last executing test programs: 1.706635118s ago: executing program 0 (id=2499): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp', 0x5) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0)=0x102, 0x4f) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) shutdown(r0, 0x1) 1.612470222s ago: executing program 3 (id=2501): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280), 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0x1, 0xc001, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)={0x0, 0x0, 0x1, 'M'}, 0x9) 1.566286246s ago: executing program 0 (id=2504): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d80", @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 1.472972075s ago: executing program 0 (id=2506): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 989.529126ms ago: executing program 1 (id=2513): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000140)={0x8000000000000001, 0x8, '\x00', 0x1, &(0x7f0000000100)=[0x0]}) ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d3, &(0x7f0000000200)) 861.429814ms ago: executing program 1 (id=2516): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d80", @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 856.692724ms ago: executing program 4 (id=2517): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)='5', 0x1, 0x20000000, 0x0, 0x0) 778.426984ms ago: executing program 4 (id=2519): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x2}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40800) 765.987756ms ago: executing program 1 (id=2520): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 634.764132ms ago: executing program 1 (id=2522): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0x1}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414aa00000000200000000000000084000000080000002001"], 0x38, 0x4855}, 0x24000052) 634.292711ms ago: executing program 3 (id=2523): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00006000000080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000000180)) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4040000) 576.969541ms ago: executing program 2 (id=2524): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1, 0x4}, &(0x7f0000000340)=0x8) 569.32451ms ago: executing program 4 (id=2525): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x3b00, 0x0, 0x0) 517.720763ms ago: executing program 3 (id=2526): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r2, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}}}, 0x84) shutdown(r1, 0x1) 516.964006ms ago: executing program 0 (id=2527): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000d042abd70000100000000000000", @ANYRES32=0x0, @ANYBLOB="80f80400400000002c0012800c0001006d6163766c616e001c0002800600020000000000080001000200000008000300000027"], 0x4c}, 0x1, 0x0, 0x0, 0x24060080}, 0x8000) 442.700846ms ago: executing program 1 (id=2528): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800040000000000000b00200008000300", @ANYRES32, @ANYBLOB="0a000600080211000001000030005080110001004abee33908f8eef16f162471f4000000080007"], 0x58}}, 0x0) 431.630841ms ago: executing program 4 (id=2529): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xb, 0xb}, {0xa, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r8, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x1c, r7, 0x1, 0xd8, 0x6, @multicast}, 0x14) 408.23216ms ago: executing program 2 (id=2530): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d80", @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 362.322433ms ago: executing program 0 (id=2531): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r0, 0x801, 0x70bd29, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0) 339.343021ms ago: executing program 3 (id=2532): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)={0x40, r1, 0x105, 0xffffffff, 0xa, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x14, 0x49, [0xfac0d, 0xfac0c, 0xfac02, 0xfac0a]}], @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4004050) 311.698401ms ago: executing program 1 (id=2533): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280), 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0x1, 0xc001, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)={0x0, 0x0, 0x1, 'M'}, 0x9) 288.535099ms ago: executing program 2 (id=2534): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4404c880) sendto$inet6(r0, &(0x7f0000000140)="51557f9a538dcc49cae4758af509141bca5e7e7bc2c87d", 0x17, 0x3b00, 0x0, 0x0) 246.078876ms ago: executing program 0 (id=2535): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000300)={0x0, 0xff61}, 0x8) 188.975523ms ago: executing program 2 (id=2536): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r1, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x18, 0x20, 0xff, r5}, [@IFA_LOCAL={0x8, 0x2, @loopback}]}, 0x20}, 0x1, 0x0, 0x0, 0xc090}, 0x20008840) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}}) 181.068867ms ago: executing program 3 (id=2537): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdfff}, 0x14}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r5, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) 108.520333ms ago: executing program 4 (id=2538): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e00, 0x10007fff, @loopback, 0x627bcafb}, 0x1c) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 107.701993ms ago: executing program 2 (id=2539): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x3b00, 0x0, 0x0) 79.270892ms ago: executing program 3 (id=2540): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 26.845833ms ago: executing program 4 (id=2541): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000140)="41000200010001", 0x7) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 0s ago: executing program 2 (id=2542): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r2, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}}}, 0x84) shutdown(r1, 0x1) kernel console output (not intermixed with test programs): attributes in process `syz.3.29'. [ 79.130437][ T5997] macvtap1: entered promiscuous mode [ 79.136022][ T5997] vlan0: entered promiscuous mode [ 79.141976][ T5997] macvtap1: entered allmulticast mode [ 79.149132][ T5997] vlan0: entered allmulticast mode [ 79.154278][ T5997] veth0_vlan: entered allmulticast mode [ 79.238353][ T6009] syzkaller0: entered promiscuous mode [ 79.243863][ T6009] syzkaller0: entered allmulticast mode [ 79.253313][ T5149] Bluetooth: hci1: command tx timeout [ 79.323474][ T6021] xt_socket: unknown flags 0x50 [ 79.332451][ T5149] Bluetooth: hci2: command tx timeout [ 79.408644][ T5149] Bluetooth: hci3: command tx timeout [ 79.488161][ T5149] Bluetooth: hci4: command tx timeout [ 79.558674][ T6029] FAULT_INJECTION: forcing a failure. [ 79.558674][ T6029] name failslab, interval 1, probability 0, space 0, times 1 [ 79.574302][ T6029] CPU: 0 UID: 0 PID: 6029 Comm: syz.4.32 Not tainted syzkaller #0 PREEMPT(full) [ 79.574326][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.574343][ T6029] Call Trace: [ 79.574350][ T6029] [ 79.574357][ T6029] dump_stack_lvl+0x189/0x250 [ 79.574387][ T6029] ? __pfx____ratelimit+0x10/0x10 [ 79.574407][ T6029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.574425][ T6029] ? __pfx__printk+0x10/0x10 [ 79.574443][ T6029] ? __lock_acquire+0xab9/0xd20 [ 79.574462][ T6029] should_fail_ex+0x414/0x560 [ 79.574486][ T6029] should_failslab+0xa8/0x100 [ 79.574501][ T6029] kmem_cache_alloc_noprof+0x74/0x6e0 [ 79.574519][ T6029] ? skb_clone+0x212/0x3a0 [ 79.574542][ T6029] skb_clone+0x212/0x3a0 [ 79.574559][ T6029] __netlink_deliver_tap+0x404/0x850 [ 79.574588][ T6029] ? netlink_deliver_tap+0x2e/0x1b0 [ 79.574608][ T6029] netlink_deliver_tap+0x19c/0x1b0 [ 79.574628][ T6029] netlink_unicast+0x7fa/0x9e0 [ 79.574652][ T6029] ? __pfx_netlink_unicast+0x10/0x10 [ 79.574672][ T6029] ? netlink_sendmsg+0x642/0xb30 [ 79.574682][ T6029] ? skb_put+0x11b/0x210 [ 79.574697][ T6029] netlink_sendmsg+0x805/0xb30 [ 79.574716][ T6029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.574738][ T6029] ? aa_sock_msg_perm+0xf1/0x1d0 [ 79.574759][ T6029] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 79.574772][ T6029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.574793][ T6029] __sock_sendmsg+0x21c/0x270 [ 79.574812][ T6029] ____sys_sendmsg+0x505/0x830 [ 79.574830][ T6029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 79.574851][ T6029] ? import_iovec+0x74/0xa0 [ 79.574870][ T6029] ___sys_sendmsg+0x21f/0x2a0 [ 79.574886][ T6029] ? __pfx____sys_sendmsg+0x10/0x10 [ 79.574943][ T6029] ? __fget_files+0x2a/0x420 [ 79.574959][ T6029] ? __fget_files+0x3a0/0x420 [ 79.574984][ T6029] __x64_sys_sendmsg+0x19b/0x260 [ 79.575004][ T6029] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 79.575031][ T6029] ? __pfx_ksys_write+0x10/0x10 [ 79.575059][ T6029] ? do_syscall_64+0xbe/0xfa0 [ 79.575084][ T6029] do_syscall_64+0xfa/0xfa0 [ 79.575103][ T6029] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.575124][ T6029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.575141][ T6029] ? clear_bhb_loop+0x60/0xb0 [ 79.575163][ T6029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.575180][ T6029] RIP: 0033:0x7f9fb018efc9 [ 79.575201][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.575215][ T6029] RSP: 002b:00007f9fb10df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.575234][ T6029] RAX: ffffffffffffffda RBX: 00007f9fb03e5fa0 RCX: 00007f9fb018efc9 [ 79.575247][ T6029] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 79.575258][ T6029] RBP: 00007f9fb10df090 R08: 0000000000000000 R09: 0000000000000000 [ 79.575269][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.575279][ T6029] R13: 00007f9fb03e6038 R14: 00007f9fb03e5fa0 R15: 00007ffe23bcaef8 [ 79.575310][ T6029] [ 80.838255][ T6083] 8021q: adding VLAN 0 to HW filter on device bond1 [ 80.927059][ T6090] IPVS: set_ctl: invalid protocol: 59 172.20.20.56:20003 [ 80.942898][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.53'. [ 80.953976][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.53'. [ 81.283108][ T6113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.58'. [ 81.587194][ T6130] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.600819][ T981] cfg80211: failed to load regulatory.db [ 81.614631][ T6127] netlink: 'syz.0.64': attribute type 1 has an invalid length. [ 81.687656][ T6127] netlink: 'syz.0.64': attribute type 10 has an invalid length. [ 81.732457][ T6135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.62'. [ 81.812314][ T6130] bond1 (unregistering): Released all slaves [ 81.887643][ T5825] Bluetooth: hci4: command 0x0405 tx timeout [ 81.920201][ T6127] netlink: 36 bytes leftover after parsing attributes in process `syz.0.64'. [ 81.922168][ T6144] FAULT_INJECTION: forcing a failure. [ 81.922168][ T6144] name failslab, interval 1, probability 0, space 0, times 0 [ 81.929765][ T6135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.946391][ T6144] CPU: 1 UID: 0 PID: 6144 Comm: syz.1.69 Not tainted syzkaller #0 PREEMPT(full) [ 81.946414][ T6144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 81.946424][ T6144] Call Trace: [ 81.946431][ T6144] [ 81.946438][ T6144] dump_stack_lvl+0x189/0x250 [ 81.946465][ T6144] ? __pfx____ratelimit+0x10/0x10 [ 81.946485][ T6144] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.946508][ T6144] ? __pfx__printk+0x10/0x10 [ 81.946531][ T6144] ? __lock_acquire+0xab9/0xd20 [ 81.946554][ T6144] should_fail_ex+0x414/0x560 [ 81.946584][ T6144] should_failslab+0xa8/0x100 [ 81.946603][ T6144] kmem_cache_alloc_noprof+0x74/0x6e0 [ 81.946627][ T6144] ? skb_clone+0x212/0x3a0 [ 81.946649][ T6144] skb_clone+0x212/0x3a0 [ 81.946671][ T6144] __netlink_deliver_tap+0x404/0x850 [ 81.946708][ T6144] ? netlink_deliver_tap+0x2e/0x1b0 [ 81.946733][ T6144] netlink_deliver_tap+0x19c/0x1b0 [ 81.946759][ T6144] netlink_unicast+0x7fa/0x9e0 [ 81.946789][ T6144] ? __pfx_netlink_unicast+0x10/0x10 [ 81.946814][ T6144] ? netlink_sendmsg+0x642/0xb30 [ 81.946828][ T6144] ? skb_put+0x11b/0x210 [ 81.946846][ T6144] netlink_sendmsg+0x805/0xb30 [ 81.946871][ T6144] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.946905][ T6144] ? aa_sock_msg_perm+0xf1/0x1d0 [ 81.946931][ T6144] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 81.946947][ T6144] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.946972][ T6144] __sock_sendmsg+0x21c/0x270 [ 81.946997][ T6144] ____sys_sendmsg+0x505/0x830 [ 81.947021][ T6144] ? __pfx_____sys_sendmsg+0x10/0x10 [ 81.947047][ T6144] ? import_iovec+0x74/0xa0 [ 81.947072][ T6144] ___sys_sendmsg+0x21f/0x2a0 [ 81.947092][ T6144] ? __pfx____sys_sendmsg+0x10/0x10 [ 81.947145][ T6144] ? __fget_files+0x2a/0x420 [ 81.947160][ T6144] ? __fget_files+0x3a0/0x420 [ 81.947187][ T6144] __x64_sys_sendmsg+0x19b/0x260 [ 81.947207][ T6144] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 81.947234][ T6144] ? __pfx_ksys_write+0x10/0x10 [ 81.947261][ T6144] ? do_syscall_64+0xbe/0xfa0 [ 81.947285][ T6144] do_syscall_64+0xfa/0xfa0 [ 81.947309][ T6144] ? lockdep_hardirqs_on+0x9c/0x150 [ 81.947329][ T6144] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.947345][ T6144] ? clear_bhb_loop+0x60/0xb0 [ 81.947366][ T6144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.947382][ T6144] RIP: 0033:0x7fb7b8f8efc9 [ 81.947397][ T6144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.947411][ T6144] RSP: 002b:00007fb7b9dc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.947429][ T6144] RAX: ffffffffffffffda RBX: 00007fb7b91e6090 RCX: 00007fb7b8f8efc9 [ 81.947441][ T6144] RDX: 0000000004044844 RSI: 0000200000000300 RDI: 0000000000000003 [ 81.947453][ T6144] RBP: 00007fb7b9dc8090 R08: 0000000000000000 R09: 0000000000000000 [ 81.947462][ T6144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.947472][ T6144] R13: 00007fb7b91e6128 R14: 00007fb7b91e6090 R15: 00007ffc3a32e508 [ 81.947503][ T6144] [ 82.270835][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.280144][ T6135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.298589][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.330354][ T6138] tipc: Enabling not permitted [ 82.336385][ T6138] tipc: Enabling of bearer rejected, failed to enable media [ 82.375046][ T6124] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 82.430659][ T6153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.71'. [ 82.548117][ T6155] Illegal XDP return value 1436212509 on prog (id 6) dev N/A, expect packet loss! [ 82.616584][ T6160] syzkaller0: entered promiscuous mode [ 82.630634][ T6160] syzkaller0: entered allmulticast mode [ 82.644193][ T6165] netlink: 'syz.3.75': attribute type 1 has an invalid length. [ 82.801438][ T6160] netlink: 'syz.1.74': attribute type 10 has an invalid length. [ 83.049247][ T6191] FAULT_INJECTION: forcing a failure. [ 83.049247][ T6191] name failslab, interval 1, probability 0, space 0, times 0 [ 83.087059][ T6191] CPU: 0 UID: 0 PID: 6191 Comm: syz.2.84 Not tainted syzkaller #0 PREEMPT(full) [ 83.087103][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 83.087123][ T6191] Call Trace: [ 83.087136][ T6191] [ 83.087150][ T6191] dump_stack_lvl+0x189/0x250 [ 83.087203][ T6191] ? __pfx____ratelimit+0x10/0x10 [ 83.087247][ T6191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.087300][ T6191] ? __pfx__printk+0x10/0x10 [ 83.087344][ T6191] ? __pfx___might_resched+0x10/0x10 [ 83.087361][ T6191] ? fs_reclaim_acquire+0x7d/0x100 [ 83.087392][ T6191] should_fail_ex+0x414/0x560 [ 83.087422][ T6191] should_failslab+0xa8/0x100 [ 83.087442][ T6191] __kmalloc_noprof+0xcb/0x7f0 [ 83.087464][ T6191] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 83.087486][ T6191] ? rcu_is_watching+0x15/0xb0 [ 83.087510][ T6191] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 83.087548][ T6191] genl_family_rcv_msg_doit+0xb8/0x300 [ 83.087576][ T6191] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 83.087597][ T6191] ? __pfx___mutex_lock+0x10/0x10 [ 83.087621][ T6191] ? __pfx_genl_get_cmd+0x10/0x10 [ 83.087638][ T6191] ? __pfx_tipc_nl_bearer_enable+0x10/0x10 [ 83.087674][ T6191] genl_rcv_msg+0x60e/0x790 [ 83.087700][ T6191] ? __pfx_genl_rcv_msg+0x10/0x10 [ 83.087719][ T6191] ? __pfx_tipc_nl_bearer_enable+0x10/0x10 [ 83.087744][ T6191] ? __asan_memcpy+0x40/0x70 [ 83.087765][ T6191] ? __pfx_ref_tracker_free+0x10/0x10 [ 83.087790][ T6191] netlink_rcv_skb+0x208/0x470 [ 83.087810][ T6191] ? __lock_acquire+0xab9/0xd20 [ 83.087826][ T6191] ? __pfx_genl_rcv_msg+0x10/0x10 [ 83.087845][ T6191] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 83.087885][ T6191] ? down_read+0x1ad/0x2e0 [ 83.087908][ T6191] genl_rcv+0x28/0x40 [ 83.087926][ T6191] netlink_unicast+0x82f/0x9e0 [ 83.087955][ T6191] ? __pfx_netlink_unicast+0x10/0x10 [ 83.087978][ T6191] ? netlink_sendmsg+0x642/0xb30 [ 83.087992][ T6191] ? skb_put+0x11b/0x210 [ 83.088012][ T6191] netlink_sendmsg+0x805/0xb30 [ 83.088038][ T6191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.088066][ T6191] ? aa_sock_msg_perm+0xf1/0x1d0 [ 83.088091][ T6191] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 83.088107][ T6191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.088131][ T6191] __sock_sendmsg+0x21c/0x270 [ 83.088155][ T6191] ____sys_sendmsg+0x505/0x830 [ 83.088178][ T6191] ? __pfx_____sys_sendmsg+0x10/0x10 [ 83.088204][ T6191] ? import_iovec+0x74/0xa0 [ 83.088229][ T6191] ___sys_sendmsg+0x21f/0x2a0 [ 83.088249][ T6191] ? __pfx____sys_sendmsg+0x10/0x10 [ 83.088304][ T6191] ? __fget_files+0x2a/0x420 [ 83.088320][ T6191] ? __fget_files+0x3a0/0x420 [ 83.088347][ T6191] __x64_sys_sendmsg+0x19b/0x260 [ 83.088368][ T6191] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 83.088397][ T6191] ? __pfx_ksys_write+0x10/0x10 [ 83.088423][ T6191] ? do_syscall_64+0xbe/0xfa0 [ 83.088448][ T6191] do_syscall_64+0xfa/0xfa0 [ 83.088466][ T6191] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.088486][ T6191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.088503][ T6191] ? clear_bhb_loop+0x60/0xb0 [ 83.088548][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.088564][ T6191] RIP: 0033:0x7fd32318efc9 [ 83.088580][ T6191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.088595][ T6191] RSP: 002b:00007fd323fe7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.088613][ T6191] RAX: ffffffffffffffda RBX: 00007fd3233e5fa0 RCX: 00007fd32318efc9 [ 83.088626][ T6191] RDX: 0000000004044844 RSI: 0000200000000300 RDI: 0000000000000003 [ 83.088637][ T6191] RBP: 00007fd323fe7090 R08: 0000000000000000 R09: 0000000000000000 [ 83.088646][ T6191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.088656][ T6191] R13: 00007fd3233e6038 R14: 00007fd3233e5fa0 R15: 00007fff9a76a5b8 [ 83.088687][ T6191] [ 83.482979][ T6199] netlink: 'syz.1.87': attribute type 10 has an invalid length. [ 83.492471][ T6199] veth0_virt_wifi: entered allmulticast mode [ 83.505536][ T6199] team0: Port device veth0_virt_wifi added [ 83.669114][ T6208] FAULT_INJECTION: forcing a failure. [ 83.669114][ T6208] name failslab, interval 1, probability 0, space 0, times 0 [ 83.681900][ T6208] CPU: 0 UID: 0 PID: 6208 Comm: syz.4.91 Not tainted syzkaller #0 PREEMPT(full) [ 83.681922][ T6208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 83.681932][ T6208] Call Trace: [ 83.681939][ T6208] [ 83.681947][ T6208] dump_stack_lvl+0x189/0x250 [ 83.681974][ T6208] ? __pfx____ratelimit+0x10/0x10 [ 83.681995][ T6208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.682017][ T6208] ? __pfx__printk+0x10/0x10 [ 83.682040][ T6208] ? __pfx___might_resched+0x10/0x10 [ 83.682058][ T6208] ? fs_reclaim_acquire+0x7d/0x100 [ 83.682086][ T6208] should_fail_ex+0x414/0x560 [ 83.682116][ T6208] should_failslab+0xa8/0x100 [ 83.682136][ T6208] kmem_cache_alloc_node_noprof+0x77/0x710 [ 83.682159][ T6208] ? __alloc_skb+0x112/0x2d0 [ 83.682180][ T6208] ? __build_skb_around+0x262/0x3f0 [ 83.682207][ T6208] __alloc_skb+0x112/0x2d0 [ 83.682233][ T6208] tipc_nl_compat_dumpit+0x34d/0x7b0 [ 83.682261][ T6208] tipc_nl_compat_recv+0x802/0xbe0 [ 83.682284][ T6208] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 83.682301][ T6208] ? __mutex_trylock_common+0x153/0x260 [ 83.682321][ T6208] ? __pfx_tipc_nl_bearer_dump+0x10/0x10 [ 83.682342][ T6208] ? __pfx_tipc_nl_compat_bearer_dump+0x10/0x10 [ 83.682360][ T6208] ? __pfx___mutex_trylock_common+0x10/0x10 [ 83.682378][ T6208] ? __local_bh_enable_ip+0x12d/0x1c0 [ 83.682404][ T6208] ? trace_contention_end+0x39/0x120 [ 83.682435][ T6208] genl_family_rcv_msg_doit+0x215/0x300 [ 83.682463][ T6208] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 83.682518][ T6208] genl_rcv_msg+0x60e/0x790 [ 83.682545][ T6208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 83.682565][ T6208] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 83.682585][ T6208] ? __asan_memcpy+0x40/0x70 [ 83.682606][ T6208] ? __pfx_ref_tracker_free+0x10/0x10 [ 83.682630][ T6208] netlink_rcv_skb+0x208/0x470 [ 83.682652][ T6208] ? __lock_acquire+0xab9/0xd20 [ 83.682670][ T6208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 83.682690][ T6208] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 83.682733][ T6208] ? down_read+0x1ad/0x2e0 [ 83.682760][ T6208] genl_rcv+0x28/0x40 [ 83.682778][ T6208] netlink_unicast+0x82f/0x9e0 [ 83.682810][ T6208] ? __pfx_netlink_unicast+0x10/0x10 [ 83.682834][ T6208] ? netlink_sendmsg+0x642/0xb30 [ 83.682847][ T6208] ? skb_put+0x11b/0x210 [ 83.682867][ T6208] netlink_sendmsg+0x805/0xb30 [ 83.682893][ T6208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.682922][ T6208] ? aa_sock_msg_perm+0xf1/0x1d0 [ 83.682947][ T6208] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 83.682964][ T6208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.682989][ T6208] __sock_sendmsg+0x21c/0x270 [ 83.683015][ T6208] ____sys_sendmsg+0x505/0x830 [ 83.683038][ T6208] ? __pfx_____sys_sendmsg+0x10/0x10 [ 83.683067][ T6208] ? import_iovec+0x74/0xa0 [ 83.683092][ T6208] ___sys_sendmsg+0x21f/0x2a0 [ 83.683112][ T6208] ? __pfx____sys_sendmsg+0x10/0x10 [ 83.683164][ T6208] ? __fget_files+0x2a/0x420 [ 83.683180][ T6208] ? __fget_files+0x3a0/0x420 [ 83.683207][ T6208] __x64_sys_sendmsg+0x19b/0x260 [ 83.683227][ T6208] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 83.683255][ T6208] ? __pfx_ksys_write+0x10/0x10 [ 83.683282][ T6208] ? do_syscall_64+0xbe/0xfa0 [ 83.683307][ T6208] do_syscall_64+0xfa/0xfa0 [ 83.683327][ T6208] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.683347][ T6208] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.683364][ T6208] ? clear_bhb_loop+0x60/0xb0 [ 83.683385][ T6208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.683401][ T6208] RIP: 0033:0x7f9fb018efc9 [ 83.683417][ T6208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.683431][ T6208] RSP: 002b:00007f9fb10df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.683450][ T6208] RAX: ffffffffffffffda RBX: 00007f9fb03e5fa0 RCX: 00007f9fb018efc9 [ 83.683462][ T6208] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 83.683473][ T6208] RBP: 00007f9fb10df090 R08: 0000000000000000 R09: 0000000000000000 [ 83.683483][ T6208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.683500][ T6208] R13: 00007f9fb03e6038 R14: 00007f9fb03e5fa0 R15: 00007ffe23bcaef8 [ 83.683532][ T6208] [ 84.406267][ T6220] syz.1.95 (6220) used greatest stack depth: 15832 bytes left [ 84.791627][ T6254] sch_tbf: burst 5 is lower than device syzkaller0 mtu (1514) ! [ 84.798116][ T6250] netlink: 24 bytes leftover after parsing attributes in process `syz.3.104'. [ 84.799798][ T6254] netlink: 16 bytes leftover after parsing attributes in process `syz.4.106'. [ 84.982064][ T6262] netlink: 40 bytes leftover after parsing attributes in process `syz.4.110'. [ 85.003050][ T6264] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 85.007857][ T6262] netlink: 40 bytes leftover after parsing attributes in process `syz.4.110'. [ 85.028971][ T6264] Cannot find map_set index 0 as target [ 85.230035][ T6275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.115'. [ 85.348996][ T6289] tipc: Enabling not permitted [ 85.354605][ T6289] tipc: Enabling of bearer rejected, failed to enable media [ 85.390507][ T6289] FAULT_INJECTION: forcing a failure. [ 85.390507][ T6289] name failslab, interval 1, probability 0, space 0, times 0 [ 85.450846][ T6289] CPU: 0 UID: 0 PID: 6289 Comm: syz.4.117 Not tainted syzkaller #0 PREEMPT(full) [ 85.450865][ T6289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 85.450873][ T6289] Call Trace: [ 85.450878][ T6289] [ 85.450884][ T6289] dump_stack_lvl+0x189/0x250 [ 85.450908][ T6289] ? __pfx____ratelimit+0x10/0x10 [ 85.450925][ T6289] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.450942][ T6289] ? __pfx__printk+0x10/0x10 [ 85.450963][ T6289] ? __pfx___might_resched+0x10/0x10 [ 85.450982][ T6289] should_fail_ex+0x414/0x560 [ 85.451010][ T6289] should_failslab+0xa8/0x100 [ 85.451025][ T6289] kmem_cache_alloc_node_noprof+0x77/0x710 [ 85.451045][ T6289] ? __alloc_skb+0x112/0x2d0 [ 85.451074][ T6289] __alloc_skb+0x112/0x2d0 [ 85.451101][ T6289] netlink_ack+0x146/0xa50 [ 85.451123][ T6289] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.451147][ T6289] ? __asan_memcpy+0x40/0x70 [ 85.451167][ T6289] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.451193][ T6289] netlink_rcv_skb+0x28c/0x470 [ 85.451215][ T6289] ? __lock_acquire+0xab9/0xd20 [ 85.451233][ T6289] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.451254][ T6289] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.451299][ T6289] ? down_read+0x1ad/0x2e0 [ 85.451333][ T6289] genl_rcv+0x28/0x40 [ 85.451350][ T6289] netlink_unicast+0x82f/0x9e0 [ 85.451383][ T6289] ? __pfx_netlink_unicast+0x10/0x10 [ 85.451407][ T6289] ? netlink_sendmsg+0x642/0xb30 [ 85.451421][ T6289] ? skb_put+0x11b/0x210 [ 85.451441][ T6289] netlink_sendmsg+0x805/0xb30 [ 85.451467][ T6289] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.451496][ T6289] ? aa_sock_msg_perm+0xf1/0x1d0 [ 85.451522][ T6289] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.451537][ T6289] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.451562][ T6289] __sock_sendmsg+0x21c/0x270 [ 85.451587][ T6289] ____sys_sendmsg+0x505/0x830 [ 85.451611][ T6289] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.451639][ T6289] ? import_iovec+0x74/0xa0 [ 85.451664][ T6289] ___sys_sendmsg+0x21f/0x2a0 [ 85.451684][ T6289] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.451741][ T6289] ? __fget_files+0x2a/0x420 [ 85.451756][ T6289] ? __fget_files+0x3a0/0x420 [ 85.451784][ T6289] __x64_sys_sendmsg+0x19b/0x260 [ 85.451805][ T6289] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.451832][ T6289] ? __pfx_ksys_write+0x10/0x10 [ 85.451858][ T6289] ? do_syscall_64+0xbe/0xfa0 [ 85.451886][ T6289] do_syscall_64+0xfa/0xfa0 [ 85.451905][ T6289] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.451926][ T6289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.451943][ T6289] ? clear_bhb_loop+0x60/0xb0 [ 85.451965][ T6289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.451982][ T6289] RIP: 0033:0x7f9fb018efc9 [ 85.451998][ T6289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.452012][ T6289] RSP: 002b:00007f9fb10df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.452032][ T6289] RAX: ffffffffffffffda RBX: 00007f9fb03e5fa0 RCX: 00007f9fb018efc9 [ 85.452044][ T6289] RDX: 0000000004044844 RSI: 0000200000000300 RDI: 0000000000000003 [ 85.452056][ T6289] RBP: 00007f9fb10df090 R08: 0000000000000000 R09: 0000000000000000 [ 85.452066][ T6289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.452077][ T6289] R13: 00007f9fb03e6038 R14: 00007f9fb03e5fa0 R15: 00007ffe23bcaef8 [ 85.452108][ T6289] [ 85.780321][ T6249] delete_channel: no stack [ 85.849782][ T6296] delete_channel: no stack [ 85.864804][ T6296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.121'. [ 85.877878][ T6294] netlink: 'syz.2.120': attribute type 1 has an invalid length. [ 85.940644][ T6299] FAULT_INJECTION: forcing a failure. [ 85.940644][ T6299] name failslab, interval 1, probability 0, space 0, times 0 [ 85.953464][ T6299] CPU: 0 UID: 0 PID: 6299 Comm: syz.1.124 Not tainted syzkaller #0 PREEMPT(full) [ 85.953486][ T6299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 85.953496][ T6299] Call Trace: [ 85.953503][ T6299] [ 85.953510][ T6299] dump_stack_lvl+0x189/0x250 [ 85.953544][ T6299] ? __pfx____ratelimit+0x10/0x10 [ 85.953566][ T6299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.953589][ T6299] ? __pfx__printk+0x10/0x10 [ 85.953613][ T6299] ? __pfx___might_resched+0x10/0x10 [ 85.953631][ T6299] ? fs_reclaim_acquire+0x7d/0x100 [ 85.953660][ T6299] should_fail_ex+0x414/0x560 [ 85.953690][ T6299] should_failslab+0xa8/0x100 [ 85.953710][ T6299] kmem_cache_alloc_node_noprof+0x77/0x710 [ 85.953732][ T6299] ? __kasan_slab_alloc+0x6c/0x80 [ 85.953755][ T6299] ? __alloc_skb+0x112/0x2d0 [ 85.953776][ T6299] ? __alloc_skb+0x142/0x2d0 [ 85.953795][ T6299] ? tipc_nl_compat_dumpit+0x34d/0x7b0 [ 85.953813][ T6299] ? tipc_nl_compat_recv+0x802/0xbe0 [ 85.953836][ T6299] __alloc_skb+0x112/0x2d0 [ 85.953864][ T6299] __tipc_nl_compat_dumpit+0x155/0xb70 [ 85.953902][ T6299] ? __pfx___tipc_nl_compat_dumpit+0x10/0x10 [ 85.953941][ T6299] ? rcu_is_watching+0x15/0xb0 [ 85.953977][ T6299] ? __asan_memset+0x22/0x50 [ 85.953999][ T6299] ? __nlmsg_put+0xef/0x1b0 [ 85.954026][ T6299] tipc_nl_compat_dumpit+0x566/0x7b0 [ 85.954050][ T6299] tipc_nl_compat_recv+0x802/0xbe0 [ 85.954071][ T6299] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 85.954088][ T6299] ? __mutex_trylock_common+0x153/0x260 [ 85.954107][ T6299] ? __pfx_tipc_nl_bearer_dump+0x10/0x10 [ 85.954128][ T6299] ? __pfx_tipc_nl_compat_bearer_dump+0x10/0x10 [ 85.954146][ T6299] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.954165][ T6299] ? __local_bh_enable_ip+0x12d/0x1c0 [ 85.954190][ T6299] ? trace_contention_end+0x39/0x120 [ 85.954218][ T6299] genl_family_rcv_msg_doit+0x215/0x300 [ 85.954244][ T6299] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 85.954283][ T6299] genl_rcv_msg+0x60e/0x790 [ 85.954308][ T6299] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.954324][ T6299] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 85.954343][ T6299] ? __asan_memcpy+0x40/0x70 [ 85.954364][ T6299] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.954388][ T6299] netlink_rcv_skb+0x208/0x470 [ 85.954409][ T6299] ? __lock_acquire+0xab9/0xd20 [ 85.954427][ T6299] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.954448][ T6299] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.954487][ T6299] ? down_read+0x1ad/0x2e0 [ 85.954510][ T6299] genl_rcv+0x28/0x40 [ 85.954534][ T6299] netlink_unicast+0x82f/0x9e0 [ 85.954566][ T6299] ? __pfx_netlink_unicast+0x10/0x10 [ 85.954587][ T6299] ? netlink_sendmsg+0x642/0xb30 [ 85.954599][ T6299] ? skb_put+0x11b/0x210 [ 85.954619][ T6299] netlink_sendmsg+0x805/0xb30 [ 85.954646][ T6299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.954674][ T6299] ? aa_sock_msg_perm+0xf1/0x1d0 [ 85.954699][ T6299] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.954713][ T6299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.954738][ T6299] __sock_sendmsg+0x21c/0x270 [ 85.954762][ T6299] ____sys_sendmsg+0x505/0x830 [ 85.954785][ T6299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.954813][ T6299] ? import_iovec+0x74/0xa0 [ 85.954837][ T6299] ___sys_sendmsg+0x21f/0x2a0 [ 85.954856][ T6299] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.954915][ T6299] ? __fget_files+0x2a/0x420 [ 85.954930][ T6299] ? __fget_files+0x3a0/0x420 [ 85.954956][ T6299] __x64_sys_sendmsg+0x19b/0x260 [ 85.954975][ T6299] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.955002][ T6299] ? __pfx_ksys_write+0x10/0x10 [ 85.955028][ T6299] ? do_syscall_64+0xbe/0xfa0 [ 85.955051][ T6299] do_syscall_64+0xfa/0xfa0 [ 85.955069][ T6299] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.955090][ T6299] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.955106][ T6299] ? clear_bhb_loop+0x60/0xb0 [ 85.955126][ T6299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.955142][ T6299] RIP: 0033:0x7fb7b8f8efc9 [ 85.955158][ T6299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.955172][ T6299] RSP: 002b:00007fb7b9de9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.955191][ T6299] RAX: ffffffffffffffda RBX: 00007fb7b91e5fa0 RCX: 00007fb7b8f8efc9 [ 85.955204][ T6299] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 85.955214][ T6299] RBP: 00007fb7b9de9090 R08: 0000000000000000 R09: 0000000000000000 [ 85.955224][ T6299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.955234][ T6299] R13: 00007fb7b91e6038 R14: 00007fb7b91e5fa0 R15: 00007ffc3a32e508 [ 85.955263][ T6299] [ 86.553903][ T6308] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 86.561182][ T6308] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 86.730944][ T6317] netlink: 36 bytes leftover after parsing attributes in process `syz.4.127'. [ 87.050704][ T6339] netlink: 16 bytes leftover after parsing attributes in process `syz.1.134'. [ 87.061951][ T6333] netlink: 'syz.3.133': attribute type 30 has an invalid length. [ 87.220606][ T6349] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 87.228035][ T6349] Cannot find map_set index 0 as target [ 87.294652][ T6351] netlink: 68 bytes leftover after parsing attributes in process `syz.0.139'. [ 87.522702][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.142'. [ 87.568289][ T6365] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.776559][ T6378] netlink: 'syz.2.146': attribute type 1 