last executing test programs: 4.446374315s ago: executing program 2 (id=7467): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x7, @private2={0xfc, 0x2, '\x00', 0x4}, 0x8}, {0xa, 0x4e22, 0x7, @empty, 0x1000000}, 0x0, {[0xfffffc01, 0x0, 0x0, 0x0, 0x7, 0x8, 0x1, 0xfffffffd]}}, 0x5c) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000200)=0x1, 0x4) 4.273827148s ago: executing program 2 (id=7469): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) sendmsg$NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 1.399896495s ago: executing program 2 (id=7513): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x20004080) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 1.267324253s ago: executing program 2 (id=7514): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, 0x0, 0x0) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) recvfrom(r2, &(0x7f0000000280)=""/90, 0xfffffffffffffe4a, 0x530, 0x0, 0x0) 1.197712057s ago: executing program 0 (id=7515): bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0xfffe0000}, 0x1c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x832b, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c) listen(r1, 0x9) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r4, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) 1.196748411s ago: executing program 3 (id=7516): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000760500010007000000a1a8aab5352070b9"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) 1.090596643s ago: executing program 0 (id=7518): r0 = socket$kcm(0x11, 0x200000000000003, 0x300) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f00000003c0), 0x4) recvmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {0x0}], 0x2}, 0x0) 1.024032387s ago: executing program 1 (id=7519): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0}, 0x28) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004000}, 0x30008004) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0400001800dd8d0000000000000000020000000000000600000000060015000100000008041680040401"], 0x42c}}, 0x0) socket$netlink(0x10, 0x3, 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x5) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000422dd0a94222e825ddf6958b0ec103e292fea528ca203d5126f43632fa29aa05432b9598ad5a907bbb432c4f4af907be4c4451a8ef68cfee4bffb3d5a4b79f662d1b8819e5d3bbeae6b9f4a5301a63", @ANYBLOB], 0x48) epoll_create1(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 1.02367828s ago: executing program 4 (id=7520): r0 = socket(0x840000000002, 0x3, 0xff) sendmsg$inet(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x2, 0x5, @multicast1}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000940)="9745fe00228e420d72a425127445a52d595c4a9b0000000000000000", 0x1c}], 0x1, &(0x7f00000008c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x35}, @remote}}}], 0x20}, 0x400c804) 971.143023ms ago: executing program 3 (id=7521): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2000000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x60}}, 0x0) 920.884873ms ago: executing program 4 (id=7522): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a300000000030000380"], 0xfc}}, 0x0) 912.955786ms ago: executing program 1 (id=7523): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="bf", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000800)="cc5a4dbac0af", 0x6}], 0x1}}], 0x2, 0x2090) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='highspeed', 0x9) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 785.185419ms ago: executing program 3 (id=7524): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 784.970876ms ago: executing program 4 (id=7525): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x2, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x7}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r2, &(0x7f0000000240), 0x0}, 0x20) 783.998795ms ago: executing program 1 (id=7526): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000150a0102000000000000000000000020090001"], 0x28}, 0x1, 0x0, 0x0, 0x20040011}, 0x24040808) 684.753131ms ago: executing program 0 (id=7527): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000bc0)={@val={0x8, 0x800}, @val={0x2, 0x83, 0x7, 0x2, 0x2}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1c, 0x2c, 0x66, 0x0, 0x8, 0x11, 0x0, @private=0xa010101, @broadcast}, {0x4f20, 0x4e22, 0x18, 0x0, @wg=@data={0x4, 0x1, 0x3c}}}}, 0x3a) 684.421936ms ago: executing program 4 (id=7528): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @last={{0x9}, @void}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 462.942134ms ago: executing program 4 (id=7529): bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0xfffe0000}, 0x1c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x832b, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c) listen(r1, 0x9) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r4, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) 449.819813ms ago: executing program 3 (id=7530): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{0x0}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="020003"], 0xe) 388.761554ms ago: executing program 1 (id=7531): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74", 0xc7}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="9a", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000800)}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 332.290064ms ago: executing program 3 (id=7532): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000000600000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xfe6a, &(0x7f00000014c0)=""/4098, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23) 329.638433ms ago: executing program 0 (id=7533): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0xdf}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) 324.466994ms ago: executing program 2 (id=7534): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000003240), 0x0, 0x4000800) 208.167334ms ago: executing program 4 (id=7535): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000003c0)='\x00', 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x9, @loopback}, 0x1c) write(r0, 0x0, 0x0) writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1) 190.236293ms ago: executing program 0 (id=7536): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xf, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xd230}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) 188.91988ms ago: executing program 1 (id=7537): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000040)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x30004001) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="b65e", 0x2}], 0x1}, 0x40000) 84.129346ms ago: executing program 2 (id=7538): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x39, 0x1, 0x7fffa, 0x25dfdbfc, {0x1}, [@typed={0xc, 0xec, 0x0, 0x0, @u64=0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) 83.678814ms ago: executing program 3 (id=7539): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 45.20278ms ago: executing program 0 (id=7540): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @last={{0x9}, @void}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 0s ago: executing program 1 (id=7541): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r1, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000003100)="a5", 0x1}, {0x0}], 0x2}}], 0x1, 0x0) kernel console output (not intermixed with test programs): x10 [ 504.413985][T25305] ? __pfx_ref_tracker_free+0x10/0x10 [ 504.414016][T25305] netlink_rcv_skb+0x232/0x4b0 [ 504.414037][T25305] ? __pfx_genl_rcv_msg+0x10/0x10 [ 504.414063][T25305] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 504.414079][T25305] ? genl_rcv+0x19/0x40 [ 504.414119][T25305] ? down_read+0x272/0x2e0 [ 504.414140][T25305] ? genl_rcv+0xd/0x40 [ 504.414164][T25305] genl_rcv+0x28/0x40 [ 504.414185][T25305] netlink_unicast+0x80f/0x9b0 [ 504.414222][T25305] ? __pfx_netlink_unicast+0x10/0x10 [ 504.414251][T25305] ? netlink_sendmsg+0x650/0xb40 [ 504.414269][T25305] ? skb_put+0x11b/0x210 [ 504.414296][T25305] netlink_sendmsg+0x813/0xb40 [ 504.414326][T25305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 504.414350][T25305] ? aa_sock_msg_perm+0xf1/0x1b0 [ 504.414382][T25305] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 504.414405][T25305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 504.414424][T25305] ____sys_sendmsg+0xa68/0xad0 [ 504.414448][T25305] ? __might_fault+0xaf/0x130 [ 504.414479][T25305] ? __pfx_____sys_sendmsg+0x10/0x10 [ 504.414512][T25305] ? import_iovec+0x73/0xa0 [ 504.414543][T25305] ___sys_sendmsg+0x2a5/0x360 [ 504.414566][T25305] ? __lock_acquire+0x6b5/0x2cf0 [ 504.414597][T25305] ? __pfx____sys_sendmsg+0x10/0x10 [ 504.414626][T25305] ? futex_wait+0x29a/0x380 [ 504.414673][T25305] ? __fget_files+0x2a/0x420 [ 504.414693][T25305] ? __fget_files+0x3a0/0x420 [ 504.414725][T25305] __x64_sys_sendmsg+0x1bd/0x2a0 [ 504.414754][T25305] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 504.414787][T25305] ? rcu_is_watching+0x15/0xb0 [ 504.414818][T25305] do_syscall_64+0xe2/0xf80 [ 504.414845][T25305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.414864][T25305] ? trace_irq_disable+0x37/0x100 [ 504.414883][T25305] ? clear_bhb_loop+0x60/0xb0 [ 504.414906][T25305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.414925][T25305] RIP: 0033:0x7f0b1f99aeb9 [ 504.414944][T25305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 504.414959][T25305] RSP: 002b:00007f0b2076f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 504.414981][T25305] RAX: ffffffffffffffda RBX: 00007f0b1fc15fa0 RCX: 00007f0b1f99aeb9 [ 504.414995][T25305] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 504.415007][T25305] RBP: 00007f0b1fa08c1f R08: 0000000000000000 R09: 0000000000000000 [ 504.415020][T25305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.415031][T25305] R13: 00007f0b1fc16038 R14: 00007f0b1fc15fa0 R15: 00007fff04c8b388 [ 504.415064][T25305] [ 504.990335][T25319] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6332'. [ 505.062402][T25320] netlink: 'syz.3.6335': attribute type 2 has an invalid length. [ 505.106016][T25320] netlink: 'syz.3.6335': attribute type 1 has an invalid length. [ 505.136753][T25322] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6334'. [ 505.325728][T25327] bond10: option min_links: invalid value (18446744073709551614) [ 505.333990][T25327] bond10: option min_links: allowed values 0 - 2147483647 [ 505.392130][T25327] bond10 (unregistering): Released all slaves [ 505.740926][T25348] netlink: 'syz.2.6342': attribute type 4 has an invalid length. [ 505.794222][T25350] netlink: 'syz.2.6342': attribute type 4 has an invalid length. [ 505.847983][T25351] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6344'. [ 506.023156][T25359] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 506.049072][T25359] CPU: 1 UID: 0 PID: 25359 Comm: syz.0.6347 Not tainted syzkaller #0 PREEMPT(full) [ 506.049106][T25359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 506.049118][T25359] Call Trace: [ 506.049126][T25359] [ 506.049136][T25359] dump_stack_lvl+0xe8/0x150 [ 506.049168][T25359] sysfs_warn_dup+0x8e/0xa0 [ 506.049196][T25359] sysfs_do_create_link_sd+0xc0/0x110 [ 506.049235][T25359] device_add_class_symlinks+0x1cf/0x240 [ 506.049269][T25359] device_add+0x475/0xb70 [ 506.049312][T25359] wiphy_register+0x1d6c/0x2d50 [ 506.049349][T25359] ? __pfx_wiphy_register+0x10/0x10 [ 506.049369][T25359] ? __pfx_netdev_run_todo+0x10/0x10 [ 506.049397][T25359] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 506.049431][T25359] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 506.049460][T25359] ieee80211_register_hw+0x34d2/0x4150 [ 506.049486][T25359] ? __lock_acquire+0x6b5/0x2cf0 [ 506.049524][T25359] ? ieee80211_register_hw+0x13d1/0x4150 [ 506.049559][T25359] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 506.049601][T25359] ? __hrtimer_setup+0x181/0x200 [ 506.049620][T25359] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 506.049649][T25359] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 506.049703][T25359] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 506.049725][T25359] ? kstrndup+0xbf/0x160 [ 506.049758][T25359] hwsim_new_radio_nl+0xf85/0x1c30 [ 506.049788][T25359] ? __pfx___nla_validate_parse+0x10/0x10 [ 506.049828][T25359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 506.049858][T25359] ? rcu_is_watching+0x15/0xb0 [ 506.049881][T25359] ? __nla_parse+0x40/0x60 [ 506.049910][T25359] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 506.049945][T25359] genl_family_rcv_msg_doit+0x22a/0x330 [ 506.049977][T25359] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 506.050015][T25359] ? bpf_lsm_capable+0x9/0x20 [ 506.050039][T25359] ? security_capable+0x7e/0x2c0 [ 506.050068][T25359] genl_rcv_msg+0x61c/0x7a0 [ 506.050099][T25359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 506.050122][T25359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 506.050149][T25359] ? __pfx_ref_tracker_free+0x10/0x10 [ 506.050182][T25359] netlink_rcv_skb+0x232/0x4b0 [ 506.050209][T25359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 506.050236][T25359] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 506.050253][T25359] ? genl_rcv+0x19/0x40 [ 506.050294][T25359] ? down_read+0x272/0x2e0 [ 506.050314][T25359] ? genl_rcv+0xd/0x40 [ 506.050339][T25359] genl_rcv+0x28/0x40 [ 506.050361][T25359] netlink_unicast+0x80f/0x9b0 [ 506.050398][T25359] ? __pfx_netlink_unicast+0x10/0x10 [ 506.050428][T25359] ? netlink_sendmsg+0x650/0xb40 [ 506.050445][T25359] ? skb_put+0x11b/0x210 [ 506.050472][T25359] netlink_sendmsg+0x813/0xb40 [ 506.050501][T25359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 506.050525][T25359] ? aa_sock_msg_perm+0xf1/0x1b0 [ 506.050550][T25359] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 506.050573][T25359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 506.050591][T25359] ____sys_sendmsg+0xa68/0xad0 [ 506.050615][T25359] ? __might_fault+0xaf/0x130 [ 506.050649][T25359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 506.050684][T25359] ? import_iovec+0x73/0xa0 [ 506.050715][T25359] ___sys_sendmsg+0x2a5/0x360 [ 506.050737][T25359] ? __lock_acquire+0x6b5/0x2cf0 [ 506.050767][T25359] ? __pfx____sys_sendmsg+0x10/0x10 [ 506.050800][T25359] ? futex_wait+0x29a/0x380 [ 506.050846][T25359] ? __fget_files+0x2a/0x420 [ 506.050866][T25359] ? __fget_files+0x3a0/0x420 [ 506.050898][T25359] __x64_sys_sendmsg+0x1bd/0x2a0 [ 506.050926][T25359] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 506.050961][T25359] ? rcu_is_watching+0x15/0xb0 [ 506.050992][T25359] do_syscall_64+0xe2/0xf80 [ 506.051012][T25359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.051030][T25359] ? trace_irq_disable+0x37/0x100 [ 506.051048][T25359] ? clear_bhb_loop+0x60/0xb0 [ 506.051071][T25359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.051089][T25359] RIP: 0033:0x7f1a34b9aeb9 [ 506.051108][T25359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 506.051124][T25359] RSP: 002b:00007f1a35a99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 506.051145][T25359] RAX: ffffffffffffffda RBX: 00007f1a34e15fa0 RCX: 00007f1a34b9aeb9 [ 506.051160][T25359] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 506.051172][T25359] RBP: 00007f1a34c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 506.051184][T25359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.051202][T25359] R13: 00007f1a34e16038 R14: 00007f1a34e15fa0 R15: 00007ffce61982d8 [ 506.051237][T25359] [ 506.539737][T25361] openvswitch: netlink: IP tunnel dst address not specified [ 506.547582][T25363] openvswitch: netlink: IP tunnel dst address not specified [ 506.640798][T25367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6349'. [ 506.819000][T25375] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.6352'. [ 