last executing test programs: 4.677459625s ago: executing program 4 (id=11926): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000006800010043001000fdffff7f0000040000000000040004000c000880050004000900000004000b001c000c80060001000b00000006000100070000000800030000000000240002"], 0x6c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000000)=@ccm_128={{0x303}, "110000e6c8000008", "cac9e9877c1600e65e99ffffffffff02", 'LP3F', "f7ffffffff0100"}, 0x28) setsockopt$inet6_tcp_int(r1, 0x11a, 0x5, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, 0x0, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) sendmsg$NL80211_CMD_LEAVE_IBSS(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x10, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}}, 0x4000004) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, 0x15, 0x301, 0x0, 0x25dfdbf8, {0x5}}, 0x14}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r5, 0x0, 0xffef, 0x20000000, &(0x7f0000000240)={0x2, 0x4e22, @remote}, 0x10) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYRESHEX=r5], 0x110}, 0x1, 0x0, 0x0, 0x4008080}, 0x41) 4.342654264s ago: executing program 4 (id=11932): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xd, 0x4, 0x4, 0x5, 0x0, r1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x90}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000a00)={&(0x7f0000000b80)={0x2, 0x4, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x4d6, 0x0, 0x0, 0x0, 0x0, 0x20000000}]}, 0x20}, 0x1, 0x7}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r9, 0x8918, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) ioctl$sock_inet_SIOCSIFPFLAGS(r9, 0x8934, &(0x7f0000000140)={'wg1\x00', 0x1000}) sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000dc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20, 0x0, 0x0, {0x1}}}, 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="12000000400000000400000002"], 0x50) socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r10, 0x0, &(0x7f0000000580)=@tcp6=r11}, 0x20) setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000180)=[{0x538, 0x7, 0x9, 0x6}]}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000780)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x3e}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 3.543954974s ago: executing program 4 (id=11939): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @local, 0x2}, 0x1c) 3.299356523s ago: executing program 4 (id=11942): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000ac0)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010101}, 0x10) 3.04321963s ago: executing program 4 (id=11948): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x68, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000480)={@void, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x56}, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x0, 0x0, 0x2}}, {@mpls_mc={0x8848, {[], @ipv6=@generic={0x5, 0x6, "ca93cb", 0x0, 0xc, 0xff, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1}}}}}}, 0x3e) 2.692455501s ago: executing program 0 (id=11953): r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 2.551084015s ago: executing program 4 (id=11954): r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @in=@private=0xa010102, 0x4e62, 0x0, 0x0, 0x0, 0xa, 0x0, 0x110}, {0x0, 0x4, 0x0, 0x5000007ffffffc, 0x0, 0x9, 0x0, 0x3ff7}, {0x7fffffffffffffff, 0x400, 0x100000000c, 0x1f}, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1}, {{@in6=@loopback, 0x800, 0x32}, 0x0, @in=@broadcast, 0x3501, 0x4, 0x2, 0x0, 0x0, 0x2, 0x1}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x2, @empty, 0xfffffffc}, 0x1c) 2.500000154s ago: executing program 3 (id=11956): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r2, 0x303, 0x8070bd29, 0x25dfdbff, {0xa}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x44) 2.379390838s ago: executing program 0 (id=11958): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x6, 0x2, 0x6, 0x2, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd, 