dummy0: entered allmulticast mode [ 83.699082][ T6181] netlink: 128 bytes leftover after parsing attributes in process `syz.0.52'. [ 83.710511][ T5948] IPVS: starting estimator thread 0... [ 83.720198][ T6180] bridge0: port 3(dummy0) entered blocking state [ 83.726892][ T6180] bridge0: port 3(dummy0) entered forwarding state [ 83.811672][ T6189] IPVS: using max 50 ests per chain, 120000 per kthread [ 83.902709][ T6195] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 83.921494][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.58'. [ 83.983682][ T6196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.56'. [ 84.018733][ T6196] netlink: 'syz.3.56': attribute type 1 has an invalid length. [ 84.043849][ T6196] netlink: 224 bytes leftover after parsing attributes in process `syz.3.56'. [ 84.083540][ T6204] netlink: 32 bytes leftover after parsing attributes in process `syz.3.56'. [ 84.243929][ T6211] batadv0: mtu less than device minimum [ 84.252819][ T6211] netlink: 4 bytes leftover after parsing attributes in process `syz.4.62'. [ 84.391365][ T6215] netlink: 'syz.2.63': attribute type 30 has an invalid length. [ 84.400795][ T6215] x_tables: duplicate underflow at hook 2 [ 84.532586][ T6224] netlink: 24 bytes leftover after parsing attributes in process `syz.4.66'. [ 84.563481][ T6224] netlink: 24 bytes leftover after parsing attributes in process `syz.4.66'. [ 84.576459][ T6224] netlink: 'syz.4.66': attribute type 1 has an invalid length. [ 84.728965][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.737920][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.889133][ T6251] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 84.923161][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.969283][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.226071][ T6241] netlink: 'syz.0.69': attribute type 3 has an invalid length. [ 85.236140][ T6247] tipc: Started in network mode [ 85.242473][ T6247] tipc: Node identity 82487998b5d7, cluster identity 4711 [ 85.249991][ T6247] tipc: Enabled bearer , priority 0 [ 85.273286][ T6249] syzkaller0: entered promiscuous mode [ 85.278954][ T6249] syzkaller0: entered allmulticast mode [ 85.287683][ T4574] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.309271][ T6261] tipc: Resetting bearer [ 85.320441][ T6268] Bluetooth: MGMT ver 1.23 [ 85.325760][ T4574] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.335218][ T4574] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.359420][ T6239] tipc: Resetting bearer [ 85.373461][ T6239] tipc: Disabling bearer [ 85.412180][ T3518] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.684061][ T6272] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 85.746133][ T6272] syzkaller1: linktype set to 825 [ 85.801588][ T6286] netlink: 'syz.0.81': attribute type 3 has an invalid length. [ 86.153407][ T6297] delete_channel: no stack [ 86.611873][ T6325] syzkaller0: entered promiscuous mode [ 86.623486][ T6325] syzkaller0: entered allmulticast mode [ 86.863248][ T9] cfg80211: failed to load regulatory.db [ 87.064946][ T6348] syzkaller0: entered promiscuous mode [ 87.070769][ T6348] syzkaller0: entered allmulticast mode [ 87.999205][ T6384] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 88.204166][ T6398] netlink: 'syz.0.107': attribute type 2 has an invalid length. [ 88.361194][ T6406] Driver unsupported XDP return value 0 on prog (id 32) dev N/A, expect packet loss! [ 88.639887][ T6425] trusted_key: syz.4.115 sent an empty control message without MSG_MORE. [ 88.729627][ T6424] syzkaller0: entered promiscuous mode [ 88.735569][ T6424] syzkaller0: entered allmulticast mode [ 89.318968][ T6450] __nla_validate_parse: 9 callbacks suppressed [ 89.318986][ T6450] netlink: 1244 bytes leftover after parsing attributes in process `syz.0.121'. [ 90.638917][ T6477] bridge0: port 3(erspan0) entered blocking state [ 90.652437][ T6477] bridge0: port 3(erspan0) entered disabled state [ 90.671932][ T6477] erspan0: entered allmulticast mode [ 90.686090][ T6477] erspan0: entered promiscuous mode [ 90.702850][ T6477] bridge0: port 3(erspan0) entered blocking state [ 90.705706][ T6483] netlink: 'syz.2.126': attribute type 1 has an invalid length. [ 90.709647][ T6477] bridge0: port 3(erspan0) entered forwarding state [ 90.717934][ T6483] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.126'. [ 90.751994][ T6482] erspan0: left allmulticast mode [ 90.758523][ T6482] erspan0: left promiscuous mode [ 90.763884][ T6482] bridge0: port 3(erspan0) entered disabled state [ 90.943088][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.131'. [ 91.043571][ T6500] netlink: 96 bytes leftover after parsing attributes in process `syz.0.133'. [ 91.056259][ T6500] batadv_slave_0: entered promiscuous mode [ 91.067523][ T6499] batadv_slave_0: left promiscuous mode [ 91.176741][ T6507] netlink: 'syz.4.135': attribute type 89 has an invalid length. [ 91.246439][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'. [ 91.438548][ T6511] netlink: 20 bytes leftover after parsing attributes in process `syz.0.136'. [ 91.491732][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.137'. [ 91.550860][ T6524] pimreg1: tun_chr_ioctl cmd 2147767520 [ 91.572989][ T6523] No such timeout policy "syz0" [ 91.586158][ T6527] netlink: 56 bytes leftover after parsing attributes in process `syz.0.141'. [ 92.090552][ T6550] syzkaller1: entered promiscuous mode [ 92.096353][ T6550] syzkaller1: entered allmulticast mode [ 92.154764][ T6550] IPVS: persistence engine module ip_vs_pe_ not found [ 92.262662][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.147'. [ 92.407365][ T6560] netlink: 20 bytes leftover after parsing attributes in process `syz.3.149'. [ 92.477370][ T6562] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 93.029869][ T6594] netlink: 'syz.2.148': attribute type 10 has an invalid length. [ 93.154455][ T6594] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 93.276219][ T6607] tipc: Started in network mode [ 93.282063][ T6607] tipc: Node identity 16e597ef6746, cluster identity 4711 [ 93.290049][ T6607] tipc: Enabled bearer , priority 0 [ 93.297856][ T6607] syzkaller0: entered promiscuous mode [ 93.303431][ T6607] syzkaller0: entered allmulticast mode [ 93.419921][ T6608] tipc: Resetting bearer [ 93.757084][ T6624] openvswitch: netlink: Actions may not be safe on all matching packets [ 94.056323][ T6634] netlink: 'syz.1.168': attribute type 1 has an invalid length. [ 94.068022][ T6634] warning: `syz.1.168' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.104651][ T6606] tipc: Resetting bearer [ 94.119481][ T6606] tipc: Disabling bearer [ 94.334017][ T6648] __nla_validate_parse: 4 callbacks suppressed [ 94.334034][ T6648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 95.019161][ T6700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.181'. [ 95.215955][ T6710] netlink: 'syz.2.182': attribute type 1 has an invalid length. [ 95.275560][ T6702] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 95.391911][ T6727] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 95.422976][ T6712] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.430856][ T6712] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.567556][ T6712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.604597][ T6712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.789841][ T6710] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 95.912874][ T3518] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.012400][ T6747] netlink: 'syz.3.189': attribute type 1 has an invalid length. [ 96.021661][ T3518] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.072443][ T6751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.189'. [ 96.096405][ T6747] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.118077][ T3518] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.131961][ T6746] syzkaller0: entered promiscuous mode [ 96.137626][ T6746] syzkaller0: entered allmulticast mode [ 96.156617][ T6751] bond1: entered promiscuous mode [ 96.165074][ T3518] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.197267][ T6747] bond1: (slave dummy0): making interface the new active one [ 96.211821][ T6747] dummy0: entered promiscuous mode [ 96.219312][ T6747] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 96.336319][ T6756] netlink: 'syz.4.192': attribute type 12 has an invalid length. [ 96.344347][ T6756] netlink: 'syz.4.192': attribute type 29 has an invalid length. [ 96.352573][ T6756] netlink: 148 bytes leftover after parsing attributes in process `syz.4.192'. [ 96.372337][ T6756] Timeout policy `syz0' can only be used by L3 protocol number 35085 [ 96.713323][ T6778] IPv6: NLM_F_REPLACE set, but no existing node found! [ 96.771516][ T6781] netlink: 12 bytes leftover after parsing attributes in process `syz.4.200'. [ 97.007923][ T6792] netlink: 504 bytes leftover after parsing attributes in process `syz.3.203'. [ 97.038901][ T6795] wg2: entered promiscuous mode [ 97.043810][ T6795] wg2: entered allmulticast mode [ 97.054516][ T6798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.204'. [ 97.056121][ T6792] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 97.274181][ T6808] tipc: Enabled bearer , priority 0 [ 97.295076][ T6808] syzkaller0: entered promiscuous mode [ 97.303691][ T6808] syzkaller0: entered allmulticast mode [ 97.416806][ T6815] tipc: Resetting bearer [ 97.451162][ T6807] tipc: Resetting bearer [ 97.474800][ T6807] tipc: Disabling bearer [ 97.642474][ T6824] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.650300][ T6824] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.747872][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.765545][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.766277][ T6836] netlink: 8 bytes leftover after parsing attributes in process `syz.0.210'. [ 97.784495][ T6836] netlink: 32 bytes leftover after parsing attributes in process `syz.0.210'. [ 97.924809][ T6839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 97.972943][ T6137] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.983718][ T6137] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.994316][ T6137] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.005334][ T6137] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.126689][ T6832] tap0: tun_chr_ioctl cmd 1074025677 [ 98.158555][ T6832] tap0: linktype set to 0 [ 98.179872][ T6840] tipc: Started in network mode [ 98.184792][ T6840] tipc: Node identity 1e3e6fb20f25, cluster identity 4711 [ 98.199111][ T6840] tipc: Enabled bearer , priority 0 [ 98.238808][ T6845] syzkaller0: entered promiscuous mode [ 98.248418][ T6845] syzkaller0: entered allmulticast mode [ 98.312007][ T6831] infiniband syz2: set down [ 98.330648][ T6831] infiniband syz2: added ipvlan0 [ 98.336369][ T6840] tipc: Resetting bearer [ 98.357844][ T6831] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 98.368631][ T6831] infiniband syz2: Couldn't open port 1 [ 98.432721][ T6831] RDS/IB: syz2: added [ 98.437437][ T6831] smc: adding ib device syz2 with port count 1 [ 98.451754][ T6831] smc: ib device syz2 port 1 has no pnetid [ 98.494542][ T6859] netlink: 'syz.4.221': attribute type 3 has an invalid length. [ 98.751690][ T6838] tipc: Resetting bearer [ 98.766756][ T6838] tipc: Disabling bearer [ 99.406495][ T6895] netlink: 'syz.1.231': attribute type 1 has an invalid length. [ 99.456895][ T6895] bond2: entered promiscuous mode [ 99.462890][ T6895] 8021q: adding VLAN 0 to HW filter on device bond2 [ 99.469766][ T6899] __nla_validate_parse: 5 callbacks suppressed [ 99.469783][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.232'. [ 99.493411][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.231'. [ 99.540264][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.231'. [ 99.670975][ T6895] bond2: (slave bridge2): making interface the new active one [ 99.678864][ T6895] bridge2: entered promiscuous mode [ 99.686498][ T6895] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 99.777367][ T6908] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 99.868736][ T6914] netlink: 'syz.4.237': attribute type 1 has an invalid length. [ 99.883843][ T6914] netlink: 36 bytes leftover after parsing attributes in process `syz.4.237'. [ 99.895954][ T6911] sctp: [Deprecated]: syz.3.234 (pid 6911) Use of int in max_burst socket option. [ 99.895954][ T6911] Use struct sctp_assoc_value instead [ 99.915321][ T6914] netlink: 'syz.4.237': attribute type 1 has an invalid length. [ 99.930808][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.237'. [ 100.233156][ T6928] netlink: 68 bytes leftover after parsing attributes in process `syz.2.242'. [ 100.244306][ T6931] netlink: 'syz.4.243': attribute type 8 has an invalid length. [ 100.256412][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.4.243'. [ 100.272088][ T6931] bond0: entered promiscuous mode [ 100.277332][ T6931] bond_slave_0: entered promiscuous mode [ 100.286724][ T6931] bond_slave_1: entered promiscuous mode [ 100.296990][ T6931] geneve0: entered promiscuous mode [ 100.306019][ T6931] team_slave_0: entered promiscuous mode [ 100.312158][ T6931] team_slave_0: left promiscuous mode [ 100.318238][ T6931] bond0: left promiscuous mode [ 100.323577][ T6931] bond_slave_0: left promiscuous mode [ 100.330001][ T6931] bond_slave_1: left promiscuous mode [ 100.337264][ T6931] geneve0: left promiscuous mode [ 100.716242][ T1987] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 100.724629][ T1987] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 100.738612][ T6724] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 100.868717][ T6724] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 100.888719][ T6724] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 101.016089][ T6968] netlink: 'syz.2.252': attribute type 2 has an invalid length. [ 101.033192][ T6968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 101.081419][ T6968] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 101.106717][ T6968] macvtap1: entered promiscuous mode [ 101.123904][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 101.320805][ T5941] IPVS: starting estimator thread 0... [ 101.332822][ T6983] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 101.408509][ T6984] IPVS: using max 40 ests per chain, 96000 per kthread [ 101.511502][ T6994] macsec1: entered promiscuous mode [ 101.528196][ T6994] bridge0: entered promiscuous mode [ 101.535081][ T6994] bridge0: port 3(macsec1) entered blocking state [ 101.552633][ T6997] netlink: 'syz.2.258': attribute type 1 has an invalid length. [ 101.558463][ T6994] bridge0: port 3(macsec1) entered disabled state [ 101.560500][ T6997] netlink: 'syz.2.258': attribute type 2 has an invalid length. [ 101.574873][ T6997] netlink: 'syz.2.258': attribute