507.494375][T25409] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 507.527282][T25409] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.611640][T25409] batadv0 (unregistering): left promiscuous mode [ 508.082217][T25432] hsr_slave_1 (unregistering): left promiscuous mode [ 508.118741][T25437] bridge5: entered promiscuous mode [ 508.150771][T25437] bridge5: entered allmulticast mode [ 508.180605][T25437] team0: Port device bridge5 added [ 508.398015][T25450] syzkaller0: entered promiscuous mode [ 508.403586][T25450] syzkaller0: entered allmulticast mode [ 508.486620][T25452] validate_nla: 5 callbacks suppressed [ 508.486639][T25452] netlink: 'syz.0.6377': attribute type 1 has an invalid length. [ 508.826412][T25454] tipc: Started in network mode [ 508.840116][T25454] tipc: Node identity 72e0de16e593, cluster identity 4711 [ 508.866328][T25454] tipc: Enabled bearer , priority 0 [ 508.896258][T25464] syzkaller0: entered allmulticast mode [ 509.010592][T25453] tipc: Disabling bearer [ 509.125679][T25476] __nla_validate_parse: 6 callbacks suppressed [ 509.125698][T25476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6380'. [ 509.154972][T25482] netlink: 212 bytes leftover after parsing attributes in process `syz.2.6382'. [ 509.215786][T25484] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6383'. [ 509.413572][T25495] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 509.461908][T25495] CPU: 0 UID: 0 PID: 25495 Comm: syz.0.6386 Not tainted syzkaller #0 PREEMPT(full) [ 509.461939][T25495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 509.461950][T25495] Call Trace: [ 509.461958][T25495] [ 509.461966][T25495] dump_stack_lvl+0xe8/0x150 [ 509.461995][T25495] sysfs_warn_dup+0x8e/0xa0 [ 509.462021][T25495] sysfs_do_create_link_sd+0xc0/0x110 [ 509.462049][T25495] device_add_class_symlinks+0x1cf/0x240 [ 509.462080][T25495] device_add+0x475/0xb70 [ 509.462110][T25495] wiphy_register+0x1d6c/0x2d50 [ 509.462146][T25495] ? __pfx_wiphy_register+0x10/0x10 [ 509.462164][T25495] ? __pfx_netdev_run_todo+0x10/0x10 [ 509.462189][T25495] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 509.462219][T25495] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 509.462247][T25495] ieee80211_register_hw+0x34d2/0x4150 [ 509.462284][T25495] ? ieee80211_register_hw+0x13d1/0x4150 [ 509.462317][T25495] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 509.462357][T25495] ? __hrtimer_setup+0x181/0x200 [ 509.462374][T25495] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 509.462402][T25495] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 509.462453][T25495] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 509.462473][T25495] ? kstrndup+0xbf/0x160 [ 509.462502][T25495] hwsim_new_radio_nl+0xf85/0x1c30 [ 509.462529][T25495] ? __pfx___nla_validate_parse+0x10/0x10 [ 509.462568][T25495] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 509.462596][T25495] ? rcu_is_watching+0x15/0xb0 [ 509.462616][T25495] ? __nla_parse+0x40/0x60 [ 509.462643][T25495] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 509.462678][T25495] genl_family_rcv_msg_doit+0x22a/0x330 [ 509.462708][T25495] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 509.462744][T25495] ? bpf_lsm_capable+0x9/0x20 [ 509.462766][T25495] ? security_capable+0x7e/0x2c0 [ 509.462794][T25495] genl_rcv_msg+0x61c/0x7a0 [ 509.462823][T25495] ? __pfx_genl_rcv_msg+0x10/0x10 [ 509.462853][T25495] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 509.462879][T25495] ? __pfx_ref_tracker_free+0x10/0x10 [ 509.462910][T25495] netlink_rcv_skb+0x232/0x4b0 [ 509.462929][T25495] ? __pfx_genl_rcv_msg+0x10/0x10 [ 509.462952][T25495] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 509.462968][T25495] ? genl_rcv+0x19/0x40 [ 509.463007][T25495] ? down_read+0x272/0x2e0 [ 509.463026][T25495] ? genl_rcv+0xd/0x40 [ 509.463047][T25495] genl_rcv+0x28/0x40 [ 509.463068][T25495] netlink_unicast+0x80f/0x9b0 [ 509.463101][T25495] ? __pfx_netlink_unicast+0x10/0x10 [ 509.463129][T25495] ? netlink_sendmsg+0x650/0xb40 [ 509.463144][T25495] ? skb_put+0x11b/0x210 [ 509.463169][T25495] netlink_sendmsg+0x813/0xb40 [ 509.463197][T25495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 509.463219][T25495] ? aa_sock_msg_perm+0xf1/0x1b0 [ 509.463241][T25495] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 509.463261][T25495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 509.463278][T25495] ____sys_sendmsg+0xa68/0xad0 [ 509.463301][T25495] ? __might_fault+0xaf/0x130 [ 509.463334][T25495] ? __pfx_____sys_sendmsg+0x10/0x10 [ 509.463365][T25495] ? import_iovec+0x73/0xa0 [ 509.463395][T25495] ___sys_sendmsg+0x2a5/0x360 [ 509.463416][T25495] ? __lock_acquire+0x6b5/0x2cf0 [ 509.463444][T25495] ? __pfx____sys_sendmsg+0x10/0x10 [ 509.463473][T25495] ? futex_wait+0x29a/0x380 [ 509.463518][T25495] ? __fget_files+0x2a/0x420 [ 509.463537][T25495] ? __fget_files+0x3a0/0x420 [ 509.463568][T25495] __x64_sys_sendmsg+0x1bd/0x2a0 [ 509.463592][T25495] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 509.463624][T25495] ? rcu_is_watching+0x15/0xb0 [ 509.463654][T25495] do_syscall_64+0xe2/0xf80 [ 509.463671][T25495] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.463689][T25495] ? trace_irq_disable+0x37/0x100 [ 509.463706][T25495] ? clear_bhb_loop+0x60/0xb0 [ 509.463728][T25495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.463746][T25495] RIP: 0033:0x7f1a34b9aeb9 [ 509.463762][T25495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.463779][T25495] RSP: 002b:00007f1a35a99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 509.463800][T25495] RAX: ffffffffffffffda RBX: 00007f1a34e15fa0 RCX: 00007f1a34b9aeb9 [ 509.463815][T25495] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 509.463827][T25495] RBP: 00007f1a34c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 509.463839][T25495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.463857][T25495] R13: 00007f1a34e16038 R14: 00007f1a34e15fa0 R15: 00007ffce61982d8 [ 509.463890][T25495] [ 509.941017][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 510.146462][T25499] nbd: illegal input index 2958377 [ 510.402791][T25512] syzkaller0: entered promiscuous mode [ 510.433014][T25512] syzkaller0: entered allmulticast mode [ 510.625421][T25531] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6396'. [ 510.807865][T25538] netlink: 'syz.3.6398': attribute type 1 has an invalid length. [ 510.893570][T25523] pimreg: entered allmulticast mode [ 510.917041][T25538] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 510.952715][T25534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6397'. [ 511.157993][T25549] netlink: 23 bytes leftover after parsing attributes in process `syz.1.6400'. [ 511.344228][T25555] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 511.404644][T25555] CPU: 0 UID: 0 PID: 25555 Comm: syz.4.6403 Not tainted syzkaller #0 PREEMPT(full) [ 511.404671][T25555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 511.404684][T25555] Call Trace: [ 511.404693][T25555] [ 511.404701][T25555] dump_stack_lvl+0xe8/0x150 [ 511.404732][T25555] sysfs_warn_dup+0x8e/0xa0 [ 511.404759][T25555] sysfs_do_create_link_sd+0xc0/0x110 [ 511.404785][T25555] device_add_class_symlinks+0x1cf/0x240 [ 511.404816][T25555] device_add+0x475/0xb70 [ 511.404848][T25555] wiphy_register+0x1d6c/0x2d50 [ 511.404885][T25555] ? __pfx_wiphy_register+0x10/0x10 [ 511.404922][T25555] ? __pfx_netdev_run_todo+0x10/0x10 [ 511.404950][T25555] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 511.404984][T25555] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 511.405014][T25555] ieee80211_register_hw+0x34d2/0x4150 [ 511.405041][T25555] ? __lock_acquire+0x6b5/0x2cf0 [ 511.405080][T25555] ? ieee80211_register_hw+0x13d1/0x4150 [ 511.405116][T25555] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 511.405160][T25555] ? __hrtimer_setup+0x181/0x200 [ 511.405179][T25555] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 511.405209][T25555] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 511.405264][T25555] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 511.405286][T25555] ? kstrndup+0xbf/0x160 [ 511.405319][T25555] hwsim_new_radio_nl+0xf85/0x1c30 [ 511.405350][T25555] ? __pfx___nla_validate_parse+0x10/0x10 [ 511.405391][T25555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 511.405422][T25555] ? rcu_is_watching+0x15/0xb0 [ 511.405445][T25555] ? __nla_parse+0x40/0x60 [ 511.405475][T25555] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 511.405511][T25555] genl_family_rcv_msg_doit+0x22a/0x330 [ 511.405543][T25555] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 511.405582][T25555] ? bpf_lsm_capable+0x9/0x20 [ 511.405606][T25555] ? security_capable+0x7e/0x2c0 [ 511.405636][T25555] genl_rcv_msg+0x61c/0x7a0 [ 511.405662][T25555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 511.405688][T25555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 511.405716][T25555] ? __pfx_ref_tracker_free+0x10/0x10 [ 511.405750][T25555] netlink_rcv_skb+0x232/0x4b0 [ 511.405771][T25555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 511.405797][T25555] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 511.405814][T25555] ? genl_rcv+0x19/0x40 [ 511.405856][T25555] ? down_read+0x272/0x2e0 [ 511.405876][T25555] ? genl_rcv+0xd/0x40 [ 511.405909][T25555] genl_rcv+0x28/0x40 [ 511.405931][T25555] netlink_unicast+0x80f/0x9b0 [ 511.405969][T25555] ? __pfx_netlink_unicast+0x10/0x10 [ 511.406000][T25555] ? netlink_sendmsg+0x650/0xb40 [ 511.406019][T25555] ? skb_put+0x11b/0x210 [ 511.406042][T25555] netlink_sendmsg+0x813/0xb40 [ 511.406071][T25555] ? __pfx_netlink_sendmsg+0x10/0x10 [ 511.406092][T25555] ? aa_sock_msg_perm+0xf1/0x1b0 [ 511.406114][T25555] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 511.406136][T25555] ? __pfx_netlink_sendmsg+0x10/0x10 [ 511.406155][T25555] ____sys_sendmsg+0xa68/0xad0 [ 511.406180][T25555] ? __might_fault+0xaf/0x130 [ 511.406214][T25555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 511.406248][T25555] ? import_iovec+0x73/0xa0 [ 511.406280][T25555] ___sys_sendmsg+0x2a5/0x360 [ 511.406304][T25555] ? __lock_acquire+0x6b5/0x2cf0 [ 511.406334][T25555] ? __pfx____sys_sendmsg+0x10/0x10 [ 511.406366][T25555] ? futex_wait+0x29a/0x380 [ 511.406413][T25555] ? __fget_files+0x2a/0x420 [ 511.406434][T25555] ? __fget_files+0x3a0/0x420 [ 511.406466][T25555] __x64_sys_sendmsg+0x1bd/0x2a0 [ 511.406494][T25555] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 511.406529][T25555] ? rcu_is_watching+0x15/0xb0 [ 511.406561][T25555] do_syscall_64+0xe2/0xf80 [ 511.406580][T25555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.406599][T25555] ? trace_irq_disable+0x37/0x100 [ 511.406617][T25555] ? clear_bhb_loop+0x60/0xb0 [ 511.406640][T25555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.406659][T25555] RIP: 0033:0x7f62cef9aeb9 [ 511.406677][T25555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 511.406694][T25555] RSP: 002b:00007f62cfe68028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 511.406716][T25555] RAX: ffffffffffffffda RBX: 00007f62cf215fa0 RCX: 00007f62cef9aeb9 [ 511.406731][T25555] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 511.406744][T25555] RBP: 00007f62cf008c1f R08: 0000000000000000 R09: 0000000000000000 [ 511.406757][T25555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.406769][T25555] R13: 00007f62cf216038 R14: 00007f62cf215fa0 R15: 00007ffe970ef538 [ 511.406804][T25555] [ 511.863282][T25558] netlink: 'syz.1.6404': attribute type 29 has an invalid length. [ 511.984610][T25558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6404'. [ 512.156057][T25565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6407'. [ 512.319239][T25570] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6409'. [ 512.610892][T25579] gre5: entered promiscuous mode [ 512.615923][T25579] gre5: entered allmulticast mode [ 512.816758][T25587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6412'. [ 513.211776][T25604] FAULT_INJECTION: forcing a failure. [ 513.211776][T25604] name failslab, interval 1, probability 0, space 0, times 0 [ 513.264717][T25604] CPU: 1 UID: 0 PID: 25604 Comm: syz.0.6420 Not tainted syzkaller #0 PREEMPT(full) [ 513.264752][T25604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 513.264765][T25604] Call Trace: [ 513.264773][T25604] [ 513.264782][T25604] dump_stack_lvl+0xe8/0x150 [ 513.264811][T25604] should_fail_ex+0x412/0x560 [ 513.264839][T25604] should_failslab+0xa8/0x100 [ 513.264862][T25604] kmem_cache_alloc_noprof+0x87/0x6e0 [ 513.264887][T25604] ? apparmor_capable+0x137/0x1a0 [ 513.264914][T25604] ? skb_clone+0x212/0x3a0 [ 513.264942][T25604] skb_clone+0x212/0x3a0 [ 513.264965][T25604] ? nfnetlink_rcv+0x4b0/0x27b0 [ 513.264994][T25604] nfnetlink_rcv+0x4e2/0x27b0 [ 513.265030][T25604] ? lockdep_hardirqs_on+0x7a/0x110 [ 513.265050][T25604] ? __dev_queue_xmit+0x274/0x3850 [ 513.265074][T25604] ? __local_bh_enable_ip+0xd0/0x130 [ 513.265092][T25604] ? __dev_queue_xmit+0x1e6c/0x3850 [ 513.265115][T25604] ? __x64_sys_sendmsg+0x1bd/0x2a0 [ 513.265149][T25604] ? __dev_queue_xmit+0x274/0x3850 [ 513.265175][T25604] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 513.265215][T25604] ? ref_tracker_free+0x693/0x840 [ 513.265237][T25604] ? __copy_skb_header+0xa3/0x4a0 [ 513.265263][T25604] ? __pfx_ref_tracker_free+0x10/0x10 [ 513.265300][T25604] ? skb_clone+0x246/0x3a0 [ 513.265327][T25604] ? __netlink_deliver_tap+0x807/0x850 [ 513.265346][T25604] ? netlink_deliver_tap+0x2e/0x1b0 [ 513.265381][T25604] netlink_unicast+0x80f/0x9b0 [ 513.265415][T25604] ? __pfx_netlink_unicast+0x10/0x10 [ 513.265440][T25604] ? __alloc_skb+0x193/0x390 [ 513.265461][T25604] ? netlink_sendmsg+0x650/0xb40 [ 513.265477][T25604] ? skb_put+0x11b/0x210 [ 513.265502][T25604] netlink_sendmsg+0x813/0xb40 [ 513.265530][T25604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.265552][T25604] ? aa_sock_msg_perm+0xf1/0x1b0 [ 513.265576][T25604] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 513.265598][T25604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.265616][T25604] ____sys_sendmsg+0xa68/0xad0 [ 513.265639][T25604] ? __might_fault+0xaf/0x130 [ 513.265670][T25604] ? __pfx_____sys_sendmsg+0x10/0x10 [ 513.265702][T25604] ? import_iovec+0x73/0xa0 [ 513.265737][T25604] ___sys_sendmsg+0x2a5/0x360 [ 513.265760][T25604] ? __lock_acquire+0x6b5/0x2cf0 [ 513.265789][T25604] ? __pfx____sys_sendmsg+0x10/0x10 [ 513.265845][T25604] ? __fget_files+0x2a/0x420 [ 513.265869][T25604] ? __fget_files+0x3a0/0x420 [ 513.265899][T25604] __x64_sys_sendmsg+0x1bd/0x2a0 [ 513.265925][T25604] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 513.265957][T25604] ? __pfx_ksys_write+0x10/0x10 [ 513.265993][T25604] do_syscall_64+0xe2/0xf80 [ 513.266012][T25604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.266030][T25604] ? trace_irq_disable+0x37/0x100 [ 513.266048][T25604] ? clear_bhb_loop+0x60/0xb0 [ 513.266070][T25604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.266088][T25604] RIP: 0033:0x7f1a34b9aeb9 [ 513.266105][T25604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.266122][T25604] RSP: 002b:00007f1a35a99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 513.266142][T25604] RAX: ffffffffffffffda RBX: 00007f1a34e15fa0 RCX: 00007f1a34b9aeb9 [ 513.266157][T25604] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 513.266170][T25604] RBP: 00007f1a35a99090 R08: 0000000000000000 R09: 0000000000000000 [ 513.266182][T25604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.266194][T25604] R13: 00007f1a34e16038 R14: 00007f1a34e15fa0 R15: 00007ffce61982d8 [ 513.266224][T25604] [ 514.339872][T25639] __nla_validate_parse: 3 callbacks suppressed [ 514.339892][T25639] netlink: 52 bytes leftover after parsing attributes in process `syz.1.6432'. [ 