last executing test programs: 1.703180217s ago: executing program 2 (id=3508): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 1.670679625s ago: executing program 3 (id=3510): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x14, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0, 0x0, 0x4}}, 0x30) 1.585656296s ago: executing program 4 (id=3512): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110b0000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94) 1.577236437s ago: executing program 2 (id=3513): r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x80, 0x0}, 0x4804) 1.429364094s ago: executing program 3 (id=3515): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000070000000000000000000a40000000160a05000000000000000000020000000900010073797a300000000014000380080001400000000008000240000000030900020073797a300000000014000000110001"], 0x68}}, 0x800) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14}}, 0x70}}, 0x24040884) 1.413298547s ago: executing program 4 (id=3517): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xb, &(0x7f0000000400)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) 1.386343297s ago: executing program 2 (id=3518): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) 1.319543501s ago: executing program 3 (id=3520): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x20}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x42}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 1.229470872s ago: executing program 4 (id=3522): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x7c}}, 0x10) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000940)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x7fe5}], 0x20, 0x0, 0x0, 0x10000000}, 0x0) 1.166305801s ago: executing program 2 (id=3523): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000030000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f01000000010000006e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b98d2de10c21d3ea02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d000000200008000000000000001abc11c800000000000000000000000928ee53595a779d243a48cea769470424d20a04c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e495f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e4a48dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde05c10809c9edfa6d77c652fd742e6dad13d2a397bebe3ea8bc087d3720e2202f36c7719ae34f042e19dc08a3323a3d94098a7ec171469352bab1662c3e4d4803c565cfcce32dad628fade43a4844abb230ce608726fd87e93c405a96cf638c41510f26e9da5f316"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="d2ff03076003008cb29e08f088a8", 0x0, 0x200009, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.145031878s ago: executing program 3 (id=3526): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r0, &(0x7f0000004d40)={&(0x7f0000003700)={0xa, 0x4e22, 0xaae, @local, 0x6}, 0x1c, &(0x7f0000004cc0)=[{&(0x7f0000003740)="2e6ca6d0", 0x4}], 0x1}, 0x4001000) 792.277002ms ago: executing program 0 (id=3532): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000070000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021340011800a0001006c696d6974000000240002800c000240000000f0ff0000030c00014000000000000001010800044000000001"], 0xf0}}, 0x0) 745.62525ms ago: executing program 1 (id=3533): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x3000c085) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x26}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000080)={'hsr0\x00', @random="2e2e0e18a4b1"}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xa7, &(0x7f0000000000)=""/167, 0x0, 0x25, '\x00', 0x0, @sk_reuseport}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r1}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000140)={r3, 0x2000000, 0x15, 0x0, &(0x7f0000000080)="120057766e2fc680a078ca9c93d0eebb4b8f577a92", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000240)="b9e203076008008cb89e08f00800511d0833df54", 0x0, 0xfffffdff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0xc810) 682.420564ms ago: executing program 0 (id=3534): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x2, 0x60b924, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x3}, {0x6, 0xb}, {0xc, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x2400c0e0}, 0x20004080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002e00090027097000000000220400000008000c"], 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 561.517588ms ago: executing program 1 (id=3535): socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x0, 0x9, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40) close(0x3) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4004000) 521.185397ms ago: executing program 0 (id=3536): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000ad00)={0x0, 0x0, &(0x7f000000acc0)={&(0x7f0000004b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) 429.654864ms ago: executing program 1 (id=3537): openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.time\x00', 0x0, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x17, &(0x7f0000000000), 0x10) 424.2698ms ago: executing program 0 (id=3538): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r2) socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$kcm(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x2400c094) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000002400010026bd7000fcdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 355.582404ms ago: executing program 1 (id=3539): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000010880)=@base={0x6, 0x4, 0x8, 0xc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000010400)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0}, 0xc) 264.708625ms ago: executing program 0 (id=3540): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0x3, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x7, 0x1, 0x2, 0x29a, 0x2}]}, 0x30}, 0x1, 0x7}, 0x0) 264.491758ms ago: executing program 4 (id=3541): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x1f, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x20004000) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20004800) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000800)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x90, 0x4, 0x8, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6006}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xcb}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x28da}, @CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x3a}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88fb}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6}]}, 0x90}}, 0x4) 173.565257ms ago: executing program 2 (id=3542): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x15}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 173.386199ms ago: executing program 1 (id=3543): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 163.571692ms ago: executing program 4 (id=3544): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000004040)={r0, 0x58, &(0x7f0000003fc0)}, 0x10) 146.319714ms ago: executing program 3 (id=3545): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000001c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x8a}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94) 41.599184ms ago: executing program 0 (id=3546): r0 = socket$kcm(0xa, 0x1, 0x106) close(0x3) r1 = socket$kcm(0x1e, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0x4, 0x3, 0x3fd}, 0x10}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x20048480) 39.006678ms ago: executing program 1 (id=3547): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bfa000000000000014000000ee0016055e03010000000000040500000001000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 24.760607ms ago: executing program 4 (id=3548): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c00)=""/4098, 0x1002}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000002c80)=""/4119, 0x1017}], 0x3}, 0x0) 204.97µs ago: executing program 3 (id=3549): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$kcm(0x2, 0x3, 0x84) close(r1) socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000dc0)={&(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000007000000830704ac14140f0011000000000000000000000001000000fc0000000000000014000000000000000100000041"], 0x4c}, 0x20001850) 0s ago: executing program 2 (id=3550): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@updsa={0x13c, 0x10, 0x1, 0xfffffffc, 0x0, {{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x89}, {@in6=@private1, 0x0, 0x2b}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x8000, 0x2, 0xfffffffffffffffe}, {0x0, 0xfffffffffffffffd, 0x1900000000000000}, {}, 0x70bd2b, 0x0, 0xa, 0x2, 0x80}, [@algo_auth_trunc={0x4c, 0x14, {{'sm3\x00'}}}]}, 0x13c}}, 0x0) kernel console output (not intermixed with test programs): 4 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.801486][T12671] RSP: 002b:00007f751bc76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 276.801505][T12671] RAX: ffffffffffffffda RBX: 00007f751b015fa0 RCX: 00007f751ad9c819 [ 276.801517][T12671] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a [ 276.801528][T12671] RBP: 00007f751bc76090 R08: 0000000000000000 R09: 0000000000000000 [ 276.801539][T12671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 276.801550][T12671] R13: 00007f751b016038 R14: 00007f751b015fa0 R15: 00007ffce83d3f38 [ 276.801582][T12671] [ 277.397218][T12701] __nla_validate_parse: 1 callbacks suppressed [ 277.397241][T12701] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2155'. [ 277.498522][T12704] tipc: Trying to set illegal importance in message [ 278.750489][T12717] xt_SECMARK: invalid mode: 9 [ 279.054325][T12736] FAULT_INJECTION: forcing a failure. [ 279.054325][T12736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.089757][T12736] CPU: 1 UID: 0 PID: 12736 Comm: syz.1.2165 Not tainted syzkaller #0 PREEMPT(full) [ 279.089785][T12736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 279.089797][T12736] Call Trace: [ 279.089805][T12736] [ 279.089813][T12736] dump_stack_lvl+0xe8/0x150 [ 279.089847][T12736] should_fail_ex+0x412/0x560 [ 279.089884][T12736] _copy_from_user+0x2d/0xb0 [ 279.089907][T12736] generic_map_update_batch+0x648/0x990 [ 279.089943][T12736] ? __pfx_generic_map_update_batch+0x10/0x10 [ 279.089970][T12736] ? __fget_files+0x2a/0x420 [ 279.089994][T12736] ? __pfx_generic_map_update_batch+0x10/0x10 [ 279.090019][T12736] bpf_map_do_batch+0x39b/0x630 [ 279.090047][T12736] __sys_bpf+0x7c1/0x950 [ 279.090068][T12736] ? __pfx___sys_bpf+0x10/0x10 [ 279.090119][T12736] ? ksys_write+0x242/0x270 [ 279.090143][T12736] ? __pfx_ksys_write+0x10/0x10 [ 279.090173][T12736] __x64_sys_bpf+0x7c/0x90 [ 279.090200][T12736] do_syscall_64+0x14d/0xf80 [ 279.090229][T12736] ? trace_irq_disable+0x3b/0x150 [ 279.090246][T12736] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.090266][T12736] ? clear_bhb_loop+0x40/0x90 [ 279.090290][T12736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.090308][T12736] RIP: 0033:0x7f4f31d9c819 [ 279.090326][T12736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.090342][T12736] RSP: 002b:00007f4f32d04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 279.090363][T12736] RAX: ffffffffffffffda RBX: 00007f4f32015fa0 RCX: 00007f4f31d9c819 [ 279.090376][T12736] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a [ 279.090388][T12736] RBP: 00007f4f32d04090 R08: 0000000000000000 R09: 0000000000000000 [ 279.090400][T12736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 279.090411][T12736] R13: 00007f4f32016038 R14: 00007f4f32015fa0 R15: 00007ffcd98c27a8 [ 279.090453][T12736] [ 279.281750][T12738] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2166'. [ 279.518829][T12753] syzkaller0: entered promiscuous mode [ 279.527425][T12753] syzkaller0: entered allmulticast mode [ 279.632470][T12763] xt_SECMARK: invalid mode: 9 [ 279.739030][T12769] FAULT_INJECTION: forcing a failure. [ 279.739030][T12769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.771301][T12769] CPU: 0 UID: 0 PID: 12769 Comm: syz.2.2178 Not tainted syzkaller #0 PREEMPT(full) [ 279.771331][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 279.771343][T12769] Call Trace: [ 279.771351][T12769] [ 279.771360][T12769] dump_stack_lvl+0xe8/0x150 [ 279.771392][T12769] should_fail_ex+0x412/0x560 [ 279.771426][T12769] _copy_from_iter+0x1d3/0x1670 [ 279.771452][T12769] ? rcu_is_watching+0x15/0xb0 [ 279.771486][T12769] ? __pfx__copy_from_iter+0x10/0x10 [ 279.771516][T12769] ? netlink_sendmsg+0x650/0xb40 [ 279.771535][T12769] ? skb_put+0x11b/0x210 [ 279.771563][T12769] netlink_sendmsg+0x6c0/0xb40 [ 279.771594][T12769] ? __pfx_netlink_sendmsg+0x10/0x10 [ 279.771619][T12769] ? aa_sock_msg_perm+0xf1/0x1b0 [ 279.771652][T12769] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 279.771678][T12769] ____sys_sendmsg+0x972/0x9f0 [ 279.771714][T12769] ? __pfx_____sys_sendmsg+0x10/0x10 [ 279.771749][T12769] ? import_iovec+0x73/0xa0 [ 279.771776][T12769] ___sys_sendmsg+0x2a5/0x360 [ 279.771807][T12769] ? __pfx____sys_sendmsg+0x10/0x10 [ 279.771871][T12769] ? __fget_files+0x2a/0x420 [ 279.771888][T12769] ? __fget_files+0x3a0/0x420 [ 279.771917][T12769] __x64_sys_sendmsg+0x1bd/0x2a0 [ 279.771968][T12769] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 279.772003][T12769] ? __pfx_ksys_write+0x10/0x10 [ 279.772039][T12769] do_syscall_64+0x14d/0xf80 [ 279.772063][T12769] ? trace_irq_disable+0x3b/0x150 [ 279.772081][T12769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.772101][T12769] ? clear_bhb_loop+0x40/0x90 [ 279.772132][T12769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.772152][T12769] RIP: 0033:0x7fa6fcb9c819 [ 279.772172][T12769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.772189][T12769] RSP: 002b:00007fa6fd98a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 279.772211][T12769] RAX: ffffffffffffffda RBX: 00007fa6fce15fa0 RCX: 00007fa6fcb9c819 [ 279.772225][T12769] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 279.772237][T12769] RBP: 00007fa6fd98a090 R08: 0000000000000000 R09: 0000000000000000 [ 279.772249][T12769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.772260][T12769] R13: 00007fa6fce16038 R14: 00007fa6fce15fa0 R15: 00007ffc74c23708 [ 279.772299][T12769] [ 280.131945][T12784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 280.133165][T12781] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 280.168691][T12781] team0: Unable to change to the same mode the team is in [ 280.171507][T12785] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.2180'. [ 280.352388][T12794] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2185'. [ 280.697547][T12816] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2193'. [ 280.911622][T12829] xt_SECMARK: invalid mode: 9 [ 281.108113][T12838] syzkaller0: entered promiscuous mode [ 281.130336][T12838] syzkaller0: entered allmulticast mode [ 281.568743][T12876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2213'. [ 281.572405][T12870] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2212'. [ 281.578042][T12876] netlink: 'syz.1.2213': attribute type 5 has an invalid length. [ 281.593749][T12868] syzkaller0: entered promiscuous mode [ 281.595683][T12876] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2213'. [ 281.600701][T12868] syzkaller0: entered allmulticast mode [ 281.688663][T12876] geneve3: entered promiscuous mode [ 281.694215][T12876] geneve3: entered allmulticast mode [ 281.703575][ T709] netdevsim netdevsim1 eth0: set [1, 2] type 2 family 0 port 256 - 0 [ 281.718641][ T709] netdevsim netdevsim1 eth1: set [1, 2] type 2 family 0 port 256 - 0 [ 281.735842][ T709] netdevsim netdevsim1 eth2: set [1, 2] type 2 family 0 port 256 - 0 [ 281.759490][ T709] netdevsim netdevsim1 eth3: set [1, 2] type 2 family 0 port 256 - 0 [ 282.040908][T12900] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2221'. [ 282.368687][T12918] netlink: 'syz.3.2227': attribute type 10 has an invalid length. [ 282.402951][T12918] veth0_vlan: left promiscuous mode [ 282.409967][T12918] veth0_vlan: entered promiscuous mode [ 282.422238][T12918] team0: Device veth0_vlan failed to register rx_handler [ 282.856209][T12934] __nla_validate_parse: 2 callbacks suppressed [ 282.856229][T12934] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2233'. [ 283.294126][T12958] netlink: 'syz.3.2242': attribute type 1 has an invalid length. [ 283.356200][T12958] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2242'. [ 