type 1 has an invalid length. [ 101.584272][ T6997] netlink: 16 bytes leftover after parsing attributes in process `syz.2.258'. [ 101.602856][ T6994] macsec1: entered allmulticast mode [ 101.608196][ T6994] bridge0: entered allmulticast mode [ 101.635490][ T6994] macsec1: left allmulticast mode [ 101.650306][ T6994] bridge0: left allmulticast mode [ 101.687419][ T6994] bridge0: left promiscuous mode [ 102.031772][ T7024] 8021q: adding VLAN 0 to HW filter on device bond2 [ 102.159846][ T7024] bond2 (unregistering): Released all slaves [ 102.502496][ T7045] netlink: Conntrack attr has 4 unknown bytes [ 102.820657][ T7060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.948855][ T7065] netlink: 'syz.2.277': attribute type 13 has an invalid length. [ 103.047746][ T7065] bridge0: port 3(dummy0) entered disabled state [ 103.054388][ T7065] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.062122][ T7065] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.196876][ T7065] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.216118][ T7065] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.431160][ T1987] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.448769][ T1987] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.469369][ T1987] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.597017][ T1987] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.794359][ T7091] netlink: 'syz.3.284': attribute type 21 has an invalid length. [ 104.548626][ T7116] __nla_validate_parse: 11 callbacks suppressed [ 104.548644][ T7116] netlink: 20 bytes leftover after parsing attributes in process `syz.2.291'. [ 104.603686][ T7116] netlink: 20 bytes leftover after parsing attributes in process `syz.2.291'. [ 104.613048][ T7116] nbd: device at index 64 is going down [ 105.384416][ T7160] netlink: 'syz.0.303': attribute type 3 has an invalid length. [ 105.405975][ T7162] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 105.416112][ T7162] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 105.462889][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.305'. [ 105.767528][ T7184] netlink: 'syz.4.311': attribute type 1 has an invalid length. [ 105.816704][ T7189] netlink: 'syz.2.312': attribute type 29 has an invalid length. [ 105.826167][ T7184] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 105.831426][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.2.312'. [ 105.858319][ T7189] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 105.977133][ T7192] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.313'. [ 106.282096][ T7206] tipc: Started in network mode [ 106.287434][ T7206] tipc: Node identity 9e26e0c0ddaa, cluster identity 4711 [ 106.301443][ T7206] tipc: Enabled bearer , priority 0 [ 106.352284][ T7209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.360485][ T7209] team0: left promiscuous mode [ 106.365285][ T7209] team_slave_0: left promiscuous mode [ 106.373121][ T7209] team_slave_1: left promiscuous mode [ 106.380033][ T7209] team0: left allmulticast mode [ 106.384981][ T7209] team_slave_0: left allmulticast mode [ 106.391303][ T7209] team_slave_1: left allmulticast mode [ 106.398188][ T7209] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.413944][ T7209] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 106.442184][ T7206] syzkaller0: entered promiscuous mode [ 106.447727][ T7206] syzkaller0: entered allmulticast mode [ 106.522557][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.2.319'. [ 106.540880][ T7206] tipc: Resetting bearer [ 106.549968][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.2.319'. [ 106.610266][ T7224] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 106.621672][ T7224] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 106.781040][ T7230] netlink: 28 bytes leftover after parsing attributes in process `syz.2.322'. [ 107.196023][ T7205] tipc: Resetting bearer [ 107.265036][ T7205] tipc: Disabling bearer [ 107.349767][ T7255] delete_channel: no stack [ 107.354338][ T7255] delete_channel: no stack [ 108.417870][ T7275] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.335'. [ 108.427486][ T7275] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 108.451818][ T7278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'. [ 108.478195][ T7278] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.599269][ T7286] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 108.606559][ T7286] IPv6: NLM_F_CREATE should be set when creating new route [ 108.614128][ T7286] IPv6: NLM_F_CREATE should be set when creating new route [ 108.876810][ T7302] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 108.926800][ T7302] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 109.055597][ T7306] syz.2.342 (7306) used obsolete PPPIOCDETACH ioctl [ 109.295926][ T7321] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20003 [ 109.677641][ T7337] __nla_validate_parse: 2 callbacks suppressed [ 109.677659][ T7337] netlink: 20 bytes leftover after parsing attributes in process `syz.1.350'. [ 109.799172][ T7339] can: request_module (can-proto-4) failed. [ 109.841455][ T7347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.857594][ T7347] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 109.869802][ T7347] bond0: (slave gre0): Error -95 calling set_mac_address [ 109.955720][ T7354] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 109.965290][ T7354] dvmrp1: linktype set to 270 [ 110.276059][ T7373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.363'. [ 110.377896][ T7373] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.460816][ T7377] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 110.490905][ T7377] 8021q: adding VLAN 0 to HW filter on device bond2 [ 110.506876][ T7377] bond2: (slave lo): Enslaving as an active interface with an up link [ 110.737667][ T7389] bond2 (unregistering): (slave lo): Releasing backup interface [ 110.746869][ T7389] bond2 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 110.762749][ T7389] bond2 (unregistering): Released all slaves [ 110.852106][ T7392] bridge0: port 3(erspan0) entered blocking state [ 110.860506][ T7392] bridge0: port 3(erspan0) entered disabled state [ 110.867153][ T7392] erspan0: entered allmulticast mode [ 110.874453][ T7392] erspan0: entered promiscuous mode [ 110.890715][ T7399] erspan0: left allmulticast mode [ 110.895915][ T7399] erspan0: left promiscuous mode [ 110.903584][ T7399] bridge0: port 3(erspan0) entered disabled state [ 111.021804][ T7405] syzkaller1: entered promiscuous mode [ 111.027339][ T7405] syzkaller1: entered allmulticast mode [ 111.410127][ T7423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.373'. [ 111.811931][ T7428] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 112.073343][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.4.377'. [ 112.352459][ T7441] netlink: 'syz.0.382': attribute type 83 has an invalid length. [ 112.360887][ T7441] netlink: 428 bytes leftover after parsing attributes in process `syz.0.382'. [ 112.372514][ T7441] netlink: 32 bytes leftover after parsing attributes in process `syz.0.382'. [ 112.382292][ T7441] pimreg1: tun_chr_ioctl cmd 1074025673 [ 112.388210][ T7446] pimreg1: tun_chr_ioctl cmd 1074025677 [ 112.399498][ T7446] pimreg1: linktype set to 804 [ 112.415035][ T7449] netlink: 'syz.3.380': attribute type 4 has an invalid length. [ 112.604715][ T7461] bond0: (slave rose0): Enslaving as an active interface with an up link [ 112.682117][ T7464] geneve2: entered promiscuous mode [ 112.836421][ T7469] IPv6: Can't replace route, no match found [ 113.003406][ T7475] netlink: 19 bytes leftover after parsing attributes in process `syz.1.388'. [ 113.094136][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.1.390'. [ 113.106953][ T7480] netlink: 12 bytes leftover after parsing attributes in process `syz.1.390'. [ 113.148768][ T7484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.391'. [ 113.162601][ T7479] bond3: entered promiscuous mode [ 113.168105][ T7479] 8021q: adding VLAN 0 to HW filter on device bond3 [ 113.302969][ T7480] bond4: entered promiscuous mode [ 113.324034][ T7480] 8021q: adding VLAN 0 to HW filter on device bond4 [ 113.449980][ T7505] netlink: 'syz.1.394': attribute type 83 has an invalid length. [ 113.511683][ T7515] netlink: 'syz.1.397': attribute type 1 has an invalid length. [ 113.633452][ T7515] 8021q: adding VLAN 0 to HW filter on device bond6 [ 113.734270][ T7518] 8021q: adding VLAN 0 to HW filter on device bond6 [ 113.744061][ T7518] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address [ 113.755466][ T7518] bond6: (slave vxcan3): Error -95 calling set_mac_address [ 113.866711][ T7524] veth3: entered promiscuous mode [ 113.873102][ T7532] netlink: 'syz.2.402': attribute type 1 has an invalid length. [ 113.888600][ T7532] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 114.012463][ T7546] SET target dimension over the limit! [ 114.083369][ T7546] netlink: 'syz.4.403': attribute type 3 has an invalid length. [ 114.275203][ T7566] IPVS: set_ctl: invalid protocol: 17919 100.1.1.1:20003 [ 114.369031][ T7570] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20000 [ 114.787275][ T7596] batadv_slave_1: entered promiscuous mode [ 114.805164][ T7596] batadv_slave_1: left promiscuous mode [ 114.969565][ T7612] netlink: 'syz.3.417': attribute type 8 has an invalid length. [ 115.370948][ T7628] syzkaller0: entered promiscuous mode [ 115.394604][ T7629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 115.401959][ T7629] IPv6: NLM_F_CREATE should be set when creating new route [ 115.403136][ T7628] syzkaller0: entered allmulticast mode [ 115.409395][ T7629] IPv6: NLM_F_CREATE should be set when creating new route [ 115.667484][ T7636] vlan3: entered promiscuous mode [ 115.685053][ T7636] bond0: entered promiscuous mode [ 115.707869][ T7636] bond_slave_0: entered promiscuous mode [ 115.758829][ T7636] bond_slave_1: entered promiscuous mode [ 116.043764][ T7655] tipc: Enabling of bearer rejected, failed to enable media [ 116.232225][ T7663] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 116.262960][ T7663] SET target dimension over the limit! [ 116.478988][ T7670] xt_connbytes: Forcing CT accounting to be enabled [ 116.697628][ T7674] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 116.704929][ T7674] IPv6: NLM_F_CREATE should be set when creating new route [ 116.712221][ T7674] IPv6: NLM_F_CREATE should be set when creating new route [ 116.822214][ T7679] tipc: Enabled bearer , priority 0 [ 116.861577][ T7679] syzkaller0: entered promiscuous mode [ 116.867099][ T7679] syzkaller0: entered allmulticast mode [ 116.880524][ T7679] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 116.915764][ T7679] tipc: Resetting bearer [ 116.969541][ T7679] tipc: Resetting bearer [ 117.006424][ T7679] tipc: Disabling bearer [ 117.019767][ T7684] netlink: 'syz.4.438': attribute type 13 has an invalid length. [ 117.186696][ T7684] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.194537][ T7684] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.263343][ T7694] __nla_validate_parse: 8 callbacks suppressed [ 117.263360][ T7694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.440'. [ 117.534096][ T7684] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.572879][ T7684] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.154009][ T1987] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.168529][ T1987] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.197319][ T1987] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.222726][ T1987] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.323404][ T7701] netlink: 'syz.2.443': attribute type 4 has an invalid length. [ 118.393975][ T2012] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.407019][ T2012] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.426636][ T2012] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.508856][ T2012] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.586314][ T7713] tipc: Started in network mode [ 118.591491][ T7713] tipc: Node identity ac14140f, cluster identity 4711 [ 118.600002][ T7713] tipc: New replicast peer: 255.255.255.255 [ 118.606688][ T7713] tipc: Enabled bearer , priority 10 [ 118.613464][ T7699] netlink: 'syz.0.441': attribute type 11 has an invalid length. [ 118.622552][ T7699] netlink: 'syz.0.441': attribute type 11 has an invalid length. [ 118.631688][ T7718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.447'. [ 118.635584][ T7699] netlink: 224 bytes leftover after parsing attributes in process `syz.0.441'. [ 118.656136][ T7715] bond1: (slave veth3): Enslaving as an active interface with a down link [ 118.783156][ T7715] bond1: (slave ip6gretap1): making interface the new active one [ 118.792947][ T7715] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 118.810004][ T7733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.450'. [ 118.829445][ T7733] openvswitch: netlink: IP tunnel dst address not specified [ 118.914027][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 119.155079][ T7748] netlink: 52 bytes leftover after parsing attributes in process `syz.2.455'. [ 119.232156][ T7752] netlink: 40 bytes leftover after parsing attributes in process `syz.1.457'. [ 119.339780][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.347244][ T7753] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 119.364070][ T7752] netlink: 32 bytes leftover after parsing attributes in process `syz.1.457'. [ 119.394243][ T7758] 8021q: VLANs not supported on lo [ 119.416807][ T7765] netlink: 20 bytes leftover after parsing attributes in process `syz.4.460'. [ 119.426430][ T7765] netlink: 20 bytes leftover after parsing attributes in process `syz.4.460'. [ 119.720036][ T5832] tipc: Node number set to 2886997007 [ 120.007471][ T7798] x_tables: duplicate underflow at hook 1 [ 120.189822][ T7807] delete_channel: no stack [ 120.501444][ T7832] FAULT_INJECTION: forcing a failure. [ 120.501444][ T7832] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 120.533195][ T7832] CPU: 0 UID: 0 PID: 7832 Comm: syz.3.481 Not tainted syzkaller #0 PREEMPT(full) [ 120.533220][ T7832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 120.533236][ T7832] Call Trace: [ 120.533243][ T7832] [ 120.533251][ T7832] dump_stack_lvl+0x189/0x250 [ 120.533280][ T7832] ? __pfx____ratelimit+0x10/0x10 [ 120.533297][ T7832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.533316][ T7832] ? __pfx__printk+0x10/0x10 [ 120.533357][ T7832] should_fail_ex+0x414/0x560 [ 120.533387][ T7832] _copy_to_user+0x31/0xb0 [ 120.533410][ T7832] simple_read_from_buffer+0xe1/0x170 [ 120.533435][ T7832] proc_fail_nth_read+0x1b3/0x220 [ 120.533457][ T7832] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.533479][ T7832] ? rw_verify_area+0x2a6/0x4d0 [ 120.533495][ T7832] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 120.533514][ T7832] vfs_read+0x200/0xa30 [ 120.533530][ T7832] ? fdget_pos+0x247/0x320 [ 120.533553][ T7832] ? __pfx___mutex_lock+0x10/0x10 [ 120.533572][ T7832] ? __pfx_vfs_read+0x10/0x10 [ 120.533589][ T7832] ? __fget_files+0x2a/0x420 [ 120.533612][ T7832] ? __fget_files+0x3a0/0x420 [ 120.533631][ T7832] ? __fget_files+0x2a/0x420 [ 120.533659][ T7832] ksys_read+0x145/0x250 [ 120.533683][ T7832] ? __pfx_ksys_read+0x10/0x10 [ 120.533704][ T7832] ? do_syscall_64+0xbe/0xf80 [ 120.533727][ T7832] do_syscall_64+0xfa/0xf80 [ 120.533745][ T7832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.533762][ T7832] ? clear_bhb_loop+0x60/0xb0 [ 120.533783][ T7832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.533799][ T7832] RIP: 0033:0x7fc820b8e15c [ 120.533821][ T7832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 120.533834][ T7832] RSP: 002b:00007fc8219b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 120.533856][ T7832] RAX: ffffffffffffffda RBX: 00007fc820de5fa0 RCX: 00007fc820b8e15c [ 120.533866][ T7832] RDX: 000000000000000f RSI: 00007fc8219b40a0 RDI: 0000000000000004 [ 120.533876][ T7832] RBP: 00007fc8219b4090 R08: 0000000000000000 R09: 0000000000000000 [ 120.533887][ T7832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.533897][ T7832] R13: 00007fc820de6038 R14: 00007fc820de5fa0 R15: 00007ffd9853ca78 [ 120.533928][ T7832] [ 120.849352][ T7843] sctp: [Deprecated]: syz.4.485 (pid 7843) Use of struct sctp_assoc_value in delayed_ack socket option. [ 120.849352][ T7843] Use struct sctp_sack_info instead [ 121.375102][ T7869] macsec1: entered allmulticast mode [ 121.386002][ T7869] macsec0: entered allmulticast mode [ 121.395145][ T7872] netlink: 'syz.3.492': attribute type 1 has an invalid length. [ 121.473764][ T7872] 8021q: adding VLAN 0 to HW filter on device bond2 [ 121.911160][ T7910] netlink: 'syz.2.502': attribute type 1 has an invalid length. [ 121.980954][ T7910] bond2: entered promiscuous mode [ 121.986475][ T7910] 8021q: adding VLAN 0 to HW filter on device bond2 [ 122.073781][ T7910] bond2: entered allmulticast mode [ 122.272445][ T7934] __nla_validate_parse: 7 callbacks suppressed [ 122.272463][ T7934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.509'. [ 122.363082][ T7940] netlink: 20 bytes leftover after parsing attributes in process `syz.3.509'. [ 122.789917][ T7952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.514'. [ 122.824384][ T7952] netlink: 'syz.1.514': attribute type 3 has an invalid length. [ 122.850176][ T7952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.514'. [ 123.245046][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032de8c00: rx timeout, send abort [ 123.400099][ T7989] netlink: 36 bytes leftover after parsing attributes in process `syz.3.522'. [ 123.415458][ T7984] netlink: 12 bytes leftover after parsing attributes in process `syz.4.520'. [ 123.569478][ T7996] bond1: (slave dummy0): Releasing active interface [ 123.576135][ T7996] dummy0: left promiscuous mode [ 123.586395][ T7996] bridge_slave_0: left allmulticast mode [ 123.593914][ T7996] bridge_slave_0: left promiscuous mode [ 123.601750][ T7996] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.612046][ T7996] bridge_slave_1: left allmulticast mode [ 123.617742][ T7996] bridge_slave_1: left promiscuous mode [ 123.623744][ T7996] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.634351][ T7996] bond0: (slave bond_slave_0): Releasing backup interface [ 123.643563][ T7996] bond0: (slave bond_slave_1): Releasing backup interface [ 123.661027][ T7996] team0: Port device team_slave_0 removed [ 123.668798][ T7996] team0: Port device team_slave_1 removed [ 123.674921][ T7996] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.683459][ T7996] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.691714][ T7996] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 123.733172][ T8005] netlink: 'syz.4.526': attribute type 1 has an invalid length. [ 123.744450][ T8005] netlink: 'syz.4.526': attribute type 2 has an invalid length. [ 123.752297][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032de9000: rx timeout, send abort [ 123.761190][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032de8c00: abort rx timeout. Force session deactivation [ 123.985020][ T8015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.530'. [ 124.092672][ T8021] netlink: 20 bytes leftover after parsing attributes in process `syz.1.533'. [ 124.103517][ T8021] netlink: 20 bytes leftover after parsing attributes in process `syz.1.533'. [ 124.113164][ T8021] netlink: 7 bytes leftover after parsing attributes in process `syz.1.533'. [ 124.159679][ T8024] syzkaller0: entered promiscuous mode [ 124.165564][ T8024] syzkaller0: entered allmulticast mode [ 124.252376][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032de9000: abort rx timeout. Force session deactivation [ 124.664971][ T8048] netlink: 'syz.4.542': attribute type 2 has an invalid length. [ 124.678793][ T8048] netlink: 'syz.4.542': attribute type 1 has an invalid length. [ 126.062935][ T8116] netlink: 'syz.3.557': attribute type 30 has an invalid length. [ 126.815558][ T8142] syzkaller0: entered promiscuous mode [ 126.822157][ T8142] syzkaller0: entered allmulticast mode [ 126.850637][ T8142] netlink: 'syz.4.564': attribute type 16 has an invalid length. [ 126.869592][ T8142] netlink: 'syz.4.564': attribute type 17 has an invalid length. [ 126.975595][ T8142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.986597][ T8142] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.010878][ T8142] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 127.248065][ T8153] netlink: 'syz.2.566': attribute type 13 has an invalid length. [ 127.415052][ T8143] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 128.305956][ T8153] __nla_validate_parse: 42 callbacks suppressed [ 128.305978][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 128.321765][ T8153] netlink: 'syz.2.566': attribute type 13 has an invalid length. [ 128.330774][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.566'. [ 128.358529][ T150] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.367304][ T150] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.415045][ T150] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.424683][ T150] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.504528][ T8157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.568'. [ 129.556035][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.581'. [ 129.668016][ T8216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.581'. [ 131.296529][ T8231] geneve3: entered promiscuous mode [ 131.553515][ T8243] netlink: 'syz.0.591': attribute type 10 has an invalid length. [ 131.577189][ T8243] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.586840][ T8243] bond0: (slave team0): Enslaving as an active interface with an up link [ 131.639648][ T8249] syzkaller0: entered promiscuous mode [ 131.645168][ T8249] syzkaller0: entered allmulticast mode [ 131.871229][ T8254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.595'. [ 132.433002][ T8269] syzkaller0: entered promiscuous mode [ 132.439426][ T8269] syzkaller0: entered allmulticast mode [ 132.948985][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.006372][ T8278] netlink: 344 bytes leftover after parsing attributes in process `syz.2.602'. [ 133.289725][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.602'. [ 133.322979][ T6002] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.332550][ T6002] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.368578][ T6002] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.432537][ T8302] IPVS: nq: SCTP 172.20.20.187:0 - no destination available [ 133.495052][ T8306] netlink: 12 bytes leftover after parsing attributes in process `syz.4.609'. [ 133.634813][ T6002] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.795319][ T8318] netlink: 20 bytes leftover after parsing attributes in process `syz.2.611'. [ 133.867826][ T8322] netlink: 'syz.3.613': attribute type 10 has an invalid length. [ 133.883164][ T8322] veth1_macvtap: left promiscuous mode [ 133.890717][ T8322] team0: Device veth1_macvtap failed to register rx_handler [ 134.029124][ T8330] bridge0: port 1(macvtap1) entered blocking state [ 134.039680][ T8330] bridge0: port 1(macvtap1) entered disabled state [ 134.046614][ T8330] macvtap1: entered allmulticast mode [ 134.052497][ T8330] bridge0: entered allmulticast mode [ 134.061962][ T8330] macvtap1: left allmulticast mode [ 134.067294][ T8330] bridge0: left allmulticast mode [ 134.152764][ T8335] xt_CT: You must specify a L4 protocol and not use inversions on it [ 134.174412][ T8335] xt_CT: You must specify a L4 protocol and not use inversions on it [ 134.482197][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.617'. [ 134.504302][ T8345] netlink: 108 bytes leftover after parsing attributes in process `syz.3.618'. [ 134.537630][ T8341] syz_tun: entered promiscuous mode [ 134.549321][ T8341] syz_tun: left promiscuous mode [ 134.747553][ T8353] netlink: 'syz.3.620': attribute type 11 has an invalid length. [ 134.758485][ T8353] netlink: 190972 bytes leftover after parsing attributes in process `syz.3.620'. [ 135.005132][ T8364] netlink: 64 bytes leftover after parsing attributes in process `syz.3.623'. [ 135.014542][ T8364] block nbd0: not configured, cannot reconfigure [ 135.018479][ T8362] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 135.118532][ T8369] netlink: 'syz.3.624': attribute type 1 has an invalid length. [ 135.154761][ T8363] netlink: 100 bytes leftover after parsing attributes in process `syz.4.622'. [ 135.240683][ T8369] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 135.463951][ T8376] netlink: 104 bytes leftover after parsing attributes in process `syz.3.625'. [ 135.699020][ T8386] openvswitch: netlink: Flow key attr not present in new flow. [ 135.727399][ T8383] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 135.900684][ T8383] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 135.913346][ T8398] netlink: 80 bytes leftover after parsing attributes in process `syz.1.634'. [ 135.999880][ T8401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.634'. [ 136.152392][ T8383] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.243028][ T8383] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.345174][ T8415] netlink: 'syz.0.637': attribute type 142 has an invalid length. [ 136.407777][ T8430] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 136.429089][ T6002] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.451298][ T6002] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.480487][ T8435] netlink: 'syz.3.643': attribute type 1 has an invalid length. [ 136.488266][ T8435] netlink: 'syz.3.643': attribute type 3 has an invalid length. [ 136.510848][ T6002] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.545806][ T6002] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.402935][ T8491] netlink: 'syz.1.657': attribute type 10 has an invalid length. [ 137.978881][ T8521] Cannot find add_set index 0 as target [ 138.105345][ T8528] syzkaller1: entered promiscuous mode [ 138.118848][ T8528] syzkaller1: entered allmulticast mode [ 138.324069][ T8536] siw: device registration error -23 [ 138.717200][ T8564] __nla_validate_parse: 7 callbacks suppressed [ 138.717218][ T8564] netlink: 48 bytes leftover after parsing attributes in process `syz.1.671'. [ 139.091550][ T8556] bond2: left promiscuous mode [ 139.096351][ T8556] bridge2: left promiscuous mode [ 139.117714][ T8556] bond3: left promiscuous mode [ 139.125445][ T8556] bond4: left promiscuous mode [ 139.131977][ T8556] veth3: left promiscuous mode [ 139.251968][ T8590] netlink: 'syz.2.679': attribute type 13 has an invalid length. [ 139.260287][ T8590] netlink: 16 bytes leftover after parsing attributes in process `syz.2.679'. [ 139.422881][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'. [ 139.422881][ T8601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'. [ 139.422906][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'. [ 139.432143][ T8601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'. [ 139.581459][ T8612] netlink: 9 bytes leftover after parsing attributes in process `syz.1.686'. [ 139.600563][ T8612] .70: renamed from hsr0 [ 139.613572][ T8612] .70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 139.635088][ T8612] .70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 139.649915][ T8612] .70: entered allmulticast mode [ 139.655270][ T8612] hsr_slave_0: entered allmulticast mode [ 139.661271][ T8612] hsr_slave_1: entered allmulticast mode [ 139.668958][ T8612] A link change request failed with some changes committed already. Interface .70 may have been left with an inconsistent configuration, please check. [ 140.085797][ T8630] netlink: 'syz.4.690': attribute type 6 has an invalid length. [ 140.109012][ T8630] netlink: 32 bytes leftover after parsing attributes in process `syz.4.690'. [ 140.161068][ T8634] netlink: 32 bytes leftover after parsing attributes in process `syz.3.692'. [ 140.556350][ T8643] batman_adv: batadv0: Adding interface: ip6gretap1 [ 140.574232][ T8643] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 140.611955][ T8643] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 141.026095][ T8662] pimreg: entered allmulticast mode [ 141.059048][ T8661] pimreg: left allmulticast mode [ 141.611674][ T8681] openvswitch: netlink: Message has 4 unknown bytes. [ 141.789848][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.704'. [ 141.992603][ T8696] netlink: 'syz.1.709': attribute type 1 has an invalid length. [ 142.083853][ T8696] 8021q: adding VLAN 0 to HW filter on device bond7 [ 142.115000][ T8707] bond7: (slave gretap2): making interface the new active one [ 142.160430][ T8707] bond7: (slave gretap2): Enslaving as an active interface with an up link [ 142.377463][ T8696] bond7 (unregistering): (slave gretap2): Releasing active interface [ 142.391405][ T8725] netlink: 'syz.2.714': attribute type 1 has an invalid length. [ 142.407526][ T8696] bond7 (unregistering): Released all slaves [ 142.662947][ T8730] IPVS: set_ctl: invalid protocol: 1535 0.0.0.0:0 [ 143.179639][ T5150] Bluetooth: hci4: command 0x0405 tx timeout [ 143.632193][ T8769] netlink: 'syz.2.724': attribute type 6 has an invalid length. [ 143.769201][ T8781] __nla_validate_parse: 8 callbacks suppressed [ 143.769220][ T8781] netlink: 128 bytes leftover after parsing attributes in process `syz.4.728'. [ 144.027162][ T8788] netlink: 56 bytes leftover after parsing attributes in process `syz.1.730'. [ 144.275105][ T8810] netlink: 20 bytes leftover after