514.357113][T25642] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6431'. [ 514.377551][T25640] netlink: 'syz.4.6430': attribute type 1 has an invalid length. [ 514.395048][T25640] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6430'. [ 514.464677][T25646] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6430'. [ 514.524752][T25650] FAULT_INJECTION: forcing a failure. [ 514.524752][T25650] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 514.554668][T25646] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6430'. [ 514.574666][T25650] CPU: 1 UID: 0 PID: 25650 Comm: syz.3.6434 Not tainted syzkaller #0 PREEMPT(full) [ 514.574692][T25650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 514.574704][T25650] Call Trace: [ 514.574711][T25650] [ 514.574720][T25650] dump_stack_lvl+0xe8/0x150 [ 514.574747][T25650] should_fail_ex+0x412/0x560 [ 514.574774][T25650] _copy_from_user+0x2d/0xb0 [ 514.574801][T25650] kstrtouint_from_user+0xd6/0x180 [ 514.574827][T25650] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 514.574866][T25650] proc_fail_nth_write+0x8e/0x210 [ 514.574893][T25650] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 514.574924][T25650] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 514.574952][T25650] vfs_write+0x29a/0xb90 [ 514.574986][T25650] ? __pfx_vfs_write+0x10/0x10 [ 514.575012][T25650] ? __fget_files+0x2a/0x420 [ 514.575033][T25650] ? __fget_files+0x3a0/0x420 [ 514.575051][T25650] ? __fget_files+0x2a/0x420 [ 514.575076][T25650] ksys_write+0x150/0x270 [ 514.575101][T25650] ? __pfx_ksys_write+0x10/0x10 [ 514.575136][T25650] do_syscall_64+0xe2/0xf80 [ 514.575156][T25650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.575175][T25650] ? trace_irq_disable+0x37/0x100 [ 514.575193][T25650] ? clear_bhb_loop+0x60/0xb0 [ 514.575215][T25650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.575233][T25650] RIP: 0033:0x7f820e15b78e [ 514.575250][T25650] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 514.575267][T25650] RSP: 002b:00007f820f134fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 514.575287][T25650] RAX: ffffffffffffffda RBX: 00007f820f1356c0 RCX: 00007f820e15b78e [ 514.575301][T25650] RDX: 0000000000000001 RSI: 00007f820f1350a0 RDI: 0000000000000004 [ 514.575313][T25650] RBP: 00007f820f135090 R08: 0000000000000000 R09: 0000000000000000 [ 514.575324][T25650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.575335][T25650] R13: 00007f820e416038 R14: 00007f820e415fa0 R15: 00007ffd1786cde8 [ 514.575374][T25650] [ 514.872816][T25645] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 514.903653][T25645] CPU: 0 UID: 0 PID: 25645 Comm: syz.2.6433 Not tainted syzkaller #0 PREEMPT(full) [ 514.903682][T25645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 514.903695][T25645] Call Trace: [ 514.903704][T25645] [ 514.903712][T25645] dump_stack_lvl+0xe8/0x150 [ 514.903744][T25645] sysfs_warn_dup+0x8e/0xa0 [ 514.903771][T25645] sysfs_do_create_link_sd+0xc0/0x110 [ 514.903801][T25645] device_add_class_symlinks+0x1cf/0x240 [ 514.903834][T25645] device_add+0x475/0xb70 [ 514.903866][T25645] wiphy_register+0x1d6c/0x2d50 [ 514.903902][T25645] ? __pfx_wiphy_register+0x10/0x10 [ 514.903934][T25645] ? __pfx_netdev_run_todo+0x10/0x10 [ 514.903961][T25645] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 514.903994][T25645] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 514.904023][T25645] ieee80211_register_hw+0x34d2/0x4150 [ 514.904063][T25645] ? ieee80211_register_hw+0x13d1/0x4150 [ 514.904098][T25645] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 514.904140][T25645] ? __hrtimer_setup+0x181/0x200 [ 514.904159][T25645] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 514.904188][T25645] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 514.904241][T25645] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 514.904262][T25645] ? kstrndup+0xbf/0x160 [ 514.904292][T25645] hwsim_new_radio_nl+0xf85/0x1c30 [ 514.904330][T25645] ? __pfx___nla_validate_parse+0x10/0x10 [ 514.904370][T25645] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 514.904398][T25645] ? rcu_is_watching+0x15/0xb0 [ 514.904418][T25645] ? __nla_parse+0x40/0x60 [ 514.904447][T25645] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 514.904481][T25645] genl_family_rcv_msg_doit+0x22a/0x330 [ 514.904512][T25645] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 514.904548][T25645] ? bpf_lsm_capable+0x9/0x20 [ 514.904568][T25645] ? security_capable+0x7e/0x2c0 [ 514.904595][T25645] genl_rcv_msg+0x61c/0x7a0 [ 514.904623][T25645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.904647][T25645] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 514.904673][T25645] ? __pfx_ref_tracker_free+0x10/0x10 [ 514.904704][T25645] netlink_rcv_skb+0x232/0x4b0 [ 514.904724][T25645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.904747][T25645] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 514.904763][T25645] ? genl_rcv+0x19/0x40 [ 514.904803][T25645] ? down_read+0x272/0x2e0 [ 514.904822][T25645] ? genl_rcv+0xd/0x40 [ 514.904844][T25645] genl_rcv+0x28/0x40 [ 514.904866][T25645] netlink_unicast+0x80f/0x9b0 [ 514.904901][T25645] ? __pfx_netlink_unicast+0x10/0x10 [ 514.904928][T25645] ? netlink_sendmsg+0x650/0xb40 [ 514.904944][T25645] ? skb_put+0x11b/0x210 [ 514.904969][T25645] netlink_sendmsg+0x813/0xb40 [ 514.904999][T25645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.905023][T25645] ? aa_sock_msg_perm+0xf1/0x1b0 [ 514.905048][T25645] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 514.905070][T25645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.905089][T25645] ____sys_sendmsg+0xa68/0xad0 [ 514.905113][T25645] ? __might_fault+0xaf/0x130 [ 514.905147][T25645] ? __pfx_____sys_sendmsg+0x10/0x10 [ 514.905181][T25645] ? import_iovec+0x73/0xa0 [ 514.905213][T25645] ___sys_sendmsg+0x2a5/0x360 [ 514.905236][T25645] ? __lock_acquire+0x6b5/0x2cf0 [ 514.905266][T25645] ? __pfx____sys_sendmsg+0x10/0x10 [ 514.905307][T25645] ? futex_wait+0x29a/0x380 [ 514.905355][T25645] ? __fget_files+0x2a/0x420 [ 514.905375][T25645] ? __fget_files+0x3a0/0x420 [ 514.905405][T25645] __x64_sys_sendmsg+0x1bd/0x2a0 [ 514.905434][T25645] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 514.905469][T25645] ? rcu_is_watching+0x15/0xb0 [ 514.905501][T25645] do_syscall_64+0xe2/0xf80 [ 514.905521][T25645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.905538][T25645] ? trace_irq_disable+0x37/0x100 [ 514.905556][T25645] ? clear_bhb_loop+0x60/0xb0 [ 514.905580][T25645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.905599][T25645] RIP: 0033:0x7f0b1f99aeb9 [ 514.905617][T25645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 514.905634][T25645] RSP: 002b:00007f0b2076f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.905655][T25645] RAX: ffffffffffffffda RBX: 00007f0b1fc15fa0 RCX: 00007f0b1f99aeb9 [ 514.905671][T25645] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 514.905684][T25645] RBP: 00007f0b1fa08c1f R08: 0000000000000000 R09: 0000000000000000 [ 514.905696][T25645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.905709][T25645] R13: 00007f0b1fc16038 R14: 00007f0b1fc15fa0 R15: 00007fff04c8b388 [ 514.905740][T25645] [ 515.403593][T25667] Cannot find add_set index 2 as target [ 515.610889][T25671] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6442'. [ 515.710141][T25683] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 515.985554][T25696] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 516.009202][T25692] netlink: 'syz.3.6447': attribute type 4 has an invalid length. [ 516.020206][T25692] netlink: 'syz.3.6447': attribute type 4 has an invalid length. [ 516.033129][ T5976] lo speed is unknown, defaulting to 1000 [ 516.054762][ T5976] syz2: Port: 1 Link ACTIVE [ 516.064691][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.184776][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.210386][T25706] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 516.259889][T25706] CPU: 1 UID: 0 PID: 25706 Comm: syz.4.6450 Not tainted syzkaller #0 PREEMPT(full) [ 516.259919][T25706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 516.259932][T25706] Call Trace: [ 516.259940][T25706] [ 516.259949][T25706] dump_stack_lvl+0xe8/0x150 [ 516.259980][T25706] sysfs_warn_dup+0x8e/0xa0 [ 516.260007][T25706] sysfs_do_create_link_sd+0xc0/0x110 [ 516.260055][T25706] device_add_class_symlinks+0x1cf/0x240 [ 516.260089][T25706] device_add+0x475/0xb70 [ 516.260123][T25706] wiphy_register+0x1d6c/0x2d50 [ 516.260169][T25706] ? __pfx_wiphy_register+0x10/0x10 [ 516.260190][T25706] ? __pfx_netdev_run_todo+0x10/0x10 [ 516.260217][T25706] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 516.260252][T25706] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 516.260282][T25706] ieee80211_register_hw+0x34d2/0x4150 [ 516.260307][T25706] ? __lock_acquire+0x6b5/0x2cf0 [ 516.260347][T25706] ? ieee80211_register_hw+0x13d1/0x4150 [ 516.260382][T25706] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 516.260425][T25706] ? __hrtimer_setup+0x181/0x200 [ 516.260443][T25706] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 516.260473][T25706] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 516.260529][T25706] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 516.260551][T25706] ? kstrndup+0xbf/0x160 [ 516.260584][T25706] hwsim_new_radio_nl+0xf85/0x1c30 [ 516.260614][T25706] ? __pfx___nla_validate_parse+0x10/0x10 [ 516.260656][T25706] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 516.260686][T25706] ? rcu_is_watching+0x15/0xb0 [ 516.260710][T25706] ? __nla_parse+0x40/0x60 [ 516.260739][T25706] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 516.260774][T25706] genl_family_rcv_msg_doit+0x22a/0x330 [ 516.260806][T25706] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 516.260850][T25706] ? bpf_lsm_capable+0x9/0x20 [ 516.260874][T25706] ? security_capable+0x7e/0x2c0 [ 516.260904][T25706] genl_rcv_msg+0x61c/0x7a0 [ 516.260935][T25706] ? __pfx_genl_rcv_msg+0x10/0x10 [ 516.260958][T25706] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 516.260986][T25706] ? __pfx_ref_tracker_free+0x10/0x10 [ 516.261019][T25706] netlink_rcv_skb+0x232/0x4b0 [ 516.261041][T25706] ? __pfx_genl_rcv_msg+0x10/0x10 [ 516.261067][T25706] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 516.261084][T25706] ? genl_rcv+0x19/0x40 [ 516.261125][T25706] ? down_read+0x272/0x2e0 [ 516.261145][T25706] ? genl_rcv+0xd/0x40 [ 516.261177][T25706] genl_rcv+0x28/0x40 [ 516.261199][T25706] netlink_unicast+0x80f/0x9b0 [ 516.261237][T25706] ? __pfx_netlink_unicast+0x10/0x10 [ 516.261267][T25706] ? netlink_sendmsg+0x650/0xb40 [ 516.261285][T25706] ? skb_put+0x11b/0x210 [ 516.261312][T25706] netlink_sendmsg+0x813/0xb40 [ 516.261343][T25706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 516.261367][T25706] ? aa_sock_msg_perm+0xf1/0x1b0 [ 516.261392][T25706] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 516.261414][T25706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 516.261432][T25706] ____sys_sendmsg+0xa68/0xad0 [ 516.261457][T25706] ? __might_fault+0xaf/0x130 [ 516.261491][T25706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 516.261527][T25706] ? import_iovec+0x73/0xa0 [ 516.261559][T25706] ___sys_sendmsg+0x2a5/0x360 [ 516.261583][T25706] ? __lock_acquire+0x6b5/0x2cf0 [ 516.261614][T25706] ? __pfx____sys_sendmsg+0x10/0x10 [ 516.261648][T25706] ? futex_wait+0x29a/0x380 [ 516.261696][T25706] ? __fget_files+0x2a/0x420 [ 516.261717][T25706] ? __fget_files+0x3a0/0x420 [ 516.261750][T25706] __x64_sys_sendmsg+0x1bd/0x2a0 [ 516.261778][T25706] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 516.261813][T25706] ? rcu_is_watching+0x15/0xb0 [ 516.261846][T25706] do_syscall_64+0xe2/0xf80 [ 516.261866][T25706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.261884][T25706] ? trace_irq_disable+0x37/0x100 [ 516.261902][T25706] ? clear_bhb_loop+0x60/0xb0 [ 516.261926][T25706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.261945][T25706] RIP: 0033:0x7f62cef9aeb9 [ 516.261964][T25706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 516.261982][T25706] RSP: 002b:00007f62cfe68028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 516.262004][T25706] RAX: ffffffffffffffda RBX: 00007f62cf215fa0 RCX: 00007f62cef9aeb9 [ 516.262019][T25706] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 516.262032][T25706] RBP: 00007f62cf008c1f R08: 0000000000000000 R09: 0000000000000000 [ 516.262045][T25706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 516.262057][T25706] R13: 00007f62cf216038 R14: 00007f62cf215fa0 R15: 00007ffe970ef538 [ 516.262092][T25706] [ 516.435252][T25710] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6451'. [ 516.548515][T25719] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6453'. [ 516.573730][T25714] netlink: 'syz.1.6451': attribute type 1 has an invalid length. [ 516.610917][T25710] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6451'. [ 516.818489][T25714] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6451'. [ 516.889148][T25725] syzkaller0: entered promiscuous mode [ 516.904116][T25725] syzkaller0: entered allmulticast mode [ 517.028962][T25731] netlink: 'syz.0.6456': attribute type 1 has an invalid length. [ 517.161047][ T8783] nci: nci_rx_work: unknown MT 0x1 [ 517.259643][T25739] netlink: 'syz.0.6457': attribute type 1 has an invalid length. [ 517.276761][T25741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 517.365907][T25748] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 517.628077][T25760] netlink: 'syz.2.6462': attribute type 4 has an invalid length. [ 517.653764][T25760] netlink: 'syz.2.6462': attribute type 4 has an invalid length. [ 517.833946][T25762] netlink: 'syz.2.6463': attribute type 1 has an invalid length. [ 518.013854][T25769] netlink: Conntrack attr has 4 unknown bytes [ 518.103940][T25773] syzkaller0: entered promiscuous mode [ 518.127432][T25773] syzkaller0: entered allmulticast mode [ 518.279772][T25783] netlink: 'syz.0.6469': attribute type 1 has an invalid length. [ 518.769572][T25812] netlink: Conntrack attr has 4 unknown bytes [ 519.148930][T25830] syzkaller0: entered promiscuous mode [ 519.164681][T25830] syzkaller0: entered allmulticast mode [ 519.269767][T25845] netlink: Conntrack attr has 4 unknown bytes [ 519.377608][T25851] SET target dimension over the limit! [ 519.395134][T25852] __nla_validate_parse: 13 callbacks suppressed [ 519.395153][T25852] netlink: 596 bytes leftover after parsing attributes in process `syz.0.6490'. [ 519.420684][T25853] validate_nla: 1 callbacks suppressed [ 519.420700][T25853] netlink: 'syz.4.6493': attribute type 1 has an invalid length. [ 519.434005][T25853] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6493'. [ 519.453525][T25843] netlink: 'syz.0.6490': attribute type 29 has an invalid length. [ 519.519711][T25848] netlink: 'syz.0.6490': attribute type 29 has an invalid length. [ 519.695045][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.703671][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.712092][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.720414][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.781714][T25868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6497'. [ 519.883908][T25872] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6498'. [ 520.180529][T25882] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.6502'. [ 520.238280][T25863] infiniband : set down [ 520.238286][T25885] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.6503'. [ 520.306008][T25863] infiniband : added ipvlan0 [ 520.443979][T25863] RDS/IB: : added [ 520.461841][T25895] netlink: 'syz.3.6506': attribute type 1 has an invalid length. [ 520.480126][T25863] smc: adding ib device  with port count 1 [ 520.492807][T25895] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6506'. [ 520.526021][T25863] smc: ib