0x1}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x8010) sendmmsg$inet(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001240)="cc5fd2518c506ebf347763559129e729164723d0e47c59f1b71a169d2bf45153816f628ff44cbe57e3b69377793663b2d7f0c39319dd2d25cf661253e80493fe43d4bd2521579cc80e15640e30cfedcde5be166f87dd93bc68ac7b179df08a08b19ec17b48e6ffa0026287ca02aec3d811c6262f219143baf964dd95c9ac5055ae4a8714ed7e524ab664ace9643ce2a56eb25288920ade7434d6be5cb5815dec81828de98e5f28bf5c536cff85314a25b345304ef6e35281f75d0e4fffb4effaf0ce6b4d689681dbd4fc160090761f1ee1c59099718474f81297928d9fb21c1ae86d7f0dc30e35584e5b4d862e086ae4f77647004b969c57a9eb0ec8f04665d4aed1e4255e3b4b130fd4f207d94fca04c482ae34da39997ab839477d717fc7aeba9e3380e2d3c42fcf8b65992c0e2ddc185af882cded42f0147fa010d40101edc65fe3652b4f95f7b9ecbbc09b5b2c8e2ede1d2b27a70b1f803fa0091b242dea878d5c8a711710fdd94c4883b02a1828742a779b92b0f5a083fb4646f903348c57cd48f70c8601bbbf28db00d94042c97470fffb2391548e3a2b52fab91b2b4f46a842eae1663c5b3af7e03f865331aff71bd73550fdfe354265f429b04cb31bbc1e4e6d0fd8aa6c06349c6b8810a5774c9db0dd225f0c8a2315f5c259e7f24ffb780db71b181bb3e4fdca6f190d65d81fea9db329d42186aa04f9242bc8cb7d3f1acc39b3d77827df3e460e0f9a75fdbd6c88859b94a346de22f4217bb887003a", 0x221}], 0x1}}], 0x1, 0x2090) 2.213970847s ago: executing program 3 (id=11960): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @empty}, 0xc67c}, 0x1c) listen(r1, 0x3) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 2.000969407s ago: executing program 3 (id=11961): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'vlan0\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000203030000000000000000eeffffff000800010001"], 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1d950300bcb7040008000a00", @ANYRES32=r2, @ANYBLOB="140012800c0001006d616376746170000400028008000500", @ANYRES32=r3], 0x44}, 0x1, 0x0, 0x0, 0x24004844}, 0x8000002) 1.928541276s ago: executing program 0 (id=11962): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r1, 0x40005, 0x420c0}}}}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x8044) 1.76776393s ago: executing program 2 (id=11964): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10) sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}, 0x1}], 0x256, 0x10022, 0x0) 1.604183823s ago: executing program 1 (id=11965): sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0xc004) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80004}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x68, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000380)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4f24, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "a725c9ebe4d5292d6f793260169a527f1e8480dae94b3c47678410f2efb4d0a9", "36a9abfb812b0e45b2331a28c61b658f08ebd21598f9e6d4bfc2e88774fd60da45d9b2704f33a27dc7d7f77598e8b183", "7d14565ff0e8ebb718aeacc9826c0916b8596618369c94b0e0113e78", {"1167483e897b0600000000000000da1f", "195ecd0201fbb9dbbfbf2ec374034c7d"}}}}}}}, 0x0) 1.600507577s ago: executing program 2 (id=11966): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x13, 0x10, 0x2}, 0x50) 1.512434701s ago: executing program 3 (id=11967): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c80)=@delqdisc={0x274, 0x25, 0x8, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x6, 0xfff1}, {0x9, 0x8}, {0x4, 0x4}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @qdisc_kind_options=@q_gred={{0x9}, {0x1e8, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xa, 0x9, 0x1}}, @TCA_GRED_DPS={0x10, 0x3, {0xb, 0xf, 0x1, 0x3}}, @TCA_GRED_LIMIT={0x8, 0x5, 0xfffffffe}, @TCA_GRED_MAX_P={0x8, 0x4, 0xff}, @TCA_GRED_MAX_P={0x8, 0x4, 0x1}, @TCA_GRED_STAB={0x104, 0x2, "1316f098b501a5f515756cb6ed0c15fba2595a9cfe8461e9193ef2cda213399b89abd777777a8b6c8b57edf4cedd8cd519f916568982473e994f0f7495abe6edc0903b30260a6e81871e70ee223c07e0bbad5e58ff6ffa3ae0e55aed0da21648cfa2cedd7866a8db17059a1153abb439953c9462163edb433c550325e91ea19623aa954a3fd922facea1355b599e96c2eae88d439ca4d0f8272abd526203456c2bce2a642e1a5ca9214aa1592f7673c01c4f25211568254896cb1a6d70613e396913a3b3fc52ed32fc05ad638ab7cfaeb4de999b03f5281bef358b591af82a7926887869bf3ea4519b43d4135cb97fb07ad9ddb9ff408f21573e209cd8b3147f"}, @TCA_GRED_PARMS={0x38, 0x1, {0x4, 