parsing attributes in process `syz.3.735'. [ 144.289498][ T8810] netlink: 20 bytes leftover after parsing attributes in process `syz.3.735'. [ 144.386393][ T8814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.732'. [ 144.490612][ T5832] IPVS: starting estimator thread 0... [ 144.521279][ T8817] vlan0: entered promiscuous mode [ 144.526825][ T8817] vlan0: entered allmulticast mode [ 144.532277][ T8817] veth0_vlan: entered allmulticast mode [ 144.542115][ T8817] tipc: Enabled bearer , priority 0 [ 144.552868][ T8817] tipc: Resetting bearer [ 144.588673][ T8819] IPVS: using max 26 ests per chain, 62400 per kthread [ 144.599877][ T8816] tipc: Disabling bearer [ 144.744406][ T8824] pim6reg1: entered allmulticast mode [ 145.034962][ T8837] netlink: 44 bytes leftover after parsing attributes in process `syz.1.741'. [ 145.135248][ T8839] netlink: set zone limit has 4 unknown bytes [ 145.224569][ T8844] netlink: 76 bytes leftover after parsing attributes in process `syz.2.743'. [ 145.503702][ T8866] netlink: 24 bytes leftover after parsing attributes in process `syz.2.751'. [ 145.581559][ T8859] netlink: 308 bytes leftover after parsing attributes in process `syz.0.746'. [ 145.647654][ T8859] netlink: 8 bytes leftover after parsing attributes in process `syz.0.746'. [ 145.672182][ T8876] netlink: 'syz.3.756': attribute type 29 has an invalid length. [ 145.842593][ T8880] syzkaller0: entered promiscuous mode [ 145.848108][ T8880] syzkaller0: entered allmulticast mode [ 148.608109][ T8963] netlink: 'syz.0.775': attribute type 6 has an invalid length. [ 148.618456][ T5835] Bluetooth: hci3: command tx timeout [ 148.640269][ T8953] bond3: Unable to set down delay as MII monitoring is disabled [ 148.664965][ T8953] bond3 (unregistering): Released all slaves [ 148.709624][ T8950] : entered promiscuous mode [ 148.823165][ T8969] __nla_validate_parse: 5 callbacks suppressed [ 148.823518][ T8969] netlink: 20 bytes leftover after parsing attributes in process `syz.4.777'. [ 148.849464][ T8969] netlink: 20 bytes leftover after parsing attributes in process `syz.4.777'. [ 148.889368][ T8969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.777'. [ 148.977835][ T8974] netlink: 'syz.2.778': attribute type 10 has an invalid length. [ 149.092956][ T8974] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 149.121489][ T8985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.780'. [ 149.176337][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.781'. [ 149.196630][ T8974] netem: change failed [ 149.398839][ T8995] netlink: 20 bytes leftover after parsing attributes in process `syz.4.783'. [ 149.417182][ T9001] netlink: 'syz.1.786': attribute type 10 has an invalid length. [ 149.438909][ T9001] team0: Device veth0_vlan failed to register rx_handler [ 149.446464][ T9002] netlink: 12 bytes leftover after parsing attributes in process `syz.2.784'. [ 149.469149][ T8995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.783'. [ 149.478035][ T8995] netlink: 12 bytes leftover after parsing attributes in process `syz.4.783'. [ 149.548036][ T8995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.783'. [ 149.578503][ T4276] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 149.590759][ T4276] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 149.610742][ T4276] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 149.707269][ T4276] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 150.464759][ T9049] syzkaller0: entered promiscuous mode [ 150.475146][ T9049] syzkaller0: entered allmulticast mode [ 152.696551][ T9082] pim6reg1: entered promiscuous mode [ 152.708423][ T9082] pim6reg1: entered allmulticast mode [ 152.892586][ T9081] delete_channel: no stack [ 153.301431][ T9102] netlink: 'syz.1.816': attribute type 8 has an invalid length. [ 153.463633][ T9098] rdma_rxe: rxe_newlink: failed to add veth0_to_team [ 153.538913][ T9111] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 153.868152][ T9106] infiniband syz0: set down [ 153.872922][ T9106] infiniband syz0: added veth0_to_team [ 153.922647][ T9106] RDS/IB: syz0: added [ 153.926828][ T9106] smc: adding ib device syz0 with port count 1 [ 153.937289][ T9106] smc: ib device syz0 port 1 has no pnetid [ 153.973249][ T9133] tipc: Enabled bearer , priority 0 [ 154.007143][ T9126] syzkaller0: entered promiscuous mode [ 154.020925][ T9126] syzkaller0: entered allmulticast mode [ 154.186608][ T9139] netlink: 'syz.0.823': attribute type 1 has an invalid length. [ 154.335467][ T9139] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 154.350595][ T9124] tipc: Resetting bearer [ 154.381258][ T9124] tipc: Disabling bearer [ 154.538718][ T9153] __nla_validate_parse: 9 callbacks suppressed [ 154.538737][ T9153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.825'. [ 154.710275][ T9153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.825'. [ 154.724489][ T9153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.825'. [ 154.810866][ T9168] netlink: 'syz.4.828': attribute type 13 has an invalid length. [ 154.819345][ T9168] netlink: 'syz.4.828': attribute type 17 has an invalid length. [ 154.915904][ T9168] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 155.173875][ T9187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.829'. [ 155.184512][ T9187] Bluetooth: MGMT ver 1.23 [ 155.388600][ T9192] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 155.433821][ T9195] netlink: 212328 bytes leftover after parsing attributes in process `syz.1.835'. [ 155.444044][ T9195] netlink: Unknown conntrack attr (type=2304, max=9) [ 155.640396][ T5835] Bluetooth: hci4: link tx timeout [ 155.645992][ T5835] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.707633][ T9207] bond0: option miimon: invalid value (18446744072730617911) [ 155.715354][ T9207] bond0: option miimon: allowed values 0 - 2147483647 [ 157.044553][ T9251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.849'. [ 157.670323][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 158.035283][ T9264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.080952][ T9264] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 158.284609][ T9312] netlink: 9 bytes leftover after parsing attributes in process `syz.4.862'. [ 158.332909][ T9312] .70: renamed from hsr0 [ 158.343518][ T9312] .70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 158.354882][ T9312] .70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.380132][ T9312] .70: entered allmulticast mode [ 158.385220][ T9312] hsr_slave_0: entered allmulticast mode [ 158.391116][ T9312] hsr_slave_1: entered allmulticast mode [ 158.398226][ T9312] A link change request failed with some changes committed already. Interface .70 may have been left with an inconsistent configuration, please check. [ 158.545067][ T9320] netlink: 24 bytes leftover after parsing attributes in process `syz.4.865'. [ 158.588336][ T9322] netlink: 56 bytes leftover after parsing attributes in process `syz.1.864'. [ 158.620231][ T9322] netlink: 'syz.1.864': attribute type 33 has an invalid length. [ 158.648986][ T9322] netlink: 152 bytes leftover after parsing attributes in process `syz.1.864'. [ 158.684159][ T9322] `: renamed from team0 [ 159.154756][ T9346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.170900][ T9346] 8021q: adding VLAN 0 to HW filter on device ` [ 159.187307][ T9346] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 159.576349][ T9353] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 159.825210][ T9369] __nla_validate_parse: 3 callbacks suppressed [ 159.825227][ T9369] netlink: 32 bytes leftover after parsing attributes in process `syz.4.878'. [ 159.879207][ T9370] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 159.994147][ T9373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.879'. [ 160.475984][ T9393] xt_ipcomp: unknown flags 1D [ 160.786603][ T9402] ip6gre1: entered promiscuous mode [ 160.811164][ T9404] xt_TCPMSS: Only works on TCP SYN packets [ 160.868951][ T9402] netlink: 52 bytes leftover after parsing attributes in process `syz.2.887'. [ 160.889356][ T9406] tipc: Enabled bearer , priority 0 [ 160.919405][ T9406] syzkaller0: entered promiscuous mode [ 160.968712][ T9406] syzkaller0: entered allmulticast mode [ 161.044002][ T9406] tipc: Resetting bearer [ 161.761861][ T9405] tipc: Resetting bearer [ 161.817318][ T9405] tipc: Disabling bearer [ 162.141962][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.898'. [ 162.151093][ T9447] netlink: 12 bytes leftover after parsing attributes in process `syz.2.898'. [ 162.161807][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.898'. [ 162.171330][ T9447] netlink: 12 bytes leftover after parsing attributes in process `syz.2.898'. [ 162.181544][ T9449] SET target dimension over the limit! [ 163.224322][ T9472] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 163.472617][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.911'. [ 163.482577][ T9489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.911'. [ 163.592123][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.911'. [ 164.474641][ T9516] bond3: Removing last arp target with arp_interval on [ 164.841994][ T9532] __nla_validate_parse: 3 callbacks suppressed [ 164.842014][ T9532] netlink: 72 bytes leftover after parsing attributes in process `syz.4.925'. [ 165.167335][ T9542] netlink: 'syz.2.928': attribute type 8 has an invalid length. [ 165.195667][ T9543] netlink: 'syz.2.928': attribute type 8 has an invalid length. [ 165.406170][ T9553] netlink: 'syz.3.932': attribute type 4 has an invalid length. [ 165.604348][ T9559] netlink: 36 bytes leftover after parsing attributes in process `syz.3.934'. [ 166.391778][ T9578] syzkaller0: entered promiscuous mode [ 166.397336][ T9578] syzkaller0: entered allmulticast mode [ 166.780941][ T9590] tipc: Enabled bearer , priority 0 [ 166.813158][ T9587] syzkaller1: entered promiscuous mode [ 166.829147][ T9587] syzkaller1: entered allmulticast mode [ 167.091411][ T9609] macvlan1: entered promiscuous mode [ 167.097073][ T9603] netlink: 160 bytes leftover after parsing attributes in process `syz.4.946'. [ 167.113835][ T9609] macvlan1: left promiscuous mode [ 167.167403][ T9612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.948'. [ 167.322170][ T9624] netlink: 16 bytes leftover after parsing attributes in process `syz.2.951'. [ 167.331841][ T9624] mac80211_hwsim hwsim3 wlan1: Device is already in use. [ 167.493733][ T9633] vxcan0: entered allmulticast mode [ 167.541432][ T9636] netlink: 'syz.2.954': attribute type 4 has an invalid length. [ 167.541538][ T9637] netlink: 'syz.2.954': attribute type 4 has an invalid length. [ 167.634840][ T9641] netlink: 'syz.3.955': attribute type 1 has an invalid length. [ 167.680698][ T9642] bond5: Unable to set up delay as MII monitoring is disabled [ 167.691403][ T9642] bond5 (unregistering): Released all slaves [ 167.710406][ T9641] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 167.725841][ T1987] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d [ 167.726227][ T9649] netlink: 'syz.2.956': attribute type 3 has an invalid length. [ 167.780414][ T5832] tipc: Node number set to 1133306048 [ 167.803798][ T9645] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 167.872005][ T9660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'. [ 167.946722][ T9666] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.026967][ T9674] SET target dimension over the limit! [ 168.036961][ T9666] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.168240][ T9666] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.238692][ T9666] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.301630][ T9683] netpci0: tun_chr_ioctl cmd 1074025677 [ 168.320397][ T9683] netpci0: linktype set to 773 [ 168.328556][ T9687] openvswitch: netlink: IP tunnel dst address not specified [ 168.335845][ T9683] netpci0: tun_chr_ioctl cmd 1074066701 [ 168.343204][ T9687] netlink: 4 bytes leftover after parsing attributes in process `syz.4.967'. [ 168.424129][ T4574] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.455351][ T4574] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.490092][ T4574] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.499370][ T9690] netlink: 27 bytes leftover after parsing attributes in process `syz.4.968'. [ 168.519982][ T4574] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.539205][ T9690] netlink: 28 bytes leftover after parsing attributes in process `syz.4.968'. [ 169.059353][ T9717] netlink: 'syz.2.976': attribute type 4 has an invalid length. [ 169.347138][ T9730] netlink: 40 bytes leftover after parsing attributes in process `syz.3.981'. [ 169.495751][ T9733] netlink: 'syz.2.983': attribute type 22 has an invalid length. [ 169.608855][ T9737] .70: renamed from hsr0 [ 169.617132][ T9737] .70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 169.634718][ T9737] .70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.648301][ T9737] .70: entered allmulticast mode [ 169.653526][ T9737] hsr_slave_0: entered allmulticast mode [ 169.660486][ T9733] netlink: 'syz.2.983': attribute type 22 has an invalid length. [ 169.668282][ T9737] hsr_slave_1: entered allmulticast mode [ 169.675312][ T9737] A link change request failed with some changes committed already. Interface .70 may have been left with an inconsistent configuration, please check. [ 170.175504][ T9752] syzkaller0: entered promiscuous mode [ 170.190806][ T9752] syzkaller0: entered allmulticast mode [ 171.197855][ T9788] __nla_validate_parse: 5 callbacks suppressed [ 171.197879][ T9788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.998'. [ 172.699861][ T9797] x9: renamed from bridge_slave_0 [ 172.787359][ T9783] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.804024][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1001'. [ 172.814890][ T9804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1002'. [ 172.897487][ T9783] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.998771][ T9783] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.119095][ T9822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1008'. [ 173.128482][ T9822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1008'. [ 173.221976][ T9826] netlink: 'syz.0.1009': attribute type 1 has an invalid length. [ 173.261130][ T9783] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.288226][ T9826] netlink: 'syz.0.1009': attribute type 4 has an invalid length. [ 173.310674][ T9829] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1010'. [ 173.384671][ T4276] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.416739][ T4276] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.439160][ T9826] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1009'. [ 173.463101][ T50] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.510759][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.897574][ T9845] bridge0: port 3(macvtap0) entered blocking state [ 173.946861][ T9845] bridge0: port 3(macvtap0) entered disabled state [ 173.977788][ T9845] macvtap0: entered allmulticast mode [ 173.998100][ T9845] bridge0: entered allmulticast mode [ 174.008669][ T9845] macvtap0: left allmulticast mode [ 174.013833][ T9845] bridge0: left allmulticast mode [ 174.149465][ T9862] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 174.156770][ T9862] IPv6: NLM_F_CREATE should be set when creating new route [ 174.164088][ T9862] IPv6: NLM_F_CREATE should be set when creating new route [ 174.365842][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1022'. [ 174.437237][ T9882] netlink: 7264 bytes leftover after parsing attributes in process `syz.4.1022'. [ 174.835537][ T9886] No such timeout policy "syz0" [ 174.879133][ T9888] syzkaller0: entered promiscuous mode [ 174.884738][ T9888] syzkaller0: entered allmulticast mode [ 175.280649][ T9918] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1034'. [ 175.320744][ T9918] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 175.433067][ T9916] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 175.540458][ T9936] unsupported nlmsg_type 40 [ 175.739042][ T9951] netlink: 'syz.1.1043': attribute type 11 has an invalid length. [ 176.403377][ T9996] __nla_validate_parse: 8 callbacks suppressed [ 176.403396][ T9996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1056'. [ 176.530302][T10002] dummy0: entered promiscuous mode [ 176.539908][T10002] dummy0: left promiscuous mode [ 176.905457][ T9976] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 177.162316][T10025] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 177.170440][T10025] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 177.188104][T10025] bond0: (slave batadv_slave_1): Enslaving as an active interface with an up link [ 177.252111][T10034] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1063'. [ 177.477865][T10054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1069'. [ 177.615023][T10067] xt_hashlimit: overflow, rate too high: 0 [ 178.166042][T10078] netlink: 'syz.2.1074': attribute type 1 has an invalid length. [ 178.230341][T10078] 8021q: adding VLAN 0 to HW filter on device bond3 [ 178.242872][T10080] macvtap0: entered promiscuous mode [ 178.257258][T10080] macvtap0: entered allmulticast mode [ 178.284404][T10084] 8021q: adding VLAN 0 to HW filter on device bond3 [ 178.294395][T10084] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 178.305814][T10084] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 179.183809][T10123] netlink: 'syz.2.1087': attribute type 10 has an invalid length. [ 179.248334][T10123] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1087'. [ 179.673698][T10133] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1090'. [ 179.739358][T10138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1091'. [ 179.904448][T10132] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 180.184675][T10153] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 181.771227][T10171] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 182.154455][T10185] bridge_slave_1: left allmulticast mode [ 182.176631][T10185] bridge_slave_1: left promiscuous mode [ 182.209660][T10185] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.347474][T10191] Cannot find set identified by id 2 to match [ 182.810714][T10207] block nbd0: not configured, cannot reconfigure [ 183.892785][T10243] openvswitch: netlink: EtherType 0 is less than min 600 [ 183.938820][T10243] veth0: entered promiscuous mode [ 183.947431][T10243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1119'. [ 183.975375][T10243] veth0 (unregistering): left promiscuous mode [ 184.000960][T10250] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1117'. [ 184.032291][T10241] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1117'. [ 184.395589][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.409805][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.419215][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.433833][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.443322][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.452569][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 184.464569][T10288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'. [ 185.572518][T10349] bond7: Unable to set up delay as MII monitoring is disabled [ 185.593604][T10349] bond7 (unregistering): Released all slaves [ 185.638912][T10360] netlink: 'syz.3.1146': attribute type 15 has an invalid length. [ 185.648002][T10359] netlink: 'syz.3.1146': attribute type 15 has an invalid length. [ 185.698560][T10367] netlink: 'syz.2.1148': attribute type 2 has an invalid length. [ 185.736677][T10367] @;: entered promiscuous mode [ 185.911293][T10377] tipc: Enabled bearer , priority 0 [ 185.919275][T10377] syzkaller0: entered promiscuous mode [ 185.924969][T10377] syzkaller0: entered allmulticast mode [ 185.985802][T10380] tipc: Resetting bearer [ 186.016146][T10380] tipc: Disabling bearer [ 186.237892][T10390] netlink: 'syz.1.1153': attribute type 13 has an invalid length. [ 186.730115][T10407] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 187.587271][T10447] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 187.605251][T10448] pimreg: entered allmulticast mode [ 187.881470][T10461] ipvlan2: entered promiscuous mode [ 187.887650][T10461] bridge0: port 2(ipvlan2) entered blocking state [ 187.896247][T10461] bridge0: port 2(ipvlan2) entered disabled state [ 187.904638][T10461] ipvlan2: entered allmulticast mode [ 187.911387][T10461] bridge0: entered allmulticast mode [ 187.929976][T10461] ipvlan2: left allmulticast mode [ 187.935135][T10461] bridge0: left allmulticast mode [ 187.984772][T10467] bond7: option lacp_active: mode dependency failed, not supported in mode balance-alb(6) [ 187.997196][T10467] bond7 (unregistering): Released all slaves [ 188.251097][T10496] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 188.378675][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 188.573850][T10513] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 188.596344][T10516] dvmrp12: entered allmulticast mode [ 188.613735][T10516] IPVS: set_ctl: invalid protocol: 51 172.30.0.5:20004 [ 188.712400][T10525] netlink: 'syz.4.1190': attribute type 8 has an invalid length. [ 188.784786][T10530] netlink: 'syz.4.1190': attribute type 8 has an invalid length. [ 188.951782][T10534] bridge_slave_1 (unregistering): left allmulticast mode [ 188.959738][T10534] bridge_slave_1 (unregistering): left promiscuous mode [ 188.966905][T10534] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.096589][T10549] __nla_validate_parse: 71 callbacks suppressed [ 189.096601][T10549] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1197'. [ 189.209944][T10555] dvmrp0: entered allmulticast mode [ 189.439977][T10573] netlink: 'syz.1.1203': attribute type 6 has an invalid length. [ 189.632659][T10582] netlink: 'syz.3.1205': attribute type 1 has an invalid length. [ 189.638549][T10583] netlink: 'syz.1.1204': attribute type 1 has an invalid length. [ 189.658536][T10582] netlink: 'syz.3.1205': attribute type 2 has an invalid length. [ 189.666309][T10582] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1205'. [ 189.691756][T10583] 8021q: adding VLAN 0 to HW filter on device bond7 [ 189.954118][T10587] 8021q: adding VLAN 0 to HW filter on device bond1 [ 189.984484][T10597] bond1: (slave geneve2): making interface the new active one [ 189.993983][T10597] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 190.008739][ T3550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.019921][ T3550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.046639][ T3550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.055669][ T3550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.225035][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1210'. [ 190.240300][T10603] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1211'. [ 190.273794][T10603] : entered promiscuous mode [ 190.282931][T10603] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1211'. [ 190.876126][T10631] tipc: Enabled bearer , priority 0 [ 190.884199][T10629] syzkaller0: entered promiscuous mode [ 190.891315][T10629] syzkaller0: entered allmulticast mode [ 190.918275][T10638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1219'. [ 190.935880][T10629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1216'. [ 190.955573][T10642] validate_nla: 2 callbacks suppressed [ 190.955591][T10642] netlink: 'syz.4.1218': attribute type 3 has an invalid length. [ 190.975785][T10638] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1219'. [ 190.977045][T10629] tipc: Resetting bearer [ 190.988624][T10642] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1218'. [ 191.021028][T10638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1219'. [ 191.113666][T10649] netlink: 'syz.1.1222': attribute type 39 has an invalid length. [ 191.114528][T10650] netlink: 'syz.1.1222': attribute type 39 has an invalid length. [ 191.172242][T10628] tipc: Resetting bearer [ 191.201522][T10628] tipc: Disabling bearer [ 191.306543][T10645] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 191.312895][T10645] syzkaller1: linktype set to 823 [ 191.619693][T10673] netlink: 'syz.1.1228': attribute type 58 has an invalid length. [ 192.039553][T10688] netlink: 'syz.1.1234': attribute type 7 has an invalid length. [ 192.492441][T10719] netlink: 'syz.2.1242': attribute type 1 has an invalid length. [ 192.719006][T10738] netlink: 'syz.1.1246': attribute type 5 has an invalid length. [ 193.730595][T10780] netlink: 'syz.0.1260': attribute type 10 has an invalid length. [ 193.796281][T10780] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 194.239967][T10813] __nla_validate_parse: 95 callbacks suppressed [ 194.239986][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1267'. [ 194.386437][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.544902][T10826] xt_TPROXY: Can be used only with -p tcp or -p udp [ 194.550928][T10827] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1271'. [ 194.844580][T10836] netlink: 'syz.3.1273': attribute type 1 has an invalid length. [ 194.869048][T10839] netlink: 'syz.3.1273': attribute type 1 has an invalid length. [ 195.160031][T10862] bond0: option resend_igmp: invalid value (4096) [ 195.167027][T10862] bond0: option resend_igmp: allowed values 0 - 255 [ 195.314715][T10873] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1284'. [ 195.326955][T10873] .70: renamed from hsr0 [ 195.336556][T10873] .70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.348647][T10873] .70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.361568][T10873] .70: entered allmulticast mode [ 195.366734][T10873] hsr_slave_0: entered allmulticast mode [ 195.374036][T10873] hsr_slave_1: entered allmulticast mode [ 195.382171][T10873] A link change request failed with some changes committed already. Interface .70 may have been left with an inconsistent configuration, please check. [ 195.412689][T10878] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1285'. [ 195.471262][T10883] netlink: 'syz.1.1286': attribute type 11 has an invalid length. [ 195.471882][T10878] syzkaller1: entered promiscuous mode [ 195.491567][T10878] syzkaller1: entered allmulticast mode [ 195.672327][T10893] syzkaller0: left promiscuous mode [ 195.677803][T10893] syzkaller0: left allmulticast mode [ 195.703785][T10894] sctp: [Deprecated]: syz.1.1289 (pid 10894) Use of struct sctp_assoc_value in delayed_ack socket option. [ 195.703785][T10894] Use struct sctp_sack_info instead [ 196.108747][T10896] netlink: 'syz.4.1292': attribute type 1 has an invalid length. [ 196.116665][T10896] netlink: 'syz.4.1292': attribute type 1 has an invalid length. [ 196.124545][T10896] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1292'. [ 196.206477][T10908] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1294'. [ 196.216638][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1292'. [ 196.373837][T10913] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1295'. [ 196.462083][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 196.462121][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 196.474490][ T5846] Bluetooth: hci3: command 0x0406 tx timeout [ 197.593834][T10946] xt_CT: You must specify a L4 protocol and not use inversions on it [ 198.301141][T10962] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 198.519980][T10969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1311'. [ 198.540230][T10969] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1311'. [ 198.665605][T10964] netlink: 'syz.0.1307': attribute type 1 has an invalid length. [ 199.147868][T10964] 8021q: adding VLAN 0 to HW filter on device bond2 [ 199.184718][T10975] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 199.194846][T10975] bond2: (slave batadv1): making interface the new active one [ 199.204498][T10975] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 199.348127][T10979] bond2 (unregistering): (slave batadv1): Releasing active interface [ 199.362634][T10979] bond2 (unregistering): Released all slaves [ 199.637219][ T6002] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 200.108043][T11019] __nla_validate_parse: 1 callbacks suppressed [ 200.108055][T11019] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1321'. [ 200.128284][T11019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1321'. [ 200.528790][T11025] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 200.589958][T11034] netlink: 388 bytes leftover after parsing attributes in process `syz.4.1327'. [ 200.625787][T11034] tipc: Can't bind to reserved service type 0 [ 200.685801][T11037] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1328'. [ 200.931692][T11048] syzkaller0: entered promiscuous mode [ 200.937214][T11048] syzkaller0: entered allmulticast mode [ 201.121282][T11048] tipc: Enabled bearer , priority 0 [ 201.396987][T11047] tipc: Resetting bearer [ 201.416895][T11047] tipc: Disabling bearer [ 202.331688][T11101] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1345'. [ 202.364667][T11098] pim6reg: entered allmulticast mode [ 202.380929][T11098] pim6reg: left allmulticast mode [ 202.435708][T11103] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1346'. [ 202.618077][T11113] netlink: 'syz.0.1347': attribute type 1 has an invalid length. [ 202.683015][T11113] 8021q: adding VLAN 0 to HW filter on device bond2 [ 202.732686][T11117] veth5: entered promiscuous mode [ 202.743186][T11117] bond2: (slave veth5): Enslaving as an active interface with an up link [ 202.975537][ T30] audit: type=1800 audit(1767165284.970:2): pid=11147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1356" name="blkio.bfq.time_recursive" dev="tmpfs" ino=1545 res=0 errno=0 [ 203.002434][T11147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1356'. [ 203.022075][T11149] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1357'. [ 203.470642][T11171] syzkaller0: entered promiscuous mode [ 203.476168][T11171] syzkaller0: entered allmulticast mode [ 203.496014][T11175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1365'. [ 203.734803][T11183] syzkaller1: entered promiscuous mode [ 203.740624][T11183] syzkaller1: entered allmulticast mode [ 203.755239][T11184] syzkaller1: left promiscuous mode [ 203.761317][T11184] syzkaller1: left allmulticast mode [ 203.802569][T11189] batman_adv: batadv0: Adding interface: macsec2 [ 203.810137][T11189] batman_adv: batadv0: The MTU of interface macsec2 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 203.841668][T11189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.852968][T11189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.864937][T11189] batman_adv: batadv0: Interface activated: macsec2 [ 204.933631][T11244] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1381'. [ 205.173709][T11257] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 205.356548][T11263] tipc: Enabling of bearer rejected, already enabled [ 205.387293][T11263] syzkaller0: entered promiscuous mode [ 205.393696][T11263] syzkaller0: entered allmulticast mode [ 205.471813][T11263] __nla_validate_parse: 2 callbacks suppressed [ 205.471834][T11263] netlink: 62 bytes leftover after parsing attributes in process `syz.4.1387'. [ 205.526854][T11263] tipc: Resetting bearer [ 205.710792][ T30] audit: type=1800 audit(1767165287.700:3): pid=11271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1390" name="blkio.bfq.time_recursive" dev="tmpfs" ino=1586 res=0 errno=0 [ 206.173283][T11285] m1Ie5n: entered promiscuous mode [ 206.469912][T11293] syzkaller1: left promiscuous mode [ 206.475277][T11293] syzkaller1: left allmulticast mode [ 206.556533][T11275] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1384'. [ 206.582743][T11275] netlink: 'syz.0.1384': attribute type 7 has an invalid length. [ 206.591142][T11275] netlink: 'syz.0.1384': attribute type 8 has an invalid length. [ 206.599690][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1384'. [ 206.617033][T11275] bond0: entered promiscuous mode [ 206.622572][T11275] bond_slave_0: entered promiscuous mode [ 206.629475][T11275] bond_slave_1: entered promiscuous mode [ 206.635594][T11275] team0: entered promiscuous mode [ 206.641796][T11275] team_slave_0: entered promiscuous mode [ 206.647861][T11275] team_slave_1: entered promiscuous mode [ 206.706211][T11275] bridge0: entered promiscuous mode [ 206.715210][T11275] ip6gretap0: entered promiscuous mode [ 206.725357][T11275] bond0: left promiscuous mode [ 206.730510][T11275] bond_slave_0: left promiscuous mode [ 206.736336][T11275] bond_slave_1: left promiscuous mode [ 206.742121][T11275] team0: left promiscuous mode [ 206.747125][T11275] team_slave_0: left promiscuous mode [ 206.753394][T11275] team_slave_1: left promiscuous mode [ 206.761717][T11275] bridge0: left promiscuous mode [ 206.767787][T11275] ip6gretap0: left promiscuous mode [ 207.210145][T11308] netlink: 'syz.1.1400': attribute type 8 has an invalid length. [ 207.506964][T11323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1404'. [ 207.756762][T11337] netlink: 'syz.4.1406': attribute type 39 has an invalid length. [ 207.757765][T11335] netlink: 39 bytes leftover after parsing attributes in process `syz.2.1407'. [ 207.780695][T11336] netlink: 'syz.4.1406': attribute type 39 has an invalid length. [ 207.843760][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1407'. [ 207.852792][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1407'. [ 207.864045][T11335] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1407'. [ 207.903659][T11330] bond2 (unregistering): Released all slaves [ 208.297210][T11363] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 208.762029][T11359] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.773328][T11384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1422'. [ 208.784410][T11386] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1422'. [ 208.825123][T11387] tipc: Enabling of bearer rejected, already enabled [ 208.835581][T11387] netem: change failed [ 208.888141][T11359] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.964534][T11359] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.056245][T11359] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.284514][ T13] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.304691][ T13] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.321453][ T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.337284][ T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.395685][T11393] netlink: 'syz.0.1424': attribute type 6 has an invalid length. [ 209.408108][T11393] netlink: 'syz.0.1424': attribute type 6 has an invalid length. [ 209.941620][T11434] netlink: 'syz.1.1434': attribute type 3 has an invalid length. [ 209.951164][T11434] netlink: 'syz.1.1434': attribute type 3 has an invalid length. [ 210.084076][T11440] openvswitch: netlink: Message has 1 unknown bytes. [ 210.092142][T11440] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 210.122870][T11441] netlink: 'syz.1.1436': attribute type 1 has an invalid length. [ 210.130996][T11441] netlink: 'syz.1.1436': attribute type 2 has an invalid length. [ 210.507432][T11455] __nla_validate_parse: 5 callbacks suppressed [ 210.507450][T11455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1440'. [ 210.523990][T11455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1440'. [ 210.536337][T11455] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1440'. [ 210.716459][T11463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1442'. [ 210.740152][T11463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1442'. [ 210.759854][T11465] netlink: 'syz.3.1443': attribute type 1 has an invalid length. [ 210.773616][T11463] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1442'. [ 210.780820][T11465] netlink: 352 bytes leftover after parsing attributes in process `syz.3.1443'. [ 210.796172][T11465] netlink: 'syz.3.1443': attribute type 1 has an invalid length. [ 210.802473][T11463] netlink: 476 bytes leftover after parsing attributes in process `syz.4.1442'. [ 210.806181][T11465] netlink: 352 bytes leftover after parsing attributes in process `syz.3.1443'. [ 210.823545][T11463] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1442'. [ 211.045902][T11481] bridge: RTM_NEWNEIGH with invalid ether address [ 211.813807][T11509] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 211.989678][T11525] : entered promiscuous mode [ 212.064763][T11529] tipc: Enabled bearer , priority 0 [ 212.079347][T11529] syzkaller0: entered promiscuous mode [ 212.088684][T11529] syzkaller0: entered allmulticast mode [ 212.116512][T11529] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 212.127184][ T6738] IPVS: starting estimator thread 0... [ 212.141210][T11529] tipc: Resetting bearer [ 212.157183][T11529] x_tables: unsorted entry at hook 3 [ 212.181427][T11529] : renamed from bond_slave_0 [ 212.190977][T11528] tipc: Resetting bearer [ 212.210798][T11528] tipc: Disabling bearer [ 212.248832][T11535] IPVS: using max 37 ests per chain, 88800 per kthread [ 213.603764][T11592] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 213.817647][T11606] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 214.432365][T11627] syzkaller0: entered promiscuous mode [ 214.438138][T11627] syzkaller0: entered allmulticast mode [ 214.702932][T11634] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 215.005597][T11647] syzkaller1: entered promiscuous mode [ 215.013759][T11647] syzkaller1: entered allmulticast mode [ 215.021538][T11648] validate_nla: 2 callbacks suppressed [ 215.021554][T11648] netlink: 'syz.1.1493': attribute type 4 has an invalid length. [ 215.394898][T11666] tipc: Enabling of bearer rejected, failed to enable media [ 215.409376][T11661] netlink: 'syz.4.1497': attribute type 4 has an invalid length. [ 215.460438][T11670] netlink: 'syz.4.1497': attribute type 4 has an invalid length. [ 217.506886][T11686] netlink: 'syz.1.1504': attribute type 11 has an invalid length. [ 217.618845][T11694] rdma_rxe: rxe_newlink: failed to add lo [ 217.868203][T11702] 8021q: VLANs not supported on syzkaller1 [ 218.165552][T11712] tipc: Enabled bearer , priority 0 [ 218.335367][T11722] __nla_validate_parse: 6 callbacks suppressed [ 218.335386][T11722] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1513'. [ 218.489871][T11729] syzkaller1: entered promiscuous mode [ 218.495500][T11729] syzkaller1: entered allmulticast mode [ 218.537354][T11732] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1519'. [ 218.561496][T11735] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 218.720650][T11753] openvswitch: netlink: Tunnel attr 333 out of range max 16 [ 218.780908][T11756] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1521'. [ 219.040535][T11764] xt_hashlimit: size too large, truncated to 1048576 [ 219.168576][ T6721] tipc: Node number set to 1906546671 [ 219.185831][T11771] IPVS: length: 132 != 8 [ 219.264567][T11777] tipc: Enabling of bearer rejected, already enabled [ 219.280327][T11777] tipc: Enabling of bearer rejected, already enabled [ 219.335049][T11782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1532'. [ 219.406924][T11782] bond6: entered promiscuous mode [ 219.435748][T11782] 8021q: adding VLAN 0 to HW filter on device bond6 [ 219.495600][T11782] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1532'. [ 219.699131][T11795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1535'. [ 219.845154][T11795] bridge0: entered promiscuous mode [ 219.852876][T11795] bridge0: left promiscuous mode [ 220.409201][T11822] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1544'. [ 220.474366][T11822] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1544'. [ 221.140605][T11859] netlink: 'syz.4.1551': attribute type 13 has an invalid length. [ 221.199373][T11859] netlink: 'syz.4.1551': attribute type 17 has an invalid length. [ 221.265832][T11859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 221.549371][T11874] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1556'. [ 221.585328][T11872] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1556'. [ 221.731236][T11873] netlink: 'syz.1.1555': attribute type 1 has an invalid length. [ 221.818683][ T5150] Bluetooth: hci4: command 0x0405 tx timeout [ 222.073645][T11895] batadv0: mtu less than device minimum [ 222.364986][T11909] tipc: Enabled bearer , priority 0 [ 222.446517][T11909] syzkaller0: entered promiscuous mode [ 222.454009][T11909] syzkaller0: entered allmulticast mode [ 222.507256][T11909] tipc: Resetting bearer [ 222.515852][T11909] netem: change failed [ 222.528914][T11906] tipc: Resetting bearer [ 222.546195][T11906] tipc: Disabling bearer [ 223.900746][ T5150] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 224.058550][ T5150] Bluetooth: hci4: command 0x0405 tx timeout [ 224.092262][T11963] syzkaller0: entered allmulticast mode [ 224.351327][T11970] __nla_validate_parse: 4 callbacks suppressed [ 224.351343][T11970] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1578'. [ 224.402419][T11970] block nbd0: not configured, cannot reconfigure [ 225.027961][T11984] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1580'. [ 225.200404][T11986] ip6erspan1: entered allmulticast mode [ 225.655814][T11994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1583'. [ 226.143622][ T5150] Bluetooth: hci4: command 0x0405 tx timeout [ 227.863360][T12003] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.1586'. [ 228.134941][T12028] : renamed from bond_slave_0 [ 228.393274][ T30] audit: type=1107 audit(1767165310.390:4): pid=12042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 228.841099][T12053] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1595'. [ 229.797077][T12105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1615'. [ 229.806946][T12105] netlink: 42 bytes leftover after parsing attributes in process `syz.3.1615'. [ 229.824933][T12113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 229.895081][T12113] netlink: 'syz.2.1614': attribute type 10 has an invalid length. [ 229.925391][T12118] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1618'. [ 229.935576][T12118] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1618'. [ 230.031814][T12126] netlink: 'syz.1.1620': attribute type 27 has an invalid length. [ 230.100143][T12120] syz.2.1614 (12120) used greatest stack depth: 17464 bytes left [ 230.306065][T12124] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1619'. [ 230.718077][T12174] GUP no longer grows the stack in syz.2.1630 (12174): 200000003000-20000000a000 (200000001000) [ 230.745155][T12174] CPU: 0 UID: 0 PID: 12174 Comm: syz.2.1630 Not tainted syzkaller #0 PREEMPT(full) [ 230.745182][T12174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.745193][T12174] Call Trace: [ 230.745202][T12174] [ 230.745211][T12174] dump_stack_lvl+0x189/0x250 [ 230.745241][T12174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.745262][T12174] ? __pfx__printk+0x10/0x10 [ 230.745294][T12174] ? __get_user_pages+0x361/0x29f0 [ 230.745321][T12174] __get_user_pages+0x2465/0x29f0 [ 230.745365][T12174] ? __gup_longterm_locked+0xc63/0x1660 [ 230.745387][T12174] ? down_read_killable+0x1bc/0x350 [ 230.745415][T12174] __gup_longterm_locked+0xde4/0x1660 [ 230.745451][T12174] ? sanity_check_pinned_pages+0x123a/0x1300 [ 230.745483][T12174] gup_fast_fallback+0x1d6b/0x22d0 [ 230.745541][T12174] ? __pfx_gup_fast_fallback+0x10/0x10 [ 230.745567][T12174] ? stack_depot_save_flags+0x422/0x850 [ 230.745600][T12174] ? pin_user_pages_fast+0x4d/0xb0 [ 230.745625][T12174] iov_iter_extract_pages+0x35f/0x5e0 [ 230.745656][T12174] extract_iter_to_sg+0xe46/0x24e0 [ 230.745691][T12174] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 230.745729][T12174] ? __asan_memset+0x22/0x50 [ 230.745749][T12174] af_alg_get_rsgl+0x436/0x810 [ 230.745787][T12174] aead_recvmsg+0x4d5/0x13b0 [ 230.745819][T12174] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 230.745846][T12174] ? __pfx_aead_recvmsg+0x10/0x10 [ 230.745868][T12174] ? aead_check_key+0x173/0x1e0 [ 230.745887][T12174] ? __pfx_aead_recvmsg_nokey+0x10/0x10 [ 230.745909][T12174] ? __pfx_aead_recvmsg_nokey+0x10/0x10 [ 230.745931][T12174] sock_recvmsg_nosec+0x186/0x1c0 [ 230.745962][T12174] ____sys_recvmsg+0x3aa/0x460 [ 230.745994][T12174] ? __pfx_____sys_recvmsg+0x10/0x10 [ 230.746033][T12174] ? import_iovec+0x74/0xa0 [ 230.746064][T12174] ___sys_recvmsg+0x1b5/0x510 [ 230.746090][T12174] ? __pfx____sys_recvmsg+0x10/0x10 [ 230.746139][T12174] ? __might_fault+0xb0/0x130 [ 230.746170][T12174] do_recvmmsg+0x307/0x770 [ 230.746197][T12174] ? __pfx_do_recvmmsg+0x10/0x10 [ 230.746231][T12174] ? __pfx_do_futex+0x10/0x10 [ 230.746245][T12174] ? __local_bh_enable_ip+0x12d/0x1c0 [ 230.746280][T12174] __x64_sys_recvmmsg+0x190/0x240 [ 230.746304][T12174] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 230.746329][T12174] ? do_syscall_64+0xbe/0xf80 [ 230.746352][T12174] do_syscall_64+0xfa/0xf80 [ 230.746371][T12174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.746388][T12174] ? clear_bhb_loop+0x60/0xb0 [ 230.746408][T12174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.746424][T12174] RIP: 0033:0x7f56f1d8f749 [ 230.746440][T12174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.746453][T12174] RSP: 002b:00007f56f2c87038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 230.746472][T12174] RAX: ffffffffffffffda RBX: 00007f56f1fe5fa0 RCX: 00007f56f1d8f749 [ 230.746484][T12174] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 000000000000000a [ 230.746496][T12174] RBP: 00007f56f1e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.746505][T12174] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000 [ 230.746515][T12174] R13: 00007f56f1fe6038 R14: 00007f56f1fe5fa0 R15: 00007fff719dfc58 [ 230.746547][T12174] [ 231.171361][T12187] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1634'. [ 231.206390][T12187] macvtap0: entered promiscuous mode [ 231.218545][T12187] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 231.455733][T12204] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1635'. [ 231.466754][T12196] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 231.501167][T12208] tipc: Enabled bearer , priority 0 [ 231.529503][T12200] syzkaller0: entered promiscuous mode [ 231.556567][T12200] syzkaller0: entered allmulticast mode [ 231.637061][T12200] tipc: Resetting bearer [ 231.652153][T12199] tipc: Resetting bearer [ 231.675718][T12199] tipc: Disabling bearer [ 231.715375][T12220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1642'. [ 231.733541][T12220] xfrm1: entered promiscuous mode [ 231.759467][T12220] xfrm1: entered allmulticast mode [ 231.774429][T12220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1642'. [ 231.875061][T12225] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 231.911185][T12225] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 234.081093][T12327] netlink: 'syz.3.1668': attribute type 33 has an invalid length. [ 234.092915][T12327] `: renamed from team0 [ 234.202374][T12331] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 234.550299][T12354] netlink: 'syz.4.1674': attribute type 3 has an invalid length. [ 235.763190][T12378] __nla_validate_parse: 7 callbacks suppressed [ 235.763209][T12378] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1681'. [ 236.044974][T12392] netlink: 'syz.2.1684': attribute type 10 has an invalid length. [ 236.112732][T12397] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 236.138625][T12397] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 236.148528][T12398] tipc: Enabling of bearer rejected, already enabled [ 236.376631][T12413] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1688'. [ 236.934823][T12451] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.1698'. [ 237.160187][T12465] netlink: 'syz.1.1704': attribute type 1 has an invalid length. [ 237.167962][T12465] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1704'. [ 237.185118][T12461] vxcan2: entered allmulticast mode [ 237.477378][T12473] netlink: 'syz.3.1706': attribute type 11 has an invalid length. [ 237.685266][T12481] netlink: 'syz.1.1708': attribute type 1 has an invalid length. [ 237.726526][T12481] bond8: entered promiscuous mode [ 237.732131][T12481] 8021q: adding VLAN 0 to HW filter on device bond8 [ 237.775957][T12489] syzkaller0: entered promiscuous mode [ 237.785880][T12489] syzkaller0: entered allmulticast mode [ 237.897536][T12499] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1712'. [ 237.928256][T12499] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1712'. [ 238.227645][T12506] sctp: [Deprecated]: syz.1.1713 (pid 12506) Use of int in maxseg socket option. [ 238.227645][T12506] Use struct sctp_assoc_value instead [ 238.388016][T12511] netlink: 'syz.2.1716': attribute type 12 has an invalid length. [ 238.568601][T12518] netlink: 'syz.4.1718': attribute type 1 has an invalid length. [ 238.599376][T12518] netlink: 'syz.4.1718': attribute type 1 has an invalid length. [ 238.791491][T12533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1724'. [ 238.805765][T12533] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1724'. [ 239.570529][T12564] syzkaller0: entered promiscuous mode [ 239.576195][T12564] syzkaller0: entered allmulticast mode [ 240.239783][T12597] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1740'. [ 240.485045][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1745'. [ 240.513395][T12615] netlink: 'syz.2.1745': attribute type 2 has an invalid length. [ 240.581270][T12613] netlink: 'syz.4.1744': attribute type 13 has an invalid length. [ 240.589423][T12613] netlink: 'syz.4.1744': attribute type 17 has an invalid length. [ 242.176755][T12641] ip6gre2: entered promiscuous mode [ 242.227772][T12645] __nla_validate_parse: 1 callbacks suppressed [ 242.227792][T12645] netlink: 344 bytes leftover after parsing attributes in process `syz.4.1753'. [ 242.245242][T12645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1753'. [ 242.379424][ T30] audit: type=1804 audit(1767165324.370:5): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1756" name="/newroot/421/memory.events" dev="tmpfs" ino=2169 res=1 errno=0 [ 242.400662][T12656] tipc: Enabling of bearer rejected, already enabled [ 242.448540][ T30] audit: type=1800 audit(1767165324.370:6): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1756" name="memory.events" dev="tmpfs" ino=2169 res=0 errno=0 [ 243.104485][T12686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1764'. [ 243.114240][T12686] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1764'. [ 243.127127][T12686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1764'. [ 243.137618][T12686] 8021q: VLANs not supported on ip_vti0 [ 243.307438][T12688] tipc: Enabled bearer , priority 0 [ 243.315836][T12688] syzkaller0: entered promiscuous mode [ 243.323616][T12688] syzkaller0: entered allmulticast mode [ 243.594765][T12687] tipc: Resetting bearer [ 243.653055][T12687] tipc: Disabling bearer [ 243.765681][T12692] team0: Device gtp1 is up. Set it down before adding it as a team port [ 243.854768][T12696] netlink: 'syz.1.1768': attribute type 10 has an invalid length. [ 243.859920][T12694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1767'. [ 243.863921][T12696] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1768'. [ 243.873909][T12694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1767'. [ 244.168107][T12708] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1771'. [ 244.209892][T12708] Cannot find add_set index 3 as target [ 244.512609][T12731] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1775'. [ 244.620153][T12734] batadv_slave_1: entered promiscuous mode [ 244.648255][T12732] batadv_slave_1: left promiscuous mode [ 244.730601][T12740] netlink: 'syz.3.1777': attribute type 1 has an invalid length. [ 246.442567][T12780] netlink: 'syz.0.1785': attribute type 6 has an invalid length. [ 246.450730][T12780] netlink: 'syz.0.1785': attribute type 5 has an invalid length. [ 246.547366][T12783] netlink: 'syz.0.1785': attribute type 4 has an invalid length. [ 246.599281][T12785] netlink: 'syz.0.1785': attribute type 4 has an invalid length. [ 246.715875][T12787] ipip0: entered promiscuous mode [ 246.722510][T12787] ipip0: entered allmulticast mode [ 246.892749][T12789] netlink: 'syz.3.1788': attribute type 9 has an invalid length. [ 248.119869][T12808] __nla_validate_parse: 5 callbacks suppressed [ 248.119888][T12808] netlink: 584 bytes leftover after parsing attributes in process `syz.4.1793'. [ 249.782785][T12867] batadv2: entered promiscuous mode [ 249.838273][T12868] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 250.584673][T12885] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1815'. [ 250.723392][T12888] netlink: 'syz.1.1816': attribute type 2 has an invalid length. [ 250.731410][T12888] netlink: 'syz.1.1816': attribute type 9 has an invalid length. [ 250.739426][T12888] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1816'. [ 250.751545][T12888] tipc: Enabled bearer , priority 0 [ 250.768789][T12888] syzkaller0: entered promiscuous mode [ 250.774417][T12888] syzkaller0: entered allmulticast mode [ 250.788177][T12888] tipc: Resetting bearer [ 250.860096][T12888] tipc: Resetting bearer [ 250.897416][T12888] tipc: Disabling bearer [ 250.918644][T12890] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1817'. [ 251.241048][T12895] bond9: Removing last ns target with arp_interval on [ 251.589910][T12904] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1821'. [ 251.608515][T12903] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1821'. [ 251.906474][T12915] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 251.915151][T12922] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1826'. [ 251.931435][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1826'. [ 252.132536][T12933] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1829'. [ 252.389362][T12956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1833'. [ 252.443796][T12959] Bluetooth: MGMT ver 1.23 [ 252.520395][T12964] batman_adv: batadv0: Interface deactivated: macsec2 [ 252.544103][T12964] batman_adv: batadv0: Removing interface: macsec2 [ 252.547398][T12968] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 252.571685][T12964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.655995][T12969] erspan0: entered promiscuous mode [ 252.890278][T12986] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 252.906615][T12986] netlink: 'syz.0.1839': attribute type 13 has an invalid length. [ 253.053224][ T4574] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.083487][ T4574] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.098325][ T4574] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.113581][ T4574] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.787987][T13012] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 253.838861][T13008] __nla_validate_parse: 3 callbacks suppressed [ 253.838878][T13008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1846'. [ 253.937938][T13019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1851'. [ 253.980444][T13008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1846'. [ 254.183348][T13035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1854'. [ 254.219772][T13035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1854'. [ 254.243964][T13035] netlink: 'syz.4.1854': attribute type 13 has an invalid length. [ 254.248658][T13008] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1846'. [ 254.380871][T13040] netlink: 'syz.2.1855': attribute type 33 has an invalid length. [ 254.388820][T13040] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1855'. [ 254.424023][T13043] tap0: tun_chr_ioctl cmd 1074025681 [ 254.458673][ T5150] Bluetooth: hci2: command 0x0406 tx timeout [ 254.458786][ T5845] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 254.732100][T13042] tap0: tun_chr_ioctl cmd 1074025676 [ 254.737458][T13042] tap0: owner set to 0 [ 255.540622][T13070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1861'. [ 255.614557][T13068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1857'. [ 255.796320][T13079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1863'. [ 256.376288][T13096] geneve0: entered promiscuous mode [ 256.396321][ T6002] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.417310][ T6002] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.428333][ T6002] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.464648][ T5990] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.663293][T13152] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 257.746811][T13153] netlink: 'syz.1.1880': attribute type 1 has an invalid length. [ 257.853649][T13153] 8021q: adding VLAN 0 to HW filter on device bond10 [ 257.923874][T13152] bond10: (slave veth1): Enslaving as an active interface with a down link [ 258.482660][T13163] block nbd0: server does not support multiple connections per device. [ 258.523787][T13163] block nbd0: shutting down sockets [ 258.697618][T13155] bond10 (unregistering): (slave veth1): Releasing active interface [ 258.755712][T13155] bond10 (unregistering): Released all slaves [ 259.068484][T13188] __nla_validate_parse: 4 callbacks suppressed [ 259.068502][T13188] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1884'. [ 259.162264][T13190] xt_TPROXY: Can be used only with -p tcp or -p udp [ 259.176038][T13159] syzkaller0: entered promiscuous mode [ 259.186655][T13159] syzkaller0: entered allmulticast mode [ 259.235872][T13189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1887'. [ 259.305570][T13189] netem: change failed [ 259.523582][T13200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1891'. [ 259.755345][T13207] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1892'. [ 259.771634][T13208] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1893'. [ 259.797626][T13209] netlink: 'syz.0.1889': attribute type 11 has an invalid length. [ 259.821299][T13209] netlink: 'syz.0.1889': attribute type 11 has an invalid length. [ 259.980409][T13209] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1889'. [ 260.050810][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1895'. [ 260.074195][T13218] ip6gretap0: entered promiscuous mode [ 260.083781][T13218] ip6gretap0: left promiscuous mode [ 260.291689][T13231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1897'. [ 260.355709][T13229] geneve3: entered promiscuous mode [ 260.363781][ T6002] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.401997][ T6002] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.429192][ T6002] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.448685][ T6002] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.677334][T13201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.924747][T13247] netlink: 'syz.3.1903': attribute type 10 has an invalid length. [ 261.225910][T13270] netlink: 'syz.4.1909': attribute type 13 has an invalid length. [ 261.478163][T13282] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1916'. [ 