device  port 1 has no pnetid [ 520.587816][T25898] netlink: 'syz.2.6508': attribute type 1 has an invalid length. [ 520.595918][T25898] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6508'. [ 520.881555][T25908] 8021q: adding VLAN 0 to HW filter on device bond10 [ 521.219358][T25927] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.6516'. [ 521.289877][T25925] syzkaller0: entered promiscuous mode [ 521.295979][T25927] net_ratelimit: 3 callbacks suppressed [ 521.295995][T25927] netlink: Conntrack attr has 4 unknown bytes [ 521.310184][T25925] syzkaller0: entered allmulticast mode [ 521.512861][T25940] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 521.735188][T25944] netlink: 'syz.2.6520': attribute type 7 has an invalid length. [ 521.859282][T25949] netlink: 'syz.3.6522': attribute type 1 has an invalid length. [ 521.883472][T25949] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6522'. [ 522.210975][ T419] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.226667][T25969] netlink: Conntrack attr has 4 unknown bytes [ 522.230633][ T419] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.253337][ T419] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.253777][T25965] netlink: 'syz.1.6527': attribute type 1 has an invalid length. [ 522.272196][ T419] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.714130][T25989] netlink: 'syz.4.6537': attribute type 1 has an invalid length. [ 522.725319][T25991] netlink: 'syz.2.6536': attribute type 4 has an invalid length. [ 522.808985][T25992] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 522.869405][T25992] CPU: 1 UID: 0 PID: 25992 Comm: syz.1.6538 Not tainted syzkaller #0 PREEMPT(full) [ 522.869432][T25992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 522.869445][T25992] Call Trace: [ 522.869454][T25992] [ 522.869463][T25992] dump_stack_lvl+0xe8/0x150 [ 522.869501][T25992] sysfs_warn_dup+0x8e/0xa0 [ 522.869527][T25992] sysfs_do_create_link_sd+0xc0/0x110 [ 522.869554][T25992] device_add_class_symlinks+0x1cf/0x240 [ 522.869586][T25992] device_add+0x475/0xb70 [ 522.869617][T25992] wiphy_register+0x1d6c/0x2d50 [ 522.869654][T25992] ? __pfx_wiphy_register+0x10/0x10 [ 522.869672][T25992] ? __pfx_netdev_run_todo+0x10/0x10 [ 522.869699][T25992] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 522.869730][T25992] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 522.869758][T25992] ieee80211_register_hw+0x34d2/0x4150 [ 522.869781][T25992] ? __lock_acquire+0x6b5/0x2cf0 [ 522.869818][T25992] ? ieee80211_register_hw+0x13d1/0x4150 [ 522.869853][T25992] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 522.869894][T25992] ? __hrtimer_setup+0x181/0x200 [ 522.869919][T25992] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 522.869947][T25992] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 522.869993][T25992] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 522.870012][T25992] ? kstrndup+0xbf/0x160 [ 522.870043][T25992] hwsim_new_radio_nl+0xf85/0x1c30 [ 522.870073][T25992] ? __pfx___nla_validate_parse+0x10/0x10 [ 522.870111][T25992] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 522.870141][T25992] ? rcu_is_watching+0x15/0xb0 [ 522.870164][T25992] ? __nla_parse+0x40/0x60 [ 522.870190][T25992] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 522.870224][T25992] genl_family_rcv_msg_doit+0x22a/0x330 [ 522.870256][T25992] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 522.870293][T25992] ? bpf_lsm_capable+0x9/0x20 [ 522.870318][T25992] ? security_capable+0x7e/0x2c0 [ 522.870347][T25992] genl_rcv_msg+0x61c/0x7a0 [ 522.870379][T25992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 522.870402][T25992] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 522.870441][T25992] netlink_rcv_skb+0x232/0x4b0 [ 522.870462][T25992] ? __pfx_genl_rcv_msg+0x10/0x10 [ 522.870586][T25992] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 522.870613][T25992] ? genl_rcv+0x19/0x40 [ 522.870650][T25992] ? down_read+0x272/0x2e0 [ 522.870671][T25992] ? genl_rcv+0xd/0x40 [ 522.870694][T25992] genl_rcv+0x28/0x40 [ 522.870716][T25992] netlink_unicast+0x80f/0x9b0 [ 522.870750][T25992] ? __pfx_netlink_unicast+0x10/0x10 [ 522.870778][T25992] ? netlink_sendmsg+0x650/0xb40 [ 522.870795][T25992] ? skb_put+0x11b/0x210 [ 522.870819][T25992] netlink_sendmsg+0x813/0xb40 [ 522.870848][T25992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.870872][T25992] ? aa_sock_msg_perm+0xf1/0x1b0 [ 522.870896][T25992] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 522.870918][T25992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.870937][T25992] ____sys_sendmsg+0xa68/0xad0 [ 522.870961][T25992] ? __might_fault+0xaf/0x130 [ 522.870994][T25992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 522.871028][T25992] ? import_iovec+0x73/0xa0 [ 522.871059][T25992] ___sys_sendmsg+0x2a5/0x360 [ 522.871082][T25992] ? __lock_acquire+0x6b5/0x2cf0 [ 522.871112][T25992] ? __pfx____sys_sendmsg+0x10/0x10 [ 522.871144][T25992] ? futex_wait+0x29a/0x380 [ 522.871191][T25992] ? __fget_files+0x2a/0x420 [ 522.871212][T25992] ? __fget_files+0x3a0/0x420 [ 522.871243][T25992] __x64_sys_sendmsg+0x1bd/0x2a0 [ 522.871271][T25992] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 522.871306][T25992] ? rcu_is_watching+0x15/0xb0 [ 522.871337][T25992] do_syscall_64+0xe2/0xf80 [ 522.871356][T25992] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.871374][T25992] ? trace_irq_disable+0x37/0x100 [ 522.871392][T25992] ? clear_bhb_loop+0x60/0xb0 [ 522.871416][T25992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.871434][T25992] RIP: 0033:0x7fb45d59aeb9 [ 522.871452][T25992] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 522.871469][T25992] RSP: 002b:00007fb45e434028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 522.871490][T25992] RAX: ffffffffffffffda RBX: 00007fb45d815fa0 RCX: 00007fb45d59aeb9 [ 522.871505][T25992] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 522.871519][T25992] RBP: 00007fb45d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 522.871531][T25992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 522.871543][T25992] R13: 00007fb45d816038 R14: 00007fb45d815fa0 R15: 00007ffdc1b8f018 [ 522.871588][T25992] [ 523.308316][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.316736][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.325148][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.333543][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.341924][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.350735][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.359127][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.367501][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.431600][T26032] validate_nla: 3 callbacks suppressed [ 524.431619][T26032] netlink: 'syz.1.6551': attribute type 1 has an invalid length. [ 524.481650][T26032] __nla_validate_parse: 11 callbacks suppressed [ 524.481723][T26032] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6551'. [ 524.542208][T26044] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6557'. [ 524.646138][T26051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6558'. [ 524.695101][T26056] netlink: 241 bytes leftover after parsing attributes in process `syz.4.6561'. [ 524.713903][T26057] netlink: 241 bytes leftover after parsing attributes in process `syz.4.6561'. [ 524.727575][T26059] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6560'. [ 524.915025][T26068] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6563'. [ 524.917659][T26063] tipc: Resetting bearer [ 525.019687][T26072] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6565'. [ 525.130162][T26072] 8021q: VLANs not supported on sit0 [ 525.161717][T26080] vlan4: entered promiscuous mode [ 525.168507][T26080] bridge0: entered promiscuous mode [ 525.245522][T26081] netlink: 'syz.4.6569': attribute type 4 has an invalid length. [ 525.270605][T26081] netlink: 'syz.4.6569': attribute type 4 has an invalid length. [ 525.669508][T26109] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6578'. [ 525.674937][T26107] netlink: 'syz.4.6576': attribute type 1 has an invalid length. [ 525.728589][T26107] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6576'. [ 525.949875][T26120] netlink: 'syz.0.6582': attribute type 9 has an invalid length. [ 526.391572][T26151] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 526.492404][T26158] syzkaller0: entered promiscuous mode [ 526.515313][T26158] syzkaller0: entered allmulticast mode [ 526.654704][ C0] net_ratelimit: 2 callbacks suppressed [ 526.654724][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.668767][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.677219][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.685655][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.694100][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.702561][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.734713][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.936081][T26183] netlink: 'syz.2.6600': attribute type 1 has an invalid length. [ 526.978220][T26185] netlink: Conntrack attr has 4 unknown bytes [ 527.399260][T26203] SET target dimension over the limit! [ 527.505016][T26209] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 528.046062][T26243] tipc: Enabled bearer , priority 0 [ 528.062951][T26244] netlink: 'syz.0.6618': attribute type 5 has an invalid length. [ 528.073331][T26243] syzkaller0: entered promiscuous mode [ 528.095530][T26243] syzkaller0: entered allmulticast mode [ 528.105731][T26243] netlink: 'syz.3.6619': attribute type 3 has an invalid length. [ 528.163747][T26248] netlink: 'syz.0.6618': attribute type 2 has an invalid length. [ 528.230408][T26243] tipc: Resetting bearer [ 528.256632][T26239] tipc: Resetting bearer [ 528.278633][T26239] tipc: Disabling bearer [ 528.322095][T26251] netlink: 'syz.2.6622': attribute type 1 has an invalid length. [ 528.656900][T26271] syzkaller0: entered promiscuous mode [ 528.680939][T26271] syzkaller0: entered allmulticast mode [ 528.703660][T26275] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 528.741752][T26275] CPU: 1 UID: 0 PID: 26275 Comm: syz.4.6631 Not tainted syzkaller #0 PREEMPT(full) [ 528.741779][T26275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 528.741791][T26275] Call Trace: [ 528.741801][T26275] [ 528.741810][T26275] dump_stack_lvl+0xe8/0x150 [ 528.741837][T26275] sysfs_warn_dup+0x8e/0xa0 [ 528.741862][T26275] sysfs_do_create_link_sd+0xc0/0x110 [ 528.741892][T26275] device_add_class_symlinks+0x1cf/0x240 [ 528.741927][T26275] device_add+0x475/0xb70 [ 528.741958][T26275] wiphy_register+0x1d6c/0x2d50 [ 528.741995][T26275] ? __pfx_wiphy_register+0x10/0x10 [ 528.742015][T26275] ? __pfx_netdev_run_todo+0x10/0x10 [ 528.742044][T26275] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 528.742076][T26275] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 528.742106][T26275] ieee80211_register_hw+0x34d2/0x4150 [ 528.742145][T26275] ? ieee80211_register_hw+0x13d1/0x4150 [ 528.742179][T26275] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 528.742221][T26275] ? __hrtimer_setup+0x181/0x200 [ 528.742246][T26275] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 528.742277][T26275] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 528.742327][T26275] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 528.742349][T26275] ? kstrndup+0xbf/0x160 [ 528.742380][T26275] hwsim_new_radio_nl+0xf85/0x1c30 [ 528.742412][T26275] ? __pfx___nla_validate_parse+0x10/0x10 [ 528.742452][T26275] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 528.742484][T26275] ? rcu_is_watching+0x15/0xb0 [ 528.742508][T26275] ? __nla_parse+0x40/0x60 [ 528.742537][T26275] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 528.742571][T26275] genl_family_rcv_msg_doit+0x22a/0x330 [ 528.742605][T26275] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 528.742644][T26275] ? bpf_lsm_capable+0x9/0x20 [ 528.742668][T26275] ? security_capable+0x7e/0x2c0 [ 528.742696][T26275] genl_rcv_msg+0x61c/0x7a0 [ 528.742725][T26275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 528.742751][T26275] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 528.742778][T26275] ? __pfx_ref_tracker_free+0x10/0x10 [ 528.742810][T26275] netlink_rcv_skb+0x232/0x4b0 [ 528.742832][T26275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 528.742857][T26275] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 528.742873][T26275] ? genl_rcv+0x19/0x40 [ 528.742913][T26275] ? down_read+0x272/0x2e0 [ 528.742933][T26275] ? genl_rcv+0xd/0x40 [ 528.742958][T26275] genl_rcv+0x28/0x40 [ 528.742980][T26275] netlink_unicast+0x80f/0x9b0 [ 528.743016][T26275] ? __pfx_netlink_unicast+0x10/0x10 [ 528.743046][T26275] ? netlink_sendmsg+0x650/0xb40 [ 528.743064][T26275] ? skb_put+0x11b/0x210 [ 528.743091][T26275] netlink_sendmsg+0x813/0xb40 [ 528.743121][T26275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 528.743145][T26275] ? aa_sock_msg_perm+0xf1/0x1b0 [ 528.743171][T26275] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 528.743194][T26275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 528.743213][T26275] ____sys_sendmsg+0xa68/0xad0 [ 528.743246][T26275] ? __might_fault+0xaf/0x130 [ 528.743280][T26275] ? __pfx_____sys_sendmsg+0x10/0x10 [ 528.743316][T26275] ? import_iovec+0x73/0xa0 [ 528.743348][T26275] ___sys_sendmsg+0x2a5/0x360 [ 528.743371][T26275] ? __lock_acquire+0x6b5/0x2cf0 [ 528.743402][T26275] ? __pfx____sys_sendmsg+0x10/0x10 [ 528.743434][T26275] ? futex_wait+0x29a/0x380 [ 528.743481][T26275] ? __fget_files+0x2a/0x420 [ 528.743503][T26275] ? __fget_files+0x3a0/0x420 [ 528.743534][T26275] __x64_sys_sendmsg+0x1bd/0x2a0 [ 528.743562][T26275] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 528.743598][T26275] ? rcu_is_watching+0x15/0xb0 [ 528.743630][T26275] do_syscall_64+0xe2/0xf80 [ 528.743649][T26275] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.743668][T26275] ? trace_irq_disable+0x37/0x100 [ 528.743685][T26275] ? clear_bhb_loop+0x60/0xb0 [ 528.743710][T26275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.743729][T26275] RIP: 0033:0x7f62cef9aeb9 [ 528.743748][T26275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 528.743765][T26275] RSP: 002b:00007f62cfe68028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 528.743787][T26275] RAX: ffffffffffffffda RBX: 00007f62cf215fa0 RCX: 00007f62cef9aeb9 [ 528.743802][T26275] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 528.743814][T26275] RBP: 00007f62cf008c1f R08: 0000000000000000 R09: 0000000000000000 [ 528.743827][T26275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 528.743839][T26275] R13: 00007f62cf216038 R14: 00007f62cf215fa0 R15: 00007ffe970ef538 [ 528.743871][T26275] [ 529.940125][T26302] __nla_validate_parse: 14 callbacks suppressed [ 529.940143][T26302] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6643'. [ 530.001918][T26295] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6643'. [ 530.014673][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.023084][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.140188][T26314] veth0: entered promiscuous mode [ 530.160568][T26317] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6648'. [ 530.177129][T26314] validate_nla: 1 callbacks suppressed [ 530.177144][T26314] netlink: 'syz.4.6647': attribute type 1 has an invalid length. [ 530.218483][T26314] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6647'. [ 530.245293][T26315] tipc: Enabling of bearer rejected, failed to enable media [ 530.303038][T26324] tipc: Enabling of bearer rejected, failed to enable media [ 530.341521][T26329] netlink: 'syz.0.6652': attribute type 1 has an invalid length. [ 530.366012][T26329] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6652'. [ 530.547179][T26313] veth0: left promiscuous mode [ 