0x40, 0xfffffffa, 0xe, 0xa, 0x1ff, 0x0, 0x0, 0xfffffff9, 0x3, 0x21, 0x7, 0x0, 0x2, 0x7fffffff, 0xb1d}}, @TCA_GRED_PARMS={0x38, 0x1, {0x4, 0x7f, 0x1, 0x7, 0x7fffffff, 0xb381, 0xfffffff9, 0xffffffff, 0x9, 0x7fffffff, 0x19, 0x12, 0x13, 0x8, 0x400, 0x9}}, @TCA_GRED_PARMS={0x38, 0x1, {0xfff, 0x9, 0x2, 0x2, 0x8, 0x1, 0xcf63, 0x8, 0x6, 0x6, 0x1f, 0x1a, 0x15, 0x6, 0x6, 0x7}}]}}, @qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8, 0xd0, 0x80000001, 0xf4, 0x5}, 0x7f, 0x1, 0x6, 0x9, 0xbbb, 0xa, 0x1b, 0x1d, 0x1, 0x401, {0x9, 0x6, 0x6, 0x5, 0x3570, 0x6}}}}]}, 0x274}, 0x1, 0x0, 0x0, 0x4000880}, 0x20008004) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x24}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1.323127021s ago: executing program 2 (id=11968): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'wlan0\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x305) 1.295224062s ago: executing program 0 (id=11969): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x181c01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'pim6reg0\x00', 0x2}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000080)={'veth0_vlan\x00'}) 1.255676062s ago: executing program 1 (id=11970): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r3, r2, 0x16, 0x0, @void}, 0x10) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000000)=0x17, 0x4) 1.135326423s ago: executing program 2 (id=11971): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000007b00000085000000a000000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="f7edad00"/14, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.038805295s ago: executing program 1 (id=11972): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='blkio.bfq.empty_time\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) 964.585909ms ago: executing program 0 (id=11973): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x8100, 0xe, 0x0, &(0x7f00000002c0)="c8e8a1aee95e10e19e00399da26f", 0x0, 0xadf0, 0x21, 0x0, 0x0, 0x0, 0x0}, 0x50) 916.662965ms ago: executing program 2 (id=11974): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000001200)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x1}}}}}}}, 0x0) 799.241522ms ago: executing program 1 (id=11975): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x8, 0xf989, "231f531c"}]}}}}}}}, 0x0) 722.818899ms ago: executing program 3 (id=11976): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0x20000000002) socket$inet_mptcp(0x2, 0x1, 0x106) 640.07062ms ago: executing program 1 (id=11977): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x8081, &(0x7f0000000280)={0xc9, 0xc, r3, 0x1, 0x2, 0x6, @multicast}, 0x5b) 119.939931ms ago: executing program 0 (id=11978): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r1) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000010500000000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0160000010010000240012800900010069706970"], 0x44}}, 0x84000) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x401, 0x80000000, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x79d873047d49af63, 0x12205}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x4}}}, @IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x3, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040000}, 0xc8c0) 118.827692ms ago: executing program 1 (id=11979): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x5e, &(0x7f0000000640)={@multicast, @random="bad4f9431624", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @private1, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @empty}}}}}}, 0x0) 54.250043ms ago: executing program 3 (id=11980): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000240)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4048000) 0s ago: executing program 2 (id=11981): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000004c0)={r2, r0, 0x16, 0x0, @void}, 0x10) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xb, &(0x7f0000000200)=0xc, 0x1) kernel console output (not intermixed with test programs): parsing attributes in process `syz.2.10649'. [ 1454.661869][ T8986] netlink: 