283.366947][T12958] 8021q: adding VLAN 0 to HW filter on device bond10 [ 283.684836][T12977] IPVS: ovf: FWM 3 0x00000003 - no destination available [ 284.032148][T12995] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2254'. [ 284.050932][T12995] FAULT_INJECTION: forcing a failure. [ 284.050932][T12995] name failslab, interval 1, probability 0, space 0, times 0 [ 284.084537][T12995] CPU: 0 UID: 0 PID: 12995 Comm: syz.4.2254 Not tainted syzkaller #0 PREEMPT(full) [ 284.084565][T12995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 284.084576][T12995] Call Trace: [ 284.084585][T12995] [ 284.084593][T12995] dump_stack_lvl+0xe8/0x150 [ 284.084628][T12995] should_fail_ex+0x412/0x560 [ 284.084665][T12995] should_failslab+0xa8/0x100 [ 284.084693][T12995] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 284.084717][T12995] ? __alloc_skb+0x1d0/0x7d0 [ 284.084738][T12995] ? __local_bh_enable_ip+0xd0/0x130 [ 284.084768][T12995] __alloc_skb+0x1d0/0x7d0 [ 284.084795][T12995] xfrm_alloc_compat+0x1a6/0x16f0 [ 284.084820][T12995] ? xfrm_get_translator+0x1b/0x240 [ 284.084851][T12995] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 284.084874][T12995] xfrm_nlmsg_multicast+0xda/0x1f0 [ 284.084905][T12995] xfrm_send_policy_notify+0xb54/0x1bf0 [ 284.084944][T12995] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 284.084988][T12995] ? km_policy_notify+0x28/0x200 [ 284.085016][T12995] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 284.085042][T12995] km_policy_notify+0x121/0x200 [ 284.085068][T12995] ? km_policy_notify+0x28/0x200 [ 284.085099][T12995] xfrm_get_policy+0x7ff/0xc20 [ 284.085146][T12995] ? __pfx_xfrm_get_policy+0x10/0x10 [ 284.085183][T12995] ? apparmor_capable+0x126/0x170 [ 284.085214][T12995] ? __nla_parse+0x40/0x60 [ 284.085242][T12995] xfrm_user_rcv_msg+0x7ae/0xc40 [ 284.085275][T12995] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 284.085353][T12995] ? __pfx___mutex_trylock_common+0x10/0x10 [ 284.085388][T12995] ? rcu_is_watching+0x15/0xb0 [ 284.085415][T12995] ? trace_contention_end+0x3d/0x150 [ 284.085454][T12995] ? __mutex_lock+0x319/0x1300 [ 284.085489][T12995] netlink_rcv_skb+0x232/0x4b0 [ 284.085513][T12995] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 284.085543][T12995] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 284.085582][T12995] ? netlink_deliver_tap+0x2e/0x1b0 [ 284.085602][T12995] ? netlink_deliver_tap+0x2e/0x1b0 [ 284.085626][T12995] xfrm_netlink_rcv+0x79/0x90 [ 284.085655][T12995] netlink_unicast+0x80f/0x9b0 [ 284.085694][T12995] ? __pfx_netlink_unicast+0x10/0x10 [ 284.085725][T12995] ? netlink_sendmsg+0x650/0xb40 [ 284.085744][T12995] ? skb_put+0x11b/0x210 [ 284.085771][T12995] netlink_sendmsg+0x813/0xb40 [ 284.085803][T12995] ? __pfx_netlink_sendmsg+0x10/0x10 [ 284.085829][T12995] ? aa_sock_msg_perm+0xf1/0x1b0 [ 284.085861][T12995] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 284.085888][T12995] ____sys_sendmsg+0x972/0x9f0 [ 284.085924][T12995] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.085961][T12995] ? import_iovec+0x73/0xa0 [ 284.085988][T12995] ___sys_sendmsg+0x2a5/0x360 [ 284.086021][T12995] ? __pfx____sys_sendmsg+0x10/0x10 [ 284.086086][T12995] ? __fget_files+0x2a/0x420 [ 284.086104][T12995] ? __fget_files+0x3a0/0x420 [ 284.086134][T12995] __x64_sys_sendmsg+0x1bd/0x2a0 [ 284.086163][T12995] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 284.086200][T12995] ? __pfx_ksys_write+0x10/0x10 [ 284.086237][T12995] do_syscall_64+0x14d/0xf80 [ 284.086262][T12995] ? trace_irq_disable+0x3b/0x150 [ 284.086287][T12995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.086307][T12995] ? clear_bhb_loop+0x40/0x90 [ 284.086333][T12995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.086353][T12995] RIP: 0033:0x7fb69fd9c819 [ 284.086370][T12995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 284.086386][T12995] RSP: 002b:00007fb6a0d39028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 284.086407][T12995] RAX: ffffffffffffffda RBX: 00007fb6a0015fa0 RCX: 00007fb69fd9c819 [ 284.086420][T12995] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 284.086432][T12995] RBP: 00007fb6a0d39090 R08: 0000000000000000 R09: 0000000000000000 [ 284.086444][T12995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.086455][T12995] R13: 00007fb6a0016038 R14: 00007fb6a0015fa0 R15: 00007ffd7b066c48 [ 284.086491][T12995] [ 284.483842][T12997] syzkaller0: entered promiscuous mode [ 284.489404][T12997] syzkaller0: entered allmulticast mode [ 284.678114][T13007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2260'. [ 284.709835][T13005] syzkaller0: entered promiscuous mode [ 284.725970][T13005] syzkaller0: entered allmulticast mode [ 284.823979][T13005] tipc: Enabled bearer , priority 0 [ 284.857623][T13004] tipc: Resetting bearer [ 284.905780][T13004] tipc: Disabling bearer [ 285.174688][T13038] netlink: 'syz.2.2267': attribute type 1 has an invalid length. [ 285.282914][T13040] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address [ 285.293932][T13040] bond7: (slave vxcan3): Error -95 calling set_mac_address [ 285.538172][T13044] syzkaller0: entered promiscuous mode [ 285.551758][T13044] syzkaller0: entered allmulticast mode [ 285.559365][T13044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2268'. [ 285.900440][T13059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2275'. [ 285.917021][T13059] veth1_macvtap: left promiscuous mode [ 285.978117][T13063] netlink: 'syz.4.2277': attribute type 10 has an invalid length. [ 285.978732][T13061] TCP: tcp_parse_options: Illegal window scaling value 16 > 14 received [ 285.995085][T13063] batadv0: left promiscuous mode [ 286.012971][T13063] batadv0: left allmulticast mode [ 286.029420][T13067] netlink: 'syz.4.2277': attribute type 10 has an invalid length. [ 286.033692][T13063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.038250][T13067] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2277'. [ 286.059384][T13061] ipt_REJECT: TCP_RESET invalid for non-tcp [ 286.092567][T13063] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 286.113108][T13067] batadv0: entered promiscuous mode [ 286.120255][T13067] batadv0: entered allmulticast mode [ 286.152693][T13067] bond0: (slave batadv0): Releasing backup interface [ 286.201450][T13067] bridge0: port 1(batadv0) entered blocking state [ 286.210485][T13067] bridge0: port 1(batadv0) entered disabled state [ 286.292047][T13077] IPVS: ovf: FWM 3 0x00000003 - no destination available [ 286.420001][T13085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2282'. [ 286.451338][T13083] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2284'. [ 286.456348][T13088] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2283'. [ 286.469037][T13083] FAULT_INJECTION: forcing a failure. [ 286.469037][T13083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.485752][T13083] CPU: 1 UID: 0 PID: 13083 Comm: syz.3.2284 Not tainted syzkaller #0 PREEMPT(full) [ 286.485778][T13083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 286.485789][T13083] Call Trace: [ 286.485796][T13083] [ 286.485804][T13083] dump_stack_lvl+0xe8/0x150 [ 286.485835][T13083] should_fail_ex+0x412/0x560 [ 286.485866][T13083] _copy_from_user+0x2d/0xb0 [ 286.485887][T13083] kstrtouint_from_user+0xd6/0x180 [ 286.485914][T13083] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 286.485949][T13083] proc_fail_nth_write+0x8e/0x210 [ 286.485976][T13083] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 286.486009][T13083] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 286.486041][T13083] vfs_write+0x29a/0xb90 [ 286.486074][T13083] ? __pfx_vfs_write+0x10/0x10 [ 286.486097][T13083] ? __fget_files+0x2a/0x420 [ 286.486119][T13083] ? __fget_files+0x3a0/0x420 [ 286.486135][T13083] ? __fget_files+0x2a/0x420 [ 286.486163][T13083] ksys_write+0x150/0x270 [ 286.486186][T13083] ? __pfx_ksys_write+0x10/0x10 [ 286.486221][T13083] do_syscall_64+0x14d/0xf80 [ 286.486245][T13083] ? trace_irq_disable+0x3b/0x150 [ 286.486272][T13083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.486292][T13083] ? clear_bhb_loop+0x40/0x90 [ 286.486318][T13083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.486337][T13083] RIP: 0033:0x7f039f15d04e [ 286.486356][T13083] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 286.486372][T13083] RSP: 002b:00007f03a00e2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.486393][T13083] RAX: ffffffffffffffda RBX: 00007f03a00e36c0 RCX: 00007f039f15d04e [ 286.486407][T13083] RDX: 0000000000000001 RSI: 00007f03a00e30a0 RDI: 0000000000000004 [ 286.486419][T13083] RBP: 00007f03a00e3090 R08: 0000000000000000 R09: 0000000000000000 [ 286.486430][T13083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.486442][T13083] R13: 00007f039f416038 R14: 00007f039f415fa0 R15: 00007fff58c13438 [ 286.486477][T13083] [ 286.693545][ T1010] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 286.703353][ T1010] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 286.732143][T13085] bond8: option xmit_hash_policy: invalid value (64) [ 286.741577][T13085] bond8 (unregistering): Released all slaves [ 286.913613][T13085] bond8: option xmit_hash_policy: invalid value (64) [ 286.928769][T13085] bond8 (unregistering): Released all slaves [ 286.973616][T13093] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 286.975390][T13101] netlink: 'syz.0.2289': attribute type 1 has an invalid length. [ 287.024981][T13099] team0: Unable to change to the same mode the team is in [ 287.153809][T13085] bond8: option xmit_hash_policy: invalid value (64) [ 287.173882][T13085] bond8 (unregistering): Released all slaves [ 287.230851][T13101] 8021q: adding VLAN 0 to HW filter on device bond9 [ 287.526273][T13130] netlink: 'syz.4.2294': attribute type 10 has an invalid length. [ 287.530013][T13126] delete_channel: no stack [ 287.535854][T13130] batadv0: left allmulticast mode [ 287.546461][T13130] batadv0: left promiscuous mode [ 287.574334][T13130] bridge0: port 1(batadv0) entered disabled state [ 287.588245][T13130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.606192][T13133] netlink: 'syz.4.2294': attribute type 10 has an invalid length. [ 287.609179][T13130] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 287.634825][T13133] batadv0: entered promiscuous mode [ 287.640191][T13133] batadv0: entered allmulticast mode [ 287.647678][T13133] bond0: (slave batadv0): Releasing backup interface [ 287.660835][T13133] bridge0: port 1(batadv0) entered blocking state [ 287.678407][T13133] bridge0: port 1(batadv0) entered disabled state [ 287.739640][T13139] bond11: Unable to set up delay as MII monitoring is disabled [ 287.751236][T13139] bond11 (unregistering): Released all slaves [ 288.082819][T13157] __nla_validate_parse: 7 callbacks suppressed [ 288.082839][T13157] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2306'. [ 288.125689][T13157] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2306'. [ 288.236437][T13169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2310'. [ 288.308460][T13173] netlink: 'syz.1.2312': attribute type 10 has an invalid length. [ 288.349528][T13173] batadv0: left promiscuous mode [ 288.371666][T13173] batadv0: left allmulticast mode [ 288.412610][T13178] netlink: 'syz.1.2312': attribute type 10 has an invalid length. [ 288.413412][T13173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.457782][T13178] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2312'. [ 288.534201][T13173] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 288.560541][T13178] batadv0: entered promiscuous mode [ 288.570372][T13178] batadv0: entered allmulticast mode [ 288.582422][T13178] bond0: (slave batadv0): Releasing backup interface [ 288.597613][T13178] bridge0: port 1(batadv0) entered blocking state [ 288.604586][T13178] bridge0: port 1(batadv0) entered disabled state [ 288.760594][ T1010] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 288.769907][ T1010] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 288.844124][T13202] netlink: 'syz.1.2320': attribute type 1 has an invalid length. [ 288.977285][T13207] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2320'. [ 289.006628][T13207] 8021q: adding VLAN 0 to HW filter on device bond10 [ 289.051499][T13210] netlink: 'syz.4.2325': attribute type 10 has an invalid length. [ 289.093499][T13210] team0: Port device vxcan1 added [ 289.319477][T13223] netlink: 'syz.4.2330': attribute type 10 has an invalid length. [ 289.328113][T13219] bond0: (slave bridge_slave_1): Releasing backup interface [ 289.346321][T13219] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 289.384619][T13223] batadv0: left allmulticast mode [ 289.384919][T13224] netlink: 'syz.4.2330': attribute type 10 has an invalid length. [ 289.389716][T13223] batadv0: left promiscuous mode [ 289.389941][T13223] bridge0: port 1(batadv0) entered disabled state [ 289.435120][T13227] FAULT_INJECTION: forcing a failure. [ 289.435120][T13227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.450565][T13224] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2330'. [ 289.459764][T13227] CPU: 0 UID: 0 PID: 13227 Comm: syz.1.2332 Not tainted syzkaller #0 PREEMPT(full) [ 289.459789][T13227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 289.459800][T13227] Call Trace: [ 289.459808][T13227] [ 289.459816][T13227] dump_stack_lvl+0xe8/0x150 [ 289.459847][T13227] should_fail_ex+0x412/0x560 [ 289.459878][T13227] _copy_from_user+0x2d/0xb0 [ 289.459898][T13227] generic_map_update_batch+0x69a/0x990 [ 289.459930][T13227] ? __pfx_generic_map_update_batch+0x10/0x10 [ 289.459955][T13227] ? __fget_files+0x2a/0x420 [ 289.459980][T13227] ? __pfx_generic_map_update_batch+0x10/0x10 [ 289.460003][T13227] bpf_map_do_batch+0x39b/0x630 [ 289.460031][T13227] __sys_bpf+0x7c1/0x950 [ 289.460052][T13227] ? __pfx___sys_bpf+0x10/0x10 [ 289.460089][T13227] ? ksys_write+0x242/0x270 [ 289.460114][T13227] ? __pfx_ksys_write+0x10/0x10 [ 289.460144][T13227] __x64_sys_bpf+0x7c/0x90 [ 289.460170][T13227] do_syscall_64+0x14d/0xf80 [ 289.460192][T13227] ? trace_irq_disable+0x3b/0x150 [ 289.460213][T13227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.460242][T13227] ? clear_bhb_loop+0x40/0x90 [ 289.460264][T13227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.460282][T13227] RIP: 0033:0x7f4f31d9c819 [ 289.460301][T13227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 289.460317][T13227] RSP: 002b:00007f4f32d04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 289.460339][T13227] RAX: ffffffffffffffda RBX: 00007f4f32015fa0 RCX: 00007f4f31d9c819 [ 289.460353][T13227] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a [ 289.460365][T13227] RBP: 00007f4f32d04090 R08: 0000000000000000 R09: 0000000000000000 [ 289.460377][T13227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 289.460388][T13227] R13: 00007f4f32016038 R14: 00007f4f32015fa0 R15: 00007ffcd98c27a8 [ 289.460420][T13227] [ 289.517475][T13229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2331'. [ 289.601986][T13232] sctp: [Deprecated]: syz.1.2333 (pid 13232) Use of int in maxseg socket option. [ 289.601986][T13232] Use struct sctp_assoc_value instead [ 289.628874][T13223] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.685011][T13223] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 289.694004][T13219] team0: Unable to change to the same mode the team is in [ 289.706357][T13224] batadv0: entered promiscuous mode [ 289.716645][T13224] batadv0: entered allmulticast mode [ 289.731938][T13224] bond0: (slave batadv0): Releasing backup interface [ 289.743860][T13224] bridge0: port 1(batadv0) entered blocking state [ 289.750983][T13224] bridge0: port 1(batadv0) entered disabled state [ 289.767874][T13233] ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 289.777471][T13229] hsr_slave_0: left promiscuous mode [ 289.793860][T13229] hsr_slave_1: left promiscuous mode [ 289.964114][T13244] netlink: 'syz.3.2337': attribute type 1 has an invalid length. [ 290.081409][T13256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2337'. [ 290.115198][T13256] 8021q: adding VLAN 0 to HW filter on device bond11 [ 290.142125][T13258] gtp1: entered promiscuous mode [ 290.147227][T13258] gtp1: entered allmulticast mode [ 290.344735][T13268] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 290.571891][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2349'. [ 290.844163][T13295] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2356'. [ 