530.682772][T26343] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6657'. [ 530.723549][T26345] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6656'. [ 530.740192][T26343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6657'. [ 530.742921][T26347] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 530.960250][T26356] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 531.212920][T26369] bond8: Unable to set peer notification delay as MII monitoring is disabled [ 531.270976][T26369] bond8 (unregistering): Released all slaves [ 531.530926][T26389] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.6669'. [ 531.602856][T26395] netlink: 'syz.2.6671': attribute type 3 has an invalid length. [ 531.645701][T26398] netlink: 'syz.4.6672': attribute type 11 has an invalid length. [ 531.653793][T26398] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.6672'. [ 531.788194][T26400] netlink: 'syz.1.6673': attribute type 5 has an invalid length. [ 531.920032][T26408] net_ratelimit: 5 callbacks suppressed [ 531.920051][T26408] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 532.206772][T26429] netlink: Conntrack attr has 4 unknown bytes [ 533.628708][T26492] Unsupported ieee802154 address type: 0 [ 533.636283][T26491] Unsupported ieee802154 address type: 0 [ 533.986627][T26506] netlink: 'syz.2.6709': attribute type 1 has an invalid length. [ 534.151127][T26511] block nbd2: Unsupported socket: should be TCP or UNIX. [ 534.521605][T26527] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 534.558229][T26527] CPU: 0 UID: 0 PID: 26527 Comm: syz.3.6717 Not tainted syzkaller #0 PREEMPT(full) [ 534.558258][T26527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 534.558271][T26527] Call Trace: [ 534.558279][T26527] [ 534.558288][T26527] dump_stack_lvl+0xe8/0x150 [ 534.558348][T26527] sysfs_warn_dup+0x8e/0xa0 [ 534.558377][T26527] sysfs_do_create_link_sd+0xc0/0x110 [ 534.558407][T26527] device_add_class_symlinks+0x1cf/0x240 [ 534.558442][T26527] device_add+0x475/0xb70 [ 534.558474][T26527] wiphy_register+0x1d6c/0x2d50 [ 534.558510][T26527] ? __pfx_wiphy_register+0x10/0x10 [ 534.558530][T26527] ? __pfx_netdev_run_todo+0x10/0x10 [ 534.558557][T26527] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 534.558589][T26527] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 534.558619][T26527] ieee80211_register_hw+0x34d2/0x4150 [ 534.558660][T26527] ? ieee80211_register_hw+0x13d1/0x4150 [ 534.558695][T26527] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 534.558738][T26527] ? __hrtimer_setup+0x181/0x200 [ 534.558756][T26527] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 534.558786][T26527] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 534.558841][T26527] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 534.558863][T26527] ? kstrndup+0xbf/0x160 [ 534.558892][T26527] hwsim_new_radio_nl+0xf85/0x1c30 [ 534.558921][T26527] ? __pfx___nla_validate_parse+0x10/0x10 [ 534.558960][T26527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 534.558989][T26527] ? rcu_is_watching+0x15/0xb0 [ 534.559012][T26527] ? __nla_parse+0x40/0x60 [ 534.559040][T26527] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 534.559074][T26527] genl_family_rcv_msg_doit+0x22a/0x330 [ 534.559105][T26527] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 534.559144][T26527] ? bpf_lsm_capable+0x9/0x20 [ 534.559166][T26527] ? security_capable+0x7e/0x2c0 [ 534.559196][T26527] genl_rcv_msg+0x61c/0x7a0 [ 534.559225][T26527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 534.559248][T26527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 534.559286][T26527] netlink_rcv_skb+0x232/0x4b0 [ 534.559306][T26527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 534.559347][T26527] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 534.559364][T26527] ? genl_rcv+0x19/0x40 [ 534.559405][T26527] ? down_read+0x272/0x2e0 [ 534.559424][T26527] ? genl_rcv+0xd/0x40 [ 534.559448][T26527] genl_rcv+0x28/0x40 [ 534.559468][T26527] netlink_unicast+0x80f/0x9b0 [ 534.559503][T26527] ? __pfx_netlink_unicast+0x10/0x10 [ 534.559528][T26527] ? netlink_sendmsg+0x650/0xb40 [ 534.559545][T26527] ? skb_put+0x11b/0x210 [ 534.559569][T26527] netlink_sendmsg+0x813/0xb40 [ 534.559600][T26527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 534.559622][T26527] ? aa_sock_msg_perm+0xf1/0x1b0 [ 534.559647][T26527] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 534.559670][T26527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 534.559690][T26527] ____sys_sendmsg+0xa68/0xad0 [ 534.559715][T26527] ? __might_fault+0xaf/0x130 [ 534.559749][T26527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 534.559783][T26527] ? import_iovec+0x73/0xa0 [ 534.559815][T26527] ___sys_sendmsg+0x2a5/0x360 [ 534.559837][T26527] ? __lock_acquire+0x6b5/0x2cf0 [ 534.559867][T26527] ? __pfx____sys_sendmsg+0x10/0x10 [ 534.559898][T26527] ? futex_wait+0x29a/0x380 [ 534.559944][T26527] ? __fget_files+0x2a/0x420 [ 534.559965][T26527] ? __fget_files+0x3a0/0x420 [ 534.559997][T26527] __x64_sys_sendmsg+0x1bd/0x2a0 [ 534.560025][T26527] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 534.560059][T26527] ? rcu_is_watching+0x15/0xb0 [ 534.560090][T26527] do_syscall_64+0xe2/0xf80 [ 534.560109][T26527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.560126][T26527] ? trace_irq_disable+0x37/0x100 [ 534.560145][T26527] ? clear_bhb_loop+0x60/0xb0 [ 534.560168][T26527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.560188][T26527] RIP: 0033:0x7f820e19aeb9 [ 534.560206][T26527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 534.560224][T26527] RSP: 002b:00007f820f135028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 534.560245][T26527] RAX: ffffffffffffffda RBX: 00007f820e415fa0 RCX: 00007f820e19aeb9 [ 534.560261][T26527] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 534.560274][T26527] RBP: 00007f820e208c1f R08: 0000000000000000 R09: 0000000000000000 [ 534.560286][T26527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 534.560298][T26527] R13: 00007f820e416038 R14: 00007f820e415fa0 R15: 00007ffd1786cde8 [ 534.560340][T26527] [ 535.202008][T26529] netlink: 'syz.0.6718': attribute type 1 has an invalid length. [ 535.243858][T26529] __nla_validate_parse: 4 callbacks suppressed [ 535.243875][T26529] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6718'. [ 535.291345][T26544] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6723'. [ 535.313497][T26529] NCSI netlink: No device for ifindex 0 [ 535.323378][T26544] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6723'. [ 535.337814][T26540] netlink: 'syz.3.6722': attribute type 1 has an invalid length. [ 535.350835][T26540] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6722'. [ 536.479881][T26589] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6735'. [ 536.508485][T26587] syzkaller1: entered promiscuous mode [ 536.524260][T26587] syzkaller1: entered allmulticast mode [ 536.593641][T26594] netlink: 108 bytes leftover after parsing attributes in process `syz.0.6737'. [ 536.853979][T26606] sysfs: cannot create duplicate filename '/class/ieee80211/Ku crK:̥B| lS-!' [ 536.857103][T26605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6743'. [ 536.880724][T26606] CPU: 0 UID: 0 PID: 26606 Comm: syz.1.6742 Not tainted syzkaller #0 PREEMPT(full) [ 536.880749][T26606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 536.880761][T26606] Call Trace: [ 536.880769][T26606] [ 536.880779][T26606] dump_stack_lvl+0xe8/0x150 [ 536.880810][T26606] sysfs_warn_dup+0x8e/0xa0 [ 536.880836][T26606] sysfs_do_create_link_sd+0xc0/0x110 [ 536.880864][T26606] device_add_class_symlinks+0x1cf/0x240 [ 536.880898][T26606] device_add+0x475/0xb70 [ 536.880925][T26606] wiphy_register+0x1d6c/0x2d50 [ 536.880960][T26606] ? __pfx_wiphy_register+0x10/0x10 [ 536.880980][T26606] ? __pfx_netdev_run_todo+0x10/0x10 [ 536.881006][T26606] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 536.881039][T26606] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 536.881080][T26606] ieee80211_register_hw+0x34d2/0x4150 [ 536.881122][T26606] ? ieee80211_register_hw+0x13d1/0x4150 [ 536.881157][T26606] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 536.881196][T26606] ? __hrtimer_setup+0x181/0x200 [ 536.881214][T26606] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 536.881244][T26606] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 536.881298][T26606] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 536.881318][T26606] ? kstrndup+0xbf/0x160 [ 536.881347][T26606] hwsim_new_radio_nl+0xf85/0x1c30 [ 536.881378][T26606] ? __pfx___nla_validate_parse+0x10/0x10 [ 536.881417][T26606] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 536.881447][T26606] ? rcu_is_watching+0x15/0xb0 [ 536.881470][T26606] ? __nla_parse+0x40/0x60 [ 536.881496][T26606] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 536.881531][T26606] genl_family_rcv_msg_doit+0x22a/0x330 [ 536.881563][T26606] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 536.881603][T26606] ? bpf_lsm_capable+0x9/0x20 [ 536.881626][T26606] ? security_capable+0x7e/0x2c0 [ 536.881655][T26606] genl_rcv_msg+0x61c/0x7a0 [ 536.881685][T26606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 536.881709][T26606] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 536.881747][T26606] netlink_rcv_skb+0x232/0x4b0 [ 536.881768][T26606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 536.881794][T26606] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.881810][T26606] ? genl_rcv+0x19/0x40 [ 536.881849][T26606] ? down_read+0x272/0x2e0 [ 536.881867][T26606] ? genl_rcv+0xd/0x40 [ 536.881891][T26606] genl_rcv+0x28/0x40 [ 536.881912][T26606] netlink_unicast+0x80f/0x9b0 [ 536.881945][T26606] ? __pfx_netlink_unicast+0x10/0x10 [ 536.881972][T26606] ? netlink_sendmsg+0x650/0xb40 [ 536.881990][T26606] ? skb_put+0x11b/0x210 [ 536.882016][T26606] netlink_sendmsg+0x813/0xb40 [ 536.882046][T26606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.882080][T26606] ? aa_sock_msg_perm+0xf1/0x1b0 [ 536.882106][T26606] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 536.882130][T26606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.882149][T26606] ____sys_sendmsg+0xa68/0xad0 [ 536.882173][T26606] ? __might_fault+0xaf/0x130 [ 536.882207][T26606] ? __pfx_____sys_sendmsg+0x10/0x10 [ 536.882242][T26606] ? import_iovec+0x73/0xa0 [ 536.882275][T26606] ___sys_sendmsg+0x2a5/0x360 [ 536.882298][T26606] ? __lock_acquire+0x6b5/0x2cf0 [ 536.882327][T26606] ? __pfx____sys_sendmsg+0x10/0x10 [ 536.882359][T26606] ? futex_wait+0x29a/0x380 [ 536.882407][T26606] ? __fget_files+0x2a/0x420 [ 536.882427][T26606] ? __fget_files+0x3a0/0x420 [ 536.882458][T26606] __x64_sys_sendmsg+0x1bd/0x2a0 [ 536.882486][T26606] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 536.882521][T26606] ? rcu_is_watching+0x15/0xb0 [ 536.882553][T26606] do_syscall_64+0xe2/0xf80 [ 536.882573][T26606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.882591][T26606] ? trace_irq_disable+0x37/0x100 [ 536.882610][T26606] ? clear_bhb_loop+0x60/0xb0 [ 536.882633][T26606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.882651][T26606] RIP: 0033:0x7fb45d59aeb9 [ 536.882670][T26606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.882686][T26606] RSP: 002b:00007fb45e434028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 536.882706][T26606] RAX: ffffffffffffffda RBX: 00007fb45d815fa0 RCX: 00007fb45d59aeb9 [ 536.882721][T26606] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 536.882734][T26606] RBP: 00007fb45d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 536.882746][T26606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.882758][T26606] R13: 00007fb45d816038 R14: 00007fb45d815fa0 R15: 00007ffdc1b8f018 [ 536.882792][T26606] [ 537.400562][T26608] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6743'. [ 537.472570][T26619] netlink: 211896 bytes leftover after parsing attributes in process `syz.0.6744'. [ 537.610823][T26624] netlink: 'syz.3.6750': attribute type 1 has an invalid length. [ 537.688575][T26624] 8021q: adding VLAN 0 to HW filter on device bond9 [ 537.699153][T26624] bond8: (slave bond9): making interface the new active one [ 537.710561][T26624] bond8: (slave bond9): Enslaving as an active interface with an up link [ 537.770539][T26624] bond8: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 537.843456][T26624] bond8: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 538.040472][T26633] syzkaller0: entered promiscuous mode [ 538.046162][T26633] syzkaller0: entered allmulticast mode [ 538.198701][T26652] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6757'. [ 562.817948][ T1305] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 609.619362][T26674] syzkaller0: entered promiscuous mode [ 609.634547][T26674] syzkaller0: entered allmulticast mode [ 609.799772][T26689] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 609.809277][T26689] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 609.818040][T26689] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 609.828046][T26689] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 609.837032][T26689] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 610.984859][ T5831] Bluetooth: hci4: command 0x0405 tx timeout [ 611.944785][ T5834] Bluetooth: hci5: command tx timeout [ 613.397776][T26686] netlink: 'syz.3.6765': attribute type 2 has an invalid length. [ 613.484703][T26687] lo speed is unknown, defaulting to 1000 [ 613.493598][T26687] wlan0 speed is unknown, defaulting to 1000 [ 613.505926][T26685] lo speed is unknown, defaulting to 1000 [ 613.543773][T26685] wlan0 speed is unknown, defaulting to 1000 [ 613.797470][T26701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6766'. [ 614.018152][ T5834] Bluetooth: hci5: command tx timeout [ 615.089494][T26728] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6777'. [ 615.436703][T26685] chnl_net:caif_netlink_parms(): no params data found [ 615.563622][T26749] xt_TCPMSS: Only works on TCP SYN packets [ 615.732515][T26685] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.751088][T26685] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.767389][T26685] bridge_slave_0: entered allmulticast mode [ 615.784346][T26685] bridge_slave_0: entered promiscuous mode [ 615.815038][T26685] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.830802][T26685] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.847255][T26685] bridge_slave_1: entered allmulticast mode [ 615.866574][T26685] bridge_slave_1: entered promiscuous mode [ 615.988374][T26685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.026326][T26685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.094547][ T5834] Bluetooth: hci5: command tx timeout [ 616.132766][T26685] team0: Port device team_slave_0 added [ 616.167760][T26685] team0: Port device team_slave_1 added [ 616.266482][T26685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 616.285198][T26685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 616.364532][T26685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 616.402194][T26685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 616.412095][T26685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 616.466975][T26685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 616.569109][T26769] tipc: Enabled bearer , priority 0 [ 616.624191][T26769] syzkaller0: entered promiscuous mode [ 616.630644][T26769] syzkaller0: entered allmulticast mode [ 616.647941][T26685] hsr_slave_0: entered promiscuous mode [ 616.657995][T26685] hsr_slave_1: entered promiscuous mode [ 616.664338][T26685] debugfs: 'hsr0' already exists in 'hsr' [ 616.670523][T26685] Cannot create hsr debugfs directory [ 616.696410][T26769] tipc: Resetting bearer [ 616.737089][T26774] netlink: 'syz.1.6793': attribute type 1 has an invalid length. [ 