has an invalid length. [ 87.935333][ T6385] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 88.001102][ T6387] netlink: 52 bytes leftover after parsing attributes in process `syz.3.150'. [ 88.060791][ T6390] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 88.153647][ T6396] netlink: 'syz.4.153': attribute type 21 has an invalid length. [ 88.178295][ T6396] netlink: 128 bytes leftover after parsing attributes in process `syz.4.153'. [ 88.236816][ T6396] netlink: 'syz.4.153': attribute type 4 has an invalid length. [ 88.268443][ T6396] netlink: 'syz.4.153': attribute type 5 has an invalid length. [ 88.277944][ T6396] netlink: 3 bytes leftover after parsing attributes in process `syz.4.153'. [ 88.575339][ T6417] SET target dimension over the limit! [ 88.797699][ T6427] FAULT_INJECTION: forcing a failure. [ 88.797699][ T6427] name failslab, interval 1, probability 0, space 0, times 0 [ 88.830698][ T6427] CPU: 1 UID: 0 PID: 6427 Comm: syz.4.164 Not tainted syzkaller #0 PREEMPT(full) [ 88.830723][ T6427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 88.830733][ T6427] Call Trace: [ 88.830740][ T6427] [ 88.830748][ T6427] dump_stack_lvl+0x189/0x250 [ 88.830775][ T6427] ? __pfx____ratelimit+0x10/0x10 [ 88.830797][ T6427] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.830818][ T6427] ? __pfx__printk+0x10/0x10 [ 88.830843][ T6427] ? __pfx___might_resched+0x10/0x10 [ 88.830867][ T6427] should_fail_ex+0x414/0x560 [ 88.830896][ T6427] should_failslab+0xa8/0x100 [ 88.830916][ T6427] __kmalloc_noprof+0xcb/0x7f0 [ 88.830938][ T6427] ? __tipc_nl_compat_dumpit+0x23c/0xb70 [ 88.830957][ T6427] ? _raw_spin_unlock+0x28/0x50 [ 88.830980][ T6427] __tipc_nl_compat_dumpit+0x23c/0xb70 [ 88.831022][ T6427] ? __pfx___tipc_nl_compat_dumpit+0x10/0x10 [ 88.831057][ T6427] ? rcu_is_watching+0x15/0xb0 [ 88.831094][ T6427] ? __asan_memset+0x22/0x50 [ 88.831115][ T6427] ? __nlmsg_put+0xef/0x1b0 [ 88.831142][ T6427] tipc_nl_compat_dumpit+0x566/0x7b0 [ 88.831170][ T6427] tipc_nl_compat_recv+0x802/0xbe0 [ 88.831193][ T6427] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 88.831209][ T6427] ? __mutex_trylock_common+0x153/0x260 [ 88.831228][ T6427] ? __pfx_tipc_nl_bearer_dump+0x10/0x10 [ 88.831249][ T6427] ? __pfx_tipc_nl_compat_bearer_dump+0x10/0x10 [ 88.831268][ T6427] ? __pfx___mutex_trylock_common+0x10/0x10 [ 88.831285][ T6427] ? __local_bh_enable_ip+0x12d/0x1c0 [ 88.831311][ T6427] ? trace_contention_end+0x39/0x120 [ 88.831339][ T6427] genl_family_rcv_msg_doit+0x215/0x300 [ 88.831367][ T6427] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 88.831410][ T6427] genl_rcv_msg+0x60e/0x790 [ 88.831437][ T6427] ? __pfx_genl_rcv_msg+0x10/0x10 [ 88.831456][ T6427] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 88.831477][ T6427] ? __asan_memcpy+0x40/0x70 [ 88.831497][ T6427] ? __pfx_ref_tracker_free+0x10/0x10 [ 88.831522][ T6427] netlink_rcv_skb+0x208/0x470 [ 88.831542][ T6427] ? __lock_acquire+0xab9/0xd20 [ 88.831558][ T6427] ? __pfx_genl_rcv_msg+0x10/0x10 [ 88.831577][ T6427] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 88.831619][ T6427] ? down_read+0x1ad/0x2e0 [ 88.831645][ T6427] genl_rcv+0x28/0x40 [ 88.831663][ T6427] netlink_unicast+0x82f/0x9e0 [ 88.831696][ T6427] ? __pfx_netlink_unicast+0x10/0x10 [ 88.831722][ T6427] ? netlink_sendmsg+0x642/0xb30 [ 88.831736][ T6427] ? skb_put+0x11b/0x210 [ 88.831756][ T6427] netlink_sendmsg+0x805/0xb30 [ 88.831784][ T6427] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.831812][ T6427] ? aa_sock_msg_perm+0xf1/0x1d0 [ 88.831838][ T6427] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 88.831855][ T6427] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.831880][ T6427] __sock_sendmsg+0x21c/0x270 [ 88.831906][ T6427] ____sys_sendmsg+0x505/0x830 [ 88.831930][ T6427] ? __pfx_____sys_sendmsg+0x10/0x10 [ 88.831959][ T6427] ? import_iovec+0x74/0xa0 [ 88.831991][ T6427] ___sys_sendmsg+0x21f/0x2a0 [ 88.832013][ T6427] ? __pfx____sys_sendmsg+0x10/0x10 [ 88.832071][ T6427] ? __fget_files+0x2a/0x420 [ 88.832087][ T6427] ? __fget_files+0x3a0/0x420 [ 88.832115][ T6427] __x64_sys_sendmsg+0x19b/0x260 [ 88.832136][ T6427] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 88.832165][ T6427] ? __pfx_ksys_write+0x10/0x10 [ 88.832192][ T6427] ? do_syscall_64+0xbe/0xfa0 [ 88.832218][ T6427] do_syscall_64+0xfa/0xfa0 [ 88.832237][ T6427] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.832263][ T6427] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.832280][ T6427] ? clear_bhb_loop+0x60/0xb0 [ 88.832302][ T6427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.832318][ T6427] RIP: 0033:0x7f9fb018efc9 [ 88.832335][ T6427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.832353][ T6427] RSP: 002b:00007f9fb10df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.832372][ T6427] RAX: ffffffffffffffda RBX: 00007f9fb03e5fa0 RCX: 00007f9fb018efc9 [ 88.832385][ T6427] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 88.832396][ T6427] RBP: 00007f9fb10df090 R08: 0000000000000000 R09: 0000000000000000 [ 88.832406][ T6427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 88.832416][ T6427] R13: 00007f9fb03e6038 R14: 00007f9fb03e5fa0 R15: 00007ffe23bcaef8 [ 88.832449][ T6427] [ 89.310086][ T6435] netlink: 12 bytes leftover after parsing attributes in process `syz.1.167'. [ 89.403898][ T6443] netlink: 12 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.433492][ T6444] netlink: 'syz.3.163': attribute type 21 has an invalid length. [ 89.444534][ T6444] netlink: 128 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.455794][ T6444] netlink: 'syz.3.163': attribute type 4 has an invalid length. [ 89.463454][ T6444] netlink: 'syz.3.163': attribute type 5 has an invalid length. [ 89.471191][ T6444] netlink: 3 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.480856][ T6444] netlink: 'syz.3.163': attribute type 21 has an invalid length. [ 89.489799][ T6444] netlink: 128 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.498872][ T6444] netlink: 'syz.3.163': attribute type 4 has an invalid length. [ 89.506645][ T6444] netlink: 'syz.3.163': attribute type 5 has an invalid length. [ 89.514282][ T6444] netlink: 3 bytes leftover after parsing attributes in process `syz.3.163'. [ 89.754841][ T6453] netlink: 'syz.3.172': attribute type 11 has an invalid length. [ 90.070114][ T6474] FAULT_INJECTION: forcing a failure. [ 90.070114][ T6474] name failslab, interval 1, probability 0, space 0, times 0 [ 90.103320][ T6474] CPU: 0 UID: 0 PID: 6474 Comm: syz.3.179 Not tainted syzkaller #0 PREEMPT(full) [ 90.103343][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 90.103352][ T6474] Call Trace: [ 90.103360][ T6474] [ 90.103367][ T6474] dump_stack_lvl+0x189/0x250 [ 90.103395][ T6474] ? __pfx____ratelimit+0x10/0x10 [ 90.103415][ T6474] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.103438][ T6474] ? __pfx__printk+0x10/0x10 [ 90.103453][ T6474] ? stack_trace_save+0x9c/0xe0 [ 90.103485][ T6474] should_fail_ex+0x414/0x560 [ 90.103516][ T6474] should_failslab+0xa8/0x100 [ 90.103534][ T6474] kmem_cache_alloc_noprof+0x74/0x6e0 [ 90.103558][ T6474] ? skb_clone+0x212/0x3a0 [ 90.103581][ T6474] skb_clone+0x212/0x3a0 [ 90.103600][ T6474] __netlink_deliver_tap+0x404/0x850 [ 90.103639][ T6474] ? netlink_deliver_tap+0x2e/0x1b0 [ 90.103669][ T6474] netlink_deliver_tap+0x19c/0x1b0 [ 90.103695][ T6474] netlink_sendskb+0x68/0x140 [ 90.103718][ T6474] netlink_unicast+0x397/0x9e0 [ 90.103747][ T6474] ? __pfx_netlink_unicast+0x10/0x10 [ 90.103768][ T6474] ? tipc_nl_compat_dumpit+0x5e7/0x7b0 [ 90.103785][ T6474] ? tipc_nl_compat_recv+0x92f/0xbe0 [ 90.103811][ T6474] tipc_nl_compat_recv+0x9cf/0xbe0 [ 90.103833][ T6474] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 90.103849][ T6474] ? __mutex_trylock_common+0x153/0x260 [ 90.103867][ T6474] ? __pfx_tipc_nl_bearer_dump+0x10/0x10 [ 90.103888][ T6474] ? __pfx_tipc_nl_compat_bearer_dump+0x10/0x10 [ 90.103906][ T6474] ? __pfx___mutex_trylock_common+0x10/0x10 [ 90.103921][ T6474] ? __local_bh_enable_ip+0x12d/0x1c0 [ 90.103942][ T6474] ? trace_contention_end+0x39/0x120 [ 90.103966][ T6474] genl_family_rcv_msg_doit+0x215/0x300 [ 90.103988][ T6474] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 90.104027][ T6474] genl_rcv_msg+0x60e/0x790 [ 90.104048][ T6474] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.104063][ T6474] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 90.104079][ T6474] ? __asan_memcpy+0x40/0x70 [ 90.104096][ T6474] ? __pfx_ref_tracker_free+0x10/0x10 [ 90.104125][ T6474] netlink_rcv_skb+0x208/0x470 [ 90.104142][ T6474] ? __lock_acquire+0xab9/0xd20 [ 90.104156][ T6474] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.104172][ T6474] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.104207][ T6474] ? down_read+0x1ad/0x2e0 [ 90.104229][ T6474] genl_rcv+0x28/0x40 [ 90.104243][ T6474] netlink_unicast+0x82f/0x9e0 [ 90.104268][ T6474] ? __pfx_netlink_unicast+0x10/0x10 [ 90.104287][ T6474] ? netlink_sendmsg+0x642/0xb30 [ 90.104298][ T6474] ? skb_put+0x11b/0x210 [ 90.104313][ T6474] netlink_sendmsg+0x805/0xb30 [ 90.104333][ T6474] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.104356][ T6474] ? aa_sock_msg_perm+0xf1/0x1d0 [ 90.104376][ T6474] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 90.104389][ T6474] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.104409][ T6474] __sock_sendmsg+0x21c/0x270 [ 90.104429][ T6474] ____sys_sendmsg+0x505/0x830 [ 90.104447][ T6474] ? __pfx_____sys_sendmsg+0x10/0x10 [ 90.104469][ T6474] ? import_iovec+0x74/0xa0 [ 90.104492][ T6474] ___sys_sendmsg+0x21f/0x2a0 [ 90.104509][ T6474] ? __pfx____sys_sendmsg+0x10/0x10 [ 90.104552][ T6474] ? __fget_files+0x2a/0x420 [ 90.104564][ T6474] ? __fget_files+0x3a0/0x420 [ 90.104585][ T6474] __x64_sys_sendmsg+0x19b/0x260 [ 90.104601][ T6474] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 90.104623][ T6474] ? __pfx_ksys_write+0x10/0x10 [ 90.104644][ T6474] ? do_syscall_64+0xbe/0xfa0 [ 90.104664][ T6474] do_syscall_64+0xfa/0xfa0 [ 90.104679][ T6474] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.104695][ T6474] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.104708][ T6474] ? clear_bhb_loop+0x60/0xb0 [ 90.104726][ T6474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.104738][ T6474] RIP: 0033:0x7f31c078efc9 [ 90.104751][ T6474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.104762][ T6474] RSP: 002b:00007f31c166e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.104777][ T6474] RAX: ffffffffffffffda RBX: 00007f31c09e5fa0 RCX: 00007f31c078efc9 [ 90.104787][ T6474] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 90.104796][ T6474] RBP: 00007f31c166e090 R08: 0000000000000000 R09: 0000000000000000 [ 90.104804][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 90.104812][ T6474] R13: 00007f31c09e6038 R14: 00007f31c09e5fa0 R15: 00007fffb751dbd8 [ 90.104836][ T6474] [ 91.208047][ T6512] hsr_slave_0 (unregistering): left promiscuous mode [ 91.472294][ T6530] 8021q: adding VLAN 0 to HW filter on device bond2 [ 91.771955][ T6539] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.788334][ T6539] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.169156][ T6527] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 92.327546][ T6539] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.335353][ T6539] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.563008][ T6561] tipc: Can't bind to reserved service type 1 [ 92.614546][ T30] audit: type=1804 audit(1761710800.768:2): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.209" name="/newroot/41/cgroup.controllers" dev="tmpfs" ino=228 res=1 errno=0 [ 92.755053][ T30] audit: type=1800 audit(1761710800.808:3): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.209" name="cgroup.controllers" dev="tmpfs" ino=228 res=0 errno=0 [ 92.875540][ T6585] __nla_validate_parse: 16 callbacks suppressed [ 92.875558][ T6585] netlink: 36 bytes leftover after parsing attributes in process `syz.2.215'. [ 93.166425][ T6604] netlink: 20 bytes leftover after parsing attributes in process `syz.4.221'. [ 93.584351][ T6131] udevd[6131]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory [ 93.684332][ T6634] bond1: entered promiscuous mode [ 93.689546][ T6634] bond1: entered allmulticast mode [ 93.695182][ T6634] 8021q: adding VLAN 0 to HW filter on device bond1 [ 93.770269][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.232'. [ 93.773277][ T6642] netlink: 24 bytes leftover after parsing attributes in process `syz.3.233'. [ 93.991930][ T6638] hsr_slave_1 (unregistering): left promiscuous mode [ 94.071489][ T6656] netlink: 68 bytes leftover after parsing attributes in process `syz.3.237'. [ 94.285998][ T6675] netlink: 20 bytes leftover after parsing attributes in process `syz.4.240'. [ 94.330278][ T6676] macvlan0: entered promiscuous mode [ 94.372003][ T6676] batadv0: entered promiscuous mode [ 94.380482][ T6676] hsr1: entered allmulticast mode [ 94.406729][ T6676] macvlan0: entered allmulticast mode [ 94.414286][ T6676] veth1_vlan: entered allmulticast mode [ 94.420658][ T6676] batadv0: entered allmulticast mode [ 94.472553][ T6676] macvlan0: left promiscuous mode [ 94.488238][ T6676] batadv0: left promiscuous mode [ 94.642838][ T30] audit: type=1107 audit(1761710802.798:4): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ó³r¼ ;n”ª&签Ќù2•7€Ò”ÎòMEÎn äëdÿå½"±øZ=N$hE„3F+Ðá‘œ¤`tS|Yóù' [ 94.894550][ T6710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.248'. [ 94.972177][ T6714] netlink: 36 bytes leftover after parsing attributes in process `syz.3.252'. [ 95.168318][ T6727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.257'. [ 95.197406][ T6728] 8021q: adding VLAN 0 to HW filter on device bond2 [ 95.264048][ T6733] netlink: 32 bytes leftover after parsing attributes in process `syz.2.258'. [ 95.667151][ T6750] netlink: 'syz.3.265': attribute type 83 has an invalid length. [ 95.676093][ T6750] netlink: 'syz.3.265': attribute type 1 has an invalid length. [ 96.028174][ T6766] 8021q: adding VLAN 0 to HW filter on device bond3 [ 96.217439][ T6754] delete_channel: no stack [ 96.528935][ T6791] geneve2: entered promiscuous mode [ 96.534650][ T6791] geneve2: entered allmulticast mode [ 96.571867][ T50] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 96.606882][ T50] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 96.685504][ T6795] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.725204][ T50] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 96.761480][ T6803] syzkaller0: entered promiscuous mode [ 96.791619][ T6803] syzkaller0: entered allmulticast mode [ 97.010311][ T6820] netlink: 'syz.0.287': attribute type 4 has an invalid length. [ 97.290096][ T6838] netlink: 'syz.0.292': attribute type 83 has an invalid length. [ 97.369196][ T6844] tipc: Enabling not permitted [ 97.384383][ T6844] tipc: Enabling of bearer rejected, failed to enable media [ 97.451993][ T6846] team0: No ports can be present during mode change [ 97.777064][ T6862] bond2: Removing last arp target with arp_interval on [ 97.907338][ T6870] netlink: 'syz.2.303': attribute type 11 has an invalid length. [ 98.010024][ T6874] __nla_validate_parse: 8 callbacks suppressed [ 98.010041][ T6874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 98.030513][ T6874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.304'. [ 98.090012][ T6877] warning: `syz.4.304' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 98.159299][ T6881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.307'. [ 98.174377][ T6874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 98.195109][ T50] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.206466][ T6874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.304'. [ 98.221534][ T50] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.234826][ T50] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.245859][ T6883] netlink: 20 bytes leftover after parsing attributes in process `syz.1.308'. [ 98.278909][ T50] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.457796][ T6795] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.509460][ T6795] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 98.529244][ T6890] netlink: 12 bytes leftover after parsing attributes in process `syz.2.309'. [ 98.554117][ T6890] netlink: 32 bytes leftover after parsing attributes in process `syz.2.309'. [ 98.615100][ T6904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.310'. [ 98.731441][ T6908] netlink: 68 bytes leftover after parsing attributes in process `syz.0.313'. [ 98.753984][ T6795] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.781214][ T6795] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 98.886943][ T6795] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.917191][ T6795] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 99.137469][ T2909] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 99.145950][ T2909] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 99.175067][ T6929] bond2: entered promiscuous mode [ 99.209752][ T2909] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 99.237084][ T2909] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 99.265380][ T2909] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 99.266162][ T6934] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 99.274542][ T6891] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 99.300047][ T2909] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 99.369653][ T2909] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 99.396365][ T2909] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 100.020637][ T6978] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 100.046646][ T6980] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 100.050813][ T6978] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 100.063594][ T6980] Cannot find map_set index 0 as target [ 100.239736][ T6978] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 100.265830][ T6978] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 100.360019][ T6985] bond0: entered promiscuous mode [ 100.384434][ T6985] bond_slave_0: entered promiscuous mode [ 100.395751][ T6985] bond_slave_1: entered promiscuous mode [ 100.442773][ T6978] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 100.467634][ T6978] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 100.520853][ T7000] netlink: 'syz.4.347': attribute type 83 has an invalid length. [ 100.536440][ T6990] tipc: Started in network mode [ 100.539541][ T7003] netlink: 'syz.4.347': attribute type 83 has an invalid length. [ 100.543060][ T6990] tipc: Node identity 36dcd9c240c9, cluster identity 4711 [ 100.560313][ T6990] tipc: Enabled bearer , priority 0 [ 100.571668][ T6978] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 100.594209][ T6978] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 100.641283][ T6990] syzkaller0: entered promiscuous mode [ 100.665536][ T6990] syzkaller0: entered allmulticast mode [ 100.687762][ T6989] tipc: Resetting bearer [ 100.737407][ T6989] tipc: Disabling bearer [ 101.019738][ T7020] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 101.034427][ T7020] Cannot find map_set index 0 as target [ 101.196470][ T7028] netlink: 'syz.0.356': attribute type 2 has an invalid length. [ 101.261655][ T7034] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 101.538562][ T7053] netlink: 'syz.1.362': attribute type 1 has an invalid length. [ 101.574670][ T7053] netlink: 'syz.1.362': attribute type 3 has an invalid length. [ 101.593191][ T7053] NCSI netlink: No device for ifindex 813332851 [ 101.668089][ T6131] udevd[6131]: inotify_add_watch(7, /dev/nbd3, 10) failed: No such file or directory [ 101.792589][ T7064] netlink: 'syz.0.367': attribute type 6 has an invalid length. [ 101.811467][ T7066] trusted_key: syz.2.368 sent an empty control message without MSG_MORE. [ 101.852870][ T7064] netlink: 'syz.0.367': attribute type 6 has an invalid length. [ 101.860353][ T50] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.890473][ T50] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.916008][ T50] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.934041][ T50] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.216436][ T7094] netlink: 'syz.2.375': attribute type 21 has an invalid length. [ 102.265113][ T7094] netlink: 'syz.2.375': attribute type 6 has an invalid length. [ 102.314739][ T7096] vlan0: entered promiscuous mode [ 102.348272][ T7094] netlink: 'syz.2.375': attribute type 13 has an invalid length. [ 102.355139][ T7096] vlan0: entered allmulticast mode [ 102.361138][ T7096] veth0_vlan: entered allmulticast mode [ 102.504437][ T7094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.517787][ T7094] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.959540][ T7132] tipc: Started in network mode [ 102.964449][ T7132] tipc: Node identity bab52f204616, cluster identity 4711 [ 102.977888][ T7132] tipc: Enabled bearer , priority 0 [ 102.994565][ T7133] syzkaller1: entered promiscuous mode [ 103.001168][ T7133] syzkaller1: entered allmulticast mode [ 103.054838][ T1156] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 103.075871][ T1156] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 103.076610][ T7141] __nla_validate_parse: 29 callbacks suppressed [ 103.076624][ T7141] netlink: 104 bytes leftover after parsing attributes in process `syz.0.394'. [ 103.092342][ T7140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.393'. [ 103.119911][ T7132] syzkaller0: entered promiscuous mode [ 103.122838][ T7141] netlink: 64 bytes leftover after parsing attributes in process `syz.0.394'. [ 103.131453][ T7132] syzkaller0: entered allmulticast mode [ 103.171154][ T7132] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 103.228385][ T1156] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 103.241661][ T1156] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 103.293127][ T7142] tipc: Resetting bearer [ 103.334722][ T1156] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 103.344427][ T1156] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 103.353679][ T7150] Bluetooth: MGMT ver 1.23 [ 103.359891][ T7131] tipc: Resetting bearer [ 103.390986][ T7131] tipc: Disabling bearer [ 103.517808][ T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 103.537205][ T12] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 103.640818][ T7160] netlink: 'syz.2.401': attribute type 3 has an invalid length. [ 103.649506][ T7161] netlink: 24 bytes leftover after parsing attributes in process `syz.0.402'. [ 103.664851][ T7160] netlink: 766 bytes leftover after parsing attributes in process `syz.2.401'. [ 103.722601][ T7166] netlink: 20 bytes leftover after parsing attributes in process `syz.1.404'. [ 103.751234][ T7164] syzkaller0: entered promiscuous mode [ 103.758344][ T7164] syzkaller0: entered allmulticast mode [ 103.868243][ T7172] atomic_op ffff88807b509198 conn xmit_atomic 0000000000000000 [ 103.901375][ T7170] syzkaller0: entered promiscuous mode [ 103.906952][ T7170] syzkaller0: entered allmulticast mode [ 103.916955][ T7172] team0: Caught tx_queue_len zero misconfig [ 103.923723][ T7175] netlink: 'syz.1.407': attribute type 19 has an invalid length. [ 104.072110][ T7183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'. [ 104.238568][ T7196] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 104.389585][ T7208] netlink: 20 bytes leftover after parsing attributes in process `syz.0.417'. [ 104.589618][ T7217] netlink: 28 bytes leftover after parsing attributes in process `syz.4.422'. [ 104.626585][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.422'. [ 104.766715][ T917] hid-generic 0005:16C2:5505.0001: unknown main item tag 0x0 [ 104.776450][ T917] hid-generic 0005:16C2:5505.0001: item fetching failed at offset 2/3 [ 104.785331][ T917] hid-generic 0005:16C2:5505.0001: probe with driver hid-generic failed with error -22 [ 104.817089][ T7233] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 104.843431][ T7233] Cannot find del_set index 0 as target [ 105.130994][ T7249] Cannot find add_set index 0 as target [ 105.683709][ T7278] xt_time: unknown flags 0xf4 [ 105.703221][ T7277] xt_time: unknown flags 0xf4 [ 106.240916][ T7316] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 106.251209][ T7316] Cannot find map_set index 0 as target [ 106.462538][ T7328] ipt_ECN: cannot use operation on non-tcp rule [ 106.635315][ T7340] syzkaller1: entered promiscuous mode [ 106.640940][ T7340] syzkaller1: entered allmulticast mode [ 106.664204][ T7344] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20001 [ 107.262800][ T7373] FAULT_INJECTION: forcing a failure. [ 107.262800][ T7373] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 107.289545][ T7373] CPU: 0 UID: 0 PID: 7373 Comm: syz.1.477 Not tainted syzkaller #0 PREEMPT(full) [ 107.289569][ T7373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 107.289578][ T7373] Call Trace: [ 107.289584][ T7373] [ 107.289592][ T7373] dump_stack_lvl+0x189/0x250 [ 107.289619][ T7373] ? __pfx____ratelimit+0x10/0x10 [ 107.289640][ T7373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.289662][ T7373] ? __pfx__printk+0x10/0x10 [ 107.289680][ T7373] ? __might_fault+0xb0/0x130 [ 107.289707][ T7373] should_fail_ex+0x414/0x560 [ 107.289730][ T7373] _copy_from_user+0x2d/0xb0 [ 107.289748][ T7373] ___sys_sendmsg+0x158/0x2a0 [ 107.289764][ T7373] ? __pfx____sys_sendmsg+0x10/0x10 [ 107.289809][ T7373] ? __fget_files+0x2a/0x420 [ 107.289822][ T7373] ? __fget_files+0x3a0/0x420 [ 107.289842][ T7373] __x64_sys_sendmsg+0x19b/0x260 [ 107.289857][ T7373] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 107.289878][ T7373] ? __pfx_ksys_write+0x10/0x10 [ 107.289899][ T7373] ? do_syscall_64+0xbe/0xfa0 [ 107.289919][ T7373] do_syscall_64+0xfa/0xfa0 [ 107.289934][ T7373] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.289950][ T7373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.289963][ T7373] ? clear_bhb_loop+0x60/0xb0 [ 107.289979][ T7373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.289992][ T7373] RIP: 0033:0x7fb7b8f8efc9 [ 107.290004][ T7373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.290015][ T7373] RSP: 002b:00007fb7b9de9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.290030][ T7373] RAX: ffffffffffffffda RBX: 00007fb7b91e5fa0 RCX: 00007fb7b8f8efc9 [ 107.290040][ T7373] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000003 [ 107.290048][ T7373] RBP: 00007fb7b9de9090 R08: 0000000000000000 R09: 0000000000000000 [ 107.290056][ T7373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.290064][ T7373] R13: 00007fb7b91e6038 R14: 00007fb7b91e5fa0 R15: 00007ffc3a32e508 [ 107.290087][ T7373] [ 107.813264][ T7395] validate_nla: 4 callbacks suppressed [ 107.813283][ T7395] netlink: 'syz.2.486': attribute type 1 has an invalid length. [ 107.966873][ T7403] netlink: 'syz.4.488': attribute type 1 has an invalid length. [ 108.000247][ T7407] netlink: 'syz.4.488': attribute type 1 has an invalid length. [ 108.249688][ T7423] tipc: Enabling not permitted [ 108.259626][ T7426] __nla_validate_parse: 11 callbacks suppressed [ 108.259642][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.496'. [ 108.279046][ T7423] tipc: Enabling of bearer rejected, failed to enable media [ 108.479224][ T7432] tipc: Enabling of bearer rejected, failed to enable media [ 108.493955][ T7437] delete_channel: no stack [ 108.503773][ T7432] IPv6: sit1: Disabled Multicast RS [ 108.515998][ T7432] sit1: entered allmulticast mode [ 108.517012][ T7437] netlink: 24 bytes leftover after parsing attributes in process `syz.2.502'. [ 108.561693][ T7442] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 108.609852][ T7431] syzkaller0: entered promiscuous mode [ 108.615915][ T7431] syzkaller0: entered allmulticast mode [ 108.903112][ T7455] netlink: 212304 bytes leftover after parsing attributes in process `syz.3.505'. [ 108.914082][ T7455] openvswitch: netlink: Message has 6 unknown bytes. [ 109.404551][ T7457] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'. [ 109.953035][ T7472] tipc: Enabling not permitted [ 109.960088][ T7472] tipc: Enabling of bearer rejected, failed to enable media [ 110.294164][ T7489] rdma_op ffff88803268c9f0 conn xmit_rdma 0000000000000000 [ 110.321579][ T7497] netlink: 24 bytes leftover after parsing attributes in process `syz.0.519'. [ 110.543371][ T7508] netlink: 52 bytes leftover after parsing attributes in process `syz.3.523'. [ 110.568401][ T7510] tipc: Enabling not permitted [ 110.574005][ T7510] tipc: Enabling of bearer rejected, failed to enable media [ 110.820922][ T7529] netlink: 'syz.4.532': attribute type 1 has an invalid length. [ 110.980025][ T7534] bond3: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 110.995422][ T7534] bond3: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 111.007743][ T7534] bond3: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 111.075651][ T7529] bond3: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 111.088651][ T7529] bond3: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 111.339850][ T7562] netlink: 24 bytes leftover after parsing attributes in process `syz.3.540'. [ 111.341305][ T7559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.541'. [ 111.363891][ T7559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.541'. [ 111.542046][ T7575] netlink: 'syz.3.544': attribute type 1 has an invalid length. [ 111.554494][ T7575] netlink: 24 bytes leftover after parsing attributes in process `syz.3.544'. [ 111.824129][ T7593] openvswitch: netlink: IP tunnel attribute has 1026 unknown bytes. [ 111.919469][ T7593] netlink: zone id is out of range [ 111.926172][ T7593] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 111.942062][ T7597] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 112.001861][ T7603] netlink: 'syz.3.554': attribute type 12 has an invalid length. [ 112.012513][ T7597] syzkaller0: entered promiscuous mode [ 112.030455][ T7597] syzkaller0: entered allmulticast mode [ 112.337888][ T7573] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 112.378631][ T7618] delete_channel: no stack [ 112.822803][ T7644] bridge0: port 3(syz_tun) entered blocking state [ 112.846525][ T7644] bridge0: port 3(syz_tun) entered disabled state [ 112.853328][ T7644] syz_tun: entered allmulticast mode [ 112.861458][ T7644] syz_tun: entered promiscuous mode [ 112.867748][ T7644] bridge0: port 3(syz_tun) entered blocking state [ 112.874397][ T7644] bridge0: port 3(syz_tun) entered forwarding state [ 112.876343][ T7649] netlink: 'syz.2.566': attribute type 10 has an invalid length. [ 112.896649][ T7649] bridge0: port 3(syz_tun) entered disabled state [ 112.903464][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.911600][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.931405][ T7649] bridge0: port 3(syz_tun) entered blocking state [ 112.938021][ T7649] bridge0: port 3(syz_tun) entered forwarding state [ 112.945551][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.952708][ T7649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.960214][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.967431][ T7649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.982363][ T7649] bridge0: entered promiscuous mode [ 112.991788][ T7649] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 113.273467][ T7659] __nla_validate_parse: 11 callbacks suppressed [ 113.273484][ T7659] netlink: 16 bytes leftover after parsing attributes in process `syz.2.574'. [ 113.311781][ T7668] lo: entered promiscuous mode [ 113.347283][ T7668] netlink: 'syz.0.577': attribute type 2 has an invalid length. [ 113.400771][ T7668] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 113.447834][ T7674] netlink: 'syz.0.577': attribute type 1 has an invalid length. [ 113.457255][ T7672] netlink: 'syz.1.579': attribute type 1 has an invalid length. [ 113.492692][ T7676] tipc: Enabled bearer , priority 0 [ 113.516804][ T7677] syzkaller0: entered promiscuous mode [ 113.522309][ T7677] syzkaller0: entered allmulticast mode [ 113.653077][ T7677] tipc: Resetting bearer [ 113.727561][ T7677] tipc: Disabling bearer [ 113.754312][ T7693] netlink: 24 bytes leftover after parsing attributes in process `syz.1.587'. [ 113.884028][ T7687] 8021q: adding VLAN 0 to HW filter on device bond4 [ 114.201491][ T7720] netlink: 3 bytes leftover after parsing attributes in process `syz.1.598'. [ 114.390899][ T7733] netlink: 100 bytes leftover after parsing attributes in process `syz.3.602'. [ 114.488755][ T7738] netlink: 'syz.4.604': attribute type 10 has an invalid length. [ 114.647607][ T7744] 8021q: adding VLAN 0 to HW filter on device bond3 [ 115.492864][ T7762] netlink: 'syz.1.613': attribute type 12 has an invalid length. [ 115.671120][ T7770] netlink: 'syz.4.615': attribute type 21 has an invalid length. [ 115.682058][ T7770] netlink: 156 bytes leftover after parsing attributes in process `syz.4.615'. [ 115.761057][ T7775] netlink: 5 bytes leftover after parsing attributes in process `syz.3.617'. [ 115.815617][ T7780] netlink: 5 bytes leftover after parsing attributes in process `syz.3.617'. [ 115.824562][ T7780] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 115.904106][ T7780] 0ªî{X¹¦: entered allmulticast mode [ 115.934800][ T7780] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 115.981962][ T7775] 1ªî{X¹¦: renamed from 30ªî{X¹¦ (while UP) [ 115.990910][ T7775] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 116.074749][ T7789] 8021q: adding VLAN 0 to HW filter on device bond5 [ 116.535268][ T7800] netlink: 16 bytes leftover after parsing attributes in process `syz.2.627'. [ 116.575006][ T7800] netlink: 16 bytes leftover after parsing attributes in process `syz.2.627'. [ 116.748746][ T7813] block nbd5: Unsupported socket: should be TCP or UNIX. [ 116.823078][ T7817] netlink: 80 bytes leftover after parsing attributes in process `syz.4.632'. [ 117.062534][ T7830] netlink: 'syz.4.637': attribute type 1 has an invalid length. [ 117.109350][ T7830] bond6: (slave ip6gretap1): making interface the new active one [ 117.118107][ T7830] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 117.126270][ T7830] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 117.134467][ T7830] bond6: (slave ip6gretap1): Enslaving as an active interface with an up link [ 117.320775][ T7843] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 117.337187][ T7843] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 117.351587][ T7845] netlink: 'syz.0.642': attribute type 1 has an invalid length. [ 117.359965][ T7845] netlink: 'syz.0.642': attribute type 2 has an invalid length. [ 117.404146][ T7848] syzkaller0: entered promiscuous mode [ 117.424846][ T7848] syzkaller0: entered allmulticast mode [ 117.514475][ T7852] geneve2: entered promiscuous mode [ 117.520612][ T7852] geneve2: entered allmulticast mode [ 117.529492][ T36] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 117.549995][ T36] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 117.583230][ T36] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 117.593026][ T36] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 117.614283][ T7839] tipc: Enabling of bearer rejected, failed to enable media [ 117.676624][ T7858] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 117.695769][ T7858] Cannot find map_set index 0 as target [ 117.803915][ T7864] delete_channel: no stack [ 117.807490][ T7866] netlink: zone id is out of range [ 117.921112][ T7868] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.332615][ T7906] __nla_validate_parse: 2 callbacks suppressed [ 118.332713][ T7906] netlink: 12 bytes leftover after parsing attributes in process `syz.0.662'. [ 118.368635][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.0.662'. [ 118.639913][ T7923] delete_channel: no stack [ 118.647857][ T7923] netlink: 24 bytes leftover after parsing attributes in process `syz.4.668'. [ 118.684178][ T7916] 8021q: adding VLAN 0 to HW filter on device bond2 [ 118.889889][ T7933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.670'. [ 118.903355][ T7933] block nbd5: Unsupported socket: should be TCP or UNIX. [ 119.177258][ T7946] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 119.283811][ T7936] team0 (unregistering): Port device team_slave_0 removed [ 119.311370][ T7936] team0 (unregistering): Port device team_slave_1 removed [ 119.614234][ T7968] netlink: 24 bytes leftover after parsing attributes in process `syz.3.680'. [ 119.715474][ T7974] netlink: 68 bytes leftover after parsing attributes in process `syz.2.679'. [ 119.734534][ T7977] validate_nla: 1 callbacks suppressed [ 119.734551][ T7977] netlink: 'syz.1.684': attribute type 1 has an invalid length. [ 119.814893][ T7977] bond4: entered promiscuous mode [ 119.820723][ T7977] 8021q: adding VLAN 0 to HW filter on device bond4 [ 119.872608][ T7978] bond3: (slave bond_slave_1): Device is not our slave [ 119.882663][ T7978] bond3: option active_slave: invalid value (bond_slave_1) [ 119.897601][ T7978] bond3 (unregistering): Released all slaves [ 119.957700][ T7985] 8021q: adding VLAN 0 to HW filter on device bond4 [ 119.983251][ T7985] bond4: (slave gre1): The slave device specified does not support setting the MAC address [ 119.995166][ T7985] bond4: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 120.049722][ T7985] bond4: (slave gre1): making interface the new active one [ 120.066245][ T7985] gre1: entered promiscuous mode [ 120.076140][ T7985] bond4: (slave gre1): Enslaving as an active interface with an up link [ 120.228297][ T8003] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 120.285320][ T8007] 8021q: adding VLAN 0 to HW filter on device bond4 [ 120.307901][ T8005] syzkaller0: entered promiscuous mode [ 120.313470][ T8005] syzkaller0: entered allmulticast mode [ 120.324402][ T8005] af_packet: tpacket_rcv: packet too big, clamped from 176 to 4294967272. macoff=96 [ 120.344397][ T8011] pim6reg1: entered promiscuous mode [ 120.349842][ T8011] pim6reg1: entered allmulticast mode [ 120.491275][ T8017] v: renamed from vlan0 (while UP) [ 120.982461][ T8035] FAULT_INJECTION: forcing a failure. [ 120.982461][ T8035] name failslab, interval 1, probability 0, space 0, times 0 [ 121.035007][ T8035] CPU: 1 UID: 0 PID: 8035 Comm: syz.3.701 Not tainted syzkaller #0 PREEMPT(full) [ 121.035032][ T8035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 121.035042][ T8035] Call Trace: [ 121.035049][ T8035] [ 121.035056][ T8035] dump_stack_lvl+0x189/0x250 [ 121.035083][ T8035] ? __pfx____ratelimit+0x10/0x10 [ 121.035105][ T8035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.035127][ T8035] ? __pfx__printk+0x10/0x10 [ 121.035143][ T8035] ? ref_tracker_alloc+0x2ae/0x460 [ 121.035163][ T8035] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 121.035185][ T8035] ? dst_alloc+0x12a/0x170 [ 121.035203][ T8035] ? ip6_blackhole_route+0x59/0x340 [ 121.035222][ T8035] ? xfrm_lookup_route+0xd7/0x1c0 [ 121.035238][ T8035] ? ip6_datagram_dst_update+0x75c/0xcb0 [ 121.035258][ T8035] ? __ip6_datagram_connect+0xbd1/0x1150 [ 121.035278][ T8035] ? udpv6_connect+0x36/0x240 [ 121.035304][ T8035] should_fail_ex+0x414/0x560 [ 121.035334][ T8035] should_failslab+0xa8/0x100 [ 121.035353][ T8035] __kmalloc_cache_noprof+0x6f/0x6f0 [ 121.035377][ T8035] ? percpu_counter_add_batch+0xea/0x1e0 [ 121.035398][ T8035] ? dst_cow_metrics_generic+0x56/0x1c0 [ 121.035424][ T8035] dst_cow_metrics_generic+0x56/0x1c0 [ 121.035448][ T8035] ip6_blackhole_route+0x1f2/0x340 [ 121.035471][ T8035] xfrm_lookup_route+0xd7/0x1c0 [ 121.035490][ T8035] ? ip6_datagram_dst_update+0x511/0xcb0 [ 121.035514][ T8035] ip6_datagram_dst_update+0x75c/0xcb0 [ 121.035545][ T8035] ? __pfx_ip6_datagram_dst_update+0x10/0x10 [ 121.035568][ T8035] ? udp_lib_get_port+0x164b/0x1b10 [ 121.035601][ T8035] ? __lock_acquire+0xab9/0xd20 [ 121.035618][ T8035] ? __ip6_datagram_connect+0xb92/0x1150 [ 121.035648][ T8035] __ip6_datagram_connect+0xbd1/0x1150 [ 121.035683][ T8035] ? __pfx___ip6_datagram_connect+0x10/0x10 [ 121.035705][ T8035] ? __local_bh_enable_ip+0x12d/0x1c0 [ 121.035723][ T8035] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 121.035753][ T8035] udpv6_connect+0x36/0x240 [ 121.035780][ T8035] __sys_connect+0x316/0x440 [ 121.035805][ T8035] ? __fget_files+0x3a0/0x420 [ 121.035823][ T8035] ? __pfx___sys_connect+0x10/0x10 [ 121.035860][ T8035] ? __pfx_ksys_write+0x10/0x10 [ 121.035890][ T8035] __x64_sys_connect+0x7a/0x90 [ 121.035915][ T8035] do_syscall_64+0xfa/0xfa0 [ 121.035936][ T8035] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.035957][ T8035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.035975][ T8035] ? clear_bhb_loop+0x60/0xb0 [ 121.035996][ T8035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.036011][ T8035] RIP: 0033:0x7f31c078efc9 [ 121.036028][ T8035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.036047][ T8035] RSP: 002b:00007f31c166e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 121.036065][ T8035] RAX: ffffffffffffffda RBX: 00007f31c09e5fa0 RCX: 00007f31c078efc9 [ 121.036078][ T8035] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 121.036089][ T8035] RBP: 00007f31c166e090 R08: 0000000000000000 R09: 0000000000000000 [ 121.036098][ T8035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.036108][ T8035] R13: 00007f31c09e6038 R14: 00007f31c09e5fa0 R15: 00007fffb751dbd8 [ 121.036139][ T8035] [ 121.562330][ T8050] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 121.595421][ T8051] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 4, id = 0 [ 121.656155][ T8053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.708'. [ 121.834060][ T8067] netlink: 6 bytes leftover after parsing attributes in process `syz.2.711'. [ 121.895681][ T8067] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 121.946731][ T8070] batadv_slave_1: entered promiscuous mode [ 121.964734][ T8070] netlink: 28 bytes leftover after parsing attributes in process `syz.1.713'. [ 121.996617][ T5894] IPVS: starting estimator thread 0... [ 122.025497][ T8069] batadv_slave_1: left promiscuous mode [ 122.049345][ T5825] Bluetooth: hci4: command 0x0405 tx timeout [ 122.105105][ T8081] IPVS: using max 31 ests per chain, 74400 per kthread [ 122.143226][ T8090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.717'. [ 122.152291][ T8090] bridge_slave_1: left allmulticast mode [ 122.195014][ T8090] bridge_slave_1: left promiscuous mode [ 122.200834][ T8090] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.249132][ T8098] delete_channel: no stack [ 122.260495][ T8090] bridge_slave_0: left allmulticast mode [ 122.275350][ T8090] bridge_slave_0: left promiscuous mode [ 122.281228][ T8090] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.599141][ T8117] netlink: 'syz.4.723': attribute type 15 has an invalid length. [ 122.621589][ T8119] netlink: 'syz.4.723': attribute type 15 has an invalid length. [ 122.855750][ T8135] xt_TPROXY: Can be used only with -p tcp or -p udp [ 122.912518][ T8127] bond5: peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms [ 122.928923][ T8127] bond5: entered promiscuous mode [ 122.934773][ T8127] bond5: entered allmulticast mode [ 122.942015][ T8127] 8021q: adding VLAN 0 to HW filter on device bond5 [ 123.277759][ T8150] 8021q: adding VLAN 0 to HW filter on device bond5 [ 123.286650][ T8162] lo: entered promiscuous mode [ 123.326989][ T8162] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 123.887171][ T8196] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 123.961339][ T8205] __nla_validate_parse: 10 callbacks suppressed [ 123.961357][ T8205] netlink: 28 bytes leftover after parsing attributes in process `syz.0.747'. [ 124.406831][ T8224] tipc: Enabling of bearer rejected, failed to enable media [ 124.778559][ T8253] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 124.869202][ T8248] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.895524][ T8248] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.909911][ T8248] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 124.939430][ T8260] netlink: 40 bytes leftover after parsing attributes in process `syz.2.761'. [ 124.964768][ T8260] netlink: 40 bytes leftover after parsing attributes in process `syz.2.761'. [ 125.045426][ T8248] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.088118][ T8248] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.102013][ T8248] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 125.280901][ T8248] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.292543][ T8274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.764'. [ 125.296041][ T8248] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.311825][ T8248] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 125.457371][ T8278] netlink: 10 bytes leftover after parsing attributes in process `syz.4.766'. [ 125.521618][ T8248] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.563141][ T8248] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.636149][ T8248] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 125.730043][ T8296] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.737243][ T8296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.912053][ T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.931924][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 19999 - 0 [ 125.963339][ T12] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 126.025288][ T50] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.033497][ T50] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 19999 - 0 [ 126.059615][ T50] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 126.117719][ T13] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.134210][ T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 19999 - 0 [ 126.156462][ T13] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 126.206483][ T8314] 8021q: VLANs not supported on sit0 [ 126.229240][ T13] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.255252][ T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 19999 - 0 [ 126.293224][ T13] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 126.366508][ T8320] netlink: 24 bytes leftover after parsing attributes in process `syz.1.776'. [ 126.490363][ T8326] Bluetooth: MGMT ver 1.23 [ 126.763244][ T8344] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 127.392620][ T8356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.409742][ T8356] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 127.445776][ T8356] bond0: (slave gre0): Error -95 calling set_mac_address [ 127.860583][ T8394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.800'. [ 127.888627][ T8398] netlink: 24 bytes leftover after parsing attributes in process `syz.1.799'. [ 128.231652][ T8410] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 128.717466][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.808'. [ 128.733514][ T8426] netlink: 28 bytes leftover after parsing attributes in process `syz.2.808'. [ 128.765548][ T8430] netlink: 'syz.3.809': attribute type 2 has an invalid length. [ 128.903260][ T8432] bond7 (unregistering): Released all slaves [ 129.005153][ T8440] veth1_macvtap: left promiscuous mode [ 129.076444][ T8452] __nla_validate_parse: 1 callbacks suppressed [ 129.076463][ T8452] netlink: 12 bytes leftover after parsing attributes in process `syz.2.815'. [ 129.170059][ T8456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 129.189579][ T8456] netlink: 12 bytes leftover after parsing attributes in process `syz.4.818'. [ 129.207986][ T8456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 129.235919][ T8456] netlink: 12 bytes leftover after parsing attributes in process `syz.4.818'. [ 129.289284][ T8463] netlink: 8 bytes leftover after parsing attributes in process `syz.3.819'. [ 129.354266][ T8465] netlink: 12 bytes leftover after parsing attributes in process `syz.1.820'. [ 129.420366][ T8472] sch_tbf: burst 7 is lower than device lo mtu (1550) ! [ 129.451034][ T8472] netlink: 104 bytes leftover after parsing attributes in process `syz.4.821'. [ 129.570018][ T8480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.823'. [ 129.593257][ T8482] netlink: 'syz.2.824': attribute type 12 has an invalid length. [ 129.608951][ T8482] netlink: 'syz.2.824': attribute type 29 has an invalid length. [ 129.643166][ T8482] netlink: 148 bytes leftover after parsing attributes in process `syz.2.824'. [ 129.673241][ T8482] netlink: 'syz.2.824': attribute type 2 has an invalid length. [ 129.874533][ T8497] netlink: 'syz.4.829': attribute type 29 has an invalid length. [ 130.190134][ T8522] lo: Caught tx_queue_len zero misconfig [ 130.196408][ T8521] openvswitch: netlink: IP tunnel dst address not specified [ 130.889713][ T8562] xt_policy: output policy not valid in PREROUTING and INPUT [ 130.957565][ T8562] xt_policy: output policy not valid in PREROUTING and INPUT [ 130.966917][ T8567] delete_channel: no stack [ 132.167624][ T8590] syzkaller1: entered promiscuous mode [ 132.173227][ T8590] syzkaller1: entered allmulticast mode [ 132.181613][ T8595] netlink: 'syz.2.853': attribute type 12 has an invalid length. [ 132.189571][ T8595] netlink: 'syz.2.853': attribute type 29 has an invalid length. [ 132.197457][ T8595] netlink: 'syz.2.853': attribute type 2 has an invalid length. [ 132.205789][ T8594] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.212955][ T8594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.770362][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.776749][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.552554][ T8605] __nla_validate_parse: 10 callbacks suppressed [ 134.552570][ T8605] netlink: 256 bytes leftover after parsing attributes in process `syz.3.857'. [ 134.573399][ T8606] netlink: 24 bytes leftover after parsing attributes in process `syz.0.854'. [ 134.577039][ T8604] netlink: 632 bytes leftover after parsing attributes in process `syz.2.856'. [ 135.122403][ T8634] tipc: Enabling of bearer rejected, failed to enable media [ 135.229062][ T8641] FAULT_INJECTION: forcing a failure. [ 135.229062][ T8641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.242386][ T8641] CPU: 1 UID: 0 PID: 8641 Comm: syz.1.871 Not tainted syzkaller #0 PREEMPT(full) [ 