290.855554][T13295] 8021q: adding VLAN 0 to HW filter on device bond10 [ 291.387780][T13329] xt_SECMARK: invalid mode: 9 [ 292.657482][T13398] 8021q: adding VLAN 0 to HW filter on device bond11 [ 292.924568][T13415] block nbd2: Unsupported socket: should be TCP or UNIX. [ 293.349510][T13426] syzkaller0: entered promiscuous mode [ 293.387346][T13426] syzkaller0: entered allmulticast mode [ 293.435250][T13409] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 295.234307][T13466] syzkaller0: entered promiscuous mode [ 295.252767][T13466] syzkaller0: entered allmulticast mode [ 295.397768][T13484] __nla_validate_parse: 2 callbacks suppressed [ 295.397786][T13484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2425'. [ 295.406378][T13483] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2426'. [ 295.423972][T13483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2426'. [ 295.564850][T13488] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2428'. [ 296.206515][T13502] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2431'. [ 297.294375][T13521] syzkaller0: entered promiscuous mode [ 297.299988][T13521] syzkaller0: entered allmulticast mode [ 297.337948][T13521] tipc: Enabled bearer , priority 0 [ 297.361998][T13520] tipc: Resetting bearer [ 297.403447][T13520] tipc: Disabling bearer [ 297.693480][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2448'. [ 297.697695][T13545] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2449'. [ 297.707533][T13547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2448'. [ 297.835636][T13557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2453'. [ 297.893479][T13562] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2455'. [ 298.054536][T13570] x_tables: duplicate underflow at hook 1 [ 298.085194][T13575] xt_SECMARK: invalid mode: 9 [ 298.769103][T13617] bond8: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 298.815606][T13617] bond8 (unregistering): Released all slaves [ 298.846808][T13616] validate_nla: 1 callbacks suppressed [ 298.846821][T13616] netlink: 'syz.4.2473': attribute type 29 has an invalid length. [ 298.928601][T13628] syzkaller0: entered promiscuous mode [ 298.938588][T13628] syzkaller0: entered allmulticast mode [ 298.978098][T13628] tipc: Enabled bearer , priority 0 [ 298.991529][T13623] tipc: Resetting bearer [ 299.048900][T13623] tipc: Disabling bearer [ 299.129898][T13644] netlink: 'syz.3.2480': attribute type 1 has an invalid length. [ 299.204092][T13648] IPVS: set_ctl: invalid protocol: 117 172.20.20.170:20000 [ 299.299560][T13644] 8021q: adding VLAN 0 to HW filter on device bond12 [ 299.334856][T13655] team1: entered promiscuous mode [ 299.340712][T13655] team1: entered allmulticast mode [ 299.375853][T13657] netlink: 'syz.0.2486': attribute type 1 has an invalid length. [ 299.536687][T13657] bond11: entered promiscuous mode [ 299.575896][T13657] 8021q: adding VLAN 0 to HW filter on device bond11 [ 299.679608][T13664] 8021q: adding VLAN 0 to HW filter on device bond11 [ 299.709796][T13664] bond11: (slave vcan1): The slave device specified does not support setting the MAC address [ 299.720490][T13664] bond11: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 299.740393][T13664] bond11: (slave vcan1): making interface the new active one [ 299.755654][T13664] vcan1: entered promiscuous mode [ 299.764717][T13664] bond11: (slave vcan1): Enslaving as an active interface with an up link [ 299.848497][T13680] syzkaller0: entered promiscuous mode [ 299.858305][T13680] syzkaller0: entered allmulticast mode [ 299.901866][T13680] tipc: Enabled bearer , priority 0 [ 299.921349][T13678] tipc: Resetting bearer [ 299.983195][T13678] tipc: Disabling bearer [ 300.202931][T13706] netlink: 'syz.4.2503': attribute type 72 has an invalid length. [ 300.578573][T13724] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 300.596564][T13724] netlink: 'syz.2.2509': attribute type 9 has an invalid length. [ 300.630635][T13724] netlink: 'syz.2.2509': attribute type 11 has an invalid length. [ 300.655563][T13724] netlink: 'syz.2.2509': attribute type 12 has an invalid length. [ 300.675133][T13724] __nla_validate_parse: 10 callbacks suppressed [ 300.675153][T13724] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.2509'. [ 300.710765][T13724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2509'. [ 300.900653][T13735] tipc: Enabling of bearer rejected, failed to enable media [ 300.960137][T13740] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2514'. [ 301.266159][T13759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2522'. [ 301.275401][T13759] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2522'. [ 301.389287][T13765] nbd: couldn't find a device at index 0 [ 301.413201][T13764] xt_SECMARK: invalid mode: 9 [ 301.701063][T13783] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2530'. [ 301.743522][T13791] tipc: Enabling of bearer rejected, failed to enable media [ 302.416904][T13820] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2543'. [ 302.430417][T13817] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 302.453173][T13817] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2542'. [ 302.483493][T13824] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2545'. [ 302.501773][T13822] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 302.581384][T13827] team0: Unable to change to the same mode the team is in [ 302.649191][T13837] tipc: Enabling of bearer rejected, failed to enable media [ 302.790916][T13841] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2549'. [ 303.235513][T13871] netlink: 'syz.4.2558': attribute type 10 has an invalid length. [ 303.263553][T13871] batadv0: left allmulticast mode [ 303.270310][T13871] batadv0: left promiscuous mode [ 303.280757][T13871] bridge0: port 1(batadv0) entered disabled state [ 303.306669][T13871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 303.345988][T13871] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 303.943020][T13906] netlink: 'syz.2.2572': attribute type 1 has an invalid length. [ 304.006660][T13906] netlink: 'syz.2.2572': attribute type 1 has an invalid length. [ 304.032761][T13916] netlink: 'syz.2.2572': attribute type 1 has an invalid length. [ 304.034330][T13914] netlink: 'syz.0.2575': attribute type 1 has an invalid length. [ 304.198648][T13914] 8021q: adding VLAN 0 to HW filter on device bond12 [ 304.244882][T13921] bridge0: port 1(batadv0) entered disabled state [ 304.277746][T13921] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 304.406774][T13923] bond12: (slave veth9): Enslaving as an active interface with a down link [ 304.438336][T13929] team0: Unable to change to the same mode the team is in [ 304.514945][T13931] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 304.535159][T13931] bond12: (slave batadv1): making interface the new active one [ 304.574516][T13931] batadv1: entered promiscuous mode [ 304.608543][T13931] bond12: (slave batadv1): Enslaving as an active interface with an up link [ 304.684583][T13923] geneve4: entered promiscuous mode [ 304.711608][T13923] geneve4: entered allmulticast mode [ 305.010493][T13970] tipc: Enabling of bearer rejected, failed to enable media [ 306.034559][T14019] netlink: 'syz.4.2591': attribute type 1 has an invalid length. [ 306.403484][T14035] __nla_validate_parse: 15 callbacks suppressed [ 306.403506][T14035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2595'. [ 306.493063][T14034] syzkaller0: entered promiscuous mode [ 306.498646][T14034] syzkaller0: entered allmulticast mode [ 306.569170][T14041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2598'. [ 306.726539][T14053] tipc: Enabling of bearer rejected, failed to enable media [ 306.782957][T14054] syzkaller1: entered promiscuous mode [ 306.797433][T14054] syzkaller1: entered allmulticast mode [ 306.826680][T14056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2604'. [ 307.005243][T14062] netlink: 'syz.4.2606': attribute type 1 has an invalid length. [ 307.030364][T14062] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2606'. [ 307.049511][T14065] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2607'. [ 307.059451][T14062] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 307.066441][T14068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2608'. [ 307.066465][T14068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2608'. [ 307.177618][T14074] xt_SECMARK: invalid mode: 9 [ 307.445836][T14083] syzkaller0: entered promiscuous mode [ 307.468864][T14083] syzkaller0: entered allmulticast mode [ 307.613765][T14101] netlink: 'syz.4.2616': attribute type 10 has an invalid length. [ 307.624290][T14100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2619'. [ 307.641987][T14101] veth0_vlan: left promiscuous mode [ 307.659038][T14101] veth0_vlan: entered promiscuous mode [ 307.694965][T14101] team0: Device veth0_vlan failed to register rx_handler [ 307.735726][T14100] workqueue: Failed to create a rescuer kthread for wq "bond12": -EINTR [ 307.803867][T14110] netlink: 'syz.2.2621': attribute type 10 has an invalid length. [ 307.820494][T14112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2622'. [ 307.830637][T14112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2622'. [ 307.862644][T14110] batadv0: left promiscuous mode [ 307.867663][T14110] batadv0: left allmulticast mode [ 308.088745][T14126] bond0: entered promiscuous mode [ 308.094286][T14126] geneve2: entered promiscuous mode [ 308.101478][T14126] bond0: left promiscuous mode [ 308.106407][T14126] geneve2: left promiscuous mode [ 308.124602][T14131] netlink: 'syz.3.2628': attribute type 1 has an invalid length. [ 308.162737][T14131] bond13: entered promiscuous mode [ 308.168466][T14131] 8021q: adding VLAN 0 to HW filter on device bond13 [ 308.219160][T14131] bond13: (slave bridge5): making interface the new active one [ 308.240697][T14131] bridge5: entered promiscuous mode [ 308.247003][T14131] bond13: (slave bridge5): Enslaving as an active interface with an up link [ 308.347145][T14141] syzkaller0: entered promiscuous mode [ 308.352975][T14141] syzkaller0: entered allmulticast mode [ 308.535512][T14154] netlink: 'syz.2.2636': attribute type 10 has an invalid length. [ 308.598040][ T5886] IPVS: starting estimator thread 0... [ 308.701388][T14162] IPVS: using max 24 ests per chain, 57600 per kthread [ 308.815961][T14172] IPVS: set_ctl: invalid protocol: 43 10.1.1.2:20001 [ 309.338406][T14201] openvswitch: netlink: IP tunnel dst address not specified [ 309.413625][T14203] IPv6: sit1: Disabled Multicast RS [ 309.427114][T14203] sit1: entered allmulticast mode [ 309.564202][T14210] xt_SECMARK: invalid mode: 9 [ 310.015346][T14233] netlink: 'syz.0.2658': attribute type 1 has an invalid length. [ 310.090060][T14244] netlink: 'syz.4.2661': attribute type 13 has an invalid length. [ 310.126061][T14233] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR [ 310.143405][T14244] macvtap0: entered allmulticast mode [ 310.184154][T14244] macvtap0: refused to change device tx_queue_len [ 310.714059][T14284] syzkaller0: entered promiscuous mode [ 310.719612][T14284] syzkaller0: entered allmulticast mode [ 310.876388][T14294] tipc: Enabling of bearer rejected, failed to enable media [ 310.958805][T14301] bond8: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 311.025376][T14301] bond8: (slave lo): Enslaving as an active interface with an up link [ 311.040919][T14301] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 311.606341][T14333] xt_limit: Overflow, try lower: 271964/0 [ 312.016365][T14365] tipc: Enabling of bearer rejected, failed to enable media [ 312.061843][T14368] __nla_validate_parse: 10 callbacks suppressed [ 312.061864][T14368] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2696'. [ 312.482582][T14386] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2702'. [ 312.532745][T14386] openvswitch: netlink: Flow key attr not present in new flow. [ 312.726888][T14407] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2708'. [ 312.938321][T14418] tipc: Enabling of bearer rejected, failed to enable media [ 313.013005][T14422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2712'. [ 314.405022][T14463] netlink: 'syz.0.2727': attribute type 1 has an invalid length. [ 314.973758][T14463] 8021q: adding VLAN 0 to HW filter on device bond13 [ 315.036121][T14472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2731'. [ 315.091108][T14464] bond13: (slave geneve5): making interface the new active one [ 315.123993][T14464] bond13: (slave geneve5): Enslaving as an active interface with an up link [ 315.168823][ T1159] netdevsim netdevsim0 netdevsim0: set [1, 3] type 2 family 0 port 20004 - 0 [ 315.176951][T14479] ipt_ECN: cannot use operation on non-tcp rule [ 315.178593][ T1159] netdevsim netdevsim0 netdevsim1: set [1, 3] type 2 family 0 port 20004 - 0 [ 315.250598][ T1159] netdevsim netdevsim0 netdevsim2: set [1, 3] type 2 family 0 port 20004 - 0 [ 315.259473][ T1159] netdevsim netdevsim0 netdevsim3: set [1, 3] type 2 family 0 port 20004 - 0 [ 315.292494][T14482] netlink: 'syz.2.2736': attribute type 1 has an invalid length. [ 315.402341][T14490] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2738'. [ 315.413542][T14493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2736'. [ 315.428351][T14482] bond9: entered promiscuous mode [ 315.429378][T14490] nbd: couldn't find a device at index 0 [ 315.433974][T14482] 8021q: adding VLAN 0 to HW filter on device bond9 [ 315.456441][T14492] bridge6: entered promiscuous mode [ 315.468132][T14492] bridge6: entered allmulticast mode [ 315.487068][T14482] netlink: 'syz.2.2736': attribute type 1 has an invalid length. [ 315.495838][T14492] team0: Port device bridge6 added [ 315.520140][T14491] bridge7: entered promiscuous mode [ 315.526703][T14491] bridge7: entered allmulticast mode [ 315.536005][T14491] team0: Port device bridge7 added [ 315.589532][T14490] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2738'. [ 315.695790][T14482] macvlan3: entered promiscuous mode [ 315.703539][T14482] macvlan3: entered allmulticast mode [ 315.711361][T14482] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 315.792789][T14493] 8021q: adding VLAN 0 to HW filter on device bond9 [ 315.804238][T14493] bond9: (slave vti0): The slave device specified does not support setting the MAC address [ 315.815567][T14493] bond9: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 315.828289][T14493] bond9: (slave vti0): making interface the new active one [ 315.838503][T14493] vti0: entered promiscuous mode [ 315.846962][T14493] bond9: (slave vti0): Enslaving as an active interface with an up link [ 315.977967][T14518] netlink: 'syz.1.2747': attribute type 33 has an invalid length. [ 315.982942][ T1010] batadv1: left promiscuous mode [ 316.039319][T14518] bond12: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 316.046324][T14524] netlink: 54 bytes leftover after parsing attributes in process `syz.1.2747'. [ 316.072263][T14518] bond12 (unregistering): Released all slaves [ 316.101055][T14524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2747'. [ 316.360010][T14541] ipt_rpfilter: unknown options [ 316.381636][T14540] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 316.451018][T14544] team0: Unable to change to the same mode the team is in [ 316.713301][T14558] syzkaller1: entered promiscuous mode [ 316.718900][T14558] syzkaller1: entered allmulticast mode [ 317.143143][T14587] netlink: 'syz.0.2767': attribute type 1 has an invalid length. [ 317.170574][T14587] __nla_validate_parse: 1 callbacks suppressed [ 317.170594][T14587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2767'. [ 317.305982][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.314279][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.452426][T14597] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 317.540119][T14597] team0: Unable to change to the same mode the team is in [ 317.774097][T14623] tipc: Enabling of bearer rejected, failed to enable media [ 317.830898][T14625] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2779'. [ 318.153462][T14642] netlink: 'syz.0.2783': attribute type 1 has an invalid length. [ 318.213300][T14649] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2786'. [ 318.232259][T14647] netlink: 'syz.2.2785': attribute type 1 has an invalid length. [ 318.467139][T14665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2792'. [ 