616.748675][T26774] netlink: 256 bytes leftover after parsing attributes in process `syz.1.6793'. [ 616.758742][T26768] tipc: Resetting bearer [ 616.783270][T26768] tipc: Disabling bearer [ 617.186828][T26685] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.217760][T26685] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.365685][T26685] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.388670][T26685] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.534846][T26685] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.558449][T26685] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.670137][T26685] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 617.702639][T26685] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.763070][T26817] syzkaller1: entered promiscuous mode [ 617.769082][T26817] syzkaller1: entered allmulticast mode [ 618.074616][T26685] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 618.174577][ T5834] Bluetooth: hci5: command tx timeout [ 618.244083][T26685] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 618.252738][T26831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6817'. [ 618.272569][T26685] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 618.375079][T26685] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 618.633407][T26685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 618.693346][T26685] 8021q: adding VLAN 0 to HW filter on device team0 [ 618.738984][ T1055] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.746156][ T1055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.819674][T26834] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6818'. [ 618.847032][ T9036] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.854215][ T9036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.441545][T26880] tipc: Enabled bearer , priority 0 [ 619.461921][T26880] syzkaller0: entered promiscuous mode [ 619.499618][T26880] syzkaller0: entered allmulticast mode [ 619.629917][T26880] tipc: Resetting bearer [ 619.653042][T26879] tipc: Resetting bearer [ 619.692633][T26879] tipc: Disabling bearer [ 619.731116][T26685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 619.842891][T26685] veth0_vlan: entered promiscuous mode [ 619.861864][T26685] veth1_vlan: entered promiscuous mode [ 619.913796][T26685] veth0_macvtap: entered promiscuous mode [ 619.927393][T26685] veth1_macvtap: entered promiscuous mode [ 619.987361][T26685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.026073][T26685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 620.090609][ T9027] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.107419][ T9027] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.137843][ T9027] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.186519][ T9027] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.342610][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.368324][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.452913][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.477330][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.739767][T26913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6759'. [ 621.036959][T26907] ip6_vti0: left promiscuous mode [ 621.055430][T26907] ip6_vti0: left allmulticast mode [ 621.139506][T26928] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6839'. [ 621.986638][T26907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 622.029611][T26907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 622.058197][T26907] tipc: Resetting bearer [ 622.425852][T26907] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 622.462220][T26907] bond2: left promiscuous mode [ 622.472510][T26907] veth0_to_bond: left promiscuous mode [ 622.479478][T26907] bond2: left allmulticast mode [ 622.484357][T26907] veth0_to_bond: left allmulticast mode [ 622.533193][T26907] ip6tnl2: left promiscuous mode [ 622.649043][T26907] geneve2: left promiscuous mode [ 622.655180][T26907] geneve2: left allmulticast mode [ 622.743902][T26907] gretap3: left promiscuous mode [ 622.754888][T26907] gretap3: left allmulticast mode [ 623.046942][T26907] ip6gre1: left promiscuous mode [ 623.058576][T26907] ip6gre1: left allmulticast mode [ 623.084275][T26907] bond7: left promiscuous mode [ 623.094323][T26907] bond7: left allmulticast mode [ 623.129521][T26907] geneve3: left promiscuous mode [ 623.147140][T26907] geneve4: left promiscuous mode [ 623.152223][T26907] geneve4: left allmulticast mode [ 623.180653][T26907] bond0: left promiscuous mode [ 623.189115][T26907] bond0: left allmulticast mode [ 623.437688][T26913] team0: Port device team_slave_0 removed [ 623.476138][ T8783] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.514532][ T8783] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.535682][ T8783] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 19999 - 0 [ 623.647473][ T8783] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.662202][ T8783] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.698358][T26952] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6845'. [ 623.704434][ T8783] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 19999 - 0 [ 623.736029][ T8783] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.757045][ T8783] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.794444][ T8783] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 19999 - 0 [ 623.880045][ T8783] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.900671][ T8783] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.927948][ T8783] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 19999 - 0 [ 624.136578][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 624.148591][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 624.156624][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 624.164858][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 624.180109][ T36] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 624.192018][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 624.195652][T26975] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6852'. [ 624.214277][ T36] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 624.237481][ T36] bond0: (slave team0): link status definitely down, disabling slave [ 624.264670][ T1305] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 624.284282][ T36] bond0: now running without any active interface! [ 624.654541][T26929] lo speed is unknown, defaulting to 1000 [ 624.771238][T26990] tunl0: Caught tx_queue_len zero misconfig [ 624.808773][T26929] wlan0 speed is unknown, defaulting to 1000 [ 625.099057][T27010] tipc: Enabled bearer , priority 0 [ 625.109115][T27006] syzkaller0: entered promiscuous mode [ 625.151674][T27006] syzkaller0: entered allmulticast mode [ 625.281889][T27010] tipc: Resetting bearer [ 625.343157][T27005] tipc: Resetting bearer [ 625.444123][T27005] tipc: Disabling bearer [ 625.809040][T20492] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 625.836473][T20492] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 625.863805][T20492] bridge0: port 3(wlan0) entered disabled state [ 625.903147][T20492] .: left allmulticast mode [ 625.920841][T20492] .: left promiscuous mode [ 625.933828][T20492] bridge0: port 2(.) entered disabled state [ 625.964821][T20492] bridge_slave_0: left allmulticast mode [ 625.986025][T20492] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.256473][ T5834] Bluetooth: hci0: command tx timeout [ 626.266607][T20492] bond3 (unregistering): (slave ip6gretap1): Releasing active interface [ 626.839462][T20492] dvmrp6 (unregistering): left allmulticast mode [ 627.400468][T20492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 627.409714][T20492] bond_slave_0: left allmulticast mode [ 627.415636][T20492] bond0 (unregistering): Released all slaves [ 627.427756][T20492] bond1 (unregistering): Released all slaves [ 627.606805][T20492] bond2 (unregistering): Released all slaves [ 627.643368][T20492] bond3 (unregistering): Released all slaves [ 627.671544][T20492] bond4 (unregistering): (slave bond5): Releasing backup interface [ 627.694970][T20492] bond4 (unregistering): Released all slaves [ 627.854283][T20492] bond5 (unregistering): Released all slaves [ 627.873586][T20492] bond6 (unregistering): Released all slaves [ 627.901804][T20492] bond7 (unregistering): Released all slaves [ 628.042839][T20492] bond8 (unregistering): Released all slaves [ 628.060833][T20492] bond9 (unregistering): Released all slaves [ 628.190030][T20492] bond10 (unregistering): Released all slaves [ 628.217578][T27042] syzkaller0: entered promiscuous mode [ 628.223171][T27042] syzkaller0: entered allmulticast mode [ 628.255006][T27073] tipc: Enabling of bearer rejected, failed to enable media [ 628.335670][ T5834] Bluetooth: hci0: command tx timeout [ 628.461278][T20492] tipc: Left network mode [ 629.237278][T26929] chnl_net:caif_netlink_parms(): no params data found [ 629.308647][T27104] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6883'. [ 629.317852][T27104] netlink: 'syz.2.6883': attribute type 1 has an invalid length. [ 629.346696][T27109] lo speed is unknown, defaulting to 1000 [ 629.361857][T27122] syzkaller0: entered promiscuous mode [ 629.388059][T27122] syzkaller0: entered allmulticast mode [ 629.476591][T27130] tipc: Enabled bearer , priority 0 [ 629.521752][T27109] wlan0 speed is unknown, defaulting to 1000 [ 629.590122][T27122] tipc: Resetting bearer [ 629.643538][T27119] tipc: Resetting bearer [ 629.755256][T27119] tipc: Disabling bearer [ 630.410837][T27167] netlink: 'syz.4.6894': attribute type 10 has an invalid length. [ 630.424910][ T5834] Bluetooth: hci0: command tx timeout [ 630.563846][T26929] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.582973][T26929] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.608198][T26929] bridge_slave_0: entered allmulticast mode [ 630.634941][T26929] bridge_slave_0: entered promiscuous mode [ 630.689071][T26929] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.713824][T26929] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.746782][T26929] bridge_slave_1: entered allmulticast mode [ 630.773784][T26929] bridge_slave_1: entered promiscuous mode [ 631.162010][T20492] hsr_slave_1: left promiscuous mode [ 631.171774][T20492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 631.202154][T20492] batman_adv: batadv0: Removing interface: ipvlan2 [ 631.218765][T20492] veth1_vlan: left allmulticast mode [ 631.366794][T20492] pimreg3 (unregistering): left allmulticast mode [ 631.568293][T20492] pim6reg527 (unregistering): left allmulticast mode [ 631.609550][T20492] pim6reg (unregistering): left allmulticast mode [ 632.473709][T26929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 632.489396][T26929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 632.661225][T26929] team0: Port device team_slave_0 added [ 632.719624][T26929] team0: Port device team_slave_1 added [ 632.744093][T27207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 632.809172][T26929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 632.817580][T26929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.885517][T26929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 632.903992][T26929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 632.919649][T26929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.948798][T26929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 632.962401][T27211] tipc: Enabled bearer , priority 0 [ 633.038603][T27212] syzkaller0: entered promiscuous mode [ 633.044095][T27212] syzkaller0: entered allmulticast mode [ 633.115799][T26929] hsr_slave_0: entered promiscuous mode [ 633.132947][T26929] hsr_slave_1: entered promiscuous mode [ 633.144579][T26929] debugfs: 'hsr0' already exists in 'hsr' [ 633.150330][T26929] Cannot create hsr debugfs directory [ 633.175178][T27212] tipc: Resetting bearer [ 633.273060][T27210] tipc: Resetting bearer [ 633.325183][T27210] tipc: Disabling bearer [ 633.355049][T27216] lo speed is unknown, defaulting to 1000 [ 633.422599][T27216] wlan0 speed is unknown, defaulting to 1000 [ 633.506911][T20492] IPVS: stop unused estimator thread 0... [ 633.736192][T27233] netlink: 56 bytes leftover after parsing attributes in process `syz.4.6912'. [ 633.778921][T27233] vlan1: entered promiscuous mode [ 633.880474][T27240] netlink: 'syz.3.6916': attribute type 10 has an invalid length. [ 634.734344][T26929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 634.791948][T26929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 634.831286][T26929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 634.861640][T26929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 635.117107][T26929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.209141][T26929] 8021q: adding VLAN 0 to HW filter on device team0 [ 635.243091][ T9036] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.250304][ T9036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.413837][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.421047][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.839970][T27294] lo speed is unknown, defaulting to 1000 [ 635.890151][T27294] wlan0 speed is unknown, defaulting to 1000 [ 636.220969][T26929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 636.260992][T27310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6936'. [ 636.345822][T26929] veth0_vlan: entered promiscuous mode [ 636.502824][T26929] veth1_vlan: entered promiscuous mode [ 636.539832][T27319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6940'. [ 636.559430][T26929] veth0_macvtap: entered promiscuous mode [ 636.570804][T26929] veth1_macvtap: entered promiscuous mode [ 636.587112][T27319] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6940'. [ 636.595043][T26929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 636.608808][T26929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 636.637248][ T1096] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.674447][ T1096] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.721007][ T1096] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.750913][ T1096] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.122230][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.161128][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.366091][T27330] lo speed is unknown, defaulting to 1000 [ 637.386865][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.399516][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.461286][T27330] wlan0 speed is unknown, defaulting to 1000 [ 637.697553][T27344] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6947'. [ 638.096872][T27352] pim6reg1: entered promiscuous mode [ 638.102379][T27352] pim6reg1: entered allmulticast mode [ 638.141358][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 638.151743][T27355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6951'. [ 638.152276][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 638.171293][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 638.185864][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 638.194116][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 638.321113][T27354] lo speed is unknown, defaulting to 1000 [ 638.379457][T27354] wlan0 speed is unknown, defaulting to 1000 [ 638.989554][T27371] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6955'. [ 639.064301][T27373] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6956'. [ 639.950160][T27354] chnl_net:caif_netlink_parms(): no params data found [ 640.243983][T27354] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.256828][ T5834] Bluetooth: hci4: command tx timeout [ 640.262061][T27354] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.278116][T27354] bridge_slave_0: entered allmulticast mode [ 640.290491][T27411] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6966'. [ 