'syz.2.10649': attribute type 12 has an invalid length. [ 1454.704675][ T8986] netlink: 'syz.2.10649': attribute type 11 has an invalid length. [ 1454.753234][ T8991] bond0: entered promiscuous mode [ 1454.786635][ T8991] bond0: entered allmulticast mode [ 1454.855450][ T8993] netlink: 'syz.3.10650': attribute type 32 has an invalid length. [ 1455.025672][ T8993] bond75: option coupled_control: invalid value (10) [ 1455.104655][ T8993] bond75 (unregistering): Released all slaves [ 1455.356799][ T9004] netlink: 'syz.3.10654': attribute type 1 has an invalid length. [ 1455.574908][ T9004] 8021q: adding VLAN 0 to HW filter on device bond75 [ 1456.628303][ T9024] batadv_slave_0: Caught tx_queue_len zero misconfig [ 1456.781593][ T9026] __nla_validate_parse: 9 callbacks suppressed [ 1456.781613][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10661'. [ 1456.881553][ T9026] tunl0: Caught tx_queue_len zero misconfig [ 1456.960873][ T9034] netlink: 104 bytes leftover after parsing attributes in process `syz.3.10664'. [ 1457.057639][ T9032] tipc: Enabled bearer , priority 0 [ 1457.135403][ T9030] tipc: Resetting bearer [ 1457.230143][ T9035] syzkaller0: entered promiscuous mode [ 1457.235988][ T9035] syzkaller0: entered allmulticast mode [ 1457.259662][ T9031] netlink: 112 bytes leftover after parsing attributes in process `syz.2.10662'. [ 1457.511659][ T9028] tipc: Resetting bearer [ 1457.701996][ T9028] tipc: Disabling bearer [ 1457.749964][ T6331] lec:lec_start_xmit: lec0:No lecd attached [ 1458.198283][ T9053] netlink: 56 bytes leftover after parsing attributes in process `syz.3.10668'. [ 1458.250053][ T9053] netlink: 'syz.3.10668': attribute type 2 has an invalid length. [ 1458.815055][ T9075] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10674'. [ 1458.928296][ T9077] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10675'. [ 1459.349325][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10675'. [ 1459.396267][ T8251] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0xef [ 1459.884560][ T9080] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1459.951842][ T9105] netlink: 68 bytes leftover after parsing attributes in process `syz.2.10681'. [ 1459.984484][ T9105] netlink: 44 bytes leftover after parsing attributes in process `syz.2.10681'. [ 1460.373856][ T9116] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10686'. [ 1460.818916][ T9130] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode [ 1460.852192][ T9130] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode [ 1461.261934][ T9142] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1461.615199][ T9152] netlink: 'syz.4.10697': attribute type 32 has an invalid length. [ 1461.761937][ T9152] bond50: option coupled_control: invalid value (10) [ 1461.813439][ T9152] bond50 (unregistering): Released all slaves [ 1462.628690][ T9170] __nla_validate_parse: 4 callbacks suppressed [ 1462.628708][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10702'. [ 1462.665887][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10702'. [ 1462.864650][ T9174] netlink: 88 bytes leftover after parsing attributes in process `syz.1.10703'. [ 1462.941826][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5190 ms [ 1462.949914][ C1] lec:lec_tx_timeout: lec0 [ 1463.173505][ T9180] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1463.193574][ T9185] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10706'. [ 1463.763490][ T9198] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10714'. [ 1463.894939][ T9198] 8021q: adding VLAN 0 to HW filter on device bond50 [ 1464.032019][ T9207] netlink: 'syz.3.10716': attribute type 1 has an invalid length. [ 1464.161533][ T1735] block nbd0: Possible stuck request ffff888026e38000: control (read@0,1024B). Runtime 990 seconds [ 1464.173917][ T1735] block nbd0: Possible stuck request ffff888026e38200: control (read@1024,1024B). Runtime 990 seconds [ 1464.185337][ T1735] block nbd0: Possible stuck request ffff888026e38400: control (read@2048,1024B). Runtime 990 seconds [ 1464.196445][ T1735] block nbd0: Possible stuck request ffff888026e38600: control (read@3072,1024B). Runtime 990 seconds [ 1464.212185][ T9207] 8021q: adding VLAN 0 to HW filter on device bond77 [ 1464.242686][ T9218] FAULT_INJECTION: forcing a failure. [ 1464.242686][ T9218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1464.339575][ T9218] CPU: 1 UID: 0 PID: 9218 Comm: syz.1.10718 Not tainted syzkaller #0 PREEMPT(full) [ 1464.339603][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1464.339616][ T9218] Call Trace: [ 1464.339625][ T9218] [ 1464.339634][ T9218] dump_stack_lvl+0xe8/0x150 [ 1464.339670][ T9218] should_fail_ex+0x412/0x560 [ 1464.339708][ T9218] _copy_to_user+0x31/0xb0 [ 1464.339737][ T9218] simple_read_from_buffer+0xe1/0x170 [ 1464.339772][ T9218] proc_fail_nth_read+0x1bb/0x230 [ 1464.339807][ T9218] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1464.339841][ T9218] ? rw_verify_area+0x2a6/0x4d0 [ 1464.339864][ T9218] ? tun_chr_write_iter+0x18a/0x200 [ 1464.339887][ T9218] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1464.339920][ T9218] vfs_read+0x20c/0xa70 [ 1464.339941][ T9218] ? fdget_pos+0x246/0x320 [ 1464.339966][ T9218] ? __pfx___mutex_lock+0x10/0x10 [ 1464.339996][ T9218] ? __pfx_vfs_read+0x10/0x10 [ 1464.340021][ T9218] ? __fget_files+0x2a/0x420 [ 1464.340045][ T9218] ? __fget_files+0x3a0/0x420 [ 1464.340082][ T9218] ? __fget_files+0x2a/0x420 [ 1464.340109][ T9218] ksys_read+0x150/0x270 [ 1464.340134][ T9218] ? __pfx_ksys_read+0x10/0x10 [ 1464.340168][ T9218] do_syscall_64+0x14d/0xf80 [ 1464.340192][ T9218] ? trace_irq_disable+0x3b/0x150 [ 1464.340209][ T9218] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.340229][ T9218] ? clear_bhb_loop+0x40/0x90 [ 1464.340255][ T9218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.340274][ T9218] RIP: 0033:0x7f8e09d5d04e [ 1464.340293][ T9218] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1464.340309][ T9218] RSP: 002b:00007f8e0aca9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1464.340330][ T9218] RAX: ffffffffffffffda RBX: 00007f8e0acaa6c0 RCX: 00007f8e09d5d04e [ 1464.340344][ T9218] RDX: 000000000000000f RSI: 00007f8e0acaa0a0 RDI: 0000000000000005 [ 1464.340357][ T9218] RBP: 00007f8e0acaa090 R08: 0000000000000000 R09: 0000000000000000 [ 1464.340369][ T9218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1464.340380][ T9218] R13: 00007f8e0a016218 R14: 00007f8e0a016180 R15: 00007fff9da80538 [ 1464.340413][ T9218] [ 1464.896457][ T9227] mac80211_hwsim hwsim1 syzkaller0: left promiscuous mode [ 1464.923698][ T9227] mac80211_hwsim hwsim1 syzkaller0: left allmulticast mode [ 1465.212765][ T9239] lo speed is unknown, defaulting to 1000 [ 1465.257040][ T9250] netlink: 56 bytes leftover after parsing attributes in process `syz.1.10728'. [ 1465.532649][ T9262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10731'. [ 1465.713539][ T9270] netlink: 'syz.1.10733': attribute type 1 has an invalid length. [ 1465.732349][ T9262] 8021q: adding VLAN 0 to HW filter on device bond55 [ 1465.903717][ T9270] 8021q: adding VLAN 0 to HW filter on device bond49 [ 1466.270160][ T9282] netlink: 'syz.3.10735': attribute type 29 has an invalid length. [ 1466.325176][ T9282] netlink: 'syz.3.10735': attribute type 29 has an invalid length. [ 1466.355115][ T9282] netlink: 548 bytes leftover after parsing attributes in process `syz.3.10735'. [ 1466.438800][ T9239] hsr0 speed is unknown, defaulting to 1000 [ 1466.459571][ T9260] lo speed is unknown, defaulting to 1000 [ 1466.548202][ T9239] lo speed is unknown, defaulting to 1000 [ 1466.808477][ T9303] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1467.137328][ T9310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10746'. [ 1467.170977][ T9313] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10745'. [ 1467.482783][ T9314] 8021q: adding VLAN 0 to HW filter on device bond56 [ 1467.592780][ T9328] netlink: 'syz.3.10750': attribute type 1 has an invalid length. [ 1468.202112][ T9354] __nla_validate_parse: 3 callbacks suppressed [ 1468.202132][ T9354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10753'. [ 1468.376416][ T9260] hsr0 speed is unknown, defaulting