135.242409][ T8641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 135.242419][ T8641] Call Trace: [ 135.242426][ T8641] [ 135.242434][ T8641] dump_stack_lvl+0x189/0x250 [ 135.242461][ T8641] ? __pfx____ratelimit+0x10/0x10 [ 135.242482][ T8641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.242504][ T8641] ? __pfx__printk+0x10/0x10 [ 135.242523][ T8641] ? __might_fault+0xb0/0x130 [ 135.242558][ T8641] should_fail_ex+0x414/0x560 [ 135.242594][ T8641] _copy_from_iter+0x1de/0x1790 [ 135.242619][ T8641] ? rcu_is_watching+0x15/0xb0 [ 135.242643][ T8641] ? kmalloc_reserve+0xbd/0x290 [ 135.242668][ T8641] ? __pfx__copy_from_iter+0x10/0x10 [ 135.242689][ T8641] ? __build_skb_around+0x262/0x3f0 [ 135.242716][ T8641] ? netlink_sendmsg+0x642/0xb30 [ 135.242731][ T8641] ? skb_put+0x11b/0x210 [ 135.242750][ T8641] netlink_sendmsg+0x6b2/0xb30 [ 135.242776][ T8641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.242804][ T8641] ? aa_sock_msg_perm+0xf1/0x1d0 [ 135.242829][ T8641] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 135.242846][ T8641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.242871][ T8641] __sock_sendmsg+0x21c/0x270 [ 135.242895][ T8641] ____sys_sendmsg+0x505/0x830 [ 135.242918][ T8641] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.242945][ T8641] ? import_iovec+0x74/0xa0 [ 135.242969][ T8641] ___sys_sendmsg+0x21f/0x2a0 [ 135.242990][ T8641] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.243044][ T8641] ? __fget_files+0x2a/0x420 [ 135.243060][ T8641] ? __fget_files+0x3a0/0x420 [ 135.243087][ T8641] __x64_sys_sendmsg+0x19b/0x260 [ 135.243108][ T8641] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 135.243135][ T8641] ? __pfx_ksys_write+0x10/0x10 [ 135.243161][ T8641] ? do_syscall_64+0xbe/0xfa0 [ 135.243186][ T8641] do_syscall_64+0xfa/0xfa0 [ 135.243205][ T8641] ? lockdep_hardirqs_on+0x9c/0x150 [ 135.243227][ T8641] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.243244][ T8641] ? clear_bhb_loop+0x60/0xb0 [ 135.243265][ T8641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.243282][ T8641] RIP: 0033:0x7fb7b8f8efc9 [ 135.243298][ T8641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.243312][ T8641] RSP: 002b:00007fb7b9de9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.243331][ T8641] RAX: ffffffffffffffda RBX: 00007fb7b91e5fa0 RCX: 00007fb7b8f8efc9 [ 135.243344][ T8641] RDX: 0000000000000804 RSI: 0000200000000580 RDI: 0000000000000004 [ 135.243355][ T8641] RBP: 00007fb7b9de9090 R08: 0000000000000000 R09: 0000000000000000 [ 135.243366][ T8641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.243376][ T8641] R13: 00007fb7b91e6038 R14: 00007fb7b91e5fa0 R15: 00007ffc3a32e508 [ 135.243407][ T8641] [ 135.605499][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.0.872'. [ 135.711185][ T8650] bond7: (slave bond_slave_1): Device is not our slave [ 135.722778][ T8650] bond7: option active_slave: invalid value (bond_slave_1) [ 135.821499][ T8655] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.945608][ T8650] bond7 (unregistering): Released all slaves [ 136.180912][ T8678] FAULT_INJECTION: forcing a failure. [ 136.180912][ T8678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.194534][ T8678] CPU: 0 UID: 0 PID: 8678 Comm: syz.4.883 Not tainted syzkaller #0 PREEMPT(full) [ 136.194558][ T8678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 136.194568][ T8678] Call Trace: [ 136.194575][ T8678] [ 136.194583][ T8678] dump_stack_lvl+0x189/0x250 [ 136.194611][ T8678] ? __pfx____ratelimit+0x10/0x10 [ 136.194632][ T8678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.194655][ T8678] ? __pfx__printk+0x10/0x10 [ 136.194686][ T8678] should_fail_ex+0x414/0x560 [ 136.194716][ T8678] _copy_to_user+0x31/0xb0 [ 136.194739][ T8678] simple_read_from_buffer+0xe1/0x170 [ 136.194778][ T8678] proc_fail_nth_read+0x1b3/0x220 [ 136.194804][ T8678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.194828][ T8678] ? rw_verify_area+0x2a6/0x4d0 [ 136.194850][ T8678] ? __lock_acquire+0xab9/0xd20 [ 136.194866][ T8678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.194889][ T8678] vfs_read+0x200/0xa30 [ 136.194914][ T8678] ? fdget_pos+0x247/0x320 [ 136.194934][ T8678] ? __pfx___mutex_lock+0x10/0x10 [ 136.194957][ T8678] ? __pfx_vfs_read+0x10/0x10 [ 136.194981][ T8678] ? __fget_files+0x2a/0x420 [ 136.195002][ T8678] ? __fget_files+0x3a0/0x420 [ 136.195017][ T8678] ? __fget_files+0x2a/0x420 [ 136.195042][ T8678] ksys_read+0x145/0x250 [ 136.195068][ T8678] ? __pfx_ksys_read+0x10/0x10 [ 136.195094][ T8678] ? do_syscall_64+0xbe/0xfa0 [ 136.195119][ T8678] do_syscall_64+0xfa/0xfa0 [ 136.195138][ T8678] ? lockdep_hardirqs_on+0x9c/0x150 [ 136.195159][ T8678] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.195176][ T8678] ? clear_bhb_loop+0x60/0xb0 [ 136.195198][ T8678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.195214][ T8678] RIP: 0033:0x7f9fb018d9dc [ 136.195231][ T8678] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 136.195245][ T8678] RSP: 002b:00007f9fb10be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 136.195264][ T8678] RAX: ffffffffffffffda RBX: 00007f9fb03e6090 RCX: 00007f9fb018d9dc [ 136.195275][ T8678] RDX: 000000000000000f RSI: 00007f9fb10be0a0 RDI: 0000000000000005 [ 136.195284][ T8678] RBP: 00007f9fb10be090 R08: 0000000000000000 R09: 0000000000000000 [ 136.195294][ T8678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.195303][ T8678] R13: 00007f9fb03e6128 R14: 00007f9fb03e6090 R15: 00007ffe23bcaef8 [ 136.195339][ T8678] [ 136.904238][ T8683] netlink: 'syz.2.884': attribute type 12 has an invalid length. [ 136.924478][ T8686] netlink: 12 bytes leftover after parsing attributes in process `syz.0.885'. [ 136.938741][ T8686] netlink: 12 bytes leftover after parsing attributes in process `syz.0.885'. [ 136.953867][ T8689] netlink: 16 bytes leftover after parsing attributes in process `syz.3.887'. [ 137.159722][ T8702] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 137.449242][ T8722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.894'. [ 137.455393][ T8715] bond3: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 137.477242][ T8715] bond3 (unregistering): Released all slaves [ 138.151364][ T8759] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 138.260268][ T8766] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 138.298586][ T8766] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 138.634124][ T8795] netlink: 'syz.3.917': attribute type 1 has an invalid length. [ 138.667691][ T8794] netlink: 28 bytes leftover after parsing attributes in process `syz.0.918'. [ 138.975096][ T8820] netlink: 'syz.4.924': attribute type 33 has an invalid length. [ 138.983242][ T8820] netlink: 152 bytes leftover after parsing attributes in process `syz.4.924'. [ 139.068752][ T8825] sctp: [Deprecated]: syz.2.926 (pid 8825) Use of int in max_burst socket option. [ 139.068752][ T8825] Use struct sctp_assoc_value instead [ 139.076115][ T8822] bond6: (slave bond_slave_1): Device is not our slave [ 139.093656][ T8825] netlink: 'syz.2.926': attribute type 10 has an invalid length. [ 139.101889][ T8822] bond6: option active_slave: invalid value (bond_slave_1) [ 139.120948][ T8822] bond6 (unregistering): Released all slaves [ 139.149277][ T8825] veth1_macvtap: left promiscuous mode [ 139.313384][ T8831] openvswitch: netlink: Message has 4 unknown bytes. [ 139.328971][ T8831] bond0: entered promiscuous mode [ 139.334039][ T8831] bond_slave_0: entered promiscuous mode [ 139.355671][ T8831] bond_slave_1: entered promiscuous mode [ 139.363712][ T8831] batadv0: entered promiscuous mode [ 139.386555][ T8831] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 139.477121][ T8840] x_tables: duplicate underflow at hook 3 [ 139.703897][ T8849] bond6: (slave bond_slave_1): Device is not our slave [ 139.725296][ T8849] bond6: option active_slave: invalid value (bond_slave_1) [ 139.740502][ T8849] bond6 (unregistering): Released all slaves [ 139.840143][ T8862] __nla_validate_parse: 2 callbacks suppressed [ 139.840160][ T8862] netlink: 52 bytes leftover after parsing attributes in process `syz.0.941'. [ 140.520141][ T8911] netlink: 24 bytes leftover after parsing attributes in process `syz.3.959'. [ 140.683975][ T8925] netlink: 'syz.0.964': attribute type 2 has an invalid length. [ 140.887381][ T8940] netlink: zone id is out of range [ 140.892709][ T8940] netlink: zone id is out of range [ 140.904316][ T8940] netlink: 104 bytes leftover after parsing attributes in process `syz.3.967'. [ 140.919593][ T8940] netlink: zone id is out of range [ 140.931444][ T8940] netlink: zone id is out of range [ 141.163546][ T8958] netlink: 68 bytes leftover after parsing attributes in process `syz.3.974'. [ 142.216041][ T9017] netlink: 24 bytes leftover after parsing attributes in process `syz.0.995'. [ 142.307179][ T9012] bond3: (slave bond_slave_1): Device is not our slave [ 142.319537][ T9012] bond3: option active_slave: invalid value (bond_slave_1) [ 142.358339][ T9012] bond3 (unregistering): Released all slaves [ 142.385903][ T9025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.997'. [ 142.500947][ T9025] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 142.984032][ T9065] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1008'. [ 143.224038][ T9075] xt_hashlimit: overflow, rate too high: 0 [ 143.297665][ T9078] bond7: (slave bond_slave_1): Device is not our slave [ 143.304766][ T9078] bond7: option active_slave: invalid value (bond_slave_1) [ 143.319051][ T9078] bond7 (unregistering): Released all slaves [ 144.306501][ T9135] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1030'. [ 144.416400][ T9141] tipc: Started in network mode [ 144.430470][ T9141] tipc: Node identity 222207e9d65, cluster identity 4711 [ 144.451711][ T9141] tipc: Enabled bearer , priority 0 [ 144.477418][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'. [ 144.488816][ T9143] netlink: 'syz.1.1032': attribute type 30 has an invalid length. [ 144.509108][ T9141] syzkaller0: entered promiscuous mode [ 144.515046][ T9141] syzkaller0: entered allmulticast mode [ 144.548482][ T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.558810][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.580803][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.606296][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.663410][ T9140] tipc: Resetting bearer [ 144.711038][ T9140] tipc: Disabling bearer [ 144.995437][ T9166] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1039'. [ 145.296970][ T9190] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1048'. [ 145.338824][ T9193] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1049'. [ 145.361240][ T9192] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1049'. [ 145.539007][ T9203] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1051'. [ 145.937019][ T9233] unsupported nlmsg_type 40 [ 145.985673][ T9230] netlink: 'syz.4.1060': attribute type 8 has an invalid length. [ 146.007925][ T1156] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 146.068227][ T9239] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 146.182424][ T9252] bond0: entered promiscuous mode [ 146.194321][ T9252] bond_slave_0: entered promiscuous mode [ 146.206537][ T9252] bond_slave_1: entered promiscuous mode [ 146.217856][ T9252] batadv0: entered promiscuous mode [ 146.241971][ T9252] debugfs: 'hsr1' already exists in 'hsr' [ 146.249462][ T9252] Cannot create hsr debugfs directory [ 146.257204][ T9252] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 146.267240][ T9252] bond0: left promiscuous mode [ 146.272361][ T9252] bond_slave_0: left promiscuous mode [ 146.278397][ T9252] bond_slave_1: left promiscuous mode [ 146.286748][ T9252] batadv0: left promiscuous mode [ 146.374875][ T9261] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1071'. [ 146.452488][ T9268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1072'. [ 146.807305][ T9280] FAULT_INJECTION: forcing a failure. [ 146.807305][ T9280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.826597][ T9280] CPU: 0 UID: 0 PID: 9280 Comm: syz.3.1078 Not tainted syzkaller #0 PREEMPT(full) [ 146.826621][ T9280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 146.826631][ T9280] Call Trace: [ 146.826638][ T9280] [ 146.826646][ T9280] dump_stack_lvl+0x189/0x250 [ 146.826674][ T9280] ? __pfx____ratelimit+0x10/0x10 [ 146.826695][ T9280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.826718][ T9280] ? __pfx__printk+0x10/0x10 [ 146.826736][ T9280] ? __might_fault+0xb0/0x130 [ 146.826776][ T9280] should_fail_ex+0x414/0x560 [ 146.826805][ T9280] _copy_from_user+0x2d/0xb0 [ 146.826828][ T9280] ___sys_sendmsg+0x158/0x2a0 [ 146.826853][ T9280] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.826907][ T9280] ? __fget_files+0x2a/0x420 [ 146.826922][ T9280] ? __fget_files+0x3a0/0x420 [ 146.826945][ T9280] __x64_sys_sendmsg+0x19b/0x260 [ 146.826963][ T9280] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 146.826989][ T9280] ? __pfx_ksys_write+0x10/0x10 [ 146.827016][ T9280] ? do_syscall_64+0xbe/0xfa0 [ 146.827039][ T9280] do_syscall_64+0xfa/0xfa0 [ 146.827056][ T9280] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.827075][ T9280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.827091][ T9280] ? clear_bhb_loop+0x60/0xb0 [ 146.827110][ T9280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.827125][ T9280] RIP: 0033:0x7f31c078efc9 [ 146.827141][ T9280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.827154][ T9280] RSP: 002b:00007f31c166e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.827172][ T9280] RAX: ffffffffffffffda RBX: 00007f31c09e5fa0 RCX: 00007f31c078efc9 [ 146.827183][ T9280] RDX: 00000000000400d0 RSI: 0000200000000080 RDI: 0000000000000003 [ 146.827194][ T9280] RBP: 00007f31c166e090 R08: 0000000000000000 R09: 0000000000000000 [ 146.827204][ T9280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.827214][ T9280] R13: 00007f31c09e6038 R14: 00007f31c09e5fa0 R15: 00007fffb751dbd8 [ 146.827243][ T9280] [ 147.286561][ T9295] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1082'. [ 147.314985][ T9295] gretap0: entered promiscuous mode [ 147.334901][ T9302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1088'. [ 147.542713][ T9314] netlink: 'syz.3.1091': attribute type 12 has an invalid length. [ 147.550915][ T9314] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1091'. [ 147.650004][ T9318] veth0: entered promiscuous mode [ 147.693177][ T9323] bond3 (unregistering): Released all slaves [ 147.709997][ T9318] veth0: left promiscuous mode [ 147.800569][ T9330] sch_tbf: peakrate 7 is lower than or equals to rate 2147483647 ! [ 147.981186][ T9343] netlink: 'syz.3.1103': attribute type 12 has an invalid length. [ 148.069140][ T9346] netlink: 'syz.3.1106': attribute type 8 has an invalid length. [ 149.219115][ T9420] team_slave_0: entered allmulticast mode [ 150.105455][ T5149] Bluetooth: hci4: link tx timeout [ 150.111276][ T5149] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 150.121216][ T5149] Bluetooth: hci4: link tx timeout [ 150.132265][ T5149] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 150.284153][ T9480] netlink: 'syz.1.1163': attribute type 3 has an invalid length. [ 150.382067][ T9483] __nla_validate_parse: 5 callbacks suppressed [ 150.382105][ T9483] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1164'. [ 150.798972][ T9509] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 151.084210][ T9528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1184'. [ 151.263602][ T9537] pimreg: entered allmulticast mode [ 151.380643][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1192'. [ 151.499835][ T9544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1194'. [ 151.719171][ T9550] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1197'. [ 151.853383][ T9558] netlink: 'syz.3.1201': attribute type 4 has an invalid length. [ 151.954606][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1202'. [ 151.973788][ T9563] vlan0: entered promiscuous mode [ 152.002946][ T9564] bond_slave_0: entered promiscuous mode [ 152.008868][ T9564] bond_slave_1: entered promiscuous mode [ 152.045838][ T9564] macvtap1: entered promiscuous mode [ 152.061155][ T9564] bond0: entered promiscuous mode [ 152.077625][ T9564] macvtap1: entered allmulticast mode [ 152.092000][ T9564] bond0: entered allmulticast mode [ 152.097659][ T9564] bond_slave_0: entered allmulticast mode [ 152.103463][ T9564] bond_slave_1: entered allmulticast mode [ 152.110739][ T9564] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 152.123090][ T9566] macvtap1: left promiscuous mode [ 152.128761][ T9566] bond0: left promiscuous mode [ 152.134296][ T9566] macvtap1: left allmulticast