640.306196][T27354] bridge_slave_0: entered promiscuous mode [ 640.336916][T27354] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.361912][T27354] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.392365][T27354] bridge_slave_1: entered allmulticast mode [ 640.412212][T27354] bridge_slave_1: entered promiscuous mode [ 640.516894][T27354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 640.554300][T27354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 640.703581][T27354] team0: Port device team_slave_0 added [ 640.728712][T27354] team0: Port device team_slave_1 added [ 640.860889][T27354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 640.880353][T27354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 640.954562][T27354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 640.978617][T27354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 640.990282][T27354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 641.019233][T27354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 641.142267][T27354] hsr_slave_0: entered promiscuous mode [ 641.156325][T27354] hsr_slave_1: entered promiscuous mode [ 641.163013][T27354] debugfs: 'hsr0' already exists in 'hsr' [ 641.182375][T27354] Cannot create hsr debugfs directory [ 641.658387][T27448] netlink: 'syz.0.6981': attribute type 10 has an invalid length. [ 641.737490][T27448] 8021q: adding VLAN 0 to HW filter on device team0 [ 641.767092][T27448] bond0: (slave team0): Enslaving as an active interface with an up link [ 641.879985][T27452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6983'. [ 641.973936][T27455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6984'. [ 642.046141][T27354] batman_adv: batadv0: Removing interface: netdevsim0 [ 642.095288][T27455] bridge_slave_1: left allmulticast mode [ 642.124534][T27455] bridge_slave_1: left promiscuous mode [ 642.130325][T27455] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.173068][T27455] bridge_slave_0: left allmulticast mode [ 642.188366][T27455] bridge_slave_0: left promiscuous mode [ 642.204293][T27455] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.337599][ T5834] Bluetooth: hci4: command tx timeout [ 642.665385][T27354] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 642.718856][T27354] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 642.753717][T27354] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 642.802430][T27354] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 642.990765][T27499] netlink: 'syz.3.7002': attribute type 10 has an invalid length. [ 643.049850][T27499] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7002'. [ 643.080046][T27354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 643.087263][T27499] bond0: option arp_all_targets: invalid value (196616) [ 643.117855][T27503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7003'. [ 643.120305][T27354] 8021q: adding VLAN 0 to HW filter on device team0 [ 643.187266][ T9027] bridge0: port 1(bridge_slave_0) entered blocking state [ 643.194455][ T9027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 643.248798][ T1055] bridge0: port 2(bridge_slave_1) entered blocking state [ 643.255990][ T1055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 643.293855][T27507] syzkaller0: entered promiscuous mode [ 643.318143][T27507] syzkaller0: entered allmulticast mode [ 644.238165][T27552] lo speed is unknown, defaulting to 1000 [ 644.247477][T27552] wlan0 speed is unknown, defaulting to 1000 [ 644.304892][T27354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.415376][ T5834] Bluetooth: hci4: command tx timeout [ 644.447340][T27354] veth0_vlan: entered promiscuous mode [ 644.474278][T27568] Cannot find del_set index 3 as target [ 644.503968][T27563] lo speed is unknown, defaulting to 1000 [ 644.523707][T27354] veth1_vlan: entered promiscuous mode [ 644.548400][T27563] wlan0 speed is unknown, defaulting to 1000 [ 644.631425][T27354] veth0_macvtap: entered promiscuous mode [ 644.657836][T27354] veth1_macvtap: entered promiscuous mode [ 644.718548][T27354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 644.754858][T27354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 644.783997][ T9036] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.819642][ T9036] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.847645][ T9036] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.936124][ T9036] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.955117][T27580] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7029'. [ 645.354351][ T9036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.375655][ T9036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.445458][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.454073][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 646.231051][T27608] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 646.430945][T27611] dummy0: entered allmulticast mode [ 646.461885][T27611] dummy0: left allmulticast mode [ 646.499070][ T5834] Bluetooth: hci4: command tx timeout [ 646.937606][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 646.937872][T27624] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7048'. [ 646.959015][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 646.967353][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 646.978700][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 646.986466][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 647.041673][T27625] lo speed is unknown, defaulting to 1000 [ 647.092364][T27630] netlink: 'syz.2.7051': attribute type 1 has an invalid length. [ 647.246742][T27628] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.306252][T27625] wlan0 speed is unknown, defaulting to 1000 [ 647.334644][T27634] vlan2: entered allmulticast mode [ 647.355090][T27634] veth0_to_bond: entered allmulticast mode [ 647.368114][T27634] bridge0: port 3(vlan2) entered blocking state [ 647.389778][T27634] bridge0: port 3(vlan2) entered disabled state [ 647.407823][T27634] vlan2: entered promiscuous mode [ 647.419624][T27634] veth0_to_bond: entered promiscuous mode [ 647.638936][T27628] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.777781][T27628] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.938795][T27628] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.147334][ T1139] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.191025][T27661] netlink: 'syz.1.7057': attribute type 2 has an invalid length. [ 648.216310][ T1139] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.284305][ T1139] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.352805][ T1139] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.702284][T27625] chnl_net:caif_netlink_parms(): no params data found [ 649.000006][T27625] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.026188][T27625] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.033494][T27625] bridge_slave_0: entered allmulticast mode [ 649.054840][ T5834] Bluetooth: hci3: command tx timeout [ 649.088465][T27625] bridge_slave_0: entered promiscuous mode [ 649.109362][T27625] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.116687][T27625] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.124773][T27625] bridge_slave_1: entered allmulticast mode [ 649.132770][T27625] bridge_slave_1: entered promiscuous mode [ 649.193802][T27625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 649.240293][T27625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 649.345834][T27625] team0: Port device team_slave_0 added [ 649.379168][T27625] team0: Port device team_slave_1 added [ 649.566225][T27625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 649.580502][T27625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 649.607232][T27625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 649.655552][T27625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 649.671547][T27625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 649.727472][T27625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 649.881928][T27625] hsr_slave_0: entered promiscuous mode [ 649.903809][T27625] hsr_slave_1: entered promiscuous mode [ 649.933938][T27625] debugfs: 'hsr0' already exists in 'hsr' [ 649.970611][T27625] Cannot create hsr debugfs directory [ 650.146629][ T5913] IPVS: starting estimator thread 0... [ 650.163769][T27724] IPVS: rr: FWM 3 0x00000003 - no destination available [ 650.237769][T27726] IPVS: using max 37 ests per chain, 88800 per kthread [ 650.601847][T27748] IPVS: rr: FWM 3 0x00000003 - no destination available [ 650.645251][T27750] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 650.660314][T27625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 650.724687][T27625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 650.768801][T27625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 2] type 1 family 0 port 49153 - 0 [ 650.795462][T27625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.824608][T27625] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 650.892431][T27755] syzkaller0: entered promiscuous mode [ 650.904670][T27755] syzkaller0: entered allmulticast mode [ 651.058309][T27625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 651.075180][T27625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 651.086322][T27625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 2] type 1 family 0 port 49153 - 0 [ 651.118285][T27625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.142508][T27625] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 651.156157][ T5834] Bluetooth: hci3: command tx timeout [ 651.329733][T27625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 651.356106][T27625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0 [ 651.390494][T27625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 2] type 1 family 0 port 49153 - 0 [ 651.413075][T27625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.424912][T27625] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 651.449198][T27780] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 651.670371][T27784] lo speed is unknown, defaulting to 1000 [ 651.721574][T27784] wlan0 speed is unknown, defaulting to 1000 [ 651.969205][T27625] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 652.036141][T27625] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 652.086264][T27625] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 652.161509][T27625] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 652.488156][T27818] tipc: Started in network mode [ 652.493963][T27818] tipc: Node identity b2fd2e910b0c, cluster identity 4711 [ 652.503346][T27818] tipc: Enabled bearer , priority 0 [ 652.512214][T27818] syzkaller0: entered promiscuous mode [ 652.527307][T27818] syzkaller0: entered allmulticast mode [ 652.615533][T27813] tipc: Resetting bearer [ 652.677237][T27813] tipc: Disabling bearer [ 652.756236][T27625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 652.823902][T27625] 8021q: adding VLAN 0 to HW filter on device team0 [ 652.869073][ T9031] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.876249][ T9031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 652.932312][ T9031] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.939503][ T9031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 653.156412][T27830] lo speed is unknown, defaulting to 1000 [ 653.166983][T27830] wlan0 speed is unknown, defaulting to 1000 [ 653.225385][ T5834] Bluetooth: hci3: command tx timeout [ 653.658393][T27844] lo speed is unknown, defaulting to 1000 [ 653.763054][T27844] wlan0 speed is unknown, defaulting to 1000 [ 653.876169][T27625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 654.190615][T27861] netlink: 'syz.0.7124': attribute type 89 has an invalid length. [ 654.240743][T27859] tipc: Enabled bearer , priority 0 [ 654.275654][T27857] syzkaller0: entered promiscuous mode [ 654.307484][T27857] syzkaller0: entered allmulticast mode [ 654.504937][T27856] tipc: Resetting bearer [ 654.583363][T27856] tipc: Disabling bearer [ 655.112135][T27625] veth0_vlan: entered promiscuous mode [ 655.195116][T27625] veth1_vlan: entered promiscuous mode [ 655.294939][ T5834] Bluetooth: hci3: command tx timeout [ 655.338255][T27625] veth0_macvtap: entered promiscuous mode [ 655.379860][T27881] netlink: 'syz.2.7131': attribute type 1 has an invalid length. [ 655.388521][T27625] veth1_macvtap: entered promiscuous mode [ 655.483441][T27884] geneve2: entered promiscuous mode [ 655.499162][T27884] geneve2: entered allmulticast mode [ 655.598037][T27625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 655.637176][T27625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 655.666614][ T9031] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.710547][ T9031] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.729936][ T9031] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.769331][ T9031] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.002685][ T1055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 656.055439][ T1055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 656.230332][ T1055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 656.286881][ T1055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 656.440648][T27915] lo speed is unknown, defaulting to 1000 [ 656.728556][T27915] wlan0 speed is unknown, defaulting to 1000 [ 656.876389][T27928] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7148'. [ 656.906824][T27928] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7148'. [ 657.510705][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 657.524137][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 657.544788][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 657.553615][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 657.562467][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 657.883768][T27942] lo speed is unknown, defaulting to 1000 [ 657.898779][T27950] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.993445][ T1139] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.191094][T27942] wlan0 speed is unknown, defaulting to 1000 [ 658.217156][T27950] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.331157][ T1139] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.390849][T27950] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.498841][ T1139] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.574802][T27950] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.685009][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.870529][ T1091] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.955456][ T1091] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.023981][ T1091] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.079140][ T1096] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.140916][T27983] IPVS: rr: FWM 3 0x00000003 - no destination available [ 659.205396][ T1139] bridge_slave_1: left allmulticast mode [ 659.212917][ T1139] bridge_slave_1: left promiscuous mode [ 659.231209][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.279702][ T1139] bridge_slave_0: left allmulticast mode [ 659.288438][ T1139] bridge_slave_0: left promiscuous mode [ 659.294254][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.698315][ T5831] Bluetooth: hci2: command tx timeout [ 659.781322][ T1139] bond2 (unregistering): (slave gretap1): Releasing active interface [ 660.068091][ T1139] bridge0 (unregistering): left allmulticast mode [ 660.265439][ T1139] bond6 (unregistering): (slave bridge4): Releasing backup interface [ 660.276635][ T1139] bond6 (unregistering): (slave bridge4): the permanent HWaddr of slave - 86:b8:3b:09:16:43 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 660.296712][ T1139] bridge4 (unregistering): left promiscuous mode [ 660.303088][ T1139] bond6 (unregistering): (slave