318.575676][T14669] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2793'. [ 318.768949][T14679] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2797'. [ 318.783749][T14682] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2798'. [ 319.092176][T14700] netlink: 'syz.3.2802': attribute type 10 has an invalid length. [ 319.122114][T14700] bond0: (slave wlan1): Opening slave failed [ 319.140090][T14699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.172136][T14704] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2804'. [ 319.371889][T14713] syzkaller1: entered promiscuous mode [ 319.379764][T14713] syzkaller1: entered allmulticast mode [ 319.568081][T14728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2810'. [ 319.874536][T14743] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2816'. [ 320.203770][T14765] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 320.236780][T14765] team0: Unable to change to the same mode the team is in [ 320.624417][T14782] xt_hashlimit: size too large, truncated to 1048576 [ 321.226192][T14798] syzkaller0: entered promiscuous mode [ 321.240521][T14798] syzkaller0: entered allmulticast mode [ 322.528043][T14856] __nla_validate_parse: 9 callbacks suppressed [ 322.528063][T14856] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2846'. [ 322.892938][T14840] pim6reg: entered allmulticast mode [ 323.155507][T14873] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.2850'. [ 323.174581][T14873] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2850'. [ 323.215136][T14867] bond8: (slave lo): Releasing backup interface [ 323.271104][T14867] bond8: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 323.276221][T14880] netlink: 1024 bytes leftover after parsing attributes in process `syz.4.2854'. [ 323.328743][T14867] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 323.373382][T14887] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2855'. [ 323.386301][T14868] team0: Unable to change to the same mode the team is in [ 323.437133][T14880] bridge3: entered promiscuous mode [ 323.442616][T14880] bridge3: entered allmulticast mode [ 323.499511][T14896] FAULT_INJECTION: forcing a failure. [ 323.499511][T14896] name failslab, interval 1, probability 0, space 0, times 0 [ 323.514576][T14896] CPU: 0 UID: 0 PID: 14896 Comm: syz.0.2857 Not tainted syzkaller #0 PREEMPT(full) [ 323.514603][T14896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 323.514615][T14896] Call Trace: [ 323.514623][T14896] [ 323.514631][T14896] dump_stack_lvl+0xe8/0x150 [ 323.514664][T14896] should_fail_ex+0x412/0x560 [ 323.514697][T14896] should_failslab+0xa8/0x100 [ 323.514735][T14896] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 323.514758][T14896] ? __alloc_skb+0x186/0x7d0 [ 323.514779][T14896] ? __alloc_skb+0x1d0/0x7d0 [ 323.514797][T14896] ? __local_bh_enable_ip+0xd0/0x130 [ 323.514828][T14896] __alloc_skb+0x1d0/0x7d0 [ 323.514855][T14896] netlink_sendmsg+0x5d4/0xb40 [ 323.514888][T14896] ? __pfx_netlink_sendmsg+0x10/0x10 [ 323.514913][T14896] ? aa_sock_msg_perm+0xf1/0x1b0 [ 323.514944][T14896] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 323.514968][T14896] ____sys_sendmsg+0x972/0x9f0 [ 323.515002][T14896] ? __pfx_____sys_sendmsg+0x10/0x10 [ 323.515036][T14896] ? import_iovec+0x73/0xa0 [ 323.515061][T14896] ___sys_sendmsg+0x2a5/0x360 [ 323.515091][T14896] ? __pfx____sys_sendmsg+0x10/0x10 [ 323.515151][T14896] ? __fget_files+0x2a/0x420 [ 323.515169][T14896] ? __fget_files+0x3a0/0x420 [ 323.515197][T14896] __x64_sys_sendmsg+0x1bd/0x2a0 [ 323.515224][T14896] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 323.515255][T14896] ? __pfx_ksys_write+0x10/0x10 [ 323.515289][T14896] do_syscall_64+0x14d/0xf80 [ 323.515313][T14896] ? trace_irq_disable+0x3b/0x150 [ 323.515328][T14896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.515346][T14896] ? clear_bhb_loop+0x40/0x90 [ 323.515370][T14896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.515388][T14896] RIP: 0033:0x7f751ad9c819 [ 323.515407][T14896] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.515421][T14896] RSP: 002b:00007f751bc76028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 323.515443][T14896] RAX: ffffffffffffffda RBX: 00007f751b015fa0 RCX: 00007f751ad9c819 [ 323.515456][T14896] RDX: 0000000000000010 RSI: 0000200000000780 RDI: 0000000000000003 [ 323.515468][T14896] RBP: 00007f751bc76090 R08: 0000000000000000 R09: 0000000000000000 [ 323.515478][T14896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.515489][T14896] R13: 00007f751b016038 R14: 00007f751b015fa0 R15: 00007ffce83d3f38 [ 323.515520][T14896] [ 323.556053][T14899] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 323.807863][T14902] netlink: 24908 bytes leftover after parsing attributes in process `syz.2.2860'. [ 323.938643][T14907] syzkaller0: entered promiscuous mode [ 323.952097][T14907] syzkaller0: entered allmulticast mode [ 324.012875][T14912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2864'. [ 324.028625][T14912] block nbd2: Unsupported socket: should be TCP or UNIX. [ 324.151261][T14926] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2867'. [ 324.312557][T14933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2871'. [ 324.325848][T14928] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2869'. [ 324.362126][T14933] gretap0: entered promiscuous mode [ 325.307009][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 325.342571][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 325.352774][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 325.376979][T14968] syzkaller0: entered promiscuous mode [ 325.382745][T14968] syzkaller0: entered allmulticast mode [ 325.388417][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 325.403292][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 325.432362][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 325.440348][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 325.447717][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 325.461178][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 325.471504][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 326.155226][ T709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.183667][ T709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.206476][ T709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 326.305509][ T709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.317988][ T709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.359830][ T709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 326.414672][ T709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.425260][ T709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.437502][ T709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 326.459294][T15011] syzkaller0: entered promiscuous mode [ 326.465771][T15011] syzkaller0: entered allmulticast mode [ 326.544254][ T709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.568981][ T709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.591455][ T709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 326.620706][T15017] xt_SECMARK: invalid mode: 9 [ 326.777661][T15023] tun0: tun_chr_ioctl cmd 1074025675 [ 326.788137][T15023] tun0: persist disabled [ 326.815948][T14964] chnl_net:caif_netlink_parms(): no params data found [ 326.952974][T15028] bond0: (slave batadv0): Releasing backup interface [ 326.970746][T15028] team0: Port device vxcan1 removed [ 326.976306][T15028] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 327.040689][T15028] team0: Unable to change to the same mode the team is in [ 327.259677][T15046] xt_SECMARK: invalid mode: 9 [ 327.544272][ T5839] Bluetooth: hci5: command tx timeout [ 327.603512][T15064] delete_channel: no stack [ 327.763652][ T709] bond2 (unregistering): (slave geneve2): Releasing active interface [ 327.974760][ T709] bond13 (unregistering): (slave bridge5): Releasing backup interface [ 327.983760][ T709] bridge5 (unregistering): left promiscuous mode [ 328.034211][ T709] team0: Port device bridge6 removed [ 328.094425][ T709] team0: Port device bridge7 removed [ 328.154333][ T709] bond0 (unregistering): Released all slaves [ 328.164715][ T709] bond1 (unregistering): left allmulticast mode [ 328.172228][ T709] bond1 (unregistering): Released all slaves [ 328.187651][ T709] bond2 (unregistering): Released all slaves [ 328.209846][ T709] bond3 (unregistering): Released all slaves [ 328.232492][ T709] bond4 (unregistering): Released all slaves [ 328.267430][T15072] __nla_validate_parse: 6 callbacks suppressed [ 328.267449][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2914'. [ 328.283727][ T709] bond5 (unregistering): (slave bond6): Releasing active interface [ 328.296988][ T709] bond5 (unregistering): Released all slaves [ 328.319963][ T709] bond6 (unregistering): Released all slaves [ 328.345132][ T709] bond7 (unregistering): Released all slaves [ 328.364778][ T709] bond8 (unregistering): Released all slaves [ 328.379518][ T709] bond9 (unregistering): Released all slaves [ 328.393924][ T709] bond10 (unregistering): Released all slaves [ 328.408681][ T709] bond11 (unregistering): Released all slaves [ 328.434790][ T709] bond12 (unregistering): Released all slaves [ 328.448630][ T709] bond13 (unregistering): Released all slaves [ 328.484479][T14964] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.493493][T14964] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.501123][T14964] bridge_slave_0: entered allmulticast mode [ 328.509205][T14964] bridge_slave_0: entered promiscuous mode [ 328.520815][T14964] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.528218][T14964] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.542487][T14964] bridge_slave_1: entered allmulticast mode [ 328.570737][T14964] bridge_slave_1: entered promiscuous mode [ 328.623675][T15074] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 328.714181][T15075] team0: Unable to change to the same mode the team is in [ 328.715641][T15080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2916'. [ 328.827382][T14964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.883835][T14964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 328.924161][ T709] tipc: Left network mode [ 329.036512][T15093] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2921'. [ 329.218253][T14964] team0: Port device team_slave_0 added [ 329.256542][T14964] team0: Port device team_slave_1 added [ 329.284675][T15109] netlink: 'syz.4.2925': attribute type 1 has an invalid length. [ 329.306403][T15109] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 329.318871][T15110] netlink: 'syz.1.2924': attribute type 8 has an invalid length. [ 329.327908][T15110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2924'. [ 329.465754][T15120] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2923'. [ 329.620691][ T5839] Bluetooth: hci5: command tx timeout [ 329.639178][T14964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.653068][T14964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.686129][T14964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.743269][T14964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.754559][T14964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.781052][T14964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.002093][T15142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2930'. [ 330.061393][T15142] hsr_slave_0: left promiscuous mode [ 330.075155][T15142] hsr_slave_1: left promiscuous mode [ 330.179992][T14964] hsr_slave_0: entered promiscuous mode [ 330.206035][T14964] hsr_slave_1: entered promiscuous mode [ 330.284923][T15153] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2934'. [ 330.512490][T15162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2938'. [ 331.252433][T15199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2945'. [ 331.318102][T15199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2945'. [ 331.488332][T15206] netlink: 'syz.1.2947': attribute type 12 has an invalid length. [ 331.521733][T15213] sctp: [Deprecated]: syz.2.2950 (pid 15213) Use of struct sctp_assoc_value in delayed_ack socket option. [ 331.521733][T15213] Use struct sctp_sack_info instead [ 331.542646][T15218] netlink: 'syz.1.2947': attribute type 12 has an invalid length. [ 331.580724][T15206] netlink: 'syz.1.2947': attribute type 12 has an invalid length. [ 331.618986][T15218] netlink: 'syz.1.2947': attribute type 12 has an invalid length. [ 331.700976][ T5839] Bluetooth: hci5: command tx timeout [ 331.711727][ T709] veth1_macvtap: left promiscuous mode [ 331.740547][ T709] veth0_macvtap: left promiscuous mode [ 332.741431][T15270] netlink: 'syz.1.2962': attribute type 3 has an invalid length. [ 332.957811][T15267] syz.1.2962 (15267) used greatest stack depth: 17472 bytes left [ 333.028550][T14964] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 333.180696][T15290] nbd: must specify a size in bytes for the device [ 333.199478][T14964] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 333.271871][T14964] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 333.323146][T14964] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 333.368590][T15292] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 333.699001][T14964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.767542][T15317] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 333.784457][ T5839] Bluetooth: hci5: command tx timeout [ 333.807533][T15326] team0: Unable to change to the same mode the team is in [ 333.864352][T14964] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.945397][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.952652][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.028696][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.035941][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.119341][T15340] xt_SECMARK: invalid mode: 9 [ 334.596904][T15371] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 334.615427][T14964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.699502][T15378] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 334.786268][T15378] team0: Unable to change to the same mode the team is in [ 334.819660][T14964] veth0_vlan: entered promiscuous mode [ 334.871409][T14964] veth1_vlan: entered promiscuous mode [ 334.975281][T14964] veth0_macvtap: entered promiscuous mode [ 335.013594][T14964] veth1_macvtap: entered promiscuous mode [ 335.085311][T14964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.120516][T14964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.136407][T15393] netlink: 'syz.4.2988': attribute type 3 has an invalid length. [ 335.176542][T14279] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.204270][T14279] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.239921][T14279] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.279843][T14279] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.379357][T15397] IPVS: Scheduler module ip_vs_sip not found [ 335.546840][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.570498][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.661133][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.670091][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.736861][T15417] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 335.803828][T15417] __nla_validate_parse: 6 callbacks suppressed [ 335.803850][T15417] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2992'. [ 335.917805][T15421] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2992'. [ 335.968608][T15424] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 336.005974][T15424] team0: Unable to change to the same mode the team is in [ 336.270516][T15434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2997'. [ 336.507789][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 336.522664][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 336.535112][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 336.548004][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 336.565369][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 336.792776][T15451] netlink: 1204 bytes leftover after parsing attributes in process `syz.0.3004'. [ 336.859018][T15454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3006'. [ 336.894058][T15456] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3006'. [ 336.954893][T15460] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3007'. [ 