mode [ 152.140267][ T9566] bond0: left allmulticast mode [ 152.146091][ T9573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1205'. [ 152.157672][ T9566] bond_slave_0: left allmulticast mode [ 152.167098][ T9566] bond_slave_1: left allmulticast mode [ 152.216905][ T5149] Bluetooth: hci4: command 0x0405 tx timeout [ 152.259055][ T9578] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1209'. [ 152.330504][ T12] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.346873][ T12] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.366787][ T12] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.386065][ T12] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.720584][ T9601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 152.790909][ T9601] syz_tun: entered promiscuous mode [ 152.803202][ T9601] macvtap1: entered promiscuous mode [ 152.812558][ T9601] macvtap1: entered allmulticast mode [ 152.820179][ T9601] syz_tun: entered allmulticast mode [ 152.866744][ T9604] syz_tun: left allmulticast mode [ 152.872237][ T9604] syz_tun: left promiscuous mode [ 152.991135][ T9613] netlink: 'syz.4.1225': attribute type 36 has an invalid length. [ 153.266982][ T9629] netlink: 'syz.1.1233': attribute type 10 has an invalid length. [ 153.322077][ T9629] team0: Port device dummy0 added [ 153.644453][ T9655] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1243'. [ 153.689435][ T9658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.752819][ T9658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.781971][ T9658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.053125][ T1156] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.082084][ T1156] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.117760][ T1156] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.134040][ T1156] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.285210][ T5825] Bluetooth: hci4: command 0x0405 tx timeout [ 155.495324][ T981] IPVS: starting estimator thread 0... [ 155.615261][ T9767] IPVS: using max 27 ests per chain, 64800 per kthread [ 155.780239][ T9787] ipvlan2: entered promiscuous mode [ 155.787106][ T9787] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 156.033971][ T9790] syzkaller0: entered promiscuous mode [ 156.042191][ T9790] syzkaller0: entered allmulticast mode [ 157.729586][ T9828] __nla_validate_parse: 9 callbacks suppressed [ 157.729605][ T9828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1315'. [ 157.822818][ T9832] netlink: 'syz.3.1316': attribute type 4 has an invalid length. [ 158.574251][ T9855] syzkaller0: entered promiscuous mode [ 158.580030][ T9855] syzkaller0: entered allmulticast mode [ 159.014227][ T9876] vlan2: entered allmulticast mode [ 159.027890][ T9876] dummy0: entered allmulticast mode [ 159.096095][ T9886] rdma_op ffff8880697a39f0 conn xmit_rdma 0000000000000000 [ 159.408321][ T9881] bond_slave_0: left promiscuous mode [ 159.415165][ T9881] bond_slave_1: left promiscuous mode [ 160.612669][ T9876] vlan2: entered allmulticast mode [ 160.645721][ T50] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 160.660066][ T50] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.672214][ T50] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 160.699418][ T50] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.714183][ T50] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 160.724685][ T50] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.733971][ T50] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 160.744150][ T50] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.963121][ T9920] netlink: 'syz.4.1351': attribute type 10 has an invalid length. [ 160.978569][ T9920] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 161.271103][ T9941] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1363'. [ 161.338155][ T9941] bond0: (slave rose0): Enslaving as an active interface with an up link [ 161.403810][ T9946] tipc: Started in network mode [ 161.416570][ T9946] tipc: Node identity 3a46e368fba2, cluster identity 4711 [ 161.424056][ T9946] tipc: Enabled bearer , priority 0 [ 161.445034][ T9946] syzkaller0: entered promiscuous mode [ 161.465280][ T9946] syzkaller0: entered allmulticast mode [ 161.551148][ T9946] tipc: Resetting bearer [ 161.573312][ T9945] tipc: Resetting bearer [ 161.637499][ T9945] tipc: Disabling bearer [ 161.962130][ T9985] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1384'. [ 162.852147][T10027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1401'. [ 163.233979][T10044] netlink: 'syz.2.1409': attribute type 12 has an invalid length. [ 163.571400][T10068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1423'. [ 164.619407][T10134] syzkaller0: entered promiscuous mode [ 164.625903][T10134] syzkaller0: entered allmulticast mode [ 164.719262][T10140] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 164.791901][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1455'. [ 164.834353][T10146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1456'. [ 165.895206][T10184] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1473'. [ 165.904584][T10183] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1473'. [ 165.958563][T10186] netlink: 'syz.3.1474': attribute type 1 has an invalid length. [ 166.089914][T10195] netlink: 'syz.3.1478': attribute type 11 has an invalid length. [ 166.216897][T10201] bridge0: port 3(vlan2) entered blocking state [ 166.223728][T10201] bridge0: port 3(vlan2) entered disabled state [ 166.230848][T10201] vlan2: entered allmulticast mode [ 166.236374][T10201] bridge0: entered allmulticast mode [ 166.244256][T10201] vlan2: left allmulticast mode [ 166.249595][T10201] bridge0: left allmulticast mode [ 166.536917][T10216] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1487'. [ 166.618233][T10220] netlink: 'syz.0.1489': attribute type 11 has an invalid length. [ 167.007522][T10244] netlink: 'syz.2.1501': attribute type 11 has an invalid length. [ 167.337695][T10260] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1510'. [ 167.515260][T10269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1512'. [ 167.972291][T10300] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1523'. [ 168.253053][T10316] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1530'. [ 168.461526][T10329] syzkaller0: entered promiscuous mode [ 168.482689][T10329] syzkaller0: entered allmulticast mode [ 168.674258][T10340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 168.691328][T10340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 168.852856][T10342] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1544'. [ 168.906630][T10342] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 169.031391][T10363] syzkaller0: entered promiscuous mode [ 169.037053][T10363] syzkaller0: entered allmulticast mode [ 169.056852][T10358] 0: reclassify loop, rule prio 0, protocol 800 [ 169.358514][T10376] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1558'. [ 170.112903][T10422] netlink: 'syz.3.1579': attribute type 4 has an invalid length. [ 170.276994][T10431] tipc: Started in network mode [ 170.282054][T10431] tipc: Node identity ac141441, cluster identity 4711 [ 170.298445][T10431] tipc: Enabled bearer , priority 10 [ 171.185990][T10484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1607'. [ 171.319123][T10491] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1610'. [ 171.415805][ T9] tipc: Node number set to 2886997057 [ 171.821089][T10513] netlink: 'syz.1.1621': attribute type 36 has an invalid length. [ 171.944062][T10522] syzkaller0: entered promiscuous mode [ 171.955296][T10522] syzkaller0: entered allmulticast mode [ 172.162230][T10533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1630'. [ 172.351991][T10543] netlink: 'syz.4.1635': attribute type 36 has an invalid length. [ 172.482190][T10550] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1639'. [ 173.391430][T10605] dvmrp1: entered allmulticast mode [ 173.494341][T10614] __nla_validate_parse: 1 callbacks suppressed [ 173.494359][T10614] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1666'. [ 173.581930][T10620] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1669'. [ 173.740175][T10628] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1673'. [ 174.041479][T10648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1682'. [ 174.488585][T10677] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 174.842544][T10698] netlink: 'syz.1.1703': attribute type 11 has an invalid length. [ 175.207208][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1714'. [ 175.217447][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1714'. [ 175.402691][T10729] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1719'. [ 175.840487][T10758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1731'. [ 175.858787][T10758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1731'. [ 176.263521][T10784] bond6: entered promiscuous mode [ 176.394404][T10797] netlink: 'syz.0.1747': attribute type 4 has an invalid length. [ 176.403231][T10796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1748'. [ 176.534676][T10804] sch_tbf: burst 0 is lower than device lo mtu (17233) ! [ 176.831408][T10820] netlink: 'syz.1.1759': attribute type 11 has an invalid length. [ 178.532387][T10917] __nla_validate_parse: 4 callbacks suppressed [ 178.532406][T10917] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1802'. [ 180.732447][T10994] netlink: 'syz.0.1833': attribute type 10 has an invalid length. [ 180.743280][T10994] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1833'. [ 180.777512][T10994] team0: Port device geneve0 added [ 181.638883][T11047] netlink: 'syz.4.1857': attribute type 11 has an invalid length. [ 182.685752][T11119] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1891'. [ 183.650258][T11168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1915'. [ 183.817456][T11177] netlink: 'syz.1.1919': attribute type 10 has an invalid length. [ 183.826940][T11177] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1919'. [ 183.847244][T11177] team0: Port device geneve0 added [ 183.977443][T11184] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1922'. [ 184.235886][T11198] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1928'. [ 184.522152][T11216] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1936'. [ 184.752128][T11231] syzkaller0: entered promiscuous mode [ 184.764204][T11231] syzkaller0: entered allmulticast mode [ 184.965415][T11242] netlink: 'syz.3.1949': attribute type 10 has an invalid length. [ 184.974549][T11242] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1949'. [ 184.984859][T11240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1947'. [ 185.014232][T11242] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 185.429711][T11268] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1962'. [ 185.586075][T11279] tipc: Enabled bearer , priority 0 [ 185.593603][T11279] syzkaller0: entered promiscuous mode [ 185.605236][T11279] syzkaller0: entered allmulticast mode [ 185.637369][T11279] tipc: Resetting bearer [ 185.646352][T11275] tipc: Resetting bearer [ 185.698874][T11275] tipc: Disabling bearer [ 186.113469][T11309] syzkaller0: entered promiscuous mode [ 186.119557][T11309] syzkaller0: entered allmulticast mode [ 186.535411][T11335] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1992'. [ 186.711439][T11342] team_slave_0: entered promiscuous mode [ 186.717357][T11342] team_slave_1: entered promiscuous mode [ 186.723072][T11342] veth0_virt_wifi: entered promiscuous mode [ 186.729050][T11342] dummy0: entered promiscuous mode [ 186.734294][T11344] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1998'. [ 186.734410][T11342] geneve0: entered promiscuous mode [ 186.752905][T11342] vlan2: entered promiscuous mode [ 186.758277][T11342] team0: entered promiscuous mode [ 187.266430][T11378] syzkaller0: entered promiscuous mode [ 187.271955][T11378] syzkaller0: entered allmulticast mode [ 187.483862][T11398] netlink: 'syz.3.2022': attribute type 11 has an invalid length. [ 188.379634][T11452] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.393083][T11452] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.475939][T11452] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.486845][T11452] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.559574][T11452] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.570019][T11452] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.654611][T11452] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 188.665281][T11452] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.775502][ T1156] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.784088][ T1156] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.800640][ T1156] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.809621][ T1156] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.829791][ T1156] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.838435][ T1156] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.855798][ T1156] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.864356][ T1156] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.913526][T11467] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2052'. [ 188.979216][T11471] netlink: 'syz.0.2054': attribute type 1 has an invalid length. [ 189.014777][T11471] 8021q: adding VLAN 0 to HW filter on device bond4 [ 189.040529][T11471] bond4: (slave geneve3): making interface the new active one [ 189.054049][T11471] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 189.881907][T11528] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2081'. [ 189.965291][T11533] syzkaller0: entered promiscuous mode [ 189.970919][T11533] syzkaller0: entered allmulticast mode [ 190.111183][T11540] tap0: tun_chr_ioctl cmd 35108 [ 190.439282][T11557] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2094'. [ 190.739031][T11570] netlink: 'syz.0.2102': attribute type 1 has an invalid length. [ 190.760163][T11573] netlink: 'syz.3.2100': attribute type 11 has an invalid length. [ 190.812358][T11577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2102'. [ 190.836310][T11570] 8021q: adding VLAN 0 to HW filter on device bond5 [ 190.852279][T11577] bond5: entered allmulticast mode [ 190.901569][T11570] bond5: (slave ip6gretap1): making interface the new active one [ 190.910706][T11570] ip6gretap1: entered allmulticast mode [ 190.918365][T11570] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 191.025648][T11585] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 191.888679][T11639] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2128'. [ 192.609859][T11684] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2146'. [ 192.631503][T11684] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2146'. [ 192.643156][T11684] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2146'. [ 192.654722][T11684] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2146'. [ 192.973548][T11704] netlink: 27 bytes leftover after parsing attributes in process `syz.4.2154'. [ 193.046134][T11709] netlink: 'syz.3.2156': attribute type 10 has an invalid length. [ 193.086647][T11709] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 193.412783][T11732] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 193.420360][T11732] IPv6: NLM_F_CREATE should be set when creating new route [ 193.551599][T11742] veth0: entered promiscuous mode [ 193.559536][T11740] veth0: left promiscuous mode [ 193.757438][T11754] batadv_slave_1: entered promiscuous mode [ 193.765473][T11753] batadv_slave_1: left promiscuous mode [ 193.872748][T11762] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 193.880077][T11762] IPv6: NLM_F_CREATE should be set when creating new route [ 194.212713][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.219205][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.481818][T11801] netlink: 'syz.3.2198': attribute type 11 has an invalid length. [ 195.352845][T11848] syzkaller0: entered promiscuous mode [ 195.374428][T11848] syzkaller0: entered allmulticast mode [ 195.614043][T11861] __nla_validate_parse: 4 callbacks suppressed [ 195.614062][T11861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2225'. [ 196.054225][T11883] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2235'. [ 196.068112][T11883] nbd: couldn't find a device at index 0 [ 196.287378][T11784] Bluetooth: hci1: command 0x0406 tx timeout [ 196.296635][T11784] Bluetooth: hci2: command 0x0406 tx timeout [ 196.302691][T11784] Bluetooth: hci3: command 0x0406 tx timeout [ 196.463531][T11906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2245'. [ 197.530742][T11964] netlink: 316 bytes leftover after parsing attributes