last executing test programs: 2.461937311s ago: executing program 4 (id=1062): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.971208229s ago: executing program 4 (id=1072): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) unshare(0x6a040000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = gettid() sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r0, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x20000880}, 0x0) 1.698815758s ago: executing program 1 (id=1078): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r4, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r0}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r5, r2, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2f, 0x2f, 0x0, @loopback, @broadcast}}}}}}, 0x0) 1.483014s ago: executing program 1 (id=1081): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'bridge0\x00', 0x34cac337}) 1.482662579s ago: executing program 3 (id=1083): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r1, 0x1, 0x62}, 0x14) 1.287985507s ago: executing program 4 (id=1085): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000004000000200001800d0001007564703a73797a32"], 0x34}}, 0x4040) 1.287551701s ago: executing program 1 (id=1086): syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) 1.205483074s ago: executing program 3 (id=1088): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x30, r0, 0x801, 0x400, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "c38042c6d8"}]}, 0x30}}, 0x0) 1.13398429s ago: executing program 2 (id=1089): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0xfd0e, 0x12) 1.014995464s ago: executing program 3 (id=1091): syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {}, {0x9, 0x9}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 1.003200524s ago: executing program 0 (id=1092): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0xffffffffffffff22, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a000ea15000008009f0005000000080026000816"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) 952.021727ms ago: executing program 4 (id=1093): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000e80)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1], 0xfd, [0x5, 0x4, 0x6, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0xffff, 0x8000], [0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x20000000) 951.814409ms ago: executing program 2 (id=1094): r0 = socket$unix(0x1, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3cd4e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d42822f7346b616fe28ed0b9f42b0efdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af829500000000", 0x13c}], 0x2}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000400)="14", 0x2, 0x0, 0x4}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 791.126005ms ago: executing program 4 (id=1095): openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0xb5) r0 = socket$unix(0x1, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3cd4e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d42822f7346b616fe28ed0b9f42b0efdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af829500000000", 0x13c}], 0x2}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000400)="14", 0x2, 0x0, 0x4}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 790.997159ms ago: executing program 0 (id=1096): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0) 789.515816ms ago: executing program 2 (id=1097): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)="428dd5", 0x3, 0x10, 0x0, 0x0) 700.238771ms ago: executing program 0 (id=1098): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x11}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x400000000}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x1, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 696.599174ms ago: executing program 3 (id=1099): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001000010025bd7000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="10080400895504002c001280110001006272696467655f736c6176650000000014000580050028"], 0x4c}, 0x1, 0x0, 0x0, 0x200404c1}, 0x4040010) 599.111753ms ago: executing program 1 (id=1100): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1) 551.989839ms ago: executing program 0 (id=1101): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)={0x70, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x31, 0xe, {{{}, {}, @device_a, @broadcast, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x1, 0x1, 0x0, 0xa, 0x8}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_PROBE_RESP={0x6, 0x91, 'F\f'}]]}, 0x70}}, 0x0) 528.03697ms ago: executing program 2 (id=1102): socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 470.995639ms ago: executing program 1 (id=1103): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {}, {0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x14004880}, 0x2000d8d0) 451.996198ms ago: executing program 3 (id=1104): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x6}, 0x8) 343.727787ms ago: executing program 0 (id=1105): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65) connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback, 0x7c}, 0x20) getsockname$l2tp6(r0, 0x0, 0x0) 249.39276ms ago: executing program 0 (id=1106): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x6, 0x4) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) 186.658028ms ago: executing program 1 (id=1107): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x48, r1, 0x1, 0x1, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) 162.590503ms ago: executing program 4 (id=1108): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0xa4, r2, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x88, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x402}}, {0x8}}}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) 144.882941ms ago: executing program 3 (id=1109): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000023c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="24005a8020000180140003"], 0x40}}, 0x8000) 34.617252ms ago: executing program 2 (id=1110): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000040)={@remote, r2}, 0x14) 0s ago: executing program 2 (id=1111): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8040) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) close(0x3) kernel console output (not intermixed with test programs): [ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.208939][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.225796][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.232995][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.259831][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.279297][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.299292][ T5871] Bluetooth: hci0: command tx timeout [ 78.304419][ T5873] Bluetooth: hci1: command tx timeout [ 78.324573][ T5858] team0: Port device team_slave_0 added [ 78.334495][ T5858] team0: Port device team_slave_1 added [ 78.378602][ T5873] Bluetooth: hci3: command tx timeout [ 78.378607][ T5871] Bluetooth: hci4: command tx timeout [ 78.435540][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.443016][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.469973][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.481630][ T5873] Bluetooth: hci2: command tx timeout [ 78.490132][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.497295][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.524589][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.537362][ T5866] team0: Port device team_slave_0 added [ 78.546619][ T5866] team0: Port device team_slave_1 added [ 78.553352][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.561032][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.590190][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.603190][ T5862] team0: Port device team_slave_0 added [ 78.612895][ T5862] team0: Port device team_slave_1 added [ 78.648920][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.655990][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.683686][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.740664][ T5867] hsr_slave_0: entered promiscuous mode [ 78.747882][ T5867] hsr_slave_1: entered promiscuous mode [ 78.786845][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.794163][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.821415][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.834519][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.841586][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.867712][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.880688][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.887651][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.914746][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.929369][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.936889][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.965991][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.047524][ T5857] hsr_slave_0: entered promiscuous mode [ 79.054701][ T5857] hsr_slave_1: entered promiscuous mode [ 79.061474][ T5857] debugfs: 'hsr0' already exists in 'hsr' [ 79.067398][ T5857] Cannot create hsr debugfs directory [ 79.111271][ T5858] hsr_slave_0: entered promiscuous mode [ 79.118113][ T5858] hsr_slave_1: entered promiscuous mode [ 79.124459][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 79.130615][ T5858] Cannot create hsr debugfs directory [ 79.225949][ T5862] hsr_slave_0: entered promiscuous mode [ 79.232797][ T5862] hsr_slave_1: entered promiscuous mode [ 79.239763][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 79.245494][ T5862] Cannot create hsr debugfs directory [ 79.297366][ T5866] hsr_slave_0: entered promiscuous mode [ 79.304305][ T5866] hsr_slave_1: entered promiscuous mode [ 79.311514][ T5866] debugfs: 'hsr0' already exists in 'hsr' [ 79.317374][ T5866] Cannot create hsr debugfs directory [ 79.848065][ T5867] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.887775][ T5867] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.901890][ T5867] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.922865][ T5867] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.977216][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.991918][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.006732][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.034290][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.128005][ T5857] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.144030][ T5857] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.165243][ T5857] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.207842][ T5857] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.282198][ T5866] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.296309][ T5866] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.311988][ T5866] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.363027][ T5866] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.379646][ T5873] Bluetooth: hci1: command tx timeout [ 80.380067][ T5871] Bluetooth: hci0: command tx timeout [ 80.442835][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.460358][ T5871] Bluetooth: hci4: command tx timeout [ 80.475895][ T5871] Bluetooth: hci3: command tx timeout [ 80.501225][ T5862] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.530963][ T5862] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.549078][ T5871] Bluetooth: hci2: command tx timeout [ 80.556822][ T5862] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.581448][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.591957][ T5862] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.615325][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.660953][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.668311][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.687174][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.709254][ T3454] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.716832][ T3454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.762313][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.769477][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.784471][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.791993][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.815538][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.908245][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.929855][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.983727][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.990959][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.035503][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.043312][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.089160][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.164783][ T5857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.246606][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.253826][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.264686][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.271897][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.337634][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.421958][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.444342][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.515798][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.523306][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.575844][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.583075][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.694761][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.755844][ T5867] veth0_vlan: entered promiscuous mode [ 81.793300][ T5867] veth1_vlan: entered promiscuous mode [ 81.846749][ T5862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.885689][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.999200][ T5858] veth0_vlan: entered promiscuous mode [ 82.066444][ T5858] veth1_vlan: entered promiscuous mode [ 82.172540][ T5867] veth0_macvtap: entered promiscuous mode [ 82.202113][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.255806][ T5867] veth1_macvtap: entered promiscuous mode [ 82.298276][ T5857] veth0_vlan: entered promiscuous mode [ 82.351414][ T5857] veth1_vlan: entered promiscuous mode [ 82.395544][ T5858] veth0_macvtap: entered promiscuous mode [ 82.416284][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.443316][ T5858] veth1_macvtap: entered promiscuous mode [ 82.459663][ T5871] Bluetooth: hci1: command tx timeout [ 82.463862][ T5873] Bluetooth: hci0: command tx timeout [ 82.482738][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.512435][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.539559][ T5873] Bluetooth: hci3: command tx timeout [ 82.545198][ T5873] Bluetooth: hci4: command tx timeout [ 82.577032][ T5857] veth0_macvtap: entered promiscuous mode [ 82.595366][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.605892][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.618971][ T5873] Bluetooth: hci2: command tx timeout [ 82.627285][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.645334][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.655844][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.686918][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.702228][ T5857] veth1_macvtap: entered promiscuous mode [ 82.752486][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.776785][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.797316][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.807265][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.853494][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.897416][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.953596][ T5862] veth0_vlan: entered promiscuous mode [ 82.964311][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.976568][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.011274][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.037290][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.046695][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.056886][ T5862] veth1_vlan: entered promiscuous mode [ 83.081798][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.118260][ T5866] veth0_vlan: entered promiscuous mode [ 83.135728][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.147192][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.211181][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.221181][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.241722][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.253821][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.258107][ T5866] veth1_vlan: entered promiscuous mode [ 83.351782][ T5862] veth0_macvtap: entered promiscuous mode [ 83.375767][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.393592][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.401435][ T5862] veth1_macvtap: entered promiscuous mode [ 83.424335][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.484862][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.510737][ T5866] veth0_macvtap: entered promiscuous mode [ 83.529653][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.597623][ T5866] veth1_macvtap: entered promiscuous mode [ 83.626836][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.633811][ T5987] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.690843][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.738699][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.827676][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.850439][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.864227][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.878293][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.893703][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.933313][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.946331][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.956339][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.966073][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.055035][ T6006] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 84.539104][ T5873] Bluetooth: hci1: command tx timeout [ 84.539512][ T5871] Bluetooth: hci0: command tx timeout [ 84.600491][ T5998] netlink: 'syz.0.6': attribute type 1 has an invalid length. [ 84.612104][ T5998] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6'. [ 84.618657][ T5871] Bluetooth: hci3: command tx timeout [ 84.627800][ T5871] Bluetooth: hci4: command tx timeout [ 84.699232][ T5871] Bluetooth: hci2: command tx timeout [ 84.821074][ T6004] netlink: 'syz.0.6': attribute type 3 has an invalid length. [ 84.857727][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.865657][ T6009] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'. [ 84.889695][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.936090][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.954639][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.001566][ T6011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'. [ 85.068150][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.083681][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.093904][ T6012] netem: change failed [ 85.103492][ T6014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10'. [ 85.113439][ T6014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10'. [ 85.137072][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.160795][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.371317][ T6018] veth1_macvtap: left promiscuous mode [ 85.377251][ T6018] macsec0: entered allmulticast mode [ 85.595149][ T6025] netlink: 'syz.2.14': attribute type 1 has an invalid length. [ 85.603871][ T6027] Bluetooth: MGMT ver 1.23 [ 85.618044][ T6029] netlink: 20 bytes leftover after parsing attributes in process `syz.0.15'. [ 85.662936][ T6025] netlink: 244 bytes leftover after parsing attributes in process `syz.2.14'. [ 85.684807][ T6032] netlink: 'syz.2.14': attribute type 1 has an invalid length. [ 85.695183][ T6032] netlink: 244 bytes leftover after parsing attributes in process `syz.2.14'. [ 85.711994][ T6034] netlink: 32 bytes leftover after parsing attributes in process `syz.3.16'. [ 85.871998][ T6039] netlink: 24 bytes leftover after parsing attributes in process `syz.0.19'. [ 86.182224][ T6049] netlink: 'syz.1.22': attribute type 1 has an invalid length. [ 86.502018][ T6049] veth3: entered promiscuous mode [ 86.550231][ T6066] netlink: 'syz.3.27': attribute type 3 has an invalid length. [ 86.900758][ T1208] cfg80211: failed to load regulatory.db [ 87.589176][ T6078] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 87.675366][ T6097] ksmbd: Unknown IPC event: 8, ignore. [ 87.910571][ T6114] Zero length message leads to an empty skb [ 88.484389][ T6125] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.855395][ T6125] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.939468][ T5871] Bluetooth: hci0: command 0x0401 tx timeout [ 89.167329][ T6125] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.459025][ T6125] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.677078][ T6168] tipc: Started in network mode [ 89.693142][ T6168] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 89.737434][ T6168] tipc: Enabled bearer , priority 10 [ 89.922973][ T49] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.026116][ T49] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.118623][ T6178] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 90.183776][ T6186] __nla_validate_parse: 8 callbacks suppressed [ 90.183793][ T6186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.58'. [ 90.251459][ T49] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.302966][ T6188] tipc: Started in network mode [ 90.308077][ T6188] tipc: Node identity 1a6f823d6554, cluster identity 4711 [ 90.344683][ T6180] IPv6: Can't replace route, no match found [ 90.348190][ T6188] tipc: Enabled bearer , priority 0 [ 90.369125][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.406848][ T5870] IPVS: starting estimator thread 0... [ 90.498812][ T6195] IPVS: using max 29 ests per chain, 69600 per kthread [ 90.576760][ T6203] Bluetooth: MGMT ver 1.23 [ 90.626605][ T6186] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.849612][ T5920] tipc: Node number set to 4269801488 [ 90.965103][ T6193] syzkaller0: entered promiscuous mode [ 90.980060][ T6193] syzkaller0: entered allmulticast mode [ 91.002907][ T6193] tipc: Resetting bearer [ 91.025051][ T6187] tipc: Resetting bearer [ 91.450876][ T5920] tipc: Node number set to 2134606397 [ 92.362451][ T6187] tipc: Disabling bearer [ 92.373369][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.724236][ T6242] netlink: 204 bytes leftover after parsing attributes in process `syz.0.70'. [ 92.743164][ T6236] syz.4.68 uses obsolete (PF_INET,SOCK_PACKET) [ 92.852636][ T6248] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 92.918160][ T6234] geneve2: entered promiscuous mode [ 92.939497][ T6234] geneve2: entered allmulticast mode [ 93.785149][ T6284] tipc: Started in network mode [ 93.802786][ T6284] tipc: Node identity 86d5c8e2342d, cluster identity 4711 [ 93.824415][ T6284] tipc: Enabled bearer , priority 0 [ 93.835658][ T6287] netlink: 'syz.3.81': attribute type 1 has an invalid length. [ 93.861704][ T6287] netlink: 'syz.3.81': attribute type 1 has an invalid length. [ 93.972277][ T6276] syzkaller0: entered promiscuous mode [ 93.977958][ T6276] syzkaller0: entered allmulticast mode [ 93.984655][ T6276] tipc: Resetting bearer [ 93.994712][ T6293] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 94.034804][ T6297] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.078599][ T6273] tipc: Resetting bearer [ 94.396436][ T6307] netlink: 'syz.3.86': attribute type 32 has an invalid length. [ 94.415347][ T6307] netlink: 60 bytes leftover after parsing attributes in process `syz.3.86'. [ 94.928583][ T5920] tipc: Node number set to 3002648802 [ 96.091963][ T6273] tipc: Disabling bearer [ 96.703428][ T6337] syzkaller1: entered allmulticast mode [ 96.931267][ T6344] netlink: 20 bytes leftover after parsing attributes in process `syz.4.96'. [ 96.981916][ T6345] netlink: 'syz.4.96': attribute type 1 has an invalid length. [ 97.175561][ T6346] geneve2: entered promiscuous mode [ 97.185589][ T6350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'. [ 97.218348][ T6346] geneve2: entered allmulticast mode [ 97.949365][ T6375] tipc: Enabled bearer , priority 0 [ 98.056933][ T6379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 98.106707][ T6383] netlink: 676 bytes leftover after parsing attributes in process `syz.2.105'. [ 98.116262][ T6383] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 98.137161][ T6375] syzkaller0: entered promiscuous mode [ 98.145620][ T6375] syzkaller0: entered allmulticast mode [ 98.158850][ T6375] tipc: Resetting bearer [ 98.258035][ T6386] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.287850][ T6374] tipc: Resetting bearer [ 98.841602][ T6413] netlink: 'syz.1.111': attribute type 13 has an invalid length. [ 98.850349][ T6413] netlink: 'syz.1.111': attribute type 17 has an invalid length. [ 99.113459][ T6419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.205195][ T6420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.850050][ T6374] tipc: Disabling bearer [ 99.860755][ T6392] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 99.892261][ T6401] veth0_to_team: entered promiscuous mode [ 99.898073][ T6401] veth0_to_team: entered allmulticast mode [ 100.101061][ T6424] netlink: 20 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.118745][ T6424] netlink: 12 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.127968][ T6424] netlink: 31 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.140382][ T6413] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 100.142354][ T6424] netlink: 'syz.0.113': attribute type 3 has an invalid length. [ 100.173177][ T6425] sctp: [Deprecated]: syz.4.114 (pid 6425) Use of struct sctp_assoc_value in delayed_ack socket option. [ 100.173177][ T6425] Use struct sctp_sack_info instead [ 100.186256][ T6424] netlink: 'syz.0.113': attribute type 2 has an invalid length. [ 100.200305][ T6424] netlink: 31 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.203405][ T6429] netlink: 20 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.214902][ T6424] netlink: 'syz.0.113': attribute type 2 has an invalid length. [ 100.227028][ T6429] netlink: 100 bytes leftover after parsing attributes in process `syz.0.113'. [ 100.277002][ T6424] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.327302][ T6424] nbd: must specify at least one socket [ 100.376880][ T6427] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.546850][ T6427] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.635559][ T6427] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.852373][ T6427] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.163055][ T3454] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.172456][ T3454] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.231394][ T1139] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.299268][ T3454] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.309971][ T6459] tipc: Enabled bearer , priority 0 [ 101.453190][ T6459] syzkaller0: entered promiscuous mode [ 101.476688][ T6459] syzkaller0: entered allmulticast mode [ 101.490545][ T6459] tipc: Resetting bearer [ 101.544233][ T6458] tipc: Resetting bearer [ 101.593898][ T6468] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 101.661194][ T6470] netlink: 'syz.3.126': attribute type 4 has an invalid length. [ 103.046911][ T6458] tipc: Disabling bearer [ 103.063023][ T6470] Ã: renamed from bond0 (while UP) [ 103.307467][ T6496] netlink: 'syz.3.132': attribute type 4 has an invalid length. [ 103.406305][ T6497] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 103.429206][ T6497] bridge1: entered allmulticast mode [ 103.489413][ T6504] __nla_validate_parse: 6 callbacks suppressed [ 103.489435][ T6504] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.137'. [ 103.529503][ T6506] netlink: 'syz.2.138': attribute type 23 has an invalid length. [ 103.682220][ T6510] netlink: 'syz.1.140': attribute type 21 has an invalid length. [ 103.699232][ T6512] IPv6: NLM_F_CREATE should be specified when creating new route [ 103.730311][ T6512] netlink: 52 bytes leftover after parsing attributes in process `syz.0.139'. [ 103.795786][ T1208] IPVS: starting estimator thread 0... [ 103.918506][ T6518] IPVS: using max 34 ests per chain, 81600 per kthread [ 104.151254][ T6526] netlink: 'syz.0.142': attribute type 2 has an invalid length. [ 104.159173][ T6526] netlink: 16 bytes leftover after parsing attributes in process `syz.0.142'. [ 104.215633][ T6525] netlink: 20 bytes leftover after parsing attributes in process `syz.0.142'. [ 104.440207][ T6528] tipc: Started in network mode [ 104.445123][ T6528] tipc: Node identity d2380b667ee8, cluster identity 4711 [ 104.474513][ T6537] netlink: 'syz.4.145': attribute type 1 has an invalid length. [ 104.484171][ T6528] tipc: Enabled bearer , priority 0 [ 104.645643][ T6533] syzkaller0: entered promiscuous mode [ 104.664602][ T6533] syzkaller0: entered allmulticast mode [ 104.674290][ T6533] tipc: Resetting bearer [ 104.712186][ T6537] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 104.785212][ T6527] tipc: Resetting bearer [ 105.579104][ T5947] tipc: Node number set to 2899315558 [ 106.237256][ T6527] tipc: Disabling bearer [ 106.256986][ T6553] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.281042][ T6560] netlink: 'syz.3.144': attribute type 1 has an invalid length. [ 106.302576][ T6560] netlink: 236 bytes leftover after parsing attributes in process `syz.3.144'. [ 106.332522][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.144'. [ 106.441891][ T6574] tipc: Can't bind to reserved service type 2 [ 106.479456][ T6553] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.703423][ T6553] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.781132][ T6553] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.028623][ T3553] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.082717][ T6593] netlink: 556 bytes leftover after parsing attributes in process `syz.1.155'. [ 107.104614][ T59] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.107701][ T6595] netlink: 'syz.3.157': attribute type 3 has an invalid length. [ 107.241198][ T59] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.290821][ T59] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.485121][ T6608] tipc: Enabled bearer , priority 0 [ 107.573568][ T6610] tipc: Enabled bearer , priority 0 [ 107.620485][ T6608] tipc: Disabling bearer [ 107.771994][ T6610] syzkaller0: entered promiscuous mode [ 107.785594][ T6610] syzkaller0: entered allmulticast mode [ 107.805118][ T6625] netlink: 36 bytes leftover after parsing attributes in process `syz.2.166'. [ 107.814222][ T6610] tipc: Resetting bearer [ 107.849739][ T6624] netlink: 8 bytes leftover after parsing attributes in process `syz.3.165'. [ 107.902447][ T6606] tipc: Resetting bearer [ 108.183610][ T6635] netlink: 'syz.3.169': attribute type 13 has an invalid length. [ 108.213583][ T6635] netlink: 'syz.3.169': attribute type 17 has an invalid length. [ 108.425823][ T6644] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.867066][ T6606] tipc: Disabling bearer [ 109.882989][ T6631] macsec1: entered promiscuous mode [ 109.888486][ T6631] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 109.895763][ T6631] macsec1: entered allmulticast mode [ 109.903993][ T6631] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 110.020785][ T6669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.173'. [ 110.023319][ T6635] 8021q: adding VLAN 0 to HW filter on device à [ 110.049340][ T6635] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 110.716371][ T6689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.180'. [ 110.788967][ T6691] netlink: 212008 bytes leftover after parsing attributes in process `syz.1.180'. [ 111.032542][ T6704] netlink: 'syz.4.183': attribute type 1 has an invalid length. [ 111.281692][ T6712] netlink: 'syz.1.185': attribute type 32 has an invalid length. [ 111.296476][ T6712] netlink: 60 bytes leftover after parsing attributes in process `syz.1.185'. [ 111.344269][ T6705] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 111.386054][ T6705] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 111.430186][ T6705] bond1: (slave vti0): making interface the new active one [ 111.503356][ T6705] bond1: (slave vti0): Enslaving as an active interface with an up link [ 111.563589][ T6717] tipc: Enabled bearer , priority 0 [ 111.568621][ T6725] netlink: 'syz.2.187': attribute type 10 has an invalid length. [ 111.681442][ T6725] macvlan0: entered promiscuous mode [ 111.725657][ T6725] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 111.804709][ T6734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.188'. [ 111.987678][ T6721] syzkaller0: entered promiscuous mode [ 112.035224][ T6721] syzkaller0: entered allmulticast mode [ 112.085889][ T6721] tipc: Resetting bearer [ 112.150824][ T6708] tipc: Resetting bearer [ 112.186573][ T6757] netlink: 6040 bytes leftover after parsing attributes in process `syz.4.191'. [ 113.496555][ T6708] tipc: Disabling bearer [ 113.514920][ T6765] caif0: Master is either lo or non-ether device [ 113.721831][ T6789] netlink: 68 bytes leftover after parsing attributes in process `syz.0.197'. [ 113.820253][ T6785] veth0: entered promiscuous mode [ 113.874958][ T6801] netlink: 'syz.4.199': attribute type 1 has an invalid length. [ 114.319898][ T6808] netlink: 60 bytes leftover after parsing attributes in