bridge5): making interface the new active one [ 660.312868][ T1139] bridge5 (unregistering): entered promiscuous mode [ 660.358565][ T1139] bond6 (unregistering): (slave bridge5): Releasing backup interface [ 660.368832][ T1139] bridge5 (unregistering): left promiscuous mode [ 660.597978][ T1139] bond0 (unregistering): left promiscuous mode [ 660.604191][ T1139] bond_slave_0: left promiscuous mode [ 660.613589][ T1139] bond_slave_1: left promiscuous mode [ 660.621454][ T1139] team0: left promiscuous mode [ 660.627056][ T1139] team_slave_0: left promiscuous mode [ 660.632743][ T1139] team_slave_1: left promiscuous mode [ 660.638574][ T1139] dummy0: left promiscuous mode [ 660.666050][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.677355][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.688423][ T1139] bond0 (unregistering): (slave team0): Releasing backup interface [ 660.698364][ T1139] bond0 (unregistering): Released all slaves [ 660.711384][ T1139] bond1 (unregistering): (slave veth1_to_bond): Releasing backup interface [ 660.728768][ T1139] bond1 (unregistering): Released all slaves [ 660.871909][ T1139] bond2 (unregistering): Released all slaves [ 661.033869][ T1139] bond3 (unregistering): Released all slaves [ 661.173248][ T1139] bond4 (unregistering): Released all slaves [ 661.299083][ T1139] bond5 (unregistering): Released all slaves [ 661.430841][ T1139] bond6 (unregistering): Released all slaves [ 661.447817][ T1139] bond7 (unregistering): Released all slaves [ 661.466012][ T1139] bond8 (unregistering): (slave bond9): Releasing backup interface [ 661.478020][ T1139] bond8 (unregistering): Released all slaves [ 661.603927][ T1139] bond9 (unregistering): Released all slaves [ 661.645390][T27997] syzkaller1: entered promiscuous mode [ 661.650885][T27997] syzkaller1: entered allmulticast mode [ 661.764889][T28018] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7179'. [ 661.784110][ T5831] Bluetooth: hci2: command tx timeout [ 661.809374][T28010] syzkaller0: entered promiscuous mode [ 661.816290][T28010] syzkaller0: entered allmulticast mode [ 663.495572][T28049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7187'. [ 663.854601][ T5831] Bluetooth: hci2: command tx timeout [ 664.474944][ T1139] : left promiscuous mode [ 664.627928][ T1139] 9: left promiscuous mode [ 664.683678][ T6556] hid-generic 0005:0C45:1010.0002: item fetching failed at offset 0/1 [ 664.718453][T28057] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7190'. [ 664.739092][ T6556] hid-generic 0005:0C45:1010.0002: probe with driver hid-generic failed with error -22 [ 664.814590][ T1139] tipc: Disabling bearer [ 664.880968][T27942] chnl_net:caif_netlink_parms(): no params data found [ 664.888333][ T1139] tipc: Left network mode [ 665.167763][T28071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 665.216928][T28071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 665.267553][T28068] lo speed is unknown, defaulting to 1000 [ 665.317517][T27942] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.343257][T27942] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.359458][T27942] bridge_slave_0: entered allmulticast mode [ 665.378466][T27942] bridge_slave_0: entered promiscuous mode [ 665.395596][T28068] wlan0 speed is unknown, defaulting to 1000 [ 665.413604][T27942] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.423827][T27942] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.432061][T27942] bridge_slave_1: entered allmulticast mode [ 665.440087][T27942] bridge_slave_1: entered promiscuous mode [ 665.774814][T27942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.840445][T27942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.937574][ T5831] Bluetooth: hci2: command tx timeout [ 666.080379][T27942] team0: Port device team_slave_0 added [ 666.146553][T27942] team0: Port device team_slave_1 added [ 666.345131][T27942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.372381][T27942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 666.444532][T27942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.671779][T28098] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.769064][T27942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.777579][T27942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 666.806266][T27942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 666.831693][T28109] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 666.919486][T28115] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7211'. [ 666.932183][T28098] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.168877][T28098] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.211009][T27942] hsr_slave_0: entered promiscuous mode [ 667.221731][T27942] hsr_slave_1: entered promiscuous mode [ 667.235036][T27942] debugfs: 'hsr0' already exists in 'hsr' [ 667.241626][T27942] Cannot create hsr debugfs directory [ 667.367778][T28098] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 667.584676][T28130] block nbd2: not configured, cannot reconfigure [ 667.787824][ T9036] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.902936][T28141] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 667.925640][T28138] syzkaller0: entered promiscuous mode [ 667.933855][T28138] syzkaller0: entered allmulticast mode [ 668.020245][ T6587] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.089239][ T1139] hsr_slave_0: left promiscuous mode [ 668.106188][ T1139] hsr_slave_1: left promiscuous mode [ 668.221750][ T1139] pim6reg527 (unregistering): left allmulticast mode [ 669.248367][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 669.297560][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 669.668023][ T1139] team0 (unregistering): Port device dummy0 removed [ 669.765536][ T5885] lo speed is unknown, defaulting to 1000 [ 669.789175][ T5885] infiniband syz2: ib_query_port failed (-19) [ 669.796818][ T9036] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.978855][ T9027] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.340209][T28193] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 670.645068][ T1139] IPVS: stop unused estimator thread 0... [ 670.953136][T27942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 671.010028][T27942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 671.080291][T27942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 671.146180][T27942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 671.543414][T27942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 671.636066][T27942] 8021q: adding VLAN 0 to HW filter on device team0 [ 671.690451][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.697690][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 671.778484][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.785678][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 672.580201][T27942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.752850][T27942] veth0_vlan: entered promiscuous mode [ 672.935003][T27942] veth1_vlan: entered promiscuous mode [ 673.041964][T27942] veth0_macvtap: entered promiscuous mode [ 673.111968][T27942] veth1_macvtap: entered promiscuous mode [ 673.173082][T28300] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.262875][T27942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 673.341369][T28300] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.378068][T27942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 673.453619][T28300] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.532544][ T9036] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.551022][ T9036] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.577797][T28300] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.608669][ T9036] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.639012][ T9036] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.801872][ T419] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.898018][ T419] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.981669][ T419] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.991183][ T1055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.030837][ T1055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 674.068249][ T419] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.180344][ T1055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.231610][ T1055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 674.439078][T28339] sit0: entered allmulticast mode [ 674.509700][T28339] sit0: entered promiscuous mode [ 675.536780][T28372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 675.628966][T28372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 675.665517][T28372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 676.165405][T28385] netlink: 'syz.3.7285': attribute type 1 has an invalid length. [ 676.242811][T28389] geneve2: entered promiscuous mode [ 676.264473][T28389] geneve2: entered allmulticast mode [ 676.458397][T28394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7289'. [ 677.938401][T28443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7302'. [ 677.953121][T28443] vlan2: left promiscuous mode [ 677.968892][T28443] veth0_to_bond: left promiscuous mode [ 677.986903][T28443] bridge0: port 3(vlan2) entered disabled state [ 678.014113][T28359] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 678.034183][T28443] bridge_slave_1: left allmulticast mode [ 678.048318][T28443] bridge_slave_1: left promiscuous mode [ 678.078719][T28443] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.181491][T28443] bridge_slave_0: left allmulticast mode [ 678.204548][T28443] bridge_slave_0: left promiscuous mode [ 678.213945][T28443] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.805604][ T1214] IPVS: starting estimator thread 0... [ 678.894840][T28467] IPVS: using max 31 ests per chain, 74400 per kthread [ 679.332481][T28484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7313'. [ 679.786306][T28499] netlink: 108 bytes leftover after parsing attributes in process `syz.4.7318'. [ 679.925132][T28488] syzkaller0: entered promiscuous mode [ 679.930700][T28488] syzkaller0: entered allmulticast mode [ 684.897938][T28609] tipc: Started in network mode [ 684.938086][T28609] tipc: Node identity 080211, cluster identity 4711 [ 684.957730][T28609] tipc: Enabled bearer , priority 0 [ 684.986613][T28610] tipc: Resetting bearer [ 685.359875][T28619] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7357'. [ 685.708634][ T1305] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 685.852688][T28645] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7363'. [ 686.049092][ T48] tipc: Node number set to 134353152 [ 686.805325][T28677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7375'. [ 687.305606][T28696] netlink: 'syz.2.7383': attribute type 16 has an invalid length. [ 687.352067][T28696] netlink: 'syz.2.7383': attribute type 17 has an invalid length. [ 687.690226][T28712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7389'. [ 687.910199][T28721] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.917379][T28721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 688.337073][T28740] tipc: Failed to remove unknown binding: 66,1,1/0:2805241002/2805241004 [ 688.779424][T28753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7408'. [ 691.820805][T28877] tipc: Started in network mode [ 691.837167][T28877] tipc: Node identity 029d04098085, cluster identity 4711 [ 691.876050][T28877] tipc: Enabled bearer , priority 0 [ 691.884321][T28880] syzkaller0: entered promiscuous mode [ 691.939643][T28880] syzkaller0: entered allmulticast mode [ 692.021198][T28877] tipc: Resetting bearer [ 692.063959][T28889] syzkaller0: entered promiscuous mode [ 692.077690][T28889] syzkaller0: entered allmulticast mode [ 692.116932][T28875] tipc: Resetting bearer [ 692.162879][T28875] tipc: Disabling bearer [ 693.935779][T28956] delete_channel: no stack [ 694.384694][T28973] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7502'. [ 694.479389][T28978] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7502'. [ 694.538823][T28973] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7502'. [ 694.975120][T28994] syzkaller1: entered promiscuous mode [ 694.986774][T28994] syzkaller1: entered allmulticast mode [ 695.479530][T29021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7522'. [ 695.695792][T29030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7526'. [ 695.718178][T29031] syzkaller1: entered promiscuous mode [ 695.724634][T29031] syzkaller1: entered allmulticast mode [ 695.757461][T29030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7526'. [ 696.349613][T29058] [ 696.352226][T29058] ============================= [ 696.357148][T29058] WARNING: suspicious RCU usage [ 696.362045][T29058] syzkaller #0 Not tainted [ 696.366549][T29058] ----------------------------- [ 696.371398][T29058] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [ 696.379967][T29058] [ 696.379967][T29058] other info that might help us debug this: [ 696.379967][T29058] [ 696.390301][T29058] [ 696.390301][T29058] rcu_scheduler_active = 2, debug_locks = 1 [ 696.398911][T29058] 1 lock held by syz.3.7539/29058: [ 696.404276][T29058] #0: ffffffff8e55a540 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x80 [ 696.415290][T29058] [ 696.415290][T29058] stack backtrace: [ 696.421194][T29058] CPU: 1 UID: 0 PID: 29058 Comm: syz.3.7539 Not tainted syzkaller #0 PREEMPT(full) [ 696.421248][T29058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 696.421271][T29058] Call Trace: [ 696.421280][T29058] [ 696.421289][T29058] dump_stack_lvl+0xe8/0x150 [ 696.421319][T29058] lockdep_rcu_suspicious+0x13f/0x1d0 [ 696.421354][T29058] get_callchain_entry+0x2b6/0x3c0 [ 696.421385][T29058] get_perf_callchain+0xcb/0x830 [ 696.421418][T29058] ? __pfx_get_perf_callchain+0x10/0x10 [ 696.421447][T29058] ? futex_unqueue+0x22/0x240 [ 696.421471][T29058] ? futex_unqueue+0x22/0x240 [ 696.421493][T29058] ? futex_unqueue+0x22/0x240 [ 696.421522][T29058] __bpf_get_stack+0x445/0xab0 [ 696.421560][T29058] ? __pfx___bpf_get_stack+0x10/0x10 [ 696.421591][T29058] ? __lock_acquire+0x6b5/0x2cf0 [ 696.421622][T29058] bpf_get_stack+0x33/0x50 [ 696.421647][T29058] ? bpf_prog_aa1f08ea8b241262+0x46/0x4e [ 696.421666][T29058] bpf_get_stack_raw_tp+0x1a9/0x220 [ 696.421700][T29058] bpf_prog_aa1f08ea8b241262+0x46/0x4e [ 696.421719][T29058] bpf_prog_run_pin_on_cpu+0x142/0x470 [ 696.421747][T29058] bpf_prog_test_run_syscall+0x318/0x4c0 [ 696.421772][T29058] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 696.421792][T29058] ? __fget_files+0x2a/0x420 [ 696.421818][T29058] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 696.421840][T29058] bpf_prog_test_run+0x2c7/0x340 [ 696.421865][T29058] __sys_bpf+0x5cb/0x920 [ 696.421914][T29058] ? __pfx___sys_bpf+0x10/0x10 [ 696.421956][T29058] ? rcu_is_watching+0x15/0xb0 [ 696.421983][T29058] __x64_sys_bpf+0x7c/0x90 [ 696.422011][T29058] do_syscall_64+0xe2/0xf80 [ 696.422030][T29058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.422048][T29058] ? trace_irq_disable+0x37/0x100 [ 696.422066][T29058] ? clear_bhb_loop+0x60/0xb0 [ 696.422088][T29058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.422106][T29058] RIP: 0033:0x7f1b2539aeb9 [ 696.422124][T29058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 696.422141][T29058] RSP: 002b:00007f1b262a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 696.422161][T29058] RAX: ffffffffffffffda RBX: 00007f1b25615fa0 RCX: 00007f1b2539aeb9 [ 696.422176][T29058] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 696.422187][T29058] RBP: 00007f1b25408c1f R08: 0000000000000000 R09: 0000000000000000 [ 696.422199][T29058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 696.422211][T29058] R13: 00007f1b25616038 R14: 00007f1b25615fa0 R15: 00007ffd975b7a28 [ 696.422243][T29058]