in process `syz.3.2271'. [ 197.631954][T11969] netlink: 'syz.3.2274': attribute type 10 has an invalid length. [ 197.656195][T11969] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2274'. [ 197.668609][T11969] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 197.950675][T11990] syzkaller0: entered promiscuous mode [ 197.962316][T11990] syzkaller0: entered allmulticast mode [ 198.146313][T12001] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 198.227413][T12005] netlink: 'syz.3.2290': attribute type 10 has an invalid length. [ 198.235566][T12005] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2290'. [ 198.244602][T12005] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 198.890928][T12041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2307'. [ 199.004334][T12048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2310'. [ 200.299876][T12125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2343'. [ 200.318453][T12127] netlink: 'syz.3.2344': attribute type 10 has an invalid length. [ 200.335533][ T12] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 200.349813][ T12] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 200.372189][ T12] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 200.404758][ T12] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 201.176326][T12171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.240121][T12175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2365'. [ 201.306728][T12181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2367'. [ 201.438399][T12187] netlink: 'syz.3.2370': attribute type 11 has an invalid length. [ 201.512572][T12193] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2373'. [ 201.763522][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2380'. [ 201.932335][T12220] netlink: 'syz.4.2385': attribute type 9 has an invalid length. [ 201.965050][T12220] netlink: 'syz.4.2385': attribute type 7 has an invalid length. [ 201.981956][T12220] netlink: 'syz.4.2385': attribute type 8 has an invalid length. [ 202.159063][T12235] netlink: 'syz.2.2391': attribute type 1 has an invalid length. [ 202.836187][T12283] syzkaller0: entered allmulticast mode [ 203.030751][T12292] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2417'. [ 203.184208][T12299] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 203.437085][T12305] ip6tnl2: entered promiscuous mode [ 203.572318][T12312] team0: No ports can be present during mode change [ 204.222390][T12353] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2444'. [ 204.530249][T12366] netlink: 'syz.0.2448': attribute type 10 has an invalid length. [ 204.549822][T12366] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2448'. [ 204.561548][T12366] dummy0: entered promiscuous mode [ 204.568839][T12366] bridge0: port 3(dummy0) entered blocking state [ 204.587669][T12366] bridge0: port 3(dummy0) entered disabled state [ 204.601033][T12366] dummy0: entered allmulticast mode [ 204.619159][T12366] bridge0: port 3(dummy0) entered blocking state [ 204.625699][T12366] bridge0: port 3(dummy0) entered listening state [ 204.837260][T12374] Bluetooth: MGMT ver 1.23 [ 205.256114][T12399] netlink: 'syz.4.2463': attribute type 11 has an invalid length. [ 205.439867][T12411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2468'. [ 205.461958][T12411] macvtap2: entered promiscuous mode [ 205.468180][T12411] bond0: entered promiscuous mode [ 205.473788][T12411] bond_slave_0: entered promiscuous mode [ 205.481129][T12411] bond_slave_1: entered promiscuous mode [ 205.492838][T12411] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 205.494003][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2468'. [ 205.512639][T12411] macvtap2: entered allmulticast mode [ 205.526214][T12411] bond0: entered allmulticast mode [ 205.531358][T12411] bond_slave_0: entered allmulticast mode [ 205.542491][T12411] bond_slave_1: entered allmulticast mode [ 205.549056][T12411] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 205.558653][T12411] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 205.568905][T12412] macvtap2: left promiscuous mode [ 205.574479][T12412] bond0: left promiscuous mode [ 205.591437][T12412] bond_slave_0: left promiscuous mode [ 205.600918][T12412] bond_slave_1: left promiscuous mode [ 205.608336][T12412] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 205.616830][T12412] macvtap2: left allmulticast mode [ 205.622156][T12412] bond0: left allmulticast mode [ 205.627438][T12412] bond_slave_0: left allmulticast mode [ 205.633111][T12412] bond_slave_1: left allmulticast mode [ 205.638783][T12412] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 205.806162][T12427] netlink: 'syz.0.2476': attribute type 11 has an invalid length. [ 206.716789][T12469] netlink: 133536 bytes leftover after parsing attributes in process `syz.1.2496'. [ 206.864750][T12477] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2502'. [ 206.925431][ T5149] Bluetooth: hci2: command 0x0406 tx timeout [ 206.928318][ T52] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 207.523086][T12520] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2515'. [ 207.722483][T12528] geneve2: entered promiscuous mode [ 207.734741][T12528] geneve2: entered allmulticast mode [ 208.065671][T12550] syzkaller0: entered promiscuous mode [ 208.087927][T12550] syzkaller0: entered allmulticast mode [ 208.388501][T12573] ------------[ cut here ]------------ [ 208.394268][T12573] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 1 MHz (8) [ 208.421239][T12573] WARNING: CPU: 0 PID: 12573 at drivers/net/wireless/virtual/mac80211_hwsim.c:2690 mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 208.434318][T12573] Modules linked in: [ 208.438587][T12573] CPU: 0 UID: 0 PID: 12573 Comm: syz.3.2540 Not tainted syzkaller #0 PREEMPT(full) [ 208.448305][T12573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 208.459093][T12573] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 208.465962][T12573] Code: 81 20 00 00 48 c7 c7 c0 a9 0a 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 20 3c be fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 7d 1f fb fa 90 0f 0b 90 e9 fe fe ff [ 208.485720][T12573] RSP: 0018:ffffc900039fee40 EFLAGS: 00010282 [ 208.491813][T12573] RAX: 011d45f51aef4300 RBX: 0000000000000014 RCX: 0000000000080000 [ 208.500022][T12573] RDX: ffffc9000e6cb000 RSI: 0000000000006757 RDI: 0000000000006758 [ 208.508116][T12573] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 208.516200][T12573] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 0000000000000000 [ 208.524195][T12573] R13: dffffc0000000000 R14: 0000000000000008 R15: 0000000000000000 [ 208.532448][T12573] FS: 00007f31c166e6c0(0000) GS:ffff88812613e000(0000) knlGS:0000000000000000 [ 208.541562][T12573] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 208.548406][T12573] CR2: 0000200000001080 CR3: 0000000075f9a000 CR4: 00000000003526f0 [ 208.556495][T12573] Call Trace: [ 208.559802][T12573] [ 208.562750][T12573] ? mac80211_hwsim_sta_rc_update+0x73/0x860 [ 208.568839][T12573] mac80211_hwsim_sta_add+0xa3/0x310 [ 208.574159][T12573] drv_sta_state+0x8c1/0x1840 [ 208.578945][T12573] sta_info_insert_rcu+0x1a30/0x2840 [ 208.584260][T12573] ? sta_info_insert_rcu+0x349/0x2840 [ 208.589804][T12573] ? __pfx_sta_info_insert_rcu+0x10/0x10 [ 208.595515][T12573] ? rate_control_rate_init_all_links+0x186/0x1a0 [ 208.601957][T12573] ? ieee80211_add_station+0x4f1/0x6a0 [ 208.607592][T12573] sta_info_insert+0x16/0xc0 [ 208.612204][T12573] rdev_add_station+0x108/0x290 [ 208.617155][T12573] nl80211_new_station+0x1755/0x1b70 [ 208.622479][T12573] ? __pfx_nl80211_new_station+0x10/0x10 [ 208.628208][T12573] ? netdev_run_todo+0xe1d/0xea0 [ 208.633206][T12573] ? nl80211_pre_doit+0x4f1/0x930 [ 208.638292][T12573] genl_family_rcv_msg_doit+0x215/0x300 [ 208.643886][T12573] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 208.650134][T12573] ? bpf_lsm_capable+0x9/0x20 [ 208.654829][T12573] ? security_capable+0x7e/0x2e0 [ 208.659859][T12573] genl_rcv_msg+0x60e/0x790 [ 208.664396][T12573] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.669507][T12573] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 208.675057][T12573] ? __pfx_nl80211_new_station+0x10/0x10 [ 208.680747][T12573] ? __pfx_nl80211_post_doit+0x10/0x10 [ 208.686359][T12573] ? __asan_memcpy+0x40/0x70 [ 208.690974][T12573] ? __pfx_ref_tracker_free+0x10/0x10 [ 208.696439][T12573] netlink_rcv_skb+0x208/0x470 [ 208.701316][T12573] ? __lock_acquire+0xab9/0xd20 [ 208.706268][T12573] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.711314][T12573] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 208.716698][T12573] ? down_read+0x1ad/0x2e0 [ 208.721143][T12573] genl_rcv+0x28/0x40 [ 208.725183][T12573] netlink_unicast+0x82f/0x9e0 [ 208.729972][T12573] ? __pfx_netlink_unicast+0x10/0x10 [ 208.735338][T12573] ? netlink_sendmsg+0x642/0xb30 [ 208.740297][T12573] ? skb_put+0x11b/0x210 [ 208.744552][T12573] netlink_sendmsg+0x805/0xb30 [ 208.749491][T12573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.754991][T12573] ? aa_sock_msg_perm+0xf1/0x1d0 [ 208.759962][T12573] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 208.765651][T12573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.771039][T12573] __sock_sendmsg+0x21c/0x270 [ 208.775920][T12573] ____sys_sendmsg+0x505/0x830 [ 208.780735][T12573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 208.786137][T12573] ? import_iovec+0x74/0xa0 [ 208.790657][T12573] ___sys_sendmsg+0x21f/0x2a0 [ 208.795424][T12573] ? __pfx____sys_sendmsg+0x10/0x10 [ 208.800677][T12573] ? __fget_files+0x2a/0x420 [ 208.805341][T12573] ? __fget_files+0x3a0/0x420 [ 208.810030][T12573] __x64_sys_sendmsg+0x19b/0x260 [ 208.815022][T12573] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 208.820511][T12573] ? do_syscall_64+0xbe/0xfa0 [ 208.825271][T12573] do_syscall_64+0xfa/0xfa0 [ 208.829786][T12573] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.835077][T12573] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.841160][T12573] ? clear_bhb_loop+0x60/0xb0 [ 208.845995][T12573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.851985][T12573] RIP: 0033:0x7f31c078efc9 [ 208.856522][T12573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.876379][T12573] RSP: 002b:00007f31c166e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.884796][T12573] RAX: ffffffffffffffda RBX: 00007f31c09e5fa0 RCX: 00007f31c078efc9 [ 208.892850][T12573] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 208.900880][T12573] RBP: 00007f31c0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 208.908940][T12573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.917009][T12573] R13: 00007f31c09e6038 R14: 00007f31c09e5fa0 R15: 00007fffb751dbd8 [ 208.925124][T12573] [ 208.928163][T12573] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 208.935447][T12573] CPU: 0 UID: 0 PID: 12573 Comm: syz.3.2540 Not tainted syzkaller #0 PREEMPT(full) [ 208.944820][T12573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 208.954886][T12573] Call Trace: [ 208.958164][T12573] [ 208.961093][T12573] dump_stack_lvl+0x99/0x250 [ 208.965689][T12573] ? __asan_memcpy+0x40/0x70 [ 208.970297][T12573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.975502][T12573] ? __pfx__printk+0x10/0x10 [ 208.980124][T12573] vpanic+0x237/0x6d0 [ 208.984140][T12573] ? __pfx_vpanic+0x10/0x10 [ 208.988671][T12573] panic+0xb9/0xc0 [ 208.992397][T12573] ? __pfx_panic+0x10/0x10 [ 208.996818][T12573] __warn+0x31b/0x4b0 [ 209.000794][T12573] ? mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 209.006871][T12573] ? mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 209.012927][T12573] report_bug+0x2be/0x4f0 [ 209.017513][T12573] ? mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 209.023574][T12573] ? mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 209.029631][T12573] ? mac80211_hwsim_sta_rc_update+0x6f7/0x860 [ 209.035686][T12573] handle_bug+0x84/0x160 [ 209.039925][T12573] exc_invalid_op+0x1a/0x50 [ 209.044429][T12573] asm_exc_invalid_op+0x1a/0x20 [ 209.049265][T12573] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860 [ 209.056016][T12573] Code: 81 20 00 00 48 c7 c7 c0 a9 0a 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 20 3c be fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 7d 1f fb fa 90 0f 0b 90 e9 fe fe ff [ 209.075699][T12573] RSP: 0018:ffffc900039fee40 EFLAGS: 00010282 [ 209.081761][T12573] RAX: 011d45f51aef4300 RBX: 0000000000000014 RCX: 0000000000080000 [ 209.089814][T12573] RDX: ffffc9000e6cb000 RSI: 0000000000006757 RDI: 0000000000006758 [ 209.097772][T12573] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 209.105727][T12573] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 0000000000000000 [ 209.113685][T12573] R13: dffffc0000000000 R14: 0000000000000008 R15: 0000000000000000 [ 209.121660][T12573] ? mac80211_hwsim_sta_rc_update+0x73/0x860 [ 209.127638][T12573] mac80211_hwsim_sta_add+0xa3/0x310 [ 209.132912][T12573] drv_sta_state+0x8c1/0x1840 [ 209.137585][T12573] sta_info_insert_rcu+0x1a30/0x2840 [ 209.142865][T12573] ? sta_info_insert_rcu+0x349/0x2840 [ 209.148241][T12573] ? __pfx_sta_info_insert_rcu+0x10/0x10 [ 209.153862][T12573] ? rate_control_rate_init_all_links+0x186/0x1a0 [ 209.160278][T12573] ? ieee80211_add_station+0x4f1/0x6a0 [ 209.165731][T12573] sta_info_insert+0x16/0xc0 [ 209.170317][T12573] rdev_add_station+0x108/0x290 [ 209.175164][T12573] nl80211_new_station+0x1755/0x1b70 [ 209.180451][T12573] ? __pfx_nl80211_new_station+0x10/0x10 [ 209.186075][T12573] ? netdev_run_todo+0xe1d/0xea0 [ 209.191022][T12573] ? nl80211_pre_doit+0x4f1/0x930 [ 209.196038][T12573] genl_family_rcv_msg_doit+0x215/0x300 [ 209.201580][T12573] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 209.207647][T12573] ? bpf_lsm_capable+0x9/0x20 [ 209.212314][T12573] ? security_capable+0x7e/0x2e0 [ 209.217250][T12573] genl_rcv_msg+0x60e/0x790 [ 209.221752][T12573] ? __pfx_genl_rcv_msg+0x10/0x10 [ 209.226762][T12573] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 209.232116][T12573] ? __pfx_nl80211_new_station+0x10/0x10 [ 209.237732][T12573] ? __pfx_nl80211_post_doit+0x10/0x10 [ 209.243179][T12573] ? __asan_memcpy+0x40/0x70 [ 209.247760][T12573] ? __pfx_ref_tracker_free+0x10/0x10 [ 209.253131][T12573] netlink_rcv_skb+0x208/0x470 [ 209.257901][T12573] ? __lock_acquire+0xab9/0xd20 [ 209.262758][T12573] ? __pfx_genl_rcv_msg+0x10/0x10 [ 209.267782][T12573] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 209.273076][T12573] ? down_read+0x1ad/0x2e0 [ 209.277489][T12573] genl_rcv+0x28/0x40 [ 209.281464][T12573] netlink_unicast+0x82f/0x9e0 [ 209.286226][T12573] ? __pfx_netlink_unicast+0x10/0x10 [ 209.291503][T12573] ? netlink_sendmsg+0x642/0xb30 [ 209.296432][T12573] ? skb_put+0x11b/0x210 [ 209.300696][T12573] netlink_sendmsg+0x805/0xb30 [ 209.305453][T12573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.310825][T12573] ? aa_sock_msg_perm+0xf1/0x1d0 [ 209.315759][T12573] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 209.321134][T12573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.326616][T12573] __sock_sendmsg+0x21c/0x270 [ 209.331388][T12573] ____sys_sendmsg+0x505/0x830 [ 209.336149][T12573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.341432][T12573] ? import_iovec+0x74/0xa0 [ 209.345930][T12573] ___sys_sendmsg+0x21f/0x2a0 [ 209.350597][T12573] ? __pfx____sys_sendmsg+0x10/0x10 [ 209.355809][T12573] ? __fget_files+0x2a/0x420 [ 209.360384][T12573] ? __fget_files+0x3a0/0x420 [ 209.365055][T12573] __x64_sys_sendmsg+0x19b/0x260 [ 209.369985][T12573] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 209.375555][T12573] ? do_syscall_64+0xbe/0xfa0 [ 209.380229][T12573] do_syscall_64+0xfa/0xfa0 [ 209.384725][T12573] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.389913][T12573] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.395965][T12573] ? clear_bhb_loop+0x60/0xb0 [ 209.400644][T12573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.406530][T12573] RIP: 0033:0x7f31c078efc9 [ 209.410938][T12573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.430545][T12573] RSP: 002b:00007f31c166e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.438968][T12573] RAX: ffffffffffffffda RBX: 00007f31c09e5fa0 RCX: 00007f31c078efc9 [ 209.446931][T12573] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006 [ 209.454888][T12573] RBP: 00007f31c0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 209.462849][T12573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.470810][T12573] R13: 00007f31c09e6038 R14: 00007f31c09e5fa0 R15: 00007fffb751dbd8 [ 209.478795][T12573] [ 209.482073][T12573] Kernel Offset: disabled [ 209.486385][T12573] Rebooting in 86400 seconds..