process `syz.4.200'. [ 114.554628][ T6834] netlink: 'syz.0.202': attribute type 32 has an invalid length. [ 114.563464][ T6834] netlink: 60 bytes leftover after parsing attributes in process `syz.0.202'. [ 114.565066][ T6825] vlan0: entered promiscuous mode [ 114.598262][ T6825] vlan0: entered allmulticast mode [ 114.603647][ T6825] veth0_vlan: entered allmulticast mode [ 115.363141][ T6875] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.379606][ T6875] batadv_slave_0: entered promiscuous mode [ 115.412243][ T6875] batadv_slave_0: entered allmulticast mode [ 115.451848][ T6875] netlink: 'syz.4.209': attribute type 8 has an invalid length. [ 115.630565][ T6873] syzkaller0: entered promiscuous mode [ 115.636216][ T6873] syzkaller0: entered allmulticast mode [ 115.655932][ T6878] tipc: Enabled bearer , priority 0 [ 115.707127][ T6872] tipc: Resetting bearer [ 115.901587][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.0.215'. [ 115.913369][ T6905] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 115.932541][ T6905] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 117.814277][ T6872] tipc: Disabling bearer [ 117.825002][ T6897] netlink: 'syz.4.213': attribute type 3 has an invalid length. [ 117.833730][ T6903] warning: `syz.0.215' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 118.163691][ T6972] netlink: 'syz.4.220': attribute type 32 has an invalid length. [ 118.197410][ T6973] Driver unsupported XDP return value 0 on prog (id 60) dev N/A, expect packet loss! [ 118.198530][ T6972] netlink: 60 bytes leftover after parsing attributes in process `syz.4.220'. [ 118.666323][ T6997] tap0: tun_chr_ioctl cmd 1074025677 [ 118.681526][ T6997] tap0: linktype set to 769 [ 118.769798][ T7008] netlink: 432 bytes leftover after parsing attributes in process `syz.0.224'. [ 119.065667][ T7013] delete_channel: no stack [ 119.072965][ T7017] netlink: 1 bytes leftover after parsing attributes in process `syz.1.227'. [ 119.437721][ T7035] tipc: Enabled bearer , priority 0 [ 119.490786][ T7035] syzkaller0: entered promiscuous mode [ 119.496289][ T7035] syzkaller0: entered allmulticast mode [ 119.587602][ T7039] netlink: 12 bytes leftover after parsing attributes in process `syz.1.233'. [ 119.597121][ T7035] netlink: 20 bytes leftover after parsing attributes in process `syz.2.231'. [ 119.709513][ T7030] tipc: Resetting bearer [ 119.746848][ T7030] tipc: Disabling bearer [ 120.053350][ T7059] netlink: 24 bytes leftover after parsing attributes in process `syz.2.236'. [ 120.943629][ T7085] sctp: [Deprecated]: syz.3.240 (pid 7085) Use of struct sctp_assoc_value in delayed_ack socket option. [ 120.943629][ T7085] Use struct sctp_sack_info instead [ 121.019489][ T7085] IPVS: set_ctl: invalid protocol: 33 255.255.255.255:20000 [ 121.055524][ T7085] IPVS: set_ctl: invalid protocol: 106 172.20.20.30:20004 [ 121.126553][ T7091] tipc: Started in network mode [ 121.135079][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.242'. [ 121.135701][ T7091] tipc: Node identity e63d9a35e387, cluster identity 4711 [ 121.172629][ T7091] tipc: Enabled bearer , priority 0 [ 121.197076][ T7096] syzkaller0: entered promiscuous mode [ 121.218360][ T7096] syzkaller0: entered allmulticast mode [ 121.262529][ T7091] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 121.333731][ T7091] tipc: Resetting bearer [ 121.352319][ T7099] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 121.363491][ T7091] tipc: Resetting bearer [ 121.387090][ T7091] tipc: Disabling bearer [ 121.435511][ T7099] bridge_slave_0: left allmulticast mode [ 121.455067][ T7099] bridge_slave_0: left promiscuous mode [ 121.464751][ T7099] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.514281][ T7099] bridge_slave_1: left allmulticast mode [ 121.520702][ T7099] bridge_slave_1: left promiscuous mode [ 121.526548][ T7099] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.555102][ T7099] Ã: (slave bond_slave_0): Releasing backup interface [ 121.563604][ T7101] netlink: 'syz.3.244': attribute type 10 has an invalid length. [ 121.586430][ T7099] Ã: (slave bond_slave_1): Releasing backup interface [ 121.635811][ T7099] team0: Port device team_slave_0 removed [ 121.656232][ T7099] team0: Port device team_slave_1 removed [ 121.679499][ T7099] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.707428][ T7099] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.735486][ T7099] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.752177][ T7099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.802782][ T7112] pimreg: entered allmulticast mode [ 121.808308][ T7101] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 121.821374][ T7101] wlan1: mtu less than device minimum [ 121.826854][ T7101] Ã: (slave wlan1): Error -22 calling dev_set_mtu [ 122.197290][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.205598][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.472160][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.762077][ T7110] veth3: left promiscuous mode [ 122.795036][ T7110] bridge1: left allmulticast mode [ 122.801237][ T7110] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 122.808150][ T7110] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 122.820025][ T7110] macsec1: left promiscuous mode [ 122.825058][ T7110] macsec1: left allmulticast mode [ 122.872400][ T3553] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.905931][ T3553] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.953399][ T3553] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.027099][ T3553] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.346125][ T7165] netlink: 244 bytes leftover after parsing attributes in process `syz.4.261'. [ 123.876152][ T7200] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'. [ 123.886246][ T7193] tap0: tun_chr_ioctl cmd 1074025680 [ 123.894453][ T7193] tipc: Enabled bearer , priority 0 [ 124.016737][ T7204] netlink: 'syz.1.266': attribute type 13 has an invalid length. [ 124.052813][ T7206] IPVS: set_ctl: invalid protocol: 60 127.0.0.1:20004 [ 124.074458][ T7203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.270'. [ 124.099609][ T7201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.266'. [ 124.301338][ T7201] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 124.331740][ T7220] netlink: 508 bytes leftover after parsing attributes in process `syz.2.272'. [ 124.370482][ T7220] netlink: 24 bytes leftover after parsing attributes in process `syz.2.272'. [ 124.380964][ T7220] openvswitch: netlink: Flow key attr not present in new flow. [ 124.422338][ T7226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.276'. [ 124.438857][ T7214] netlink: 12 bytes leftover after parsing attributes in process `syz.2.272'. [ 124.449004][ T7221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.275'. [ 124.449795][ T7214] tc_dump_action: action bad kind [ 124.467501][ T7210] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 124.473154][ T7211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.491900][ T7192] tipc: Disabling bearer [ 124.539540][ T7226] macsec1: entered promiscuous mode [ 124.544849][ T7226] macvlan1: entered promiscuous mode [ 124.550658][ T7226] macsec1: entered allmulticast mode [ 124.556041][ T7226] macvlan1: entered allmulticast mode [ 124.580096][ T7226] veth1_vlan: entered allmulticast mode [ 124.657742][ T7232] batadv_slave_1: entered promiscuous mode [ 124.677171][ T7231] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 124.700288][ T7229] batadv_slave_1: left promiscuous mode [ 124.899870][ T7246] netlink: 'syz.2.283': attribute type 1 has an invalid length. [ 125.205766][ T7261] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 125.213174][ T7261] IPv6: NLM_F_CREATE should be set when creating new route [ 125.220467][ T7261] IPv6: NLM_F_CREATE should be set when creating new route [ 125.315828][ T7246] veth3: entered promiscuous mode [ 126.025501][ T7294] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.212743][ T7294] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.404390][ T7294] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.452862][ T7322] FAULT_INJECTION: forcing a failure. [ 126.452862][ T7322] name failslab, interval 1, probability 0, space 0, times 1 [ 126.482162][ T7322] CPU: 0 UID: 0 PID: 7322 Comm: syz.2.304 Not tainted syzkaller #0 PREEMPT(full) [ 126.482185][ T7322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.482208][ T7322] Call Trace: [ 126.482215][ T7322] [ 126.482224][ T7322] dump_stack_lvl+0x189/0x250 [ 126.482258][ T7322] ? __pfx____ratelimit+0x10/0x10 [ 126.482282][ T7322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.482302][ T7322] ? __pfx__printk+0x10/0x10 [ 126.482321][ T7322] ? netlink_unicast+0x82f/0x9e0 [ 126.482343][ T7322] ? ___sys_sendmsg+0x21f/0x2a0 [ 126.482359][ T7322] ? do_syscall_64+0xfa/0x3b0 [ 126.482393][ T7322] should_fail_ex+0x414/0x560 [ 126.482421][ T7322] should_failslab+0xa8/0x100 [ 126.482448][ T7322] kmem_cache_alloc_noprof+0x73/0x3c0 [ 126.482470][ T7322] ? skb_clone+0x212/0x3a0 [ 126.482492][ T7322] skb_clone+0x212/0x3a0 [ 126.482514][ T7322] __netlink_deliver_tap+0x404/0x850 [ 126.482549][ T7322] ? netlink_deliver_tap+0x2e/0x1b0 [ 126.482574][ T7322] netlink_deliver_tap+0x19c/0x1b0 [ 126.482599][ T7322] netlink_sendskb+0x68/0x140 [ 126.482622][ T7322] netlink_unicast+0x397/0x9e0 [ 126.482640][ T7322] ? __asan_memcpy+0x40/0x70 [ 126.482668][ T7322] ? __pfx_netlink_unicast+0x10/0x10 [ 126.482700][ T7322] nfnetlink_rcv+0x2290/0x2520 [ 126.482753][ T7322] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 126.482792][ T7322] ? ref_tracker_free+0x63a/0x7d0 [ 126.482845][ T7322] ? __netlink_deliver_tap+0x807/0x850 [ 126.482868][ T7322] ? netlink_deliver_tap+0x2e/0x1b0 [ 126.482909][ T7322] netlink_unicast+0x82f/0x9e0 [ 126.482940][ T7322] ? __pfx_netlink_unicast+0x10/0x10 [ 126.482964][ T7322] ? netlink_sendmsg+0x642/0xb30 [ 126.482985][ T7322] ? skb_put+0x11b/0x210 [ 126.483006][ T7322] netlink_sendmsg+0x805/0xb30 [ 126.483041][ T7322] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.483068][ T7322] ? aa_sock_msg_perm+0xf1/0x1d0 [ 126.483094][ T7322] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.483113][ T7322] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.483142][ T7322] __sock_sendmsg+0x219/0x270 [ 126.483168][ T7322] ____sys_sendmsg+0x505/0x830 [ 126.483217][ T7322] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.483246][ T7322] ? import_iovec+0x74/0xa0 [ 126.483270][ T7322] ___sys_sendmsg+0x21f/0x2a0 [ 126.483292][ T7322] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.483348][ T7322] ? __fget_files+0x2a/0x420 [ 126.483372][ T7322] ? __fget_files+0x3a0/0x420 [ 126.483408][ T7322] __x64_sys_sendmsg+0x19b/0x260 [ 126.483429][ T7322] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.483455][ T7322] ? __pfx_ksys_write+0x10/0x10 [ 126.483474][ T7322] ? rcu_is_watching+0x15/0xb0 [ 126.483497][ T7322] ? do_syscall_64+0xbe/0x3b0 [ 126.483525][ T7322] do_syscall_64+0xfa/0x3b0 [ 126.483547][ T7322] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.483568][ T7322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.483585][ T7322] ? clear_bhb_loop+0x60/0xb0 [ 126.483606][ T7322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.483622][ T7322] RIP: 0033:0x7fa61e18ebe9 [ 126.483646][ T7322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.483661][ T7322] RSP: 002b:00007fa61ef18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.483684][ T7322] RAX: ffffffffffffffda RBX: 00007fa61e3b5fa0 RCX: 00007fa61e18ebe9 [ 126.483697][ T7322] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 126.483707][ T7322] RBP: 00007fa61ef18090 R08: 0000000000000000 R09: 0000000000000000 [ 126.483717][ T7322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 126.483727][ T7322] R13: 00007fa61e3b6038 R14: 00007fa61e3b5fa0 R15: 00007ffc1f9c6ab8 [ 126.483757][ T7322] [ 126.496304][ T7324] __nla_validate_parse: 7 callbacks suppressed [ 126.496321][ T7324] netlink: 16 bytes leftover after parsing attributes in process `syz.3.302'. [ 126.553907][ T7326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.305'. [ 126.658568][ T7324] netlink: 216 bytes leftover after parsing attributes in process `syz.3.302'. [ 126.680082][ T7326] netlink: 20 bytes leftover after parsing attributes in process `syz.2.305'. [ 126.981858][ T7294] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.137080][ T7339] netlink: 'syz.2.309': attribute type 20 has an invalid length. [ 127.398686][ T7177] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.425250][ T7357] netlink: 12 bytes leftover after parsing attributes in process `syz.4.313'. [ 127.454098][ T3553] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.531148][ T3553] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.593621][ T59] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.649078][ T7366] tipc: Enabled bearer , priority 0 [ 127.711213][ T7369] netlink: 'syz.2.314': attribute type 5 has an invalid length. [ 127.756533][ T7366] syzkaller0: entered promiscuous mode [ 127.762206][ T7366] syzkaller0: entered allmulticast mode [ 127.768993][ T7366] tipc: Resetting bearer [ 127.805268][ T7365] tipc: Resetting bearer [ 128.245594][ T7392] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 128.965990][ T7406] netlink: 'syz.4.325': attribute type 1 has an invalid length. [ 128.979356][ T7406] netlink: 'syz.4.325': attribute type 2 has an invalid length. [ 129.916276][ T7365] tipc: Disabling bearer [ 129.976436][ T7416] netlink: 12 bytes leftover after parsing attributes in process `syz.0.327'. [ 130.065228][ T7419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.330'. [ 130.106899][ T7419] openvswitch: netlink: Flow key attr not present in new flow. [ 130.141919][ T5873] Bluetooth: hci4: command 0x0405 tx timeout [ 130.206437][ T7427] tipc: Failed to remove unknown binding: 66,1,1/2899315558:584532563/584532565 [ 130.239600][ T7429] netlink: 'syz.0.333': attribute type 3 has an invalid length. [ 130.296102][ T7424] veth5: entered promiscuous mode [ 130.307311][ T7434] tipc: Failed to remove unknown binding: 66,1,1/2899315558:584532563/584532565 [ 130.322835][ T7434] tipc: Failed to remove unknown binding: 66,1,1/2899315558:584532563/584532565 [ 130.335189][ T7429] netlink: 'syz.0.333': attribute type 3 has an invalid length. [ 131.172039][ T7462] netlink: 'syz.2.340': attribute type 1 has an invalid length. [ 131.180713][ T7462] netlink: 'syz.2.340': attribute type 2 has an invalid length. [ 131.188477][ T7462] netlink: 'syz.2.340': attribute type 1 has an invalid length. [ 131.196276][ T7462] netlink: 1156 bytes leftover after parsing attributes in process `syz.2.340'. [ 131.213454][ T7468] netlink: 48 bytes leftover after parsing attributes in process `syz.3.341'. [ 131.217473][ T7462] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 131.696283][ T7495] netlink: 'syz.4.349': attribute type 9 has an invalid length. [ 131.696283][ T7496] netlink: 'syz.4.349': attribute type 9 has an invalid length. [ 131.696315][ T7495] netlink: 211988 bytes leftover after parsing attributes in process `syz.4.349'. [ 131.704171][ T7496] netlink: 211988 bytes leftover after parsing attributes in process `syz.4.349'. [ 132.140811][ T7491] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 132.218646][ T5864] Bluetooth: hci4: command 0x0405 tx timeout [ 132.463778][ T7524] pim6reg: entered allmulticast mode [ 132.504108][ T7530] netlink: 'syz.3.358': attribute type 1 has an invalid length. [ 132.544412][ T7530] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.358'. [ 132.549080][ T7525] pim6reg: left allmulticast mode [ 132.912348][ T7553] netlink: 'syz.2.363': attribute type 7 has an invalid length. [ 132.935421][ T7546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.362'. [ 132.990858][ T7551] tipc: Enabled bearer , priority 0 [ 133.007233][ T7551] syzkaller0: entered promiscuous mode [ 133.015378][ T7551] syzkaller0: entered allmulticast mode [ 133.188540][ T7563] Bluetooth: MGMT ver 1.23 [ 133.604882][ T7576] netlink: 666 bytes leftover after parsing attributes in process `syz.2.371'. [ 133.623753][ T7576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'. [ 133.941092][ T7547] tipc: Resetting bearer [ 134.018864][ T7547] tipc: Disabling bearer [ 134.054090][ T7578] syz_tun: entered promiscuous mode [ 134.059809][ T7578] vlan2: entered promiscuous mode [ 134.351406][ T7591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.377'. [ 134.368639][ T7593] !: renamed from dummy0 (while UP) [ 134.440166][ T7593] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 134.591627][ T7596] 8021q: adding VLAN 0 to HW filter on device bond1 [ 134.681681][ T7604] syzkaller1: entered promiscuous mode [ 134.697451][ T7604] syzkaller1: entered allmulticast mode [ 135.595362][ T7626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.942929][ T7632] netlink: 1 bytes leftover after parsing attributes in process `syz.3.388'. [ 135.980289][ T7631] netlink: 1 bytes leftover after parsing attributes in process `syz.3.388'. [ 136.390674][ T7643] tipc: Enabling of bearer rejected, failed to enable media [ 136.421022][ T7643] syzkaller0: entered promiscuous mode [ 136.436900][ T7643] syzkaller0: entered allmulticast mode [ 136.605529][ T7654] netlink: 32 bytes leftover after parsing attributes in process `syz.1.395'. [ 136.653589][ T7658] netlink: 'syz.2.397': attribute type 21 has an invalid length. [ 136.904684][ T7666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.400'. [ 136.999486][ T7667] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 137.227785][ T7677] netlink: 'syz.1.403': attribute type 1 has an invalid length. [ 137.237915][ T7673] geneve2: entered allmulticast mode [ 137.263505][ T59] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 137.364523][ T7677] 8021q: adding VLAN 0 to HW filter on device bond2 [ 137.406519][ T59] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 137.497338][ T7682] 8021q: adding VLAN 0 to HW filter on device bond2 [ 137.521471][ T7682] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 137.575150][ T7682] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 137.784773][ T7688] veth7: entered promiscuous mode [ 137.813818][ T7688] bond2: (slave veth7): Enslaving as an active interface with a down link [ 137.889035][ T59] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 137.914924][ T59] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 138.105430][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.410'. [ 138.116834][ T7718] netlink: 8 bytes leftover after parsing attributes in process `syz.0.409'. [ 138.125902][ T7718] netlink: 12 bytes leftover after parsing attributes in process `syz.0.409'. [ 138.228303][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.409'. [ 138.392147][ T7730] ip6gretap2: entered promiscuous mode [ 138.524890][ T7733] netlink: 'syz.2.414': attribute type 8 has an invalid length. [ 138.807475][ T7744] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 138.985186][ T7752] netlink: 12 bytes leftover after parsing attributes in process `syz.2.419'. [ 139.252146][ T7752] bridge2: entered allmulticast mode [ 139.287845][ T7770] netlink: 5 bytes leftover after parsing attributes in process `syz.3.422'. [ 139.320387][ T7757] netlink: 360 bytes leftover after parsing attributes in process `syz.1.420'. [ 139.737865][ T7790] netlink: 'syz.2.428': attribute type 32 has an invalid length. [ 139.768178][ T7790] netlink: 60 bytes leftover after parsing attributes in process `syz.2.428'. [ 140.002197][ T7802] erspan1: entered promiscuous mode [ 140.028213][ T7802] netlink: 248 bytes leftover after parsing attributes in process `syz.0.430'. [ 140.056222][ T7803] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96 [ 141.474722][ T7854] netlink: 'syz.0.441': attribute type 1 has an invalid length. [ 141.493214][ T7851] tipc: Enabled bearer , priority 0 [ 141.618534][ T7850] tipc: Disabling bearer [ 142.208518][ T7886] netlink: 'syz.2.448': attribute type 1 has an invalid length. [ 142.248858][ T7886] netlink: 'syz.2.448': attribute type 1 has an invalid length. [ 142.633301][ T7910] netlink: 'syz.0.451': attribute type 21 has an invalid length. [ 142.684037][ T7910] __nla_validate_parse: 2 callbacks suppressed [ 142.684052][ T7910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.451'. [ 142.751743][ T7909] netlink: 20 bytes leftover after parsing attributes in process `syz.0.451'. [ 142.857446][ T7916] veth1: entered promiscuous mode [ 142.922974][ T7916] vlan2: entered promiscuous mode [ 142.990525][ T7925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.457'. [ 143.358531][ T7943] netlink: 24 bytes leftover after parsing attributes in process `syz.4.462'. [ 143.461885][ T7948] tipc: Enabled bearer , priority 0 [ 143.571049][ T7954] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.466'. [ 143.612560][ T7948] syzkaller0: entered promiscuous mode [ 143.618058][ T7948] syzkaller0: entered allmulticast mode [ 143.650262][ T7959] netlink: 24 bytes leftover after parsing attributes in process `syz.3.464'. [ 143.790539][ T7940] tipc: Resetting bearer [ 143.897827][ T7940] tipc: Disabling bearer [ 143.908904][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.471'. [ 143.966445][ T7976] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 144.357355][ T7999] netlink: 64 bytes leftover after parsing attributes in process `syz.3.476'. [ 144.617979][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.478'. [ 144.664279][ T7992] syzkaller1: entered promiscuous mode [ 144.681149][ T7992] syzkaller1: entered allmulticast mode [ 144.764318][ T8014] netlink: 8 bytes leftover after parsing attributes in process `syz.3.480'. [ 145.127863][ T8032] netlink: 'syz.4.486': attribute type 2 has an invalid length. [ 145.417183][ T8048] IPv4: Oversized IP packet from 127.202.26.0 [ 145.912549][ T8061] netlink: 'syz.1.491': attribute type 5 has an invalid length. [ 146.134161][ T8066] bridge1: entered allmulticast mode [ 146.163330][ T8078] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 146.186380][ T8079] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0 [ 146.196678][ T8074] netlink: 'syz.4.496': attribute type 3 has an invalid length. [ 146.402360][ T8088] netlink: 'syz.0.500': attribute type 1 has an invalid length. [ 146.472878][ T8094] netlink: 'syz.3.503': attribute type 30 has an invalid length. [ 146.652899][ T8090] syzkaller0: entered promiscuous mode [ 146.660793][ T8090] syzkaller0: entered allmulticast mode [ 147.843953][ T8110] tipc: Enabling not permitted [ 147.858043][ T8110] tipc: Enabling of bearer rejected, failed to enable media [ 148.044210][ T8130] __nla_validate_parse: 42 callbacks suppressed [ 148.044231][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.513'. [ 148.173526][ T8135] tipc: Enabled bearer , priority 0 [ 148.195877][ T8135] syzkaller0: entered promiscuous mode [ 148.217245][ T8135] syzkaller0: entered allmulticast mode [ 148.321105][ T8145] netlink: 16 bytes leftover after parsing attributes in process `syz.0.515'. [ 148.360413][ T8142] netlink: 780 bytes leftover after parsing attributes in process `syz.3.516'. [ 148.389904][ T8135] tipc: Resetting bearer [ 148.466432][ T8134] tipc: Resetting bearer [ 148.512565][ T8134] tipc: Disabling bearer [ 148.632923][ T8160] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.648465][ T8160] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 148.659284][ T8163] netlink: 260 bytes leftover after parsing attributes in process `syz.4.521'. [ 148.823453][ T8160] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.848529][ T8160] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 148.997220][ T8160] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.019953][ T8160] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 149.051192][ T8179] netlink: 8 bytes leftover after parsing attributes in process `syz.4.526'. [ 149.199576][ T8160] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.219625][ T8160] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 149.274672][ T8188] netlink: 96 bytes leftover after parsing attributes in process `syz.4.528'. [ 149.353413][ T8196] netlink: 8 bytes leftover after parsing attributes in process `syz.1.529'. [ 149.462320][ T8189] raw_sendmsg: syz.4.528 forgot to set AF_INET. Fix it! [ 149.680118][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 149.701138][ T12] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 149.842101][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 149.874975][ T12] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 149.952168][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 149.977768][ T12] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 150.052400][ T3454] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 150.074318][ T3454] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 150.431889][ T8218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.535'. [ 150.437422][ T8230] netlink: 20 bytes leftover after parsing attributes in process `syz.4.539'. [ 151.240379][ T8255] netlink: 'syz.1.547': attribute type 2 has an invalid length. [ 151.422535][ T30] audit: type=1107 audit(1755638311.329:2): pid=8261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 151.472514][ T8263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.505638][ T8263] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.519263][ T8277] netlink: 28 bytes leftover after parsing attributes in process `syz.1.547'. [ 151.539018][ T8263] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 151.636287][ T8282] netlink: 'syz.3.553': attribute type 2 has an invalid length. [ 151.992424][ T8303] block nbd0: server does not support multiple connections per device. [ 152.006066][ T8303] block nbd0: shutting down sockets [ 152.192803][ T8312] netlink: 'syz.4.558': attribute type 30 has an invalid length. [ 152.213390][ T8312] netlink: 'syz.4.558': attribute type 30 has an invalid length. [ 152.755987][ T8340] syzkaller0: entered promiscuous mode [ 152.763171][ T8340] syzkaller0: entered allmulticast mode [ 153.159902][ T8360] netlink: 'syz.4.566': attribute type 1 has an invalid length. [ 153.167721][ T8360] netlink: 'syz.4.566': attribute type 3 has an invalid length. [ 153.196218][ T8360] __nla_validate_parse: 5 callbacks suppressed [ 153.196236][ T8360] netlink: 224 bytes leftover after parsing attributes in process `syz.4.566'. [ 154.013032][ T8380] netlink: 'syz.3.569': attribute type 1 has an invalid length. [ 154.702544][ T8380] bond0: entered promiscuous mode [ 154.716307][ T8380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.771638][ T8386] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.570'. [ 154.801767][ T8381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.809116][ T8381] bond0: (slave vxcan1): The slave device specified does not support setting the MAC address [ 154.821722][ T8381] bond0: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 154.835054][ T8381] bond0: (slave vxcan1): making interface the new active one [ 154.844161][ T8381] vxcan1: entered promiscuous mode [ 154.850643][ T8381] bond0: (slave vxcan1): Enslaving as an active interface with an up link [ 154.868249][ T8393] veth1_to_team: entered allmulticast mode [ 154.885239][ T8390] tipc: Enabled bearer , priority 0 [ 154.934254][ T8396] syzkaller0: entered promiscuous mode [ 154.952835][ T8396] syzkaller0: entered allmulticast mode [ 154.980296][ T8390] tipc: Resetting bearer [ 155.003699][ T8389] tipc: Resetting bearer [ 155.089822][ T8389] tipc: Disabling bearer [ 155.219514][ T8412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 155.329857][ T5871] Bluetooth: hci4: link tx timeout [ 155.335809][ T5871] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 155.345289][ T5871] Bluetooth: hci4: link tx timeout [ 155.350661][ T5871] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.358734][ T5871] Bluetooth: hci4: link tx timeout [ 155.363929][ T5871] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 155.371796][ T5871] Bluetooth: hci4: link tx timeout [ 155.377756][ T5871] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.385605][ T5871] Bluetooth: hci4: link tx timeout [ 155.390864][ T5871] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 155.398714][ T5871] Bluetooth: hci4: link tx timeout [ 155.403896][ T5871] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.411709][ T5871] Bluetooth: hci4: link tx timeout [ 155.416898][ T5871] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 155.424739][ T5871] Bluetooth: hci4: link tx timeout [ 155.429928][ T5871] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.438726][ T5871] Bluetooth: hci4: link tx timeout [ 155.443845][ T5871] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 155.451794][ T5871] Bluetooth: hci4: link tx timeout [ 155.456992][ T5871] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 155.907907][ T8426] netlink: 'syz.2.582': attribute type 13 has an invalid length. [ 155.944355][ T8426] netlink: 'syz.2.582': attribute type 17 has an invalid length. [ 156.120422][ T8433] syzkaller0: entered promiscuous mode [ 156.125986][ T8433] syzkaller0: entered allmulticast mode [ 157.428617][ T5871] Bluetooth: hci4: command 0x0405 tx timeout [ 157.781861][ T8482] netlink: 'syz.3.591': attribute type 13 has an invalid length. [ 157.791032][ T8482] netlink: 'syz.3.591': attribute type 17 has an invalid length. [ 157.808340][ T8470] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.913504][ T8482] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 157.970336][ T8470] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.032526][ T8479] netlink: 40 bytes leftover after parsing attributes in process `syz.3.591'. [ 158.092078][ T8470] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.191063][ T8496] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.595'. [ 158.206391][ T8470] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.370271][ T8504] netlink: 12 bytes leftover after parsing attributes in process `syz.0.598'. [ 158.386408][ T8504] netlink: 24 bytes leftover after parsing attributes in process `syz.0.598'. [ 158.546046][ T8478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.564308][ T8507] batman_adv: batadv0: Adding interface: gretap1 [ 158.571738][ T8507] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 158.593015][ T8507] batman_adv: batadv0: Interface activated: gretap1 [ 158.613062][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.627902][ T8509] tipc: Enabled bearer , priority 0 [ 158.724263][ T8509] syzkaller0: entered promiscuous mode [ 158.729944][ T8509] syzkaller0: entered allmulticast mode [ 158.736118][ T8509] tipc: Resetting bearer [ 158.742586][ T3454] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.761838][ T8506] tipc: Resetting bearer [ 159.498731][ T5871] Bluetooth: hci4: command 0x0405 tx timeout [ 159.967685][ T8506] tipc: Disabling bearer [ 159.981733][ T7177] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.015486][ T8516] syzkaller0: entered promiscuous mode [ 160.024080][ T8516] syzkaller0: entered allmulticast mode [ 160.122232][ T8534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.604'. [ 161.416822][ T8540] tipc: Enabling of bearer rejected, failed to enable media [ 161.426427][ T8541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.606'. [ 161.539841][ T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.600849][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 161.647715][ T8560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.611'. [ 161.801654][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.613'. [ 161.900028][ T8570] tipc: Enabled bearer , priority 0 [ 162.077784][ T8570] syzkaller0: entered promiscuous mode [ 162.084189][ T8570] syzkaller0: entered allmulticast mode [ 162.091980][ T8570] tipc: Resetting bearer [ 162.130062][ T8569] tipc: Resetting bearer [ 163.494011][ T8569] tipc: Disabling bearer [ 163.834270][ T8610] FAULT_INJECTION: forcing a failure. [ 163.834270][ T8610] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 163.849661][ T8610] CPU: 1 UID: 0 PID: 8610 Comm: syz.1.625 Not tainted syzkaller #0 PREEMPT(full) [ 163.849707][ T8610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 163.849726][ T8610] Call Trace: [ 163.849733][ T8610] [ 163.849741][ T8610] dump_stack_lvl+0x189/0x250 [ 163.849767][ T8610] ? __pfx____ratelimit+0x10/0x10 [ 163.849792][ T8610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.849812][ T8610] ? __pfx__printk+0x10/0x10 [ 163.849836][ T8610] ? __might_fault+0xb0/0x130 [ 163.849871][ T8610] should_fail_ex+0x414/0x560 [ 163.849898][ T8610] _copy_from_user+0x2d/0xb0 [ 163.849919][ T8610] ___sys_sendmsg+0x158/0x2a0 [ 163.849941][ T8610] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.849997][ T8610] ? __fget_files+0x2a/0x420 [ 163.850021][ T8610] ? __fget_files+0x3a0/0x420 [ 163.850056][ T8610] __x64_sys_sendmsg+0x19b/0x260 [ 163.850078][ T8610] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 163.850107][ T8610] ? __pfx_ksys_write+0x10/0x10 [ 163.850126][ T8610] ? rcu_is_watching+0x15/0xb0 [ 163.850150][ T8610] ? do_syscall_64+0xbe/0x3b0 [ 163.850182][ T8610] do_syscall_64+0xfa/0x3b0 [ 163.850204][ T8610] ? lockdep_hardirqs_on+0x9c/0x150 [ 163.850226][ T8610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.850243][ T8610] ? clear_bhb_loop+0x60/0xb0 [ 163.850265][ T8610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.850280][ T8610] RIP: 0033:0x7fced738ebe9 [ 163.850293][ T8610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.850306][ T8610] RSP: 002b:00007fced820a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.850325][ T8610] RAX: ffffffffffffffda RBX: 00007fced75b5fa0 RCX: 00007fced738ebe9 [ 163.850337][ T8610] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 163.850348][ T8610] RBP: 00007fced820a090 R08: 0000000000000000 R09: 0000000000000000 [ 163.850359][ T8610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.850369][ T8610] R13: 00007fced75b6038 R14: 00007fced75b5fa0 R15: 00007ffd0950ed58 [ 163.850399][ T8610] [ 164.165704][ T8612] netlink: 'syz.3.626': attribute type 2 has an invalid length. [ 164.535386][ T8637] netlink: 92 bytes leftover after parsing attributes in process `syz.3.632'. [ 164.695239][ T8641] tipc: Enabled bearer , priority 0 [ 164.922512][ T8641] syzkaller0: entered promiscuous mode [ 164.932476][ T8641] syzkaller0: entered allmulticast mode [ 164.945632][ T8641] tipc: Resetting bearer [ 164.987264][ T8639] tipc: Resetting bearer [ 165.209640][ T8661] netlink: 16 bytes leftover after parsing attributes in process `syz.1.638'. [ 166.312238][ T8639] tipc: Disabling bearer [ 166.448883][ T8673] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 166.488864][ T8673] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 166.522635][ T8681] lo speed is unknown, defaulting to 1000 [ 166.560758][ T8681] lo speed is unknown, defaulting to 1000 [ 166.572341][ T8681] lo speed is unknown, defaulting to 1000 [ 166.588535][ T8682] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 166.596068][ T10] IPVS: starting estimator thread 0... [ 166.601909][ T8681] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 166.691833][ T8681] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 166.699318][ T8689] IPVS: using max 27 ests per chain, 64800 per kthread [ 166.720762][ T8692] netlink: 112 bytes leftover after parsing attributes in process `syz.0.645'. [ 166.822361][ T8681] lo speed is unknown, defaulting to 1000 [ 166.847670][ T8699] netlink: 68 bytes leftover after parsing attributes in process `syz.1.647'. [ 166.862557][ T8681] lo speed is unknown, defaulting to 1000 [ 166.893164][ T8681] lo speed is unknown, defaulting to 1000 [ 166.911679][ T8681] lo speed is unknown, defaulting to 1000 [ 166.924044][ T8681] lo speed is unknown, defaulting to 1000 [ 166.932967][ T8704] netlink: 'syz.2.648': attribute type 1 has an invalid length. [ 167.054362][ T8709] netlink: 'syz.4.650': attribute type 9 has an invalid length. [ 167.064144][ T8709] netlink: 147436 bytes leftover after parsing attributes in process `syz.4.650'. [ 167.132410][ T8711] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 167.230461][ T8711] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 167.359223][ T8715] lo speed is unknown, defaulting to 1000 [ 167.471254][ T8720] tipc: Enabled bearer , priority 0 [ 167.641442][ T8720] syzkaller0: entered promiscuous mode [ 167.647040][ T8720] syzkaller0: entered allmulticast mode [ 167.654442][ T8720] tipc: Resetting bearer [ 167.755895][ T8719] tipc: Resetting bearer [ 169.733238][ T8719] tipc: Disabling bearer [ 169.855163][ T8725] lo speed is unknown, defaulting to 1000 [ 169.937517][ T8730] lo speed is unknown, defaulting to 1000 [ 170.142940][ T8757] tipc: Enabled bearer , priority 0 [ 170.170012][ T8757] syzkaller0: entered promiscuous mode [ 170.185794][ T8757] syzkaller0: entered allmulticast mode [ 170.221114][ T8768] netlink: 48 bytes leftover after parsing attributes in process `syz.4.665'. [ 170.303603][ T8757] tipc: Resetting bearer [ 170.314421][ T8755] tipc: Resetting bearer [ 170.328041][ T8755] tipc: Disabling bearer [ 170.490268][ T8773] lo speed is unknown, defaulting to 1000 [ 170.554414][ T8779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.669'. [ 170.795256][ T8785] vlan2: entered promiscuous mode [ 170.814529][ T8788] netlink: 20 bytes leftover after parsing attributes in process `syz.1.672'. [ 171.188187][ T8802] netlink: 'syz.4.677': attribute type 1 has an invalid length. [ 171.206549][ T8802] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.677'. [ 171.343139][ T8802] 8021q: adding VLAN 0 to HW filter on device bond3 [ 171.443478][ T8809] ip6tnl1: entered promiscuous mode [ 171.453475][ T8809] ip6tnl1: entered allmulticast mode [ 171.477321][ T8812] syz_tun: entered promiscuous mode [ 171.491494][ T8812] vlan2: entered promiscuous mode [ 171.503779][ T8810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'. [ 171.667124][ T8821] vlan2: entered promiscuous mode [ 171.684171][ T8821] bridge0: entered promiscuous mode [ 171.713198][ T8821] bridge0: port 3(vlan2) entered blocking state [ 171.764032][ T8821] bridge0: port 3(vlan2) entered disabled state [ 171.778858][ T8821] vlan2: entered allmulticast mode [ 171.787748][ T8821] bridge0: entered allmulticast mode [ 171.813253][ T8821] vlan2: left allmulticast mode [ 171.833330][ T8821] bridge0: left allmulticast mode [ 171.987606][ T8839] netlink: 'syz.0.689': attribute type 13 has an invalid length. [ 172.004396][ T8838] netlink: 'syz.0.689': attribute type 13 has an invalid length. [ 172.010533][ T8839] netlink: 'syz.0.689': attribute type 17 has an invalid length. [ 172.040263][ T8838] netlink: 'syz.0.689': attribute type 17 has an invalid length. [ 172.196637][ T8838] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.224843][ T8839] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.405094][ T8862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.695'. [ 172.424497][ T8862] netlink: 'syz.2.695': attribute type 20 has an invalid length. [ 172.440754][ T8856] can: request_module (can-proto-5) failed. [ 172.447504][ T8862] netlink: 'syz.2.695': attribute type 21 has an invalid length. [ 172.763470][ T8888] Unsupported ieee802154 address type: 0 [ 172.825113][ T8885] team0: Device sit2 is of different type [ 172.931488][ T8899] netlink: 'syz.3.707': attribute type 3 has an invalid length. [ 172.956555][ T8899] netlink: 'syz.3.707': attribute type 3 has an invalid length. [ 173.510975][ T8926] syz_tun: entered promiscuous mode [ 173.516413][ T8926] vlan2: entered promiscuous mode [ 173.532337][ T8929] vlan2: entered promiscuous mode [ 173.540949][ T8929] vlan2: entered allmulticast mode [ 173.547025][ T8929] hsr_slave_1: entered allmulticast mode [ 173.642467][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.716'. [ 173.707281][ T8940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.721'. [ 173.931508][ T8953] netlink: 'syz.1.721': attribute type 10 has an invalid length. [ 173.937536][ T8952] netlink: 224 bytes leftover after parsing attributes in process `syz.3.724'. [ 174.059623][ T8953] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.071072][ T8953] bond0: (slave team0): Enslaving as an active interface with an up link [ 174.081377][ T8952] netlink: 28 bytes leftover after parsing attributes in process `syz.3.724'. [ 174.348773][ T8971] tipc: Enabled bearer , priority 0 [ 174.549802][ T8965] tipc: Resetting bearer [ 174.657930][ T8965] tipc: Disabling bearer [ 174.813620][ T8996] tipc: Enabling of bearer rejected, failed to enable media [ 175.030285][ T9000] lo speed is unknown, defaulting to 1000 [ 175.461461][ T9032] __nla_validate_parse: 2 callbacks suppressed [ 175.461480][ T9032] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'. [ 175.484181][ T9035] netlink: 428 bytes leftover after parsing attributes in process `syz.1.746'. [ 175.622161][ T9035] netlink: 32 bytes leftover after parsing attributes in process `syz.1.746'. [ 175.714958][ T9049] tipc: Enabling of bearer rejected, failed to enable media [ 176.514690][ T9083] lo speed is unknown, defaulting to 1000 [ 176.585554][ T9094] syz_tun: entered promiscuous mode [ 176.618747][ T9094] vlan2: entered promiscuous mode [ 176.963122][ T9101] netlink: 20 bytes leftover after parsing attributes in process `syz.4.763'. [ 177.044854][ T9101] tc_dump_action: action bad kind [ 177.163340][ T9104] 8021q: VLANs not supported on vxcan0 [ 177.272676][ T9112] validate_nla: 1 callbacks suppressed [ 177.272694][ T9112] netlink: 'syz.2.766': attribute type 10 has an invalid length. [ 177.326934][ T9112] netlink: 40 bytes leftover after parsing attributes in process `syz.2.766'. [ 177.410241][ T9112] team0: Port device geneve0 added [ 177.437539][ T9117] tipc: Enabling of bearer rejected, failed to enable media [ 177.520712][ T9121] netlink: 536 bytes leftover after parsing attributes in process `syz.3.761'. [ 177.647587][ T9092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.761'. [ 177.670557][ T9092] netlink: 24 bytes leftover after parsing attributes in process `syz.3.761'. [ 177.954609][ T9135] netlink: 56 bytes leftover after parsing attributes in process `syz.4.770'. [ 178.276919][ T9150] netlink: 132 bytes leftover after parsing attributes in process `syz.0.775'. [ 178.376898][ T9157] sctp: [Deprecated]: syz.2.777 (pid 9157) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.376898][ T9157] Use struct sctp_sack_info instead [ 178.405901][ T9158] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 178.433920][ T7142] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 178.607081][ T9165] tipc: Enabling of bearer rejected, failed to enable media [ 179.343726][ T7142] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 201.581617][ T5871] Bluetooth: hci1: command 0x0406 tx timeout [ 201.581634][ T5874] Bluetooth: hci2: command 0x0406 tx timeout [ 201.581652][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 219.979864][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 283.550881][ T9220] netlink: 'syz.2.787': attribute type 32 has an invalid length. [ 283.558871][ T9220] __nla_validate_parse: 4 callbacks suppressed [ 283.558888][ T9220] netlink: 60 bytes leftover after parsing attributes in process `syz.2.787'. [ 283.603868][ T9228] netlink: 24 bytes leftover after parsing attributes in process `syz.4.789'. [ 283.606240][ T9229] netlink: 'syz.1.786': attribute type 1 has an invalid length. [ 283.672625][ T9229] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 283.872824][ T9245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.792'. [ 283.966386][ T9250] netlink: 32 bytes leftover after parsing attributes in process `syz.4.795'. [ 283.995037][ T9251] tipc: Enabling of bearer rejected, failed to enable media [ 284.335870][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.799'. [ 284.509426][ T9279] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 284.522847][ T9277] netlink: 24 bytes leftover after parsing attributes in process `syz.4.800'. [ 284.834972][ T9302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.806'. [ 285.170160][ T9313] netlink: 128 bytes leftover after parsing attributes in process `syz.3.810'. [ 285.333468][ T9324] netlink: 60 bytes leftover after parsing attributes in process `syz.2.815'. [ 285.531452][ T9337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 285.887797][ T9356] FAULT_INJECTION: forcing a failure. [ 285.887797][ T9356] name failslab, interval 1, probability 0, space 0, times 0 [ 285.969645][ T9356] CPU: 0 UID: 0 PID: 9356 Comm: syz.0.825 Not tainted syzkaller #0 PREEMPT(full) [ 285.969670][ T9356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 285.969687][ T9356] Call Trace: [ 285.969695][ T9356] [ 285.969702][ T9356] dump_stack_lvl+0x189/0x250 [ 285.969728][ T9356] ? __pfx____ratelimit+0x10/0x10 [ 285.969752][ T9356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.969772][ T9356] ? __pfx__printk+0x10/0x10 [ 285.969802][ T9356] ? __pfx___might_resched+0x10/0x10 [ 285.969818][ T9356] ? fs_reclaim_acquire+0x7d/0x100 [ 285.969848][ T9356] should_fail_ex+0x414/0x560 [ 285.969875][ T9356] should_failslab+0xa8/0x100 [ 285.969901][ T9356] __kmalloc_noprof+0xcb/0x4f0 [ 285.969921][ T9356] ? kfree+0x4d/0x440 [ 285.969938][ T9356] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 285.969962][ T9356] tomoyo_realpath_from_path+0xe3/0x5d0 [ 285.969982][ T9356] ? tomoyo_domain+0xd9/0x130 [ 285.970006][ T9356] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 285.970029][ T9356] tomoyo_path_number_perm+0x1e8/0x5a0 [ 285.970055][ T9356] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 285.970097][ T9356] ? __lock_acquire+0xab9/0xd20 [ 285.970142][ T9356] ? __fget_files+0x2a/0x420 [ 285.970170][ T9356] ? __fget_files+0x2a/0x420 [ 285.970192][ T9356] ? __fget_files+0x3a0/0x420 [ 285.970238][ T9356] ? __fget_files+0x2a/0x420 [ 285.970266][ T9356] security_file_ioctl+0xcb/0x2d0 [ 285.970290][ T9356] __se_sys_ioctl+0x47/0x170 [ 285.970314][ T9356] do_syscall_64+0xfa/0x3b0 [ 285.970336][ T9356] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.970358][ T9356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.970375][ T9356] ? clear_bhb_loop+0x60/0xb0 [ 285.970397][ T9356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.970414][ T9356] RIP: 0033:0x7f74e5d8ebe9 [ 285.970430][ T9356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.970443][ T9356] RSP: 002b:00007f74e6ba0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.970462][ T9356] RAX: ffffffffffffffda RBX: 00007f74e5fb5fa0 RCX: 00007f74e5d8ebe9 [ 285.970473][ T9356] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 285.970484][ T9356] RBP: 00007f74e6ba0090 R08: 0000000000000000 R09: 0000000000000000 [ 285.970494][ T9356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.970504][ T9356] R13: 00007f74e5fb6038 R14: 00007f74e5fb5fa0 R15: 00007ffc69a4a658 [ 285.970533][ T9356] [ 285.970541][ T9356] ERROR: Out of memory at tomoyo_realpath_from_path. [ 286.379132][ T5864] Bluetooth: hci4: command 0x0405 tx timeout [ 286.537545][ T9389] Unsupported ieee802154 address type: 0 [ 286.709056][ T9398] netlink: 'syz.1.840': attribute type 2 has an invalid length. [ 286.874338][ T9409] tipc: Enabled bearer , priority 0 [ 286.889517][ T9409] syzkaller0: entered promiscuous mode [ 286.895049][ T9409] syzkaller0: entered allmulticast mode [ 286.905344][ T9410] FAULT_INJECTION: forcing a failure. [ 286.905344][ T9410] name failslab, interval 1, probability 0, space 0, times 0 [ 286.919928][ T9403] lo speed is unknown, defaulting to 1000 [ 286.929956][ T9409] tipc: Resetting bearer [ 286.945884][ T9410] CPU: 1 UID: 0 PID: 9410 Comm: syz.1.844 Not tainted syzkaller #0 PREEMPT(full) [ 286.945906][ T9410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.945916][ T9410] Call Trace: [ 286.945924][ T9410] [ 286.945932][ T9410] dump_stack_lvl+0x189/0x250 [ 286.945958][ T9410] ? __pfx____ratelimit+0x10/0x10 [ 286.945982][ T9410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.946002][ T9410] ? __pfx__printk+0x10/0x10 [ 286.946027][ T9410] ? __pfx___might_resched+0x10/0x10 [ 286.946044][ T9410] ? fs_reclaim_acquire+0x7d/0x100 [ 286.946074][ T9410] should_fail_ex+0x414/0x560 [ 286.946102][ T9410] should_failslab+0xa8/0x100 [ 286.946127][ T9410] __kmalloc_noprof+0xcb/0x4f0 [ 286.946148][ T9410] ? tomoyo_encode+0x28b/0x550 [ 286.946171][ T9410] tomoyo_encode+0x28b/0x550 [ 286.946194][ T9410] tomoyo_realpath_from_path+0x58d/0x5d0 [ 286.946214][ T9410] ? tomoyo_domain+0xd9/0x130 [ 286.946238][ T9410] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 286.946261][ T9410] tomoyo_path_number_perm+0x1e8/0x5a0 [ 286.946287][ T9410] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 286.946328][ T9410] ? __lock_acquire+0xab9/0xd20 [ 286.946374][ T9410] ? __fget_files+0x2a/0x420 [ 286.946400][ T9410] ? __fget_files+0x2a/0x420 [ 286.946422][ T9410] ? __fget_files+0x3a0/0x420 [ 286.946449][ T9410] ? __fget_files+0x2a/0x420 [ 286.946476][ T9410] security_file_ioctl+0xcb/0x2d0 [ 286.946500][ T9410] __se_sys_ioctl+0x47/0x170 [ 286.946523][ T9410] do_syscall_64+0xfa/0x3b0 [ 286.946545][ T9410] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.946566][ T9410] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.946582][ T9410] ? clear_bhb_loop+0x60/0xb0 [ 286.946603][ T9410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.946618][ T9410] RIP: 0033:0x7fced738ebe9 [ 286.946633][ T9410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.946648][ T9410] RSP: 002b:00007fced820a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.946666][ T9410] RAX: ffffffffffffffda RBX: 00007fced75b5fa0 RCX: 00007fced738ebe9 [ 286.946679][ T9410] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 286.946690][ T9410] RBP: 00007fced820a090 R08: 0000000000000000 R09: 0000000000000000 [ 286.946700][ T9410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.946711][ T9410] R13: 00007fced75b6038 R14: 00007fced75b5fa0 R15: 00007ffd0950ed58 [ 286.946739][ T9410] [ 286.946756][ T9410] ERROR: Out of memory at tomoyo_realpath_from_path. [ 287.757060][ T9404] tipc: Resetting bearer [ 287.779360][ T9404] tipc: Disabling bearer [ 287.805650][ T9444] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode [ 287.866937][ T9444] netlink: 'syz.1.856': attribute type 10 has an invalid length. [ 287.880910][ T9444] mac80211_hwsim hwsim10 wlan1: left allmulticast mode [ 287.915211][ T9447] lo speed is unknown, defaulting to 1000 [ 287.993196][ T9457] FAULT_INJECTION: forcing a failure. [ 287.993196][ T9457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.017274][ T9457] CPU: 0 UID: 0 PID: 9457 Comm: syz.2.860 Not tainted syzkaller #0 PREEMPT(full) [ 288.017305][ T9457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 288.017315][ T9457] Call Trace: [ 288.017323][ T9457] [ 288.017330][ T9457] dump_stack_lvl+0x189/0x250 [ 288.017356][ T9457] ? __pfx____ratelimit+0x10/0x10 [ 288.017379][ T9457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.017399][ T9457] ? __pfx__printk+0x10/0x10 [ 288.017422][ T9457] ? __might_fault+0xb0/0x130 [ 288.017456][ T9457] should_fail_ex+0x414/0x560 [ 288.017484][ T9457] _copy_from_user+0x2d/0xb0 [ 288.017504][ T9457] sock_do_ioctl+0x182/0x300 [ 288.017529][ T9457] ? __pfx_sock_do_ioctl+0x10/0x10 [ 288.017547][ T9457] ? __lock_acquire+0xab9/0xd20 [ 288.017587][ T9457] sock_ioctl+0x576/0x790 [ 288.017608][ T9457] ? __pfx_sock_ioctl+0x10/0x10 [ 288.017629][ T9457] ? __fget_files+0x2a/0x420 [ 288.017652][ T9457] ? __fget_files+0x3a0/0x420 [ 288.017673][ T9457] ? __fget_files+0x2a/0x420 [ 288.017698][ T9457] ? bpf_lsm_file_ioctl+0x9/0x20 [ 288.017718][ T9457] ? __pfx_sock_ioctl+0x10/0x10 [ 288.017737][ T9457] __se_sys_ioctl+0xfc/0x170 [ 288.017758][ T9457] do_syscall_64+0xfa/0x3b0 [ 288.017780][ T9457] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.017799][ T9457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.017813][ T9457] ? clear_bhb_loop+0x60/0xb0 [ 288.017833][ T9457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.017846][ T9457] RIP: 0033:0x7fa61e18ebe9 [ 288.017862][ T9457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.017875][ T9457] RSP: 002b:00007fa61ef18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.017893][ T9457] RAX: ffffffffffffffda RBX: 00007fa61e3b5fa0 RCX: 00007fa61e18ebe9 [ 288.017906][ T9457] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 288.017917][ T9457] RBP: 00007fa61ef18090 R08: 0000000000000000 R09: 0000000000000000 [ 288.017927][ T9457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.017937][ T9457] R13: 00007fa61e3b6038 R14: 00007fa61e3b5fa0 R15: 00007ffc1f9c6ab8 [ 288.017965][ T9457] [ 288.534364][ T9459] lo speed is unknown, defaulting to 1000 [ 288.716330][ T9477] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.912135][ T9477] syz.1.865 (9477) used greatest stack depth: 17128 bytes left [ 289.000023][ T9488] geneve2: entered promiscuous mode [ 289.005655][ T9488] geneve2: entered allmulticast mode [ 289.137741][ T9460] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 289.139467][ T9497] FAULT_INJECTION: forcing a failure. [ 289.139467][ T9497] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.162951][ T9497] CPU: 0 UID: 0 PID: 9497 Comm: syz.1.873 Not tainted syzkaller #0 PREEMPT(full) [ 289.162979][ T9497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 289.162989][ T9497] Call Trace: [ 289.162996][ T9497] [ 289.163005][ T9497] dump_stack_lvl+0x189/0x250 [ 289.163030][ T9497] ? __pfx____ratelimit+0x10/0x10 [ 289.163052][ T9497] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.163072][ T9497] ? __pfx__printk+0x10/0x10 [ 289.163095][ T9497] ? __might_fault+0xb0/0x130 [ 289.163130][ T9497] should_fail_ex+0x414/0x560 [ 289.163157][ T9497] _copy_from_user+0x2d/0xb0 [ 289.163177][ T9497] dev_ethtool+0xd0/0x19b0 [ 289.163200][ T9497] ? __lock_acquire+0xab9/0xd20 [ 289.163229][ T9497] ? __pfx_dev_ethtool+0x10/0x10 [ 289.163258][ T9497] ? dev_load+0x21/0x1f0 [ 289.163283][ T9497] ? dev_load+0x21/0x1f0 [ 289.163307][ T9497] dev_ioctl+0x392/0x1150 [ 289.163334][ T9497] sock_do_ioctl+0x22c/0x300 [ 289.163358][ T9497] ? __pfx_sock_do_ioctl+0x10/0x10 [ 289.163376][ T9497] ? __lock_acquire+0xab9/0xd20 [ 289.163416][ T9497] sock_ioctl+0x576/0x790 [ 289.163438][ T9497] ? __pfx_sock_ioctl+0x10/0x10 [ 289.163459][ T9497] ? __fget_files+0x2a/0x420 [ 289.163482][ T9497] ? __fget_files+0x3a0/0x420 [ 289.163504][ T9497] ? __fget_files+0x2a/0x420 [ 289.163531][ T9497] ? bpf_lsm_file_ioctl+0x9/0x20 [ 289.163551][ T9497] ? __pfx_sock_ioctl+0x10/0x10 [ 289.163571][ T9497] __se_sys_ioctl+0xfc/0x170 [ 289.163595][ T9497] do_syscall_64+0xfa/0x3b0 [ 289.163617][ T9497] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.163638][ T9497] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.163655][ T9497] ? clear_bhb_loop+0x60/0xb0 [ 289.163677][ T9497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.163693][ T9497] RIP: 0033:0x7fced738ebe9 [ 289.163708][ T9497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.163723][ T9497] RSP: 002b:00007fced820a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.163741][ T9497] RAX: ffffffffffffffda RBX: 00007fced75b5fa0 RCX: 00007fced738ebe9 [ 289.163754][ T9497] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 289.163765][ T9497] RBP: 00007fced820a090 R08: 0000000000000000 R09: 0000000000000000 [ 289.163775][ T9497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.163785][ T9497] R13: 00007fced75b6038 R14: 00007fced75b5fa0 R15: 00007ffd0950ed58 [ 289.163815][ T9497] [ 289.172967][ T9486] lo speed is unknown, defaulting to 1000 [ 289.258140][ T9500] __nla_validate_parse: 21 callbacks suppressed [ 289.258158][ T9500] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.874'. [ 289.455082][ T9500] netlink: zone id is out of range [ 289.464272][ T9500] netlink: zone id is out of range [ 289.469473][ T9500] netlink: zone id is out of range [ 289.490942][ T9500] netlink: zone id is out of range [ 289.496475][ T9500] netlink: zone id is out of range [ 289.560021][ T9500] netlink: zone id is out of range [ 289.565169][ T9500] netlink: zone id is out of range [ 289.571905][ T9507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.877'. [ 289.578012][ T9500] netlink: zone id is out of range [ 289.589614][ T9500] netlink: zone id is out of range [ 289.594736][ T9500] netlink: zone id is out of range [ 289.600839][ T9500] netlink: zone id is out of range [ 289.605956][ T9500] netlink: zone id is out of range [ 289.635685][ T9500] netlink: zone id is out of range [ 289.654717][ T9500] netlink: zone id is out of range [ 289.678617][ T9500] netlink: zone id is out of range [ 290.005829][ T9521] netlink: 248 bytes leftover after parsing attributes in process `syz.2.880'. [ 290.008924][ T5947] IPVS: starting estimator thread 0... [ 290.148675][ T9523] IPVS: using max 32 ests per chain, 76800 per kthread [ 290.318720][ T9515] netlink: 28 bytes leftover after parsing attributes in process `syz.0.878'. [ 290.483562][ T9538] netlink: 28 bytes leftover after parsing attributes in process `syz.4.885'. [ 290.524056][ T9540] FAULT_INJECTION: forcing a failure. [ 290.524056][ T9540] name failslab, interval 1, probability 0, space 0, times 0 [ 290.588192][ T9543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.888'. [ 290.598267][ T9540] CPU: 1 UID: 0 PID: 9540 Comm: syz.2.886 Not tainted syzkaller #0 PREEMPT(full) [ 290.598291][ T9540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 290.598301][ T9540] Call Trace: [ 290.598309][ T9540] [ 290.598316][ T9540] dump_stack_lvl+0x189/0x250 [ 290.598342][ T9540] ? __pfx____ratelimit+0x10/0x10 [ 290.598365][ T9540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.598389][ T9540] ? __pfx__printk+0x10/0x10 [ 290.598416][ T9540] ? __pfx___might_resched+0x10/0x10 [ 290.598432][ T9540] ? fs_reclaim_acquire+0x7d/0x100 [ 290.598460][ T9540] should_fail_ex+0x414/0x560 [ 290.598487][ T9540] should_failslab+0xa8/0x100 [ 290.598512][ T9540] __kmalloc_cache_noprof+0x70/0x3d0 [ 290.598534][ T9540] ? dev_ethtool+0x126/0x19b0 [ 290.598557][ T9540] dev_ethtool+0x126/0x19b0 [ 290.598578][ T9540] ? __lock_acquire+0xab9/0xd20 [ 290.598608][ T9540] ? __pfx_dev_ethtool+0x10/0x10 [ 290.598637][ T9540] ? dev_load+0x21/0x1f0 [ 290.598662][ T9540] ? dev_load+0x21/0x1f0 [ 290.598685][ T9540] dev_ioctl+0x392/0x1150 [ 290.598712][ T9540] sock_do_ioctl+0x22c/0x300 [ 290.598736][ T9540] ? __pfx_sock_do_ioctl+0x10/0x10 [ 290.598754][ T9540] ? __lock_acquire+0xab9/0xd20 [ 290.598793][ T9540] sock_ioctl+0x576/0x790 [ 290.598814][ T9540] ? __pfx_sock_ioctl+0x10/0x10 [ 290.598831][ T9540] ? __fget_files+0x2a/0x420 [ 290.598853][ T9540] ? __fget_files+0x3a0/0x420 [ 290.598875][ T9540] ? __fget_files+0x2a/0x420 [ 290.598902][ T9540] ? bpf_lsm_file_ioctl+0x9/0x20 [ 290.598923][ T9540] ? __pfx_sock_ioctl+0x10/0x10 [ 290.598943][ T9540] __se_sys_ioctl+0xfc/0x170 [ 290.598966][ T9540] do_syscall_64+0xfa/0x3b0 [ 290.598988][ T9540] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.599009][ T9540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.599026][ T9540] ? clear_bhb_loop+0x60/0xb0 [ 290.599048][ T9540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.599075][ T9540] RIP: 0033:0x7fa61e18ebe9 [ 290.599091][ T9540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.599105][ T9540] RSP: 002b:00007fa61ef18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.599124][ T9540] RAX: ffffffffffffffda RBX: 00007fa61e3b5fa0 RCX: 00007fa61e18ebe9 [ 290.599137][ T9540] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 290.599147][ T9540] RBP: 00007fa61ef18090 R08: 0000000000000000 R09: 0000000000000000 [ 290.599158][ T9540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.599168][ T9540] R13: 00007fa61e3b6038 R14: 00007fa61e3b5fa0 R15: 00007ffc1f9c6ab8 [ 290.599198][ T9540] [ 291.130909][ T9559] netlink: 16 bytes leftover after parsing attributes in process `syz.4.885'. [ 291.274086][ T9564] netlink: 12 bytes leftover after parsing attributes in process `syz.2.893'. [ 291.365524][ T9576] netlink: 'syz.4.896': attribute type 17 has an invalid length. [ 291.424477][ T7134] lo speed is unknown, defaulting to 1000 [ 291.436956][ T7134] syz2: Port: 1 Link ACTIVE [ 291.444954][ T9576] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 291.476531][ T9579] netlink: 'syz.0.897': attribute type 2 has an invalid length. [ 292.004555][ T9610] FAULT_INJECTION: forcing a failure. [ 292.004555][ T9610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.038973][ T9610] CPU: 1 UID: 0 PID: 9610 Comm: syz.0.905 Not tainted syzkaller #0 PREEMPT(full) [ 292.038999][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.039009][ T9610] Call Trace: [ 292.039016][ T9610] [ 292.039024][ T9610] dump_stack_lvl+0x189/0x250 [ 292.039050][ T9610] ? __pfx____ratelimit+0x10/0x10 [ 292.039073][ T9610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.039093][ T9610] ? __pfx__printk+0x10/0x10 [ 292.039118][ T9610] ? __might_fault+0xb0/0x130 [ 292.039152][ T9610] should_fail_ex+0x414/0x560 [ 292.039180][ T9610] _copy_from_user+0x2d/0xb0 [ 292.039201][ T9610] ethtool_set_features+0xac/0x2e0 [ 292.039226][ T9610] ? __pfx_ethtool_set_features+0x10/0x10 [ 292.039245][ T9610] ? apparmor_capable+0x137/0x1b0 [ 292.039268][ T9610] ? security_capable+0x7e/0x2e0 [ 292.039300][ T9610] dev_ethtool+0xf52/0x19b0 [ 292.039332][ T9610] ? __pfx_dev_ethtool+0x10/0x10 [ 292.039369][ T9610] ? dev_load+0x21/0x1f0 [ 292.039394][ T9610] dev_ioctl+0x392/0x1150 [ 292.039429][ T9610] sock_do_ioctl+0x22c/0x300 [ 292.039453][ T9610] ? __pfx_sock_do_ioctl+0x10/0x10 [ 292.039472][ T9610] ? __lock_acquire+0xab9/0xd20 [ 292.039514][ T9610] sock_ioctl+0x576/0x790 [ 292.039537][ T9610] ? __pfx_sock_ioctl+0x10/0x10 [ 292.039558][ T9610] ? __fget_files+0x2a/0x420 [ 292.039581][ T9610] ? __fget_files+0x3a0/0x420 [ 292.039604][ T9610] ? __fget_files+0x2a/0x420 [ 292.039636][ T9610] ? bpf_lsm_file_ioctl+0x9/0x20 [ 292.039656][ T9610] ? __pfx_sock_ioctl+0x10/0x10 [ 292.039676][ T9610] __se_sys_ioctl+0xfc/0x170 [ 292.039701][ T9610] do_syscall_64+0xfa/0x3b0 [ 292.039723][ T9610] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.039745][ T9610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.039762][ T9610] ? clear_bhb_loop+0x60/0xb0 [ 292.039784][ T9610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.039800][ T9610] RIP: 0033:0x7f74e5d8ebe9 [ 292.039817][ T9610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.039831][ T9610] RSP: 002b:00007f74e6ba0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.039850][ T9610] RAX: ffffffffffffffda RBX: 00007f74e5fb5fa0 RCX: 00007f74e5d8ebe9 [ 292.039862][ T9610] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 292.039873][ T9610] RBP: 00007f74e6ba0090 R08: 0000000000000000 R09: 0000000000000000 [ 292.039884][ T9610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.039894][ T9610] R13: 00007f74e5fb6038 R14: 00007f74e5fb5fa0 R15: 00007ffc69a4a658 [ 292.039925][ T9610] [ 292.485685][ T9618] tipc: Enabling of bearer rejected, failed to enable media [ 292.772080][ T9634] tipc: Enabling of bearer rejected, failed to enable media [ 292.871860][ T9642] netlink: 40 bytes leftover after parsing attributes in process `syz.3.913'. [ 293.324117][ T9668] netlink: 'syz.1.920': attribute type 32 has an invalid length. [ 293.359825][ T9668] netlink: 60 bytes leftover after parsing attributes in process `syz.1.920'. [ 293.370278][ T9673] FAULT_INJECTION: forcing a failure. [ 293.370278][ T9673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 293.383669][ T9673] CPU: 1 UID: 0 PID: 9673 Comm: syz.2.919 Not tainted syzkaller #0 PREEMPT(full) [ 293.383690][ T9673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 293.383700][ T9673] Call Trace: [ 293.383707][ T9673] [ 293.383715][ T9673] dump_stack_lvl+0x189/0x250 [ 293.383739][ T9673] ? __pfx____ratelimit+0x10/0x10 [ 293.383763][ T9673] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.383782][ T9673] ? __pfx__printk+0x10/0x10 [ 293.383819][ T9673] should_fail_ex+0x414/0x560 [ 293.383847][ T9673] _copy_to_user+0x31/0xb0 [ 293.383869][ T9673] simple_read_from_buffer+0xe1/0x170 [ 293.383898][ T9673] proc_fail_nth_read+0x1b3/0x220 [ 293.383921][ T9673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.383944][ T9673] ? rw_verify_area+0x2a6/0x4d0 [ 293.383964][ T9673] ? __lock_acquire+0xab9/0xd20 [ 293.383985][ T9673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.384006][ T9673] vfs_read+0x200/0xa30 [ 293.384027][ T9673] ? fdget_pos+0x247/0x320 [ 293.384047][ T9673] ? __pfx___mutex_lock+0x10/0x10 [ 293.384072][ T9673] ? __pfx_vfs_read+0x10/0x10 [ 293.384095][ T9673] ? __fget_files+0x2a/0x420 [ 293.384124][ T9673] ? __fget_files+0x3a0/0x420 [ 293.384146][ T9673] ? __fget_files+0x2a/0x420 [ 293.384180][ T9673] ksys_read+0x145/0x250 [ 293.384199][ T9673] ? __fget_files+0x3a0/0x420 [ 293.384224][ T9673] ? __pfx_ksys_read+0x10/0x10 [ 293.384252][ T9673] ? do_syscall_64+0xbe/0x3b0 [ 293.384279][ T9673] do_syscall_64+0xfa/0x3b0 [ 293.384301][ T9673] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.384322][ T9673] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.384339][ T9673] ? clear_bhb_loop+0x60/0xb0 [ 293.384359][ T9673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.384375][ T9673] RIP: 0033:0x7fa61e18d5fc [ 293.384390][ T9673] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 293.384403][ T9673] RSP: 002b:00007fa61ef18030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 293.384421][ T9673] RAX: ffffffffffffffda RBX: 00007fa61e3b5fa0 RCX: 00007fa61e18d5fc [ 293.384434][ T9673] RDX: 000000000000000f RSI: 00007fa61ef180a0 RDI: 0000000000000005 [ 293.384444][ T9673] RBP: 00007fa61ef18090 R08: 0000000000000000 R09: 0000000000000000 [ 293.384454][ T9673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.384464][ T9673] R13: 00007fa61e3b6038 R14: 00007fa61e3b5fa0 R15: 00007ffc1f9c6ab8 [ 293.384500][ T9673] [ 293.405642][ T9679] erspan0: entered promiscuous mode [ 294.128464][ T9709] tipc: Enabling of bearer rejected, failed to enable media [ 294.401381][ T9721] team0: Device gtp0 is of different type [ 294.530596][ T9723] lo speed is unknown, defaulting to 1000 [ 294.664918][ T9727] lo speed is unknown, defaulting to 1000 [ 295.229773][ T9735] syz_tun: entered allmulticast mode [ 295.244877][ T9735] __nla_validate_parse: 1 callbacks suppressed [ 295.244894][ T9735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.933'. [ 295.270618][ T9751] netlink: 4 bytes leftover after parsing attributes in process `syz.3.938'. [ 295.299359][ T9756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.940'. [ 295.341986][ T9735] syz_tun (unregistering): left allmulticast mode [ 295.526033][ T9755] lo speed is unknown, defaulting to 1000 [ 295.552272][ T9763] net_ratelimit: 5 callbacks suppressed [ 295.552299][ T9763] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 295.894249][ T9770] tipc: Enabling of bearer rejected, failed to enable media [ 295.983321][ T9780] tipc: Enabled bearer , priority 0 [ 296.040274][ T9780] syzkaller0: entered promiscuous mode [ 296.061749][ T9780] syzkaller0: entered allmulticast mode [ 296.119356][ T9780] tipc: Resetting bearer [ 296.158028][ T9778] tipc: Resetting bearer [ 296.186618][ T9778] tipc: Disabling bearer [ 296.374881][ T9796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.949'. [ 296.453459][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.949'. [ 296.492821][ T5873] block nbd0: Receive control failed (result -107) [ 296.550644][ T9797] nbd0: detected capacity change from 0 to 32 [ 296.568124][ T9785] block nbd0: Dead connection, failed to find a fallback [ 296.602224][ T9785] block nbd0: shutting down sockets [ 296.629259][ T9800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.949'. [ 296.643565][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.657188][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.658910][ T5873] block nbd1: Receive control failed (result -107) [ 296.696413][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.705975][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.713855][ T9800] nbd1: detected capacity change from 0 to 32 [ 296.720967][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.724118][ T9786] block nbd1: Dead connection, failed to find a fallback [ 296.730928][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.746129][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.756145][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.764411][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.773736][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.783399][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.796858][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.813531][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.818035][ T9786] block nbd1: shutting down sockets [ 296.827492][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.850553][ T9785] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.881600][ T9786] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.885638][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.926140][ T9786] Buffer I/O error on dev nbd1, logical block 0, async page read [ 296.952502][ T9785] ldm_validate_partition_table(): Disk read failed. [ 296.954517][ T9786] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.974057][ T9785] Buffer I/O error on dev nbd0, logical block 0, async page read [ 296.997857][ T9786] ldm_validate_partition_table(): Disk read failed. [ 296.999854][ T9785] Dev nbd0: unable to read RDB block 0 [ 297.019557][ T9785] nbd0: unable to read partition table [ 297.027013][ T9786] Dev nbd1: unable to read RDB block 0 [ 297.051584][ T9786] nbd1: unable to read partition table [ 297.057060][ T9785] ldm_validate_partition_table(): Disk read failed. [ 297.072016][ T9785] Dev nbd0: unable to read RDB block 0 [ 297.079668][ T9785] nbd0: unable to read partition table [ 297.119405][ T9817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.956'. [ 297.130409][ T9786] ldm_validate_partition_table(): Disk read failed. [ 297.137610][ T9786] Dev nbd1: unable to read RDB block 0 [ 297.179210][ T9817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.956'. [ 297.200167][ T9786] nbd1: unable to read partition table [ 297.253640][ T9817] team0: entered promiscuous mode [ 297.269318][ T9817] team_slave_0: entered promiscuous mode [ 297.288931][ T9817] team_slave_1: entered promiscuous mode [ 297.299555][ T9817] team0: left promiscuous mode [ 297.308512][ T9817] team_slave_0: left promiscuous mode [ 297.334578][ T9817] team_slave_1: left promiscuous mode [ 297.570499][ T9835] tipc: Enabling of bearer rejected, failed to enable media [ 298.157349][ T9866] netlink: 134788 bytes leftover after parsing attributes in process `syz.2.969'. [ 298.167647][ T9865] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 298.189905][ T9863] netlink: 'syz.4.968': attribute type 13 has an invalid length. [ 298.211869][ T9870] netlink: 4 bytes leftover after parsing attributes in process `syz.0.962'. [ 298.229379][ T9863] netlink: 'syz.4.968': attribute type 17 has an invalid length. [ 298.477779][ T9863] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 298.541011][ T9881] vti0: entered promiscuous mode [ 298.561107][ T9881] vti0: entered allmulticast mode [ 299.026082][ T9908] netlink: 'syz.0.982': attribute type 32 has an invalid length. [ 299.756930][ T9941] veth0_to_bridge: entered promiscuous mode [ 299.771940][ T9941] macsec2: entered promiscuous mode [ 299.777477][ T9941] macsec2: entered allmulticast mode [ 299.794719][ T9941] veth0_to_bridge: entered allmulticast mode [ 299.833006][ T9941] veth0_to_bridge: left allmulticast mode [ 299.876013][ T9941] veth0_to_bridge: left promiscuous mode [ 300.068870][ T9957] veth0_virt_wifi: renamed from veth0_macvtap [ 300.107262][ T9972] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 300.359477][ T9978] __nla_validate_parse: 5 callbacks suppressed [ 300.359494][ T9978] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1001'. [ 300.428303][ T9986] netlink: 'syz.1.1001': attribute type 4 has an invalid length. [ 300.524244][ T5947] IPVS: starting estimator thread 0... [ 300.638612][ T9991] IPVS: using max 30 ests per chain, 72000 per kthread [ 300.721842][ T9998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'. [ 300.739937][ T9999] netlink: 'syz.4.1009': attribute type 13 has an invalid length. [ 300.747774][ T9999] netlink: 'syz.4.1009': attribute type 17 has an invalid length. [ 300.811948][T10001] netlink: 'syz.2.1011': attribute type 2 has an invalid length. [ 300.835930][T10007] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1012'. [ 300.846077][T10007] netlink: 'syz.1.1012': attribute type 1 has an invalid length. [ 300.892226][T10005] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1013'. [ 300.929773][ T9999] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.943869][ T9999] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 300.983792][ T9999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 300.999378][T10014] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1014'. [ 301.012310][T10001] k›*·]‘: entered promiscuous mode [ 301.073900][ T9999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 301.121255][T10004] lo speed is unknown, defaulting to 1000 [ 301.156545][T10016] pimreg: entered allmulticast mode [ 301.304369][T10016] pimreg: left allmulticast mode [ 301.321870][ T36] nci: nci_rx_work: unknown MT 0x4 [ 302.273819][T10065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1026'. [ 302.366278][T10056] netlink: 'syz.0.1025': attribute type 1 has an invalid length. [ 302.381240][T10055] netlink: 'syz.1.1026': attribute type 83 has an invalid length. [ 302.567694][T10078] veth0_to_team: entered promiscuous mode [ 302.580944][T10078] veth0_to_team: entered allmulticast mode [ 302.722384][T10069] syzkaller0: entered promiscuous mode [ 302.746948][T10069] syzkaller0: entered allmulticast mode [ 302.774254][T10085] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1035'. [ 302.927564][T10100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1037'. [ 304.320629][T10096] syz.0.1037: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 304.344692][T10096] CPU: 0 UID: 0 PID: 10096 Comm: syz.0.1037 Not tainted syzkaller #0 PREEMPT(full) [ 304.344715][T10096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.344725][T10096] Call Trace: [ 304.344732][T10096] [ 304.344740][T10096] dump_stack_lvl+0x189/0x250 [ 304.344769][T10096] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 304.344796][T10096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.344817][T10096] ? __pfx__printk+0x10/0x10 [ 304.344843][T10096] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 304.344864][T10096] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 304.344894][T10096] warn_alloc+0x214/0x310 [ 304.344927][T10096] ? __pfx_warn_alloc+0x10/0x10 [ 304.344963][T10096] ? __get_vm_area_node+0x28f/0x300 [ 304.344987][T10096] ? fq_pie_init+0x430/0x840 [ 304.345014][T10096] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 304.345073][T10096] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 304.345105][T10096] ? rcu_is_watching+0x15/0xb0 [ 304.345124][T10096] ? fq_pie_init+0x430/0x840 [ 304.345143][T10096] ? fq_pie_init+0x430/0x840 [ 304.345161][T10096] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 304.345187][T10096] ? fq_pie_init+0x430/0x840 [ 304.345206][T10096] ? tcf_block_get+0x67/0xa0 [ 304.345229][T10096] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 304.345258][T10096] fq_pie_init+0x430/0x840 [ 304.345283][T10096] ? __pfx_fq_pie_init+0x10/0x10 [ 304.345302][T10096] qdisc_create+0x7ac/0xea0 [ 304.345332][T10096] tc_modify_qdisc+0x1538/0x20e0 [ 304.345367][T10096] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 304.345420][T10096] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 304.345440][T10096] rtnetlink_rcv_msg+0x779/0xb70 [ 304.345485][T10096] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 304.345509][T10096] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 304.345532][T10096] ? ref_tracker_free+0x63a/0x7d0 [ 304.345557][T10096] ? __asan_memcpy+0x40/0x70 [ 304.345577][T10096] ? __pfx_ref_tracker_free+0x10/0x10 [ 304.345612][T10096] netlink_rcv_skb+0x205/0x470 [ 304.345639][T10096] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 304.345666][T10096] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 304.345702][T10096] ? netlink_deliver_tap+0x2e/0x1b0 [ 304.345736][T10096] netlink_unicast+0x82f/0x9e0 [ 304.345769][T10096] ? __pfx_netlink_unicast+0x10/0x10 [ 304.345793][T10096] ? netlink_sendmsg+0x642/0xb30 [ 304.345815][T10096] ? skb_put+0x11b/0x210 [ 304.345837][T10096] netlink_sendmsg+0x805/0xb30 [ 304.345873][T10096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.345902][T10096] ? aa_sock_msg_perm+0xf1/0x1d0 [ 304.345931][T10096] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 304.345950][T10096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.345976][T10096] __sock_sendmsg+0x219/0x270 [ 304.346003][T10096] ____sys_sendmsg+0x505/0x830 [ 304.346030][T10096] ? __pfx_____sys_sendmsg+0x10/0x10 [ 304.346060][T10096] ? import_iovec+0x74/0xa0 [ 304.346085][T10096] ___sys_sendmsg+0x21f/0x2a0 [ 304.346108][T10096] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.346167][T10096] ? __fget_files+0x2a/0x420 [ 304.346192][T10096] ? __fget_files+0x3a0/0x420 [ 304.346228][T10096] __x64_sys_sendmsg+0x19b/0x260 [ 304.346251][T10096] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 304.346282][T10096] ? rcu_is_watching+0x15/0xb0 [ 304.346306][T10096] ? do_syscall_64+0xbe/0x3b0 [ 304.346335][T10096] do_syscall_64+0xfa/0x3b0 [ 304.346358][T10096] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.346380][T10096] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.346397][T10096] ? clear_bhb_loop+0x60/0xb0 [ 304.346419][T10096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.346436][T10096] RIP: 0033:0x7f74e5d8ebe9 [ 304.346461][T10096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.346478][T10096] RSP: 002b:00007f74e6b7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.346497][T10096] RAX: ffffffffffffffda RBX: 00007f74e5fb6090 RCX: 00007f74e5d8ebe9 [ 304.346510][T10096] RDX: 000000002000400c RSI: 00002000000000c0 RDI: 0000000000000008 [ 304.346523][T10096] RBP: 00007f74e5e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 304.346535][T10096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.346546][T10096] R13: 00007f74e5fb6128 R14: 00007f74e5fb6090 R15: 00007ffc69a4a658 [ 304.346577][T10096] [ 304.346668][T10096] Mem-Info: [ 304.379053][T10113] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1039'. [ 304.484632][T10096] active_anon:11848 inactive_anon:0 isolated_anon:0 [ 304.484632][T10096] active_file:3403 inactive_file:39902 isolated_file:0 [ 304.484632][T10096] unevictable:768 dirty:389 writeback:0 [ 304.484632][T10096] slab_reclaimable:11001 slab_unreclaimable:169743 [ 304.484632][T10096] mapped:38443 shmem:4197 pagetables:1125 [ 304.484632][T10096] sec_pagetables:0 bounce:0 [ 304.484632][T10096] kernel_misc_reclaimable:0 [ 304.484632][T10096] free:1238038 free_pcp:23455 free_cma:0 [ 304.828446][T10096] Node 0 active_anon:48492kB inactive_anon:0kB active_file:13612kB inactive_file:159408kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154872kB dirty:1552kB writeback:0kB shmem:16352kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12556kB pagetables:4648kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 304.882085][T10096] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 304.924280][T10096] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 304.962336][T10096] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 304.981319][T10096] Node 0 DMA32 free:1041652kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48360kB inactive_anon:0kB active_file:13612kB inactive_file:157840kB unevictable:1536kB writepending:1556kB present:3129332kB managed:2557476kB mlocked:0kB bounce:0kB free_pcp:72844kB local_pcp:31976kB free_cma:0kB [ 305.027396][T10096] lowmem_reserve[]: 0 0 1 1 1 [ 305.034384][T10096] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 305.065024][T10096] lowmem_reserve[]: 0 0 0 0 0 [ 305.070079][T10096] Node 1 Normal free:3888372kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19584kB local_pcp:6784kB free_cma:0kB [ 305.105589][T10096] lowmem_reserve[]: 0 0 0 0 0 [ 305.121900][T10096] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 305.138158][T10096] Node 0 DMA32: 32*4kB (UE) 230*8kB (U) 85*16kB (UE) 178*32kB (UME) 138*64kB (UME) 20*128kB (UM) 25*256kB (UM) 26*512kB (UME) 14*1024kB (UME) 2*2048kB (UE) 240*4096kB (UM) = 1041600kB [ 305.162304][T10096] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 305.176519][T10096] Node 1 Normal: 217*4kB (UME) 60*8kB (UME) 41*16kB (UME) 111*32kB (UME) 35*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3888372kB [ 305.203047][T10096] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 305.214912][T10096] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 305.225795][T10096] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 305.235527][T10096] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 305.245717][T10096] 47798 total pagecache pages [ 305.250537][T10096] 0 pages in swap cache [ 305.254748][T10096] Free swap = 124996kB [ 305.259811][T10096] Total swap = 124996kB [ 305.264932][T10096] 2097051 pages RAM [ 305.268926][T10096] 0 pages HighMem/MovableOnly [ 305.274191][T10096] 425656 pages reserved [ 305.278587][T10096] 0 pages cma reserved [ 305.304133][T10101] pim6reg: entered allmulticast mode [ 305.310766][T10102] pim6reg: left allmulticast mode [ 305.437264][T10136] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1047'. [ 305.464505][T10119] lo speed is unknown, defaulting to 1000 [ 306.188311][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1065'. [ 306.201277][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1065'. [ 306.800739][T10199] lo speed is unknown, defaulting to 1000 [ 306.917409][T10215] netlink: 'syz.2.1079': attribute type 10 has an invalid length. [ 306.955595][T10215] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.964168][T10215] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.042272][T10215] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.049542][T10215] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.057068][T10215] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.064259][T10215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.094897][T10215] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 307.115852][T10220] bridge0: mtu greater than device maximum [ 307.282336][T10231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.315770][T10232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1085'. [ 307.639459][T10250] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1091'. [ 307.727857][T10252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 308.424826][T10285] bridge_slave_0: left allmulticast mode [ 308.432431][T10285] bridge_slave_0: left promiscuous mode [ 308.443268][T10285] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.467580][T10285] bridge_slave_1: left allmulticast mode [ 308.474180][T10285] bridge_slave_1: left promiscuous mode [ 308.480894][T10285] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.501911][T10285] bond0: (slave bond_slave_0): Releasing backup interface [ 308.516086][T10280] [ 308.518429][T10280] ====================================================== [ 308.525442][T10280] WARNING: possible circular locking dependency detected [ 308.532460][T10280] syzkaller #0 Not tainted [ 308.536851][T10280] ------------------------------------------------------ [ 308.543851][T10280] syz.1.1107/10280 is trying to acquire lock: [ 308.549941][T10280] ffff888142b971d8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x19b/0x450 [ 308.559341][T10280] [ 308.559341][T10280] but task is already holding lock: [ 308.566686][T10280] ffff888142b96c98 (&q->q_usage_counter(io)#51){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10 [ 308.576951][T10280] [ 308.576951][T10280] which lock already depends on the new lock. [ 308.576951][T10280] [ 308.587341][T10280] [ 308.587341][T10280] the existing dependency chain (in reverse order) is: [ 308.596346][T10280] [ 308.596346][T10280] -> #6 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 308.604946][T10280] lock_acquire+0x120/0x360 [ 308.609968][T10280] blk_alloc_queue+0x538/0x620 [ 308.615247][T10280] __blk_mq_alloc_disk+0x15c/0x340 [ 308.620876][T10280] nbd_dev_add+0x46c/0xae0 [ 308.625809][T10280] nbd_init+0x168/0x1f0 [ 308.630487][T10280] do_one_initcall+0x233/0x820 [ 308.635762][T10280] do_initcall_level+0x104/0x190 [ 308.641207][T10280] do_initcalls+0x59/0xa0 [ 308.646049][T10280] kernel_init_freeable+0x334/0x4b0 [ 308.651758][T10280] kernel_init+0x1d/0x1d0 [ 308.656598][T10280] ret_from_fork+0x3f9/0x770 [ 308.661690][T10280] ret_from_fork_asm+0x1a/0x30 [ 308.666963][T10280] [ 308.666963][T10280] -> #5 (fs_reclaim){+.