to 1000 [ 1468.447102][ T9260] lo speed is unknown, defaulting to 1000 [ 1468.770774][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10758'. [ 1468.809906][ T9368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10758'. [ 1468.848356][ T9371] netlink: 'syz.2.10760': attribute type 1 has an invalid length. [ 1468.915167][ T9371] bond57: entered promiscuous mode [ 1468.920694][ T9371] 8021q: adding VLAN 0 to HW filter on device bond57 [ 1469.004513][ T9371] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10760'. [ 1469.014627][ T9375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10761'. [ 1469.061932][ T9371] bond57: entered allmulticast mode [ 1469.116785][ T9375] 8021q: adding VLAN 0 to HW filter on device bond78 [ 1469.179070][ T9371] bond57: (slave bridge25): making interface the new active one [ 1469.188639][ T9371] bridge25: entered promiscuous mode [ 1469.198906][ T9371] bridge25: entered allmulticast mode [ 1469.242291][ T9371] bond57: (slave bridge25): Enslaving as an active interface with an up link [ 1469.356729][ T9379] bond74: (slave dummy0): Releasing backup interface [ 1469.458660][ T9379] bond78: (slave dummy0): Enslaving as an active interface with an up link [ 1469.482776][ T9391] netlink: 172 bytes leftover after parsing attributes in process `syz.1.10764'. [ 1469.746037][ T9399] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10766'. [ 1470.125851][ T9410] netlink: 'syz.3.10769': attribute type 1 has an invalid length. [ 1470.199569][ T9412] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1470.390043][ T9410] 8021q: adding VLAN 0 to HW filter on device bond79 [ 1470.596370][ T9423] netlink: 36 bytes leftover after parsing attributes in process `syz.2.10773'. [ 1470.649909][ T9420] bond0: (slave ipvlan0): Device is not bonding slave [ 1470.656961][ T9420] bond0: option active_slave: invalid value (ipvlan0) [ 1470.773043][ T9421] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1471.807886][ T9431] syzkaller1: entered promiscuous mode [ 1471.815122][ T9431] syzkaller1: entered allmulticast mode [ 1472.056152][ T9421] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1472.220352][ T9421] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1472.413349][ T9421] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1472.536392][ T9442] tipc: Enabling of bearer rejected, already enabled [ 1472.556653][ T9442] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10777'. [ 1472.591660][ T9442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10777'. [ 1472.888576][T18561] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1473.006248][T18566] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1473.084812][T18565] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1473.199283][ T9462] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1473.213782][T18565] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1473.587142][ T9469] syzkaller1: entered promiscuous mode [ 1473.593118][ T9469] syzkaller1: entered allmulticast mode [ 1473.651942][ T9473] netlink: 324 bytes leftover after parsing attributes in process `syz.3.10790'. [ 1473.755586][ T9473] netlink: 'syz.3.10790': attribute type 16 has an invalid length. [ 1473.763922][ T9473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10790'. [ 1473.788359][ T9473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1474.020521][ T9480] FAULT_INJECTION: forcing a failure. [ 1474.020521][ T9480] name failslab, interval 1, probability 0, space 0, times 0 [ 1474.072368][ T9480] CPU: 1 UID: 0 PID: 9480 Comm: syz.4.10794 Not tainted syzkaller #0 PREEMPT(full) [ 1474.072397][ T9480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1474.072410][ T9480] Call Trace: [ 1474.072419][ T9480] [ 1474.072428][ T9480] dump_stack_lvl+0xe8/0x150 [ 1474.072463][ T9480] should_fail_ex+0x412/0x560 [ 1474.072502][ T9480] should_failslab+0xa8/0x100 [ 1474.072531][ T9480] __kvmalloc_node_noprof+0x178/0x8a0 [ 1474.072575][ T9480] ? bpf_test_run_xdp_live+0x1f2/0x1cf0 [ 1474.072627][ T9480] bpf_test_run_xdp_live+0x1f2/0x1cf0 [ 1474.072658][ T9480] ? bpf_dispatcher_change_prog+0xae0/0xd70 [ 1474.072690][ T9480] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1474.072723][ T9480] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1474.072752][ T9480] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 1474.072799][ T9480] ? 