261.509119][T13282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1916'. [ 261.694179][T13270] macsec0: left allmulticast mode [ 261.773769][T13270] tipc: Resetting bearer [ 261.841354][T13270] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 261.879675][ T4574] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.888107][ T4574] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.905040][ T4574] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.938494][ T4574] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.004877][ T4574] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.029231][ T4574] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.054914][ T4574] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.083027][ T4574] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.116081][T13291] syzkaller1: entered promiscuous mode [ 262.128560][T13291] syzkaller1: entered allmulticast mode [ 262.213965][T13308] netlink: 'syz.1.1924': attribute type 7 has an invalid length. [ 262.223740][T13308] netlink: 'syz.1.1924': attribute type 8 has an invalid length. [ 262.225100][T13304] tipc: Enabling of bearer rejected, already enabled [ 345.003275][T13376] __nla_validate_parse: 3 callbacks suppressed [ 345.003293][T13376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1945'. [ 345.107330][T13387] netlink: 'syz.4.1949': attribute type 61 has an invalid length. [ 345.121428][T13387] netlink: 'syz.4.1949': attribute type 62 has an invalid length. [ 345.715163][T13410] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 345.724186][T13413] sock: sock_timestamping_bind_phc: sock not bind to device [ 345.741932][T13410] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 346.652076][T13453] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1980'. [ 346.801560][T13457] bond7: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 346.880454][T13457] bond7: (slave lo): Enslaving as an active interface with an up link [ 346.901897][T13457] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 346.924633][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1986'. [ 347.130841][T13485] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1995'. [ 347.608823][T13521] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2011'. [ 347.697185][T13527] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2014'. [ 347.735778][T13529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2015'. [ 347.826883][T13535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2018'. [ 347.997105][T13544] bond10: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 348.010611][T13544] bond10 (unregistering): Released all slaves [ 348.070607][T13547] bridge0: port 2(syz_tun) entered blocking state [ 348.077426][T13547] bridge0: port 2(syz_tun) entered disabled state [ 348.084507][T13547] syz_tun: entered allmulticast mode [ 348.103775][T13547] syz_tun: entered promiscuous mode [ 348.307859][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2028'. [ 348.329191][T13558] bond1: (slave vlan1): Opening slave failed [ 348.413834][T13564] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2030'. [ 348.447687][T13567] netlink: 'syz.4.2032': attribute type 39 has an invalid length. [ 348.515146][T13563] syzkaller0: entered promiscuous mode [ 348.521046][T13563] syzkaller0: entered allmulticast mode [ 348.689985][T13579] tipc: Enabling of bearer rejected, already enabled [ 348.924417][T13594] netlink: 'syz.3.2043': attribute type 1 has an invalid length. [ 349.646984][T13648] xt_SECMARK: invalid mode: 9 [ 350.107492][T13681] __nla_validate_parse: 5 callbacks suppressed [ 350.107511][T13681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2078'. [ 350.290946][T13692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2082'. [ 350.479637][T13705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2087'. [ 350.501194][T13705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2087'. [ 350.750589][T13726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2096'. [ 351.617946][T13780] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2114'. [ 351.639649][T13780] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2114'. [ 351.983184][T13803] syzkaller0: left promiscuous mode [ 351.988578][T13803] syzkaller0: left allmulticast mode [ 352.161630][T13813] netlink: 'syz.2.2127': attribute type 8 has an invalid length. [ 352.664599][T13850] syzkaller0: entered promiscuous mode [ 352.678924][T13850] syzkaller0: entered allmulticast mode [ 352.903461][T13867] syzkaller0: entered promiscuous mode [ 352.915432][T13867] syzkaller0: entered allmulticast mode [ 354.144164][T13938] netlink: 'syz.4.2180': attribute type 1 has an invalid length. [ 354.233806][T13938] 8021q: adding VLAN 0 to HW filter on device bond2 [ 354.247898][T13935] openvswitch: netlink: VXLAN extension 0 has unexpected len 2 expected 0 [ 354.266001][T13941] bond2: (slave geneve2): making interface the new active one [ 354.296841][T13941] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 354.318192][ T50] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.351938][ T50] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.360982][ T50] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.369882][ T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.493281][T13958] syzkaller0: entered promiscuous mode [ 354.509947][T13958] syzkaller0: entered allmulticast mode [ 354.650402][T13967] tipc: Resetting bearer [ 354.682566][ T3550] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.704699][ T3550] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.738545][ T3550] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.759759][ T3550] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.191259][T14003] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2203'. [ 355.320612][ T5990] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 355.563064][T14018] syzkaller0: entered promiscuous mode [ 355.568809][T14018] syzkaller0: entered allmulticast mode [ 356.183597][T14030] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2212'. [ 356.296801][T14041] syzkaller1: left promiscuous mode [ 356.318418][T14041] syzkaller1: left allmulticast mode [ 358.519723][T14178] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1^!l1*$pOcɔr$G [ 358.681773][T14190] smc: net device bond0 applied user defined pnetid SYZ0 [ 359.245723][T14230] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2296'. [ 359.444236][T14243] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2302'. [ 359.537095][T14251] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2306'. [ 359.668068][T14257] syzkaller1: entered promiscuous mode [ 359.679355][T14257] syzkaller1: entered allmulticast mode [ 359.913608][T14271] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2313'. [ 360.318640][T14298] tipc: Enabled bearer , priority 0 [ 360.335532][T14294] tipc: Resetting bearer [ 360.394114][T14305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2329'. [ 361.808636][T14294] tipc: Disabling bearer [ 361.818152][T14311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2330'. [ 362.063314][ T6732] tipc: Node number set to 933198232 [ 362.217728][T14339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2342'. [ 362.308091][T14338] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2339'. [ 362.574853][T14363] netlink: 'syz.1.2351': attribute type 7 has an invalid length. [ 362.628598][T14363] netlink: 'syz.1.2351': attribute type 8 has an invalid length. [ 362.792965][T14372] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2355'. [ 363.243557][T14407] syzkaller0: entered promiscuous mode [ 363.250401][T14407] syzkaller0: entered allmulticast mode [ 363.583879][T14435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'. [ 363.786397][T14446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2390'. [ 365.007832][T14533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2423'. [ 365.060318][T14531] syzkaller0: entered promiscuous mode [ 365.065844][T14531] syzkaller0: entered allmulticast mode [ 365.102866][T14537] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2426'. [ 365.112871][T14537] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2426'. [ 365.466012][T14549] __nla_validate_parse: 2 callbacks suppressed [ 365.466031][T14549] netlink: 840 bytes leftover after parsing attributes in process `syz.1.2434'. [ 366.859414][T14564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2440'. [ 367.066391][T14583] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2449'. [ 367.301496][T14597] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2455'. [ 367.317607][T14600] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 367.920909][T14646] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2478'. [ 367.986897][T14646] vlan0: entered promiscuous mode [ 368.568325][T14691] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2495'. [ 368.580414][T14691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2495'. [ 368.595545][T14693] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2496'. [ 368.907057][T14710] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2505'. [ 368.925155][T14710] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2505'. [ 369.021402][ T5150] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 369.032131][ T5150] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 369.049726][ T5150] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 369.057782][ T5150] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 369.065686][ T5150] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 369.359841][ T5838] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 369.371787][ T5838] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 369.380211][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 369.389667][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 369.399716][ T5838] RIP: 0010:klist_remove+0x14a/0x340 [ 369.404996][ T5838] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 49 c7 d5 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 2a c7 d5 f6 49 8b 44 24 58 48 89 44 24 08 [ 369.424680][ T5838] RSP: 0018:ffffc9000402f5e0 EFLAGS: 00010202 [ 369.430744][ T5838] RAX: 000000000000000b RBX: ffff8880336a1e80 RCX: 0000000000000000 [ 369.438703][ T5838] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 369.446749][ T5838] RBP: ffffc9000402f6e0 R08: ffffffff8f68cfc3 R09: 1ffffffff1ed19f8 [ 369.454705][ T5838] R10: dffffc0000000000 R11: fffffbfff1ed19f9 R12: 0000000000000000 [ 369.462663][ T5838] R13: 1ffff1100ad70f8c R14: ffff888056b87c60 R15: dffffc0000000000 [ 369.470623][ T5838] FS: 0000000000000000(0000) GS:ffff888125f35000(0000) knlGS:0000000000000000 [ 369.479539][ T5838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 369.486108][ T5838] CR2: 00007f2e5db56f98 CR3: 0000000045fc2000 CR4: 00000000003526f0 [ 369.494078][ T5838] Call Trace: [ 369.497348][ T5838] [ 369.500269][ T5838] ? __pfx_klist_remove+0x10/0x10 [ 369.505281][ T5838] ? kobject_move+0x5a6/0x6e0 [ 369.509950][ T5838] ? __pfx_kobject_move+0x10/0x10 [ 369.514962][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 369.520156][ T5838] ? get_device_parent+0x366/0x3a0 [ 369.525256][ T5838] device_move+0x193/0x730 [ 369.529663][ T5838] hci_conn_del_sysfs+0xb8/0x1a0 [ 369.534592][ T5838] hci_conn_del+0xc36/0x1240 [ 369.539176][ T5838] hci_conn_hash_flush+0x191/0x260 [ 369.544280][ T5838] hci_dev_close_sync+0x821/0x1100 [ 369.549393][ T5838] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 369.554928][ T5838] ? up_write+0x1ac/0x410 [ 369.559250][ T5838] ? rcu_is_watching+0x15/0xb0 [ 369.564004][ T5838] hci_unregister_dev+0x21a/0x5b0 [ 369.569019][ T5838] vhci_release+0x152/0x1a0 [ 369.573511][ T5838] ? __pfx_vhci_release+0x10/0x10 [ 369.578522][ T5838] __fput+0x44c/0xa70 [ 369.582510][ T5838] task_work_run+0x1d4/0x260 [ 369.587091][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 369.592191][ T5838] ? kmem_cache_free+0x197/0x620 [ 369.597120][ T5838] ? do_exit+0x6c0/0x2310 [ 369.601441][ T5838] do_exit+0x6c5/0x2310 [ 369.605587][ T5838] ? do_raw_spin_lock+0x121/0x290 [ 369.610602][ T5838] ? __pfx_do_exit+0x10/0x10 [ 369.615186][ T5838] do_group_exit+0x21c/0x2d0 [ 369.619767][ T5838] ? lockdep_hardirqs_on+0x98/0x140 [ 369.624983][ T5838] get_signal+0x1285/0x1340 [ 369.629479][ T5838] arch_do_signal_or_restart+0x9a/0x7a0 [ 369.635017][ T5838] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 369.641164][ T5838] ? exit_to_user_mode_loop+0x55/0x4f0 [ 369.646613][ T5838] exit_to_user_mode_loop+0x87/0x4f0 [ 369.651886][ T5838] ? rcu_is_watching+0x15/0xb0 [ 369.656637][ T5838] do_syscall_64+0x2d0/0xf80 [ 369.661215][ T5838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.667266][ T5838] ? clear_bhb_loop+0x60/0xb0 [ 369.671934][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.677817][ T5838] RIP: 0033:0x7fc820b8e15c [ 369.682219][ T5838] Code: Unable to access opcode bytes at 0x7fc820b8e132. [ 369.689220][ T5838] RSP: 002b:00007ffd9853cdd0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 369.697622][ T5838] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007fc820b8e15c [ 369.705584][ T5838] RDX: 0000000000000030 RSI: 00007ffd9853ce90 RDI: 00000000000000f9 [ 369.713631][ T5838] RBP: 00007ffd9853ce3c R08: 0000000000000000 R09: 0079746972756365 [ 369.721592][ T5838] R10: 00007ffd9853c790 R11: 0000000000000246 R12: 0000000000000258 [ 369.729550][ T5838] R13: 00000000000927c0 R14: 000000000005a018 R15: 00007ffd9853ce90 [ 369.737515][ T5838] [ 369.740553][ T5838] Modules linked in: [ 369.745257][ T5838] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 369.778482][ T5838] RIP: 0010:klist_remove+0x14a/0x340 [ 369.783821][ T5838] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 49 c7 d5 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 2a c7 d5 f6 49 8b 44 24 58 48 89 44 24 08 [ 369.804033][ T5838] RSP: 0018:ffffc9000402f5e0 EFLAGS: 00010202 [ 369.810234][ T5838] RAX: 000000000000000b RBX: ffff8880336a1e80 RCX: 0000000000000000 [ 369.820678][ T5838] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 369.854165][ T5838] RBP: ffffc9000402f6e0 R08: ffffffff8f68cfc3 R09: 1ffffffff1ed19f8 [ 369.912155][ T5838] R10: dffffc0000000000 R11: fffffbfff1ed19f9 R12: 0000000000000000 [ 369.926026][ T5838] R13: 1ffff1100ad70f8c R14: ffff888056b87c60 R15: dffffc0000000000 [ 369.937959][ T5838] FS: 0000000000000000(0000) GS:ffff888125e35000(0000) knlGS:0000000000000000 [ 369.959781][ T5838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 369.966417][ T5838] CR2: 000055ad9b50d000 CR3: 000000000dd3a000 CR4: 00000000003526f0 [ 369.998411][ T5838] Kernel panic - not syncing: Fatal exception [ 370.004965][ T5838] Kernel Offset: disabled [ 370.009281][ T5838] Rebooting in 86400 seconds..