+.}-{0:0}: [ 308.674156][T10280] lock_acquire+0x120/0x360 [ 308.679169][T10280] fs_reclaim_acquire+0x72/0x100 [ 308.684611][T10280] kmem_cache_alloc_node_noprof+0x47/0x3c0 [ 308.690922][T10280] __alloc_skb+0x112/0x2d0 [ 308.695847][T10280] tcp_stream_alloc_skb+0x3d/0x340 [ 308.701463][T10280] tcp_sendmsg_locked+0xf38/0x5620 [ 308.707081][T10280] tcp_sendmsg+0x2f/0x50 [ 308.711835][T10280] __sock_sendmsg+0x19c/0x270 [ 308.717027][T10280] sock_write_iter+0x258/0x330 [ 308.722299][T10280] vfs_write+0x5c9/0xb30 [ 308.727054][T10280] ksys_write+0x145/0x250 [ 308.731895][T10280] do_syscall_64+0xfa/0x3b0 [ 308.736913][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.743311][T10280] [ 308.743311][T10280] -> #4 (sk_lock-AF_INET){+.+.}-{0:0}: [ 308.750947][T10280] lock_acquire+0x120/0x360 [ 308.755962][T10280] lock_sock_nested+0x48/0x100 [ 308.761241][T10280] inet_shutdown+0x6a/0x390 [ 308.766252][T10280] nbd_mark_nsock_dead+0x2e9/0x560 [ 308.771873][T10280] sock_shutdown+0x15e/0x260 [ 308.776970][T10280] nbd_config_put+0x342/0x790 [ 308.782153][T10280] nbd_genl_connect+0x167c/0x18f0 [ 308.787683][T10280] genl_family_rcv_msg_doit+0x212/0x300 [ 308.793732][T10280] genl_rcv_msg+0x60e/0x790 [ 308.798740][T10280] netlink_rcv_skb+0x205/0x470 [ 308.804009][T10280] genl_rcv+0x28/0x40 [ 308.808494][T10280] netlink_unicast+0x82f/0x9e0 [ 308.813762][T10280] netlink_sendmsg+0x805/0xb30 [ 308.819033][T10280] __sock_sendmsg+0x219/0x270 [ 308.824215][T10280] ____sys_sendmsg+0x505/0x830 [ 308.829487][T10280] ___sys_sendmsg+0x21f/0x2a0 [ 308.834665][T10280] __x64_sys_sendmsg+0x19b/0x260 [ 308.840104][T10280] do_syscall_64+0xfa/0x3b0 [ 308.845114][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.851510][T10280] [ 308.851510][T10280] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 308.859137][T10280] lock_acquire+0x120/0x360 [ 308.864147][T10280] __mutex_lock+0x187/0x1360 [ 308.869244][T10280] nbd_queue_rq+0x257/0xf10 [ 308.874254][T10280] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 308.880305][T10280] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 308.887136][T10280] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 308.893623][T10280] blk_mq_run_hw_queue+0x348/0x4f0 [ 308.899238][T10280] blk_mq_dispatch_list+0xd0c/0xe00 [ 308.904943][T10280] blk_mq_flush_plug_list+0x469/0x550 [ 308.910821][T10280] __blk_flush_plug+0x3d3/0x4b0 [ 308.916175][T10280] __submit_bio+0x2d3/0x5a0 [ 308.921187][T10280] submit_bio_noacct_nocheck+0x4ab/0xb50 [ 308.927329][T10280] block_read_full_folio+0x7b7/0x830 [ 308.933119][T10280] filemap_read_folio+0x117/0x380 [ 308.938649][T10280] do_read_cache_folio+0x350/0x590 [ 308.944274][T10280] read_part_sector+0xb6/0x2b0 [ 308.949549][T10280] adfspart_check_ICS+0xa4/0xa50 [ 308.954992][T10280] bdev_disk_changed+0x75f/0x14b0 [ 308.960519][T10280] blkdev_get_whole+0x380/0x510 [ 308.965881][T10280] bdev_open+0x31e/0xd30 [ 308.970630][T10280] blkdev_open+0x3a8/0x510 [ 308.975547][T10280] do_dentry_open+0x950/0x13f0 [ 308.980811][T10280] vfs_open+0x3b/0x340 [ 308.985382][T10280] path_openat+0x2ee5/0x3830 [ 308.990473][T10280] do_filp_open+0x1fa/0x410 [ 308.995476][T10280] do_sys_openat2+0x121/0x1c0 [ 309.000652][T10280] __x64_sys_openat+0x138/0x170 [ 309.006003][T10280] do_syscall_64+0xfa/0x3b0 [ 309.011015][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.017409][T10280] [ 309.017409][T10280] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 309.024602][T10280] lock_acquire+0x120/0x360 [ 309.029612][T10280] __mutex_lock+0x187/0x1360 [ 309.034705][T10280] nbd_queue_rq+0xc8/0xf10 [ 309.039628][T10280] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 309.045681][T10280] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 309.052517][T10280] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 309.059005][T10280] blk_mq_run_hw_queue+0x348/0x4f0 [ 309.064622][T10280] blk_mq_dispatch_list+0xd0c/0xe00 [ 309.070326][T10280] blk_mq_flush_plug_list+0x469/0x550 [ 309.076205][T10280] __blk_flush_plug+0x3d3/0x4b0 [ 309.081562][T10280] __submit_bio+0x2d3/0x5a0 [ 309.086573][T10280] submit_bio_noacct_nocheck+0x4ab/0xb50 [ 309.092710][T10280] block_read_full_folio+0x7b7/0x830 [ 309.098500][T10280] filemap_read_folio+0x117/0x380 [ 309.104027][T10280] do_read_cache_folio+0x350/0x590 [ 309.109643][T10280] read_part_sector+0xb6/0x2b0 [ 309.114912][T10280] adfspart_check_ICS+0xa4/0xa50 [ 309.120356][T10280] bdev_disk_changed+0x75f/0x14b0 [ 309.125883][T10280] blkdev_get_whole+0x380/0x510 [ 309.131238][T10280] bdev_open+0x31e/0xd30 [ 309.135985][T10280] blkdev_open+0x3a8/0x510 [ 309.140899][T10280] do_dentry_open+0x950/0x13f0 [ 309.146163][T10280] vfs_open+0x3b/0x340 [ 309.150736][T10280] path_openat+0x2ee5/0x3830 [ 309.155830][T10280] do_filp_open+0x1fa/0x410 [ 309.160833][T10280] do_sys_openat2+0x121/0x1c0 [ 309.166010][T10280] __x64_sys_openat+0x138/0x170 [ 309.171361][T10280] do_syscall_64+0xfa/0x3b0 [ 309.176373][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.182773][T10280] [ 309.182773][T10280] -> #1 (set->srcu){.+.+}-{0:0}: [ 309.189881][T10280] lock_sync+0xba/0x160 [ 309.194545][T10280] __synchronize_srcu+0x96/0x3a0 [ 309.199989][T10280] elevator_switch+0x12b/0x640 [ 309.205257][T10280] elevator_change+0x2d4/0x450 [ 309.210530][T10280] elevator_set_default+0x186/0x260 [ 309.216233][T10280] blk_register_queue+0x35d/0x400 [ 309.221981][T10280] __add_disk+0x677/0xd50 [ 309.226813][T10280] add_disk_fwnode+0xfc/0x480 [ 309.231989][T10280] nbd_dev_add+0x717/0xae0 [ 309.236912][T10280] nbd_init+0x168/0x1f0 [ 309.241579][T10280] do_one_initcall+0x233/0x820 [ 309.246851][T10280] do_initcall_level+0x104/0x190 [ 309.252288][T10280] do_initcalls+0x59/0xa0 [ 309.257120][T10280] kernel_init_freeable+0x334/0x4b0 [ 309.262822][T10280] kernel_init+0x1d/0x1d0 [ 309.267739][T10280] ret_from_fork+0x3f9/0x770 [ 309.272829][T10280] ret_from_fork_asm+0x1a/0x30 [ 309.278097][T10280] [ 309.278097][T10280] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 309.285897][T10280] validate_chain+0xb9b/0x2140 [ 309.291162][T10280] __lock_acquire+0xab9/0xd20 [ 309.296347][T10280] lock_acquire+0x120/0x360 [ 309.301357][T10280] __mutex_lock+0x187/0x1360 [ 309.306452][T10280] elevator_change+0x19b/0x450 [ 309.311721][T10280] elevator_set_none+0x42/0xb0 [ 309.316989][T10280] blk_mq_update_nr_hw_queues+0x72c/0x19a0 [ 309.323295][T10280] nbd_start_device+0x17f/0xb10 [ 309.328660][T10280] nbd_genl_connect+0x135b/0x18f0 [ 309.334190][T10280] genl_family_rcv_msg_doit+0x212/0x300 [ 309.340240][T10280] genl_rcv_msg+0x60e/0x790 [ 309.345245][T10280] netlink_rcv_skb+0x205/0x470 [ 309.350514][T10280] genl_rcv+0x28/0x40 [ 309.354998][T10280] netlink_unicast+0x82f/0x9e0 [ 309.360265][T10280] netlink_sendmsg+0x805/0xb30 [ 309.365539][T10280] __sock_sendmsg+0x219/0x270 [ 309.370722][T10280] ____sys_sendmsg+0x505/0x830 [ 309.375985][T10280] ___sys_sendmsg+0x21f/0x2a0 [ 309.381168][T10280] __x64_sys_sendmsg+0x19b/0x260 [ 309.386605][T10280] do_syscall_64+0xfa/0x3b0 [ 309.391615][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.398009][T10280] [ 309.398009][T10280] other info that might help us debug this: [ 309.398009][T10280] [ 309.408215][T10280] Chain exists of: [ 309.408215][T10280] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#51 [ 309.408215][T10280] [ 309.421947][T10280] Possible unsafe locking scenario: [ 309.421947][T10280] [ 309.429389][T10280] CPU0 CPU1 [ 309.434739][T10280] ---- ---- [ 309.440089][T10280] lock(&q->q_usage_counter(io)#51); [ 309.445464][T10280] lock(fs_reclaim); [ 309.451953][T10280] lock(&q->q_usage_counter(io)#51); [ 309.459837][T10280] lock(&q->elevator_lock); [ 309.464414][T10280] [ 309.464414][T10280] *** DEADLOCK *** [ 309.464414][T10280] [ 309.472537][T10280] 6 locks held by syz.1.1107/10280: [ 309.477712][T10280] #0: ffffffff8f59d270 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 309.485884][T10280] #1: ffffffff8f59d088 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 309.494832][T10280] #2: ffff8880255d2988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa7/0x19a0 [ 309.506219][T10280] #3: ffff8880255d28d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xba/0x19a0 [ 309.517180][T10280] #4: ffff888142b96c98 (&q->q_usage_counter(io)#51){++++}-{0:0}, at: nbd_start_device+0x17f/0xb10 [ 309.527901][T10280] #5: ffff888142b96cd0 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: nbd_start_device+0x17f/0xb10 [ 309.538777][T10280] [ 309.538777][T10280] stack backtrace: [ 309.544658][T10280] CPU: 0 UID: 0 PID: 10280 Comm: syz.1.1107 Not tainted syzkaller #0 PREEMPT(full) [ 309.544678][T10280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 309.544687][T10280] Call Trace: [ 309.544696][T10280] [ 309.544704][T10280] dump_stack_lvl+0x189/0x250 [ 309.544725][T10280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.544742][T10280] ? __pfx__printk+0x10/0x10 [ 309.544762][T10280] ? print_lock_name+0xde/0x100 [ 309.544781][T10280] print_circular_bug+0x2ee/0x310 [ 309.544797][T10280] check_noncircular+0x134/0x160 [ 309.544814][T10280] validate_chain+0xb9b/0x2140 [ 309.544836][T10280] __lock_acquire+0xab9/0xd20 [ 309.544857][T10280] ? elevator_change+0x19b/0x450 [ 309.544875][T10280] lock_acquire+0x120/0x360 [ 309.544899][T10280] ? elevator_change+0x19b/0x450 [ 309.544922][T10280] __mutex_lock+0x187/0x1360 [ 309.544941][T10280] ? elevator_change+0x19b/0x450 [ 309.544960][T10280] ? xa_find_after+0xae/0x430 [ 309.544976][T10280] ? xa_find_after+0x402/0x430 [ 309.544988][T10280] ? elevator_change+0x19b/0x450 [ 309.545005][T10280] ? xa_find_after+0xae/0x430 [ 309.545019][T10280] ? __pfx___mutex_lock+0x10/0x10 [ 309.545040][T10280] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 309.545063][T10280] ? __blk_freeze_queue_start+0x275/0x380 [ 309.545080][T10280] elevator_change+0x19b/0x450 [ 309.545098][T10280] ? elevator_set_none+0x37/0xb0 [ 309.545117][T10280] elevator_set_none+0x42/0xb0 [ 309.545137][T10280] blk_mq_update_nr_hw_queues+0x72c/0x19a0 [ 309.545158][T10280] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 309.545178][T10280] ? sysfs_add_file_mode_ns+0x259/0x300 [ 309.545202][T10280] nbd_start_device+0x17f/0xb10 [ 309.545224][T10280] ? device_create_file+0xf4/0x1c0 [ 309.545238][T10280] nbd_genl_connect+0x135b/0x18f0 [ 309.545260][T10280] ? __pfx_nbd_genl_connect+0x10/0x10 [ 309.545283][T10280] ? __nla_parse+0x40/0x60 [ 309.545304][T10280] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 309.545324][T10280] genl_family_rcv_msg_doit+0x212/0x300 [ 309.545343][T10280] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 309.545363][T10280] ? stack_trace_save+0x9c/0xe0 [ 309.545381][T10280] genl_rcv_msg+0x60e/0x790 [ 309.545398][T10280] ? __pfx_genl_rcv_msg+0x10/0x10 [ 309.545412][T10280] ? __pfx_nbd_genl_connect+0x10/0x10 [ 309.545435][T10280] netlink_rcv_skb+0x205/0x470 [ 309.545454][T10280] ? __lock_acquire+0xab9/0xd20 [ 309.545473][T10280] ? __pfx_genl_rcv_msg+0x10/0x10 [ 309.545487][T10280] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 309.545512][T10280] ? down_read+0x1ad/0x2e0 [ 309.545524][T10280] genl_rcv+0x28/0x40 [ 309.545537][T10280] netlink_unicast+0x82f/0x9e0 [ 309.545557][T10280] ? __pfx_netlink_unicast+0x10/0x10 [ 309.545575][T10280] ? netlink_sendmsg+0x642/0xb30 [ 309.545593][T10280] ? skb_put+0x11b/0x210 [ 309.545607][T10280] netlink_sendmsg+0x805/0xb30 [ 309.545629][T10280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.545649][T10280] ? aa_sock_msg_perm+0xf1/0x1d0 [ 309.545670][T10280] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 309.545686][T10280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.545704][T10280] __sock_sendmsg+0x219/0x270 [ 309.545723][T10280] ____sys_sendmsg+0x505/0x830 [ 309.545738][T10280] ? __pfx_____sys_sendmsg+0x10/0x10 [ 309.545754][T10280] ? import_iovec+0x74/0xa0 [ 309.545770][T10280] ___sys_sendmsg+0x21f/0x2a0 [ 309.545785][T10280] ? __pfx____sys_sendmsg+0x10/0x10 [ 309.545811][T10280] ? __fget_files+0x2a/0x420 [ 309.545830][T10280] ? __fget_files+0x3a0/0x420 [ 309.545854][T10280] __x64_sys_sendmsg+0x19b/0x260 [ 309.545868][T10280] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 309.545890][T10280] ? rcu_is_watching+0x15/0xb0 [ 309.545905][T10280] ? do_syscall_64+0xbe/0x3b0 [ 309.545925][T10280] do_syscall_64+0xfa/0x3b0 [ 309.545944][T10280] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.545961][T10280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.545975][T10280] ? clear_bhb_loop+0x60/0xb0 [ 309.545990][T10280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.546004][T10280] RIP: 0033:0x7fced738ebe9 [ 309.546018][T10280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.546030][T10280] RSP: 002b:00007fced820a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.546046][T10280] RAX: ffffffffffffffda RBX: 00007fced75b5fa0 RCX: 00007fced738ebe9 [ 309.546057][T10280] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004 [ 309.546066][T10280] RBP: 00007fced7411e19 R08: 0000000000000000 R09: 0000000000000000 [ 309.546075][T10280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.546083][T10280] R13: 00007fced75b6038 R14: 00007fced75b5fa0 R15: 00007ffd0950ed58 [ 309.546099][T10280] [ 309.588034][T10293] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1112'. [ 309.662608][ T5873] block nbd2: Receive control failed (result -32) [ 309.698349][ T5864] block nbd2: Receive control failed (result -32) [ 309.709914][T10285] bond0: (slave bond_slave_1): Releasing backup interface [ 309.840999][T10280] nbd2: detected capacity change from 0 to 127 [ 309.842138][T10042] block nbd2: Dead connection, failed to find a fallback [ 310.046252][T10042] block nbd2: shutting down sockets [ 310.051526][T10042] blk_print_req_error: 64 callbacks suppressed [ 310.051540][T10042] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.067083][T10042] buffer_io_error: 64 callbacks suppressed [ 310.067098][T10042] Buffer I/O error on dev nbd2, logical block 0, async page read [ 310.071082][T10285] team0: Port device team_slave_0 removed [ 310.073484][T10042] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.095400][T10042] Buffer I/O error on dev nbd2, logical block 1, async page read [ 310.097513][T10285] team0: Port device team_slave_1 removed [ 310.103355][T10042] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.103380][T10042] Buffer I/O error on dev nbd2, logical block 2, async page read [ 310.103457][T10042] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.110154][T10285] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 310.121174][T10042] Buffer I/O error on dev nbd2, logical block 3, async page read [ 310.150489][T10042] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.151312][T10285] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 310.159562][T10042] Buffer I/O error on dev nbd2, logical block 0, async page read [ 310.159677][T10042] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.159699][T10042] Buffer I/O error on dev nbd2, logical block 1, async page read [ 310.159777][T10042] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.169410][T10285] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 310.174952][T10042] Buffer I/O error on dev nbd2, logical block 2, async page read [ 310.215713][T10042] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.225140][T10042] Buffer I/O error on dev nbd2, logical block 3, async page read [ 310.234407][T10042] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.243510][T10042] Buffer I/O error on dev nbd2, logical block 0, async page read [ 310.251544][T10042] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 310.251749][T10285] bond1: (slave vti0): Releasing backup interface [ 310.262251][T10042] Buffer I/O error on dev nbd2, logical block 1, async page read [ 310.276792][T10042] ldm_validate_partition_table(): Disk read failed. [ 310.289713][T10042] Dev nbd2: unable to read RDB block 0 [ 310.297547][T10042] nbd2: unable to read partition table [ 310.319192][T10042] ldm_validate_partition_table(): Disk read failed. [ 310.326987][T10042] Dev nbd2: unable to read RDB block 0 [ 310.334684][T10042] nbd2: unable to read partition table