0xffffffffa020285c [ 1474.072818][ T9480] ? 0xffffffffa0207488 [ 1474.072864][ T9480] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1474.072901][ T9480] ? _copy_from_user+0x94/0xb0 [ 1474.072927][ T9480] ? bpf_test_init+0x113/0x150 [ 1474.072947][ T9480] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1474.072974][ T9480] bpf_prog_test_run_xdp+0x81c/0x1160 [ 1474.073014][ T9480] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1474.073043][ T9480] ? __fget_files+0x2a/0x420 [ 1474.073068][ T9480] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1474.073094][ T9480] bpf_prog_test_run+0x2c7/0x340 [ 1474.073121][ T9480] __sys_bpf+0x643/0x950 [ 1474.073145][ T9480] ? __pfx___sys_bpf+0x10/0x10 [ 1474.073180][ T9480] ? ksys_write+0x242/0x270 [ 1474.073207][ T9480] ? __pfx_ksys_write+0x10/0x10 [ 1474.073239][ T9480] __x64_sys_bpf+0x7c/0x90 [ 1474.073276][ T9480] do_syscall_64+0x14d/0xf80 [ 1474.073303][ T9480] ? trace_irq_disable+0x3b/0x150 [ 1474.073321][ T9480] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1474.073344][ T9480] ? clear_bhb_loop+0x40/0x90 [ 1474.073370][ T9480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1474.073392][ T9480] RIP: 0033:0x7f2aba59c819 [ 1474.073412][ T9480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1474.073430][ T9480] RSP: 002b:00007f2abb4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1474.073453][ T9480] RAX: ffffffffffffffda RBX: 00007f2aba815fa0 RCX: 00007f2aba59c819 [ 1474.073469][ T9480] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a [ 1474.073483][ T9480] RBP: 00007f2abb4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 1474.073497][ T9480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1474.073509][ T9480] R13: 00007f2aba816038 R14: 00007f2aba815fa0 R15: 00007ffde5d63578 [ 1474.073544][ T9480] [ 1474.526711][ T9490] netlink: 'syz.2.10797': attribute type 2 has an invalid length. [ 1474.631427][ T9490] netlink: 'syz.2.10797': attribute type 2 has an invalid length. [ 1474.724357][ T9487] macsec1: entered promiscuous mode [ 1474.789717][ T9493] netlink: 36 bytes leftover after parsing attributes in process `syz.0.10799'. [ 1474.898456][ T9490] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10797'. [ 1475.045359][ T9500] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10802'. [ 1475.112702][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10803'. [ 1475.177800][ T9508] xt_socket: unknown flags 0x50 [ 1475.203696][ T9502] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10803'. [ 1475.297682][ T9511] netlink: 'syz.0.10806': attribute type 1 has an invalid length. [ 1475.357122][ T9517] netlink: 'syz.4.10808': attribute type 1 has an invalid length. [ 1475.468749][ T9520] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10806'. [ 1475.658449][ T9511] bond59: entered promiscuous mode [ 1475.683788][ T9511] 8021q: adding VLAN 0 to HW filter on device bond59 [ 1475.806919][ T9517] bond51: entered promiscuous mode [ 1475.812634][ T9517] 8021q: adding VLAN 0 to HW filter on device bond51 [ 1475.821560][ T9520] bond59: entered allmulticast mode [ 1476.002926][ T9528] bond59: (slave bridge25): making interface the new active one [ 1476.076041][ T9528] bridge25: entered promiscuous mode [ 1476.094350][ T9528] bridge25: entered allmulticast mode [ 1476.119356][ T9543] netlink: 'syz.4.10811': attribute type 2 has an invalid length. [ 1476.137783][ T9528] bond59: (slave bridge25): Enslaving as an active interface with an up link [ 1476.450794][ T9554] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10816'. [ 1476.464983][ T9556] netlink: 'syz.3.10818': attribute type 1 has an invalid length. [ 1476.644346][ T9556] 8021q: adding VLAN 0 to HW filter on device bond80 [ 1476.794776][ T9558] syzkaller1: entered promiscuous mode [ 1476.803793][ T9558] syzkaller1: entered allmulticast