337.040754][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3009'. [ 337.071183][T15465] openvswitch: netlink: Flow actions attr not present in new flow. [ 337.100989][T15437] chnl_net:caif_netlink_parms(): no params data found [ 337.113765][T15466] ICMPv6: NA: aa:aa:aa:aa:aa:00 advertised our address fe80::aa on syz_tun! [ 337.201822][T15473] netlink: 'syz.2.3011': attribute type 3 has an invalid length. [ 337.214437][T15469] xt_CT: You must specify a L4 protocol and not use inversions on it [ 337.334606][T15437] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.355167][T15437] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.371518][T15437] bridge_slave_0: entered allmulticast mode [ 337.381558][T15437] bridge_slave_0: entered promiscuous mode [ 337.391175][T15437] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.398409][T15437] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.406154][T15437] bridge_slave_1: entered allmulticast mode [ 337.432037][T15437] bridge_slave_1: entered promiscuous mode [ 337.529974][T15437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.567031][T15437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.685672][T15437] team0: Port device team_slave_0 added [ 337.741592][T15437] team0: Port device team_slave_1 added [ 337.778556][T15497] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3019'. [ 337.806929][T15437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.820489][T15437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 337.852864][T15437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 337.949908][T15497] bond1: entered promiscuous mode [ 337.956237][T15497] 8021q: adding VLAN 0 to HW filter on device bond1 [ 337.974893][T15437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 337.982185][T15437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 338.009401][T15437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.034053][T15506] macvlan2: entered promiscuous mode [ 338.039639][T15506] macvlan2: entered allmulticast mode [ 338.078509][T15513] netlink: 'syz.2.3023': attribute type 3 has an invalid length. [ 338.208705][T15437] hsr_slave_0: entered promiscuous mode [ 338.227116][T15437] hsr_slave_1: entered promiscuous mode [ 338.252409][T15437] debugfs: 'hsr0' already exists in 'hsr' [ 338.270085][T15437] Cannot create hsr debugfs directory [ 338.402153][T15530] netlink: 168 bytes leftover after parsing attributes in process `syz.3.3031'. [ 338.439136][T15526] netlink: 'syz.2.3029': attribute type 1 has an invalid length. [ 338.512995][T15531] netlink: 'syz.1.3030': attribute type 39 has an invalid length. [ 338.660547][ T5839] Bluetooth: hci3: command tx timeout [ 338.961875][T15437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 339.005276][T15555] netlink: 'syz.2.3038': attribute type 3 has an invalid length. [ 339.082962][T15437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 339.175967][T15437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 339.268664][T15437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 339.543985][T15580] netlink: 'syz.3.3047': attribute type 3 has an invalid length. [ 339.627282][T15437] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 339.664350][T15587] netlink: 'syz.2.3050': attribute type 3 has an invalid length. [ 339.725825][T15437] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 339.761182][T15437] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 339.801265][T15437] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 340.741694][ T5839] Bluetooth: hci3: command tx timeout [ 342.752788][T15600] vlan4: entered allmulticast mode [ 342.758196][T15600] bridge5: entered allmulticast mode [ 342.820881][ T5839] Bluetooth: hci3: command tx timeout [ 342.841350][T15624] __nla_validate_parse: 10 callbacks suppressed [ 342.841371][T15624] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3059'. [ 343.088617][T15630] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3061'. [ 343.124619][T15437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.168899][T15437] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.286329][T15593] infiniband sy‡1: set active [ 343.291551][T15593] infiniband sy‡1: added bond0 [ 343.306884][T15593] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 343.312029][T15593] infiniband sy‡1: Couldn't open port 1 [ 343.379697][T15593] RDS/IB: sy‡1: added [ 343.388892][T15593] smc: adding ib device sy‡1 with port count 1 [ 343.401554][T15593] smc: ib device sy‡1 port 1 has no pnetid [ 343.434869][ T1010] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.442149][ T1010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.491049][ T1010] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.498309][ T1010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.961480][T15437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.234367][T15644] syzkaller0: entered promiscuous mode [ 344.239924][T15644] syzkaller0: entered allmulticast mode [ 344.285600][T15649] netlink: 'syz.2.3064': attribute type 3 has an invalid length. [ 344.461396][ T35] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80 [ 344.725758][T15437] veth0_vlan: entered promiscuous mode [ 344.748263][T15669] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3069'. [ 344.764431][T15666] syzkaller0: entered promiscuous mode [ 344.773837][T15666] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3068'. [ 344.795947][T15437] veth1_vlan: entered promiscuous mode [ 344.903130][ T5839] Bluetooth: hci3: command tx timeout [ 344.954962][T15644] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 344.959132][T15437] veth0_macvtap: entered promiscuous mode [ 344.976312][T15437] veth1_macvtap: entered promiscuous mode [ 345.009039][T15437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.092169][T15437] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.584845][ T1108] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.607895][T15679] bridge_slave_0: left allmulticast mode [ 346.613727][T15679] bridge_slave_0: left promiscuous mode [ 346.619479][T15679] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.629935][T15679] bridge_slave_1: left allmulticast mode [ 346.640829][T15679] bridge_slave_1: left promiscuous mode [ 346.646675][T15679] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.667102][T15679] bond0: (slave bond_slave_0): Releasing backup interface [ 346.679699][T15679] bond0: (slave bond_slave_1): Releasing backup interface [ 346.696682][T15679] team0: Port device team_slave_0 removed [ 346.708962][T15679] team0: Port device team_slave_1 removed [ 346.716779][T15679] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.725114][T15679] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.735573][T15679] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.748427][T15679] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.758546][T15679] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 346.777309][T15682] team0: Mode changed to "activebackup" [ 346.811453][ T1108] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.834904][ T1108] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.931950][ T1108] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.258796][T14279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.281098][T14279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.376497][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.399899][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.576087][T15717] IPVS: Scheduler module ip_vs_sip not found [ 347.584212][T15723] tipc: Enabling not permitted [ 347.594459][T15723] tipc: Enabling of bearer rejected, failed to enable media [ 348.054409][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 348.065793][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 348.074316][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 348.086075][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 348.094067][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 348.261416][T15747] xt_SECMARK: invalid mode: 9 [ 348.545850][T15751] netlink: 'syz.3.3088': attribute type 3 has an invalid length. [ 348.719814][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'. [ 348.729575][T15756] netlink: 'syz.2.3091': attribute type 12 has an invalid length. [ 348.738836][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'. [ 348.748378][T15756] netlink: 'syz.2.3091': attribute type 12 has an invalid length. [ 349.036082][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 349.069430][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.099053][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 349.114835][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 54207 - 0 [ 349.146272][ T1108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 3] type 2 family 0 port 20004 - 0 [ 349.175813][T15780] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 349.372214][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 349.390654][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.408335][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 349.429355][T15794] netlink: 'syz.3.3102': attribute type 3 has an invalid length. [ 349.439121][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 54207 - 0 [ 349.464789][ T1108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 3] type 2 family 0 port 20004 - 0 [ 349.683081][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 349.731074][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.781226][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 349.809002][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 54207 - 0 [ 349.820851][ T1108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 3] type 2 family 0 port 20004 - 0 [ 349.948872][T15808] veth0: entered promiscuous mode [ 349.959249][T15807] veth0: left promiscuous mode [ 350.045245][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.082246][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.095215][T15821] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3110'. [ 350.110944][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 350.123862][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 54207 - 0 [ 350.135299][ T1108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 3] type 2 family 0 port 20004 - 0 [ 350.180693][ T5839] Bluetooth: hci4: command tx timeout [ 350.195449][T15821] geneve3: entered promiscuous mode [ 350.238209][ T1010] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0 [ 350.271613][ T1010] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0 [ 350.288706][T15831] netlink: 'syz.1.3115': attribute type 3 has an invalid length. [ 350.373941][ T1010] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0 [ 350.467609][ T1010] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0 [ 350.532026][T15846] netlink: 'syz.4.3117': attribute type 10 has an invalid length. [ 350.677275][T15846] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 351.204615][T15875] netlink: 'syz.1.3130': attribute type 3 has an invalid length. [ 351.251603][T15879] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3132'. [ 351.404393][T15885] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3134'. [ 351.477980][ T1108] bond8 (unregistering): (slave gretap2): Releasing active interface [ 351.500155][ T1108] bond13 (unregistering): (slave geneve5): Releasing active interface [ 351.532051][ T1108] bond1 (unregistering): (slave geneve2): Releasing active interface [ 352.260843][ T5839] Bluetooth: hci4: command tx timeout [ 352.924882][ T1108] bond0 (unregistering): Released all slaves [ 352.935118][ T1108] bond1 (unregistering): Released all slaves [ 352.948410][ T1108] bond2 (unregistering): Released all slaves [ 352.963603][ T1108] bond3 (unregistering): Released all slaves [ 352.985515][ T1108] bond4 (unregistering): Released all slaves [ 352.999387][ T1108] bond5 (unregistering): Released all slaves [ 353.013564][ T1108] bond6 (unregistering): Released all slaves [ 353.026921][ T1108] bond7 (unregistering): Released all slaves [ 353.041271][ T1108] bond8 (unregistering): Released all slaves [ 353.057109][ T1108] bond9 (unregistering): Released all slaves [ 353.090022][ T1108] bond10 (unregistering): Released all slaves [ 353.104912][ T1108] bond11 (unregistering): (slave vcan1): Releasing backup interface [ 353.113787][ T1108] vcan1: left promiscuous mode [ 353.120670][ T1108] bond11 (unregistering): Released all slaves [ 353.136069][ T1108] bond12 (unregistering): (slave veth9): Releasing active interface [ 353.145407][ T1108] batadv1: entered promiscuous mode [ 353.158021][ T1108] bond12 (unregistering): (slave batadv1): Releasing active interface [ 353.168371][ T1108] bond12 (unregistering): Released all slaves [ 353.187594][ T1108] bond13 (unregistering): Released all slaves [ 353.204007][T15874] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 353.213895][T15874] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 353.220567][T15739] chnl_net:caif_netlink_parms(): no params data found [ 353.237272][T15874] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 353.273430][T15880] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 353.283009][T15880] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 353.297455][T15880] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 353.308340][T15883] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 353.445594][ T1108] tipc: Left network mode [ 353.688562][T15913] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3140'. [ 353.702080][T15903] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3137'. [ 353.716137][T15739] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.723636][T15739] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.731615][T15739] bridge_slave_0: entered allmulticast mode [ 353.739791][T15739] bridge_slave_0: entered promiscuous mode [ 353.749998][T15739] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.757356][T15739] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.765731][T15739] bridge_slave_1: entered allmulticast mode [ 353.771602][ T1108] IPVS: stopping backup sync thread 7500 ... [ 353.774104][T15739] bridge_slave_1: entered promiscuous mode [ 353.824865][T15918] syzkaller0: entered promiscuous mode [ 353.830951][T15918] syzkaller0: entered allmulticast mode [ 354.028780][T15739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 354.123241][T15739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 354.225887][T15932] delete_channel: no stack [ 354.304985][T15739] team0: Port device team_slave_0 added [ 354.326624][T15940] netlink: 'syz.2.3145': attribute type 3 has an invalid length. [ 354.341577][ T5839] Bluetooth: hci4: command tx timeout [ 354.367655][T15739] team0: Port device team_slave_1 added [ 354.510686][T15939] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.524492][T15939] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.644602][T15739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 354.657497][T15739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 354.687521][T15739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 354.705502][T15739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 354.712726][T15739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 354.739751][T15739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 354.981655][T15968] netlink: 'syz.1.3152': attribute type 11 has an invalid length. [ 355.000534][T15968] netlink: 'syz.1.3152': attribute type 4 has an invalid length. [ 355.008348][T15968] netlink: 'syz.1.3152': attribute type 5 has an invalid length. [ 355.024149][T15968] netlink: 'syz.1.3152': attribute type 6 has an invalid length. [ 355.046703][T15739] hsr_slave_0: entered promiscuous mode [ 355.051072][T15968] netlink: 199748 bytes leftover after parsing attributes in process `syz.1.3152'. [ 355.053579][T15739] hsr_slave_1: entered promiscuous mode [ 355.075559][T15739] debugfs: 'hsr0' already exists in 'hsr' [ 355.082513][T15739] Cannot create hsr debugfs directory [ 355.497845][T15988] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3156'. [ 355.965682][T16011] netlink: 'syz.4.3160': attribute type 3 has an invalid length. [ 356.056079][T16013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3162'. [ 356.318941][ C1] vcan0: j1939_tp_rxtimer: 0xffff888058152c00: rx timeout, send abort [ 356.359573][ T1108] hsr_slave_0: left promiscuous mode [ 356.377825][ T1108] hsr_slave_1: left promiscuous mode [ 356.427409][ T5839] Bluetooth: hci4: command tx timeout [ 356.436619][ T1108] veth1_macvtap: left promiscuous mode [ 356.462950][ T1108] veth1_vlan: left promiscuous mode [ 356.470453][ T1108] veth0_vlan: left promiscuous mode [ 356.686741][T16038] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3170'. [ 356.797837][T16044] netlink: 'syz.2.3172': attribute type 10 has an invalid length. [ 356.806171][T16043] netlink: 'syz.2.3172': attribute type 10 has an invalid length. [ 356.820084][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807ab3dc00: rx timeout, send abort [ 356.828647][ C1] vcan0: j1939_tp_rxtimer: 0xffff888058152c00: abort rx timeout. Force session deactivation [ 356.845444][ T1108] pim6reg (unregistering): left allmulticast mode [ 356.957188][T16050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3174'. [ 357.083925][T16053] netlink: 'syz.1.3175': attribute type 3 has an invalid length. [ 357.328441][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807ab3dc00: abort rx timeout. Force session deactivation [ 357.558982][T15739] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 357.604533][T16069] ipt_REJECT: TCP_RESET invalid for non-tcp [ 357.623324][T15739] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 357.637552][T16069] netlink: 'syz.4.3181': attribute type 11 has an invalid length. [ 357.741283][T15739] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 357.786272][T15739] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 357.908835][ T1108] IPVS: stop unused estimator thread 0... [ 357.984963][T16082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3184'. [ 358.026188][T16095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3185'. [ 358.050816][T16082] netlink: 'syz.4.3184': attribute type 8 has an invalid length. [ 358.142440][T16065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 358.347013][T15739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.395339][T15739] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.444537][T14279] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.451792][T14279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.464176][T16115] netlink: 'syz.3.3189': attribute type 3 has an invalid length. [ 358.496300][T14279] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.503560][T14279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.536605][T16121] tipc: Cannot configure node identity twice [ 358.752582][T16130] bridge0: port 1(gretap0) entered blocking state [ 358.773594][T16130] bridge0: port 1(gretap0) entered disabled state [ 358.828879][T16130] gretap0: entered allmulticast mode [ 358.877031][T16137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3194'. [ 358.878798][T16130] gretap0: entered promiscuous mode [ 358.903152][T16130] bridge0: port 1(gretap0) entered blocking state [ 358.909789][T16130] bridge0: port 1(gretap0) entered forwarding state [ 359.448223][T15739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.627239][T15739] veth0_vlan: entered promiscuous mode [ 359.673441][T15739] veth1_vlan: entered promiscuous mode [ 359.747830][T16174] netlink: 'syz.4.3203': attribute type 3 has an invalid length. [ 359.871473][T15739] veth0_macvtap: entered promiscuous mode [ 359.914733][T16177] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3205'. [ 359.929004][T15739] veth1_macvtap: entered promiscuous mode [ 359.975909][T16177] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3205'. [ 360.104331][T15739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 360.304489][T16197] netlink: 190972 bytes leftover after parsing attributes in process `syz.3.3212'. [ 360.341760][T15739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 360.447649][T14277] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.478664][T14277] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.525918][T16207] netlink: 'syz.4.3214': attribute type 83 has an invalid length. [ 360.535891][T16207] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3214'. [ 360.576871][T14277] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.604865][T14277] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.731948][T16216] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3217'. [ 360.876712][T16216] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3217'. [ 361.074926][T14277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.098608][T14277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.170705][T16232] netlink: 'syz.4.3221': attribute type 2 has an invalid length. [ 361.252222][T16238] netlink: 'syz.3.3222': attribute type 21 has an invalid length. [ 361.338033][T16230] syzkaller0: entered promiscuous mode [ 361.343845][T16230] syzkaller0: entered allmulticast mode [ 361.478827][T16238] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3222'. [ 361.512157][T16242] netlink: 788 bytes leftover after parsing attributes in process `syz.3.3222'. [ 361.622120][T16244] "syz.3.3222" (16244) uses obsolete ecb(arc4) skcipher [ 362.914027][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.922679][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.286241][T16265] netlink: 'syz.3.3224': attribute type 1 has an invalid length. [ 363.301918][T16265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3224'. [ 363.482120][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 363.493114][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 363.502017][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 363.512494][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 363.521601][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 363.621441][T16276] netlink: 'syz.3.3229': attribute type 2 has an invalid length. [ 363.731955][T16279] syzkaller0: entered promiscuous mode [ 363.750163][T16279] syzkaller0: entered allmulticast mode [ 363.886814][T16287] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3232'. [ 363.930109][T16289] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 363.947383][T16291] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 363.969035][T16287] vlan2: entered allmulticast mode [ 363.975187][T16287] gretap0: entered allmulticast mode [ 364.164769][T16295] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3235'. [ 364.195436][T16302] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3236'. [ 364.482079][T16316] netlink: 'syz.0.3239': attribute type 14 has an invalid length. [ 364.514078][T16316] netlink: 'syz.0.3239': attribute type 13 has an invalid length. [ 364.733558][T16324] syzkaller0: entered promiscuous mode [ 364.739226][T16324] syzkaller0: entered allmulticast mode [ 364.774244][T16271] chnl_net:caif_netlink_parms(): no params data found [ 364.998155][T16339] IPVS: set_ctl: invalid protocol: 58 255.255.255.255:20002 [ 365.005595][T16271] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.005787][T16271] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.005947][T16271] bridge_slave_0: entered allmulticast mode [ 365.007648][T16271] bridge_slave_0: entered promiscuous mode [ 365.053851][T16271] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.069023][T16271] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.077486][T16271] bridge_slave_1: entered allmulticast mode [ 365.087028][T16271] bridge_slave_1: entered promiscuous mode [ 365.155427][T16271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.178415][T16271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.275714][T16271] team0: Port device team_slave_0 added [ 365.286135][T16271] team0: Port device team_slave_1 added [ 365.376491][T16356] veth1_macvtap: left promiscuous mode [ 365.383320][T16356] macsec0: entered promiscuous mode [ 365.388818][T16356] macsec0: entered allmulticast mode [ 365.400886][T16356] macsec0: left promiscuous mode [ 365.406306][T16356] macsec0: left allmulticast mode [ 365.421649][T16271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.428638][T16271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 365.500475][T16271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.502646][T16361] xt_hashlimit: Unknown mode mask C4, kernel too old? [ 365.532621][T16271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.539783][T16271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 365.580648][T16271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.625780][ T5839] Bluetooth: hci0: command tx timeout [ 365.696222][T16366] __nla_validate_parse: 6 callbacks suppressed [ 365.696244][T16366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3254'. [ 365.734283][T16366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3254'. [ 365.764734][T16271] hsr_slave_0: entered promiscuous mode [ 365.773184][T16271] hsr_slave_1: entered promiscuous mode [ 365.779708][T16271] debugfs: 'hsr0' already exists in 'hsr' [ 365.786849][T16271] Cannot create hsr debugfs directory [ 365.796776][T16366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3254'. [ 365.863528][T16366] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.933612][T16366] bridge_slave_0 (unregistering): left allmulticast mode [ 365.965730][T16366] bridge_slave_0 (unregistering): left promiscuous mode [ 365.986080][T16366] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.138624][T16385] netlink: 'syz.4.3260': attribute type 3 has an invalid length. [ 366.147790][T16385] netlink: 'syz.4.3260': attribute type 4 has an invalid length. [ 366.326832][T16389] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3264'. [ 366.401710][T16395] syzkaller0: entered promiscuous mode [ 366.407354][T16395] syzkaller0: entered allmulticast mode [ 366.441676][T16271] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 366.458595][T16271] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 366.471873][T16271] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 366.482279][T16271] netdevsim netdevsim1 eth3 (unregistering): unset [1, 2] type 2 family 0 port 256 - 0 [ 366.556475][T16271] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 366.566608][T16271] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 366.582507][T16271] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 366.592496][T16271] netdevsim netdevsim1 eth2 (unregistering): unset [1, 2] type 2 family 0 port 256 - 0 [ 366.696693][T16271] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 366.713447][T16271] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 366.749596][T16271] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 366.769445][T16271] netdevsim netdevsim1 eth1 (unregistering): unset [1, 2] type 2 family 0 port 256 - 0 [ 366.791296][T16408] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3271'. [ 366.805940][T16407] netlink: 'syz.3.3270': attribute type 3 has an invalid length. [ 366.820750][T16407] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3270'. [ 366.849608][T16407] lo: entered allmulticast mode [ 366.862116][T16407] tunl0: entered allmulticast mode [ 366.870007][T16407] gre0: entered allmulticast mode [ 366.889774][T16407] gretap0: entered allmulticast mode [ 366.899814][T16407] erspan0: entered allmulticast mode [ 366.910110][T16407] ip_vti0: entered allmulticast mode [ 366.923141][T16407] ip6_vti0: entered allmulticast mode [ 366.933638][T16407] sit0: entered allmulticast mode [ 366.946560][T16407] ip6tnl0: entered allmulticast mode [ 366.955786][T16407] ip6gre0: entered allmulticast mode [ 366.965213][T16407] syz_tun: entered allmulticast mode [ 366.974172][T16407] ip6gretap0: entered allmulticast mode [ 366.984827][T16407] bridge0: entered allmulticast mode [ 366.994520][T16407] vcan0: entered allmulticast mode [ 367.001625][T16407] bond0: entered allmulticast mode [ 367.012169][T16407] team0: entered allmulticast mode [ 367.023637][T16407] dummy0: entered allmulticast mode [ 367.034531][T16407] nlmon0: entered allmulticast mode [ 367.045077][T16407] caif0: entered allmulticast mode [ 367.052711][T16407] batadv0: entered allmulticast mode [ 367.063644][T16407] vxcan0: entered allmulticast mode [ 367.069987][T16407] vxcan1: entered allmulticast mode [ 367.077823][T16407] veth0: entered allmulticast mode [ 367.085065][T16407] veth1: entered allmulticast mode [ 367.093524][T16407] wg0: entered allmulticast mode [ 367.102922][T16407] wg1: entered allmulticast mode [ 367.109798][T16407] wg2: entered allmulticast mode [ 367.116511][T16407] veth0_to_bridge: entered allmulticast mode [ 367.125051][T16407] bridge_slave_0: entered allmulticast mode [ 367.133623][T16407] veth1_to_bridge: entered allmulticast mode [ 367.144912][T16407] bridge_slave_1: entered allmulticast mode [ 367.153960][T16407] veth0_to_bond: entered allmulticast mode [ 367.163155][T16407] bond_slave_0: entered allmulticast mode [ 367.169456][T16407] veth1_to_bond: entered allmulticast mode [ 367.202184][T16407] bond_slave_1: entered allmulticast mode [ 367.209509][T16407] veth0_to_team: entered allmulticast mode [ 367.219527][T16407] team_slave_0: entered allmulticast mode [ 367.229524][T16407] veth1_to_team: entered allmulticast mode [ 367.241147][T16407] team_slave_1: entered allmulticast mode [ 367.266674][T16407] veth0_to_batadv: entered allmulticast mode [ 367.286092][T16407] batadv_slave_0: entered allmulticast mode [ 367.296357][T16407] veth1_to_batadv: entered allmulticast mode [ 367.305402][T16407] batadv_slave_1: entered allmulticast mode [ 367.314286][T16407] xfrm0: entered allmulticast mode [ 367.321860][T16407] veth0_to_hsr: entered allmulticast mode [ 367.329445][T16407] hsr_slave_0: entered allmulticast mode [ 367.339216][T16407] veth1_to_hsr: entered allmulticast mode [ 367.347170][T16407] hsr_slave_1: entered allmulticast mode [ 367.356491][T16407] hsr0: entered allmulticast mode [ 367.363574][T16407] veth1_virt_wifi: entered allmulticast mode [ 367.373096][T16407] veth0_virt_wifi: entered allmulticast mode [ 367.381953][T16407] virt_wifi0: entered allmulticast mode [ 367.387818][T16407] veth1_vlan: entered allmulticast mode [ 367.396609][T16407] veth0_vlan: entered allmulticast mode [ 367.409382][T16407] vlan0: entered allmulticast mode [ 367.415609][T16407] vlan1: entered allmulticast mode [ 367.421379][T16407] macvlan0: entered allmulticast mode [ 367.429019][T16407] macvlan1: entered allmulticast mode [ 367.437994][T16407] ipvlan0: entered allmulticast mode [ 367.443808][T16407] ipvlan1: entered allmulticast mode [ 367.452696][T16407] veth1_macvtap: entered allmulticast mode [ 367.461282][T16407] veth0_macvtap: entered allmulticast mode [ 367.469657][T16407] macvtap0: entered allmulticast mode [ 367.478247][T16407] macsec0: entered allmulticast mode [ 367.485965][T16407] geneve0: entered allmulticast mode [ 367.496243][T16407] geneve1: entered allmulticast mode [ 367.504352][T16407] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 367.514439][T16407] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 367.523863][T16407] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 367.534112][T16407] netdevsim netdevsim3 netdevsim3: entered allmulticast mode [ 367.544844][T16407] mac80211_hwsim hwsim36 wlan0: entered allmulticast mode [ 367.552524][T16407] mac80211_hwsim hwsim37 wlan1: entered allmulticast mode [ 367.560122][T16407] bond1: left promiscuous mode [ 367.565018][T16407] bond1: entered allmulticast mode [ 367.571894][T16407] bridge1: entered allmulticast mode [ 367.577272][T16407] syztnl2: entered allmulticast mode [ 367.583082][T16407] vlan2: entered allmulticast mode [ 367.588479][T16408] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.605902][T16271] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 367.631088][T16271] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 367.654640][T16271] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 367.664690][T16271] netdevsim netdevsim1 eth0 (unregistering): unset [1, 2] type 2 family 0 port 256 - 0 [ 367.708866][ T709] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.720904][ T5839] Bluetooth: hci0: command tx timeout [ 367.743781][ T709] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.758823][ T709] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.773553][ T709] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.989311][T16437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3283'. [ 368.025552][T16271] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 368.057228][T16271] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 368.090951][T16271] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 368.097835][T16439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3284'. [ 368.113158][T16271] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 368.346096][T16271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 368.385448][T16465] sctp: [Deprecated]: syz.4.3288 (pid 16465) Use of int in max_burst socket option deprecated. [ 368.385448][T16465] Use struct sctp_assoc_value instead [ 368.408512][T16271] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.433921][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.441165][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.464668][T16468] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3290'. [ 368.481249][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.488492][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.635797][T16473] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3292'. [ 368.866015][T16271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.942325][T16271] veth0_vlan: entered promiscuous mode [ 368.948096][T16486] netlink: 'syz.0.3297': attribute type 13 has an invalid length. [ 368.968774][T16271] veth1_vlan: entered promiscuous mode [ 369.013254][T16486] veth0_macvtap: left promiscuous mode [ 369.041372][T16486] macvtap0: entered allmulticast mode [ 369.062071][T16486] macvtap0: refused to change device tx_queue_len [ 369.099753][T16487] tipc: Enabling of bearer rejected, failed to enable media [ 369.137576][T16271] veth0_macvtap: entered promiscuous mode [ 369.154107][T16271] veth1_macvtap: entered promiscuous mode [ 369.287857][T16271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 369.323338][T16271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.329642][T16500] netlink: 'syz.3.3302': attribute type 3 has an invalid length. [ 369.333044][T16498] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20003 [ 369.360554][ T709] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.378906][ T709] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.414456][ T709] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.438430][ T709] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.680956][ T1010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.688968][ T1010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.798253][ T5839] Bluetooth: hci0: command tx timeout [ 369.954473][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.976033][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.114340][T16527] netlink: 'syz.4.3310': attribute type 83 has an invalid length. [ 370.476518][T16537] netlink: 'syz.4.3314': attribute type 3 has an invalid length. [ 370.707327][T16545] __nla_validate_parse: 9 callbacks suppressed [ 370.707348][T16545] netlink: 892 bytes leftover after parsing attributes in process `syz.0.3317'. [ 371.263126][T16573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3323'. [ 371.686376][T16585] netlink: 'syz.1.3328': attribute type 3 has an invalid length. [ 371.715564][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 371.726686][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 371.737632][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 371.745833][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 371.753836][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 371.861011][ T5839] Bluetooth: hci0: command tx timeout [ 372.463524][T14277] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.506153][T14277] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 372.564827][T14277] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 372.702838][T14277] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.713897][T14277] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 372.725508][T14277] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 372.831914][T14277] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.845128][T14277] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 372.857704][T14277] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 372.933271][T14277] batman_adv: batadv0: Removing interface: netdevsim0 [ 372.942238][T14277] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 372.956436][T14277] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 372.968497][T14277] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 372.988294][ T1159] wlan1: Trigger new scan to find an IBSS to join [ 373.059154][T16584] chnl_net:caif_netlink_parms(): no params data found [ 373.327897][T14277] gretap0: left allmulticast mode [ 373.337977][T14277] gretap0: left promiscuous mode [ 373.359848][T14277] bridge0: port 1(gretap0) entered disabled state [ 373.590145][T14277] bond9 (unregistering): (slave vti0): Releasing backup interface [ 373.598458][T14277] vti0 (unregistering): left promiscuous mode [ 373.715139][T14277] bond0 (unregistering): (slave geneve2): Releasing active interface [ 373.796069][ T5839] Bluetooth: hci1: command tx timeout [ 373.943065][T14277] bond0 (unregistering): Released all slaves [ 373.968599][T14277] bond1 (unregistering): Released all slaves [ 374.001466][T14277] bond2 (unregistering): Released all slaves [ 374.024050][T14277] bond3 (unregistering): Released all slaves [ 374.054052][T14277] bond4 (unregistering): Released all slaves [ 374.079948][T14277] bond5 (unregistering): (slave veth7): Releasing active interface [ 374.093101][T14277] bond5 (unregistering): Released all slaves [ 374.122085][T14277] bond6 (unregistering): Released all slaves [ 374.146295][T14277] bond7 (unregistering): Released all slaves [ 374.172786][T14277] bond8 (unregistering): Released all slaves [ 374.199732][T14277] bond9 (unregistering): Released all slaves [ 374.229092][T16584] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.236612][T16584] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.246333][T16584] bridge_slave_0: entered allmulticast mode [ 374.259313][T16584] bridge_slave_0: entered promiscuous mode [ 374.303311][T16640] bridge_slave_0: left allmulticast mode [ 374.328393][T16640] bridge_slave_0: left promiscuous mode [ 374.343799][T16640] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.389267][T16640] bridge_slave_1: left allmulticast mode [ 374.404737][T16640] bridge_slave_1: left promiscuous mode [ 374.414080][T16640] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.449932][T16640] bond0: (slave bond_slave_0): Releasing backup interface [ 374.476174][T16640] bond0: (slave bond_slave_1): Releasing backup interface [ 374.505095][T16640] team0: Port device team_slave_0 removed [ 374.516666][T16640] team0: Port device team_slave_1 removed [ 374.524073][T16640] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.534372][T16640] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.545150][T16640] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.554786][T16640] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 374.574648][T16584] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.582997][T16584] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.584729][T16597] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 374.596600][T16584] bridge_slave_1: entered allmulticast mode [ 374.624826][T16584] bridge_slave_1: entered promiscuous mode [ 374.647336][T14277] tipc: Left network mode [ 374.772666][T16584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 374.818975][T16584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 375.138356][T16584] team0: Port device team_slave_0 added [ 375.238708][T16693] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3339'. [ 375.259558][T16584] team0: Port device team_slave_1 added [ 375.281864][T16693] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3339'. [ 375.308067][T16693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3339'. [ 375.384890][T16700] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.415612][T16700] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3341'. [ 375.508717][T16711] netlink: 892 bytes leftover after parsing attributes in process `syz.3.3344'. [ 375.562811][T16708] ipvlan1: entered promiscuous mode [ 375.568372][T16708] ipvlan1: entered allmulticast mode [ 375.587490][T16708] veth0_vlan: entered allmulticast mode [ 375.605524][T16584] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.621109][T16584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 375.680385][T16584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.801067][T16584] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.808092][T16584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 375.860386][ T5839] Bluetooth: hci1: command tx timeout [ 375.924360][T16584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.040353][ T709] wlan1: Trigger new scan to find an IBSS to join [ 376.228395][T16584] hsr_slave_0: entered promiscuous mode [ 376.255693][T16584] hsr_slave_1: entered promiscuous mode [ 376.268405][T16745] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3352'. [ 376.274050][T16584] debugfs: 'hsr0' already exists in 'hsr' [ 376.290669][T16745] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3352'. [ 376.294968][T16584] Cannot create hsr debugfs directory [ 376.314326][T16748] netlink: 'syz.0.3353': attribute type 3 has an invalid length. [ 376.564510][T16756] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3354'. [ 376.980659][T16769] netlink: 'syz.4.3356': attribute type 3 has an invalid length. [ 377.010058][T16769] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3356'. [ 377.285072][T16781] netlink: 892 bytes leftover after parsing attributes in process `syz.0.3358'. [ 377.560942][T14277] pimreg (unregistering): left allmulticast mode [ 377.586733][T16789] xt_SECMARK: invalid mode: 9 [ 377.754854][T16794] netlink: 'syz.3.3363': attribute type 3 has an invalid length. [ 377.795432][T16795] Bluetooth: MGMT ver 1.23 [ 377.940659][ T5839] Bluetooth: hci1: command tx timeout [ 378.429912][T16810] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3369'. [ 378.474154][T16812] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3370'. [ 378.487140][T16812] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3370'. [ 378.555775][T14277] IPVS: stop unused estimator thread 0... [ 378.745403][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.754033][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.841231][T16825] netlink: 'syz.0.3373': attribute type 3 has an invalid length. [ 378.992337][T14282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.035939][T16824] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3372'. [ 379.328061][T16841] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3376'. [ 379.387932][T16846] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 379.412965][T16846] team0: Port device batadv1 added [ 379.501763][T16850] lo: entered allmulticast mode [ 379.526360][T16850] lo: left allmulticast mode [ 379.638860][T16584] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 379.685459][T16584] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 379.734134][T16584] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 379.767013][T16858] FAULT_INJECTION: forcing a failure. [ 379.767013][T16858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 379.800772][T16862] netlink: 'syz.1.3384': attribute type 3 has an invalid length. [ 379.803138][T16584] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 379.847543][T16858] CPU: 0 UID: 0 PID: 16858 Comm: syz.4.3383 Not tainted syzkaller #0 PREEMPT(full) [ 379.847571][T16858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 379.847582][T16858] Call Trace: [ 379.847591][T16858] [ 379.847599][T16858] dump_stack_lvl+0xe8/0x150 [ 379.847637][T16858] should_fail_ex+0x412/0x560 [ 379.847672][T16858] _copy_from_user+0x2d/0xb0 [ 379.847696][T16858] ___sys_sendmsg+0x1c6/0x360 [ 379.847730][T16858] ? __pfx____sys_sendmsg+0x10/0x10 [ 379.847795][T16858] ? __fget_files+0x2a/0x420 [ 379.847811][T16858] ? __fget_files+0x3a0/0x420 [ 379.847841][T16858] __x64_sys_sendmsg+0x1bd/0x2a0 [ 379.847869][T16858] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 379.847905][T16858] ? __pfx_ksys_write+0x10/0x10 [ 379.847941][T16858] do_syscall_64+0x14d/0xf80 [ 379.847966][T16858] ? trace_irq_disable+0x3b/0x150 [ 379.847984][T16858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.848003][T16858] ? clear_bhb_loop+0x40/0x90 [ 379.848028][T16858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.848048][T16858] RIP: 0033:0x7f9b8319c819 [ 379.848067][T16858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.848083][T16858] RSP: 002b:00007f9b84062028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 379.848106][T16858] RAX: ffffffffffffffda RBX: 00007f9b83415fa0 RCX: 00007f9b8319c819 [ 379.848120][T16858] RDX: 0000000004040084 RSI: 0000200000004bc0 RDI: 0000000000000003 [ 379.848132][T16858] RBP: 00007f9b84062090 R08: 0000000000000000 R09: 0000000000000000 [ 379.848145][T16858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.848156][T16858] R13: 00007f9b83416038 R14: 00007f9b83415fa0 R15: 00007ffd469a2208 [ 379.848190][T16858] [ 380.055296][ T5839] Bluetooth: hci1: command tx timeout [ 380.304339][T16584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 380.387956][T16584] 8021q: adding VLAN 0 to HW filter on device team0 [ 380.406680][ T709] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.413918][ T709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 380.545112][ T709] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.552369][ T709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 380.798996][T16903] netlink: 'syz.3.3394': attribute type 3 has an invalid length. [ 380.811611][T16901] netlink: 'syz.1.3393': attribute type 1 has an invalid length. [ 381.151210][T16916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 381.438212][T16935] __nla_validate_parse: 4 callbacks suppressed [ 381.438233][T16935] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3402'. [ 381.523979][T16937] syzkaller0: entered promiscuous mode [ 381.534635][T16937] syzkaller0: entered allmulticast mode [ 381.556620][T16584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 381.623901][T16932] team0: Mode changed to "random" [ 381.629464][T16935] team0: Unable to change to the same mode the team is in [ 381.734853][T16584] veth0_vlan: entered promiscuous mode [ 381.775421][T16584] veth1_vlan: entered promiscuous mode [ 381.829136][T16948] netlink: 'syz.3.3407': attribute type 3 has an invalid length. [ 381.899916][T16584] veth0_macvtap: entered promiscuous mode [ 381.973429][T16584] veth1_macvtap: entered promiscuous mode [ 381.996437][T16955] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3411'. [ 382.024654][T16584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.063313][T16955] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.087673][T16584] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 382.096506][T16955] netlink: 'syz.0.3411': attribute type 10 has an invalid length. [ 382.105630][T14277] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.123478][T14277] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.179097][T16955] team0: Device ipvlan1 failed to register rx_handler [ 382.215479][T14277] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.234513][T16973] xt_SECMARK: invalid mode: 9 [ 382.245841][T14277] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.423735][T16976] FAULT_INJECTION: forcing a failure. [ 382.423735][T16976] name failslab, interval 1, probability 0, space 0, times 0 [ 382.453930][ T709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.455517][T16976] CPU: 1 UID: 0 PID: 16976 Comm: syz.3.3416 Not tainted syzkaller #0 PREEMPT(full) [ 382.455540][T16976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 382.455550][T16976] Call Trace: [ 382.455557][T16976] [ 382.455564][T16976] dump_stack_lvl+0xe8/0x150 [ 382.455594][T16976] should_fail_ex+0x412/0x560 [ 382.455625][T16976] should_failslab+0xa8/0x100 [ 382.455650][T16976] __kmalloc_noprof+0xe8/0x760 [ 382.455669][T16976] ? rcu_is_watching+0x15/0xb0 [ 382.455691][T16976] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 382.455721][T16976] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 382.455751][T16976] genl_family_rcv_msg_doit+0xd9/0x330 [ 382.455779][T16976] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 382.455810][T16976] ? apparmor_capable+0x126/0x170 [ 382.455832][T16976] ? bpf_lsm_capable+0x9/0x20 [ 382.455854][T16976] ? security_capable+0x7e/0x2c0 [ 382.455885][T16976] genl_rcv_msg+0x61c/0x7a0 [ 382.455914][T16976] ? __pfx_genl_rcv_msg+0x10/0x10 [ 382.455935][T16976] ? __pfx_team_nl_options_set_doit+0x10/0x10 [ 382.455956][T16976] ? __lock_acquire+0x6b5/0x2cf0 [ 382.455990][T16976] netlink_rcv_skb+0x232/0x4b0 [ 382.456009][T16976] ? __pfx_genl_rcv_msg+0x10/0x10 [ 382.456032][T16976] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 382.456068][T16976] ? down_read+0x272/0x2e0 [ 382.456089][T16976] ? genl_rcv+0xd/0x40 [ 382.456112][T16976] genl_rcv+0x28/0x40 [ 382.456131][T16976] netlink_unicast+0x80f/0x9b0 [ 382.456165][T16976] ? __pfx_netlink_unicast+0x10/0x10 [ 382.456191][T16976] ? netlink_sendmsg+0x650/0xb40 [ 382.456207][T16976] ? skb_put+0x11b/0x210 [ 382.456231][T16976] netlink_sendmsg+0x813/0xb40 [ 382.456259][T16976] ? __pfx_netlink_sendmsg+0x10/0x10 [ 382.456281][T16976] ? aa_sock_msg_perm+0xf1/0x1b0 [ 382.456308][T16976] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 382.456331][T16976] ____sys_sendmsg+0x972/0x9f0 [ 382.456363][T16976] ? __pfx_____sys_sendmsg+0x10/0x10 [ 382.456394][T16976] ? import_iovec+0x73/0xa0 [ 382.456427][T16976] ___sys_sendmsg+0x2a5/0x360 [ 382.456454][T16976] ? __pfx____sys_sendmsg+0x10/0x10 [ 382.456513][T16976] ? __fget_files+0x2a/0x420 [ 382.456528][T16976] ? __fget_files+0x3a0/0x420 [ 382.456555][T16976] __x64_sys_sendmsg+0x1bd/0x2a0 [ 382.456579][T16976] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 382.456610][T16976] ? __pfx_ksys_write+0x10/0x10 [ 382.456642][T16976] do_syscall_64+0x14d/0xf80 [ 382.456662][T16976] ? trace_irq_disable+0x3b/0x150 [ 382.456677][T16976] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.456694][T16976] ? clear_bhb_loop+0x40/0x90 [ 382.456715][T16976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.456732][T16976] RIP: 0033:0x7fc9ff99c819 [ 382.456749][T16976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 382.456763][T16976] RSP: 002b:00007fca0084d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.456783][T16976] RAX: ffffffffffffffda RBX: 00007fc9ffc15fa0 RCX: 00007fc9ff99c819 [ 382.456795][T16976] RDX: 0000000004040084 RSI: 0000200000004bc0 RDI: 0000000000000003 [ 382.456806][T16976] RBP: 00007fca0084d090 R08: 0000000000000000 R09: 0000000000000000 [ 382.456816][T16976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.456826][T16976] R13: 00007fc9ffc16038 R14: 00007fc9ffc15fa0 R15: 00007ffc3c1d44f8 [ 382.456856][T16976] [ 382.487043][ T709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.838435][T16980] netlink: 'syz.0.3418': attribute type 1 has an invalid length. [ 382.863995][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.874319][T16980] netlink: 'syz.0.3418': attribute type 3 has an invalid length. [ 382.882775][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.920728][T16980] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3418'. [ 382.968455][T16993] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3422'. [ 383.040382][T16996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3423'. [ 383.151908][T17004] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3424'. [ 383.172617][T17004] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3424'. [ 383.250544][T17004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3424'. [ 383.271994][T17005] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3424'. [ 383.487280][T17026] netlink: 'syz.4.3431': attribute type 3 has an invalid length. [ 383.633777][T17019] syzkaller0: entered promiscuous mode [ 383.650311][T17019] syzkaller0: entered allmulticast mode [ 383.708733][T17036] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 383.832760][T17042] netlink: 'syz.3.3436': attribute type 1 has an invalid length. [ 385.490626][T17042] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 385.533156][T17056] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 385.816064][T17069] netlink: 'syz.3.3445': attribute type 3 has an invalid length. [ 385.969608][T17075] syzkaller0: entered promiscuous mode [ 385.976499][T17075] syzkaller0: entered allmulticast mode [ 385.986692][T17075] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3447'. [ 386.374816][T17065] can: request_module (can-proto-0) failed. [ 386.475456][T17103] syzkaller0: entered promiscuous mode [ 386.481070][T17103] syzkaller0: entered allmulticast mode [ 386.631571][T17109] netlink: 'syz.2.3458': attribute type 3 has an invalid length. [ 386.828505][T17120] __nla_validate_parse: 2 callbacks suppressed [ 386.828528][T17120] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3462'. [ 386.901999][T17124] tap0: tun_chr_ioctl cmd 1074025677 [ 386.907701][T17124] tap0: linktype set to 773 [ 386.930523][T17126] netlink: 'syz.2.3465': attribute type 29 has an invalid length. [ 387.434413][T17156] netlink: 165240 bytes leftover after parsing attributes in process `syz.1.3479'. [ 387.565438][T17165] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 387.602721][T17169] netlink: 'syz.0.3486': attribute type 29 has an invalid length. [ 387.639667][T17169] netlink: 'syz.0.3486': attribute type 29 has an invalid length. [ 387.825666][T17183] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 387.833015][T17183] IPv6: NLM_F_CREATE should be set when creating new route [ 387.840347][T17183] IPv6: NLM_F_CREATE should be set when creating new route [ 387.847583][T17183] IPv6: NLM_F_CREATE should be set when creating new route [ 387.953054][T17190] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3495'. [ 388.069530][T17196] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3500'. [ 388.557785][T17224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3511'. [ 388.571624][T17223] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3514'. [ 388.587926][T17223] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3514'. [ 389.160335][T17259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3529'. [ 389.393273][T17267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3534'. [ 389.421669][T17269] ..¤±ÿÿ: renamed from hsr0 (while UP) [ 390.126804][T17296] ------------[ cut here ]------------ [ 390.132446][T17296] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000) [ 390.157618][T17296] WARNING: kernel/bpf/verifier.c:2823 at reg_bounds_sanity_check+0x201/0xc30, CPU#0: syz.1.3547/17296 [ 390.168178][T17298] netlink: 'syz.4.3548': attribute type 29 has an invalid length. [ 390.169176][T17296] Modules linked in: [ 390.169205][T17296] CPU: 0 UID: 0 PID: 17296 Comm: syz.1.3547 Not tainted syzkaller #0 PREEMPT(full) [ 390.169230][T17296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 390.169242][T17296] RIP: 0010:reg_bounds_sanity_check+0x3e6/0xc30 [ 390.169275][T17296] Code: 98 00 00 00 4c 8b 8c 24 88 00 00 00 41 ff 34 24 41 57 55 41 55 ff b4 24 f0 00 00 00 ff b4 24 a8 00 00 00 ff b4 24 c0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 49 bf 00 00 00 00 00 fc ff df 48 8b 84 [ 390.169293][T17296] RSP: 0018:ffffc90004f56eb0 EFLAGS: 00010246 [ 390.169313][T17296] RAX: dffffc0000000000 RBX: 1ffff1100f74a24a RCX: 00000000ffffdfcd [ 390.169352][T17296] RDX: ffffffff8bd474e0 RSI: ffffffff8bd4fe20 RDI: ffffffff9015d7d0 [ 390.169369][T17296] RBP: 00000000ffffdfcc R08: ffffffffffffdfcc R09: 80000000ffffdfcd [ 390.169384][T17296] R10: ffff88807ba51358 R11: 1ffff1100f74a250 R12: ffff88807ba51250 [ 390.169401][T17296] R13: 00000000ffffdfcd R14: 1ffff1100f74a249 R15: 00000000ffffdfcc [ 390.169417][T17296] FS: 00007ffa6c20a6c0(0000) GS:ffff888125457000(0000) knlGS:0000000000000000 [ 390.169435][T17296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 390.169451][T17296] CR2: 00007ffa6b617dac CR3: 000000007ef18000 CR4: 00000000003526f0 [ 390.185709][T17298] netlink: 'syz.4.3548': attribute type 29 has an invalid length. [ 390.191732][T17296] Call Trace: [ 390.191747][T17296] [ 390.191789][T17296] reg_set_min_max+0x264/0x340 [ 390.191830][T17296] check_cond_jmp_op+0x1dbb/0x31a0 [ 390.191875][T17296] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 390.191907][T17296] ? kfree+0x1c1/0x630 [ 390.191928][T17296] ? do_check+0x6326/0x10610 [ 390.191948][T17296] ? bpf_reset_stack_write_marks+0x1eb/0x260 [ 390.349302][T17296] do_check+0x7970/0x10610 [ 390.353881][T17296] ? __pfx_do_check+0x10/0x10 [ 390.358598][T17296] ? init_func_state+0x1ab2/0x28d0 [ 390.363819][T17296] do_check_common+0x19c8/0x25b0 [ 390.368816][T17296] bpf_check+0x5f3e/0x1ce00 [ 390.374374][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.379369][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.384669][T17296] ? __mutex_trylock_common+0x158/0x260 [ 390.390439][T17296] ? __pfx___mutex_trylock_common+0x10/0x10 [ 390.396384][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.401869][T17296] ? css_rstat_updated+0x23a/0x530 [ 390.407021][T17296] ? __pfx_css_rstat_updated+0x10/0x10 [ 390.412541][T17296] ? pcpu_alloc_noprof+0xe8f/0x19c0 [ 390.417793][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.422835][T17296] ? __pfx_bpf_check+0x10/0x10 [ 390.427631][T17296] ? pcpu_memcg_post_alloc_hook+0x77/0x580 [ 390.433960][T17296] ? pcpu_memcg_post_alloc_hook+0x44a/0x580 [ 390.439928][T17296] ? ktime_get_with_offset+0x93/0x2a0 [ 390.445430][T17296] ? ktime_get_with_offset+0x93/0x2a0 [ 390.450868][T17296] ? __asan_memset+0x22/0x50 [ 390.455486][T17296] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 390.461148][T17296] ? security_bpf_prog_load+0x125/0x3c0 [ 390.466737][T17296] bpf_prog_load+0x1484/0x1ae0 [ 390.471606][T17296] ? __pfx_bpf_prog_load+0x10/0x10 [ 390.477021][T17296] ? tomoyo_path_number_perm+0x219/0x630 [ 390.482963][T17296] ? bpf_lsm_bpf+0x9/0x20 [ 390.487483][T17296] ? security_bpf+0x7e/0x2d0 [ 390.492645][T17296] __sys_bpf+0x618/0x950 [ 390.496902][T17296] ? __pfx___sys_bpf+0x10/0x10 [ 390.501791][T17296] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 390.507632][T17296] ? __pfx_kcov_ioctl+0x10/0x10 [ 390.512563][T17296] __x64_sys_bpf+0x7c/0x90 [ 390.517010][T17296] do_syscall_64+0x14d/0xf80 [ 390.522028][T17296] ? trace_irq_disable+0x3b/0x150 [ 390.527236][T17296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.533377][T17296] ? clear_bhb_loop+0x40/0x90 [ 390.538089][T17296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.544189][T17296] RIP: 0033:0x7ffa6b39c819 [ 390.548649][T17296] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 390.568980][T17296] RSP: 002b:00007ffa6c20a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 390.577500][T17296] RAX: ffffffffffffffda RBX: 00007ffa6b615fa0 RCX: 00007ffa6b39c819 [ 390.586253][T17296] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 390.594788][T17296] RBP: 00007ffa6b432c91 R08: 0000000000000000 R09: 0000000000000000 [ 390.603202][T17296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 390.611259][T17296] R13: 00007ffa6b616038 R14: 00007ffa6b615fa0 R15: 00007fff27760de8 [ 390.619268][T17296] [ 390.622379][T17296] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 390.629940][T17296] CPU: 0 UID: 0 PID: 17296 Comm: syz.1.3547 Not tainted syzkaller #0 PREEMPT(full) [ 390.639311][T17296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 390.649375][T17296] Call Trace: [ 390.652662][T17296] [ 390.655600][T17296] vpanic+0x56c/0xa60 [ 390.659599][T17296] ? __pfx__printk+0x10/0x10 [ 390.664199][T17296] ? __pfx_vpanic+0x10/0x10 [ 390.668704][T17296] ? is_bpf_text_address+0x292/0x2b0 [ 390.674016][T17296] ? is_bpf_text_address+0x26/0x2b0 [ 390.679228][T17296] panic+0xc5/0xd0 [ 390.682962][T17296] ? __pfx_panic+0x10/0x10 [ 390.687502][T17296] __warn+0x315/0x4f0 [ 390.691502][T17296] ? reg_bounds_sanity_check+0x201/0xc30 [ 390.697166][T17296] ? reg_bounds_sanity_check+0x201/0xc30 [ 390.702801][T17296] __report_bug+0x29a/0x540 [ 390.707408][T17296] ? __pfx_stack_trace_save+0x10/0x10 [ 390.712788][T17296] ? reg_bounds_sanity_check+0x201/0xc30 [ 390.718454][T17296] ? __pfx___report_bug+0x10/0x10 [ 390.723539][T17296] ? check_cond_jmp_op+0x1c5b/0x31a0 [ 390.728870][T17296] ? do_check+0x7970/0x10610 [ 390.733558][T17296] ? do_check_common+0x19c8/0x25b0 [ 390.738686][T17296] ? bpf_check+0x5f3e/0x1ce00 [ 390.743382][T17296] ? bpf_prog_load+0x1484/0x1ae0 [ 390.748330][T17296] ? __sys_bpf+0x618/0x950 [ 390.752760][T17296] ? __x64_sys_bpf+0x7c/0x90 [ 390.757448][T17296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.763528][T17296] report_bug_entry+0x19a/0x290 [ 390.768491][T17296] ? reg_bounds_sanity_check+0x3e6/0xc30 [ 390.774226][T17296] ? reg_bounds_sanity_check+0x3eb/0xc30 [ 390.779918][T17296] handle_bug+0xce/0x200 [ 390.784181][T17296] exc_invalid_op+0x1a/0x50 [ 390.788701][T17296] asm_exc_invalid_op+0x1a/0x20 [ 390.793561][T17296] RIP: 0010:reg_bounds_sanity_check+0x3e6/0xc30 [ 390.799828][T17296] Code: 98 00 00 00 4c 8b 8c 24 88 00 00 00 41 ff 34 24 41 57 55 41 55 ff b4 24 f0 00 00 00 ff b4 24 a8 00 00 00 ff b4 24 c0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 49 bf 00 00 00 00 00 fc ff df 48 8b 84 [ 390.819445][T17296] RSP: 0018:ffffc90004f56eb0 EFLAGS: 00010246 [ 390.825526][T17296] RAX: dffffc0000000000 RBX: 1ffff1100f74a24a RCX: 00000000ffffdfcd [ 390.833529][T17296] RDX: ffffffff8bd474e0 RSI: ffffffff8bd4fe20 RDI: ffffffff9015d7d0 [ 390.841511][T17296] RBP: 00000000ffffdfcc R08: ffffffffffffdfcc R09: 80000000ffffdfcd [ 390.849491][T17296] R10: ffff88807ba51358 R11: 1ffff1100f74a250 R12: ffff88807ba51250 [ 390.857468][T17296] R13: 00000000ffffdfcd R14: 1ffff1100f74a249 R15: 00000000ffffdfcc [ 390.865500][T17296] reg_set_min_max+0x264/0x340 [ 390.870289][T17296] check_cond_jmp_op+0x1dbb/0x31a0 [ 390.875423][T17296] ? __pfx_check_cond_jmp_op+0x10/0x10 [ 390.880979][T17296] ? kfree+0x1c1/0x630 [ 390.885155][T17296] ? do_check+0x6326/0x10610 [ 390.889747][T17296] ? bpf_reset_stack_write_marks+0x1eb/0x260 [ 390.895833][T17296] do_check+0x7970/0x10610 [ 390.900339][T17296] ? __pfx_do_check+0x10/0x10 [ 390.905038][T17296] ? init_func_state+0x1ab2/0x28d0 [ 390.910171][T17296] do_check_common+0x19c8/0x25b0 [ 390.915165][T17296] bpf_check+0x5f3e/0x1ce00 [ 390.919772][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.924727][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.929691][T17296] ? __mutex_trylock_common+0x158/0x260 [ 390.935261][T17296] ? __pfx___mutex_trylock_common+0x10/0x10 [ 390.941174][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.946295][T17296] ? css_rstat_updated+0x23a/0x530 [ 390.951512][T17296] ? __pfx_css_rstat_updated+0x10/0x10 [ 390.956988][T17296] ? pcpu_alloc_noprof+0xe8f/0x19c0 [ 390.962201][T17296] ? __lock_acquire+0x6b5/0x2cf0 [ 390.967243][T17296] ? __pfx_bpf_check+0x10/0x10 [ 390.972016][T17296] ? pcpu_memcg_post_alloc_hook+0x77/0x580 [ 390.977831][T17296] ? pcpu_memcg_post_alloc_hook+0x44a/0x580 [ 390.983911][T17296] ? ktime_get_with_offset+0x93/0x2a0 [ 390.989303][T17296] ? ktime_get_with_offset+0x93/0x2a0 [ 390.994699][T17296] ? __asan_memset+0x22/0x50 [ 390.999313][T17296] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 391.004527][T17296] ? security_bpf_prog_load+0x125/0x3c0 [ 391.010096][T17296] bpf_prog_load+0x1484/0x1ae0 [ 391.014876][T17296] ? __pfx_bpf_prog_load+0x10/0x10 [ 391.019993][T17296] ? tomoyo_path_number_perm+0x219/0x630 [ 391.025738][T17296] ? bpf_lsm_bpf+0x9/0x20 [ 391.030166][T17296] ? security_bpf+0x7e/0x2d0 [ 391.034777][T17296] __sys_bpf+0x618/0x950 [ 391.039047][T17296] ? __pfx___sys_bpf+0x10/0x10 [ 391.043860][T17296] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 391.049700][T17296] ? __pfx_kcov_ioctl+0x10/0x10 [ 391.054579][T17296] __x64_sys_bpf+0x7c/0x90 [ 391.059013][T17296] do_syscall_64+0x14d/0xf80 [ 391.063702][T17296] ? trace_irq_disable+0x3b/0x150 [ 391.068754][T17296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.074828][T17296] ? clear_bhb_loop+0x40/0x90 [ 391.079519][T17296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.085417][T17296] RIP: 0033:0x7ffa6b39c819 [ 391.089851][T17296] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 391.109572][T17296] RSP: 002b:00007ffa6c20a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 391.118101][T17296] RAX: ffffffffffffffda RBX: 00007ffa6b615fa0 RCX: 00007ffa6b39c819 [ 391.126196][T17296] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 391.134178][T17296] RBP: 00007ffa6b432c91 R08: 0000000000000000 R09: 0000000000000000 [ 391.142162][T17296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.150234][T17296] R13: 00007ffa6b616038 R14: 00007ffa6b615fa0 R15: 00007fff27760de8 [ 391.158230][T17296] [ 391.161600][T17296] Kernel Offset: disabled [ 391.165925][T17296] Rebooting in 86400 seconds..