mode [ 1477.416744][ T9596] netlink: 'syz.1.10826': attribute type 16 has an invalid length. [ 1477.462182][ T9596] netlink: 'syz.1.10826': attribute type 17 has an invalid length. [ 1477.569171][ T9596] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1477.684884][ T9605] vlan0: entered promiscuous mode [ 1477.926025][ T9614] netlink: 'syz.3.10834': attribute type 1 has an invalid length. [ 1477.957426][ T9616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10835'. [ 1478.117056][ T9614] 8021q: adding VLAN 0 to HW filter on device bond81 [ 1479.161261][ T9672] __nla_validate_parse: 5 callbacks suppressed [ 1479.161280][ T9672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10851'. [ 1479.198658][ T9672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10851'. [ 1479.266876][ T9676] netlink: 'syz.3.10853': attribute type 1 has an invalid length. [ 1479.340133][ T9678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10853'. [ 1479.367961][ T9676] bond82: entered promiscuous mode [ 1479.395364][ T9676] 8021q: adding VLAN 0 to HW filter on device bond82 [ 1479.469569][ T9678] bond82: entered allmulticast mode [ 1479.499508][ T9680] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10854'. [ 1479.528858][ T9682] netlink: 'syz.4.10855': attribute type 1 has an invalid length. [ 1479.567446][ T9682] netlink: 224 bytes leftover after parsing attributes in process `syz.4.10855'. [ 1479.627218][ T9676] bond82: (slave bridge23): making interface the new active one [ 1479.653434][ T9676] bridge23: entered promiscuous mode [ 1479.667628][ T9676] bridge23: entered allmulticast mode [ 1479.686391][ T9676] bond82: (slave bridge23): Enslaving as an active interface with an up link [ 1479.704268][ T9693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10856'. [ 1479.968128][ T9700] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10858'. [ 1480.064420][ T9701] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10858'. [ 1480.138696][ T9707] netlink: 68 bytes leftover after parsing attributes in process `syz.2.10862'. [ 1480.204767][ T9707] netlink: 44 bytes leftover after parsing attributes in process `syz.2.10862'. [ 1481.114510][ T9756] netlink: zone id is out of range [ 1481.119914][ T9756] netlink: zone id is out of range [ 1481.127383][ T9756] netlink: zone id is out of range [ 1481.133512][ T9756] netlink: zone id is out of range [ 1481.138672][ T9756] netlink: zone id is out of range [ 1481.161144][ T9756] netlink: zone id is out of range [ 1481.183641][ T9756] netlink: zone id is out of range [ 1481.189330][ T9756] netlink: zone id is out of range [ 1481.210213][ T9756] netlink: zone id is out of range [ 1481.617543][ T9783] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1481.630395][ T9774] lo speed is unknown, defaulting to 1000 [ 1482.117860][ T9799] netlink: 'syz.1.10890': attribute type 5 has an invalid length. [ 1482.242522][ T9802] erspan0: entered promiscuous mode [ 1482.325294][ T9774] hsr0 speed is unknown, defaulting to 1000 [ 1482.334267][ T9806] netlink: 'syz.4.10894': attribute type 1 has an invalid length. [ 1482.374508][ T9774] lo speed is unknown, defaulting to 1000 [ 1482.607506][ T9816] netlink: 'syz.3.10897': attribute type 1 has an invalid length. [ 1482.753866][ T9816] 8021q: adding VLAN 0 to HW filter on device bond83 [ 1482.926408][ T9826] geneve1: Caught tx_queue_len zero misconfig [ 1483.096165][ T9833] netlink: 'syz.3.10902': attribute type 1 has an invalid length. [ 1483.238576][ T9833] bond84: entered promiscuous mode [ 1483.252208][ T9833] 8021q: adding VLAN 0 to HW filter on device bond84 [ 1483.321525][ T9838] bond84: entered allmulticast mode [ 1483.527659][ T9833] bond84: (slave bridge24): making interface the new active one [ 1483.571633][ T9833] bridge24: entered promiscuous mode [ 1483.577142][ T9833] bridge24: entered allmulticast mode [ 1483.619082][ T9833] bond84: (slave bridge24): Enslaving as an active interface with an up link [ 1483.638125][ T9854] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1484.167443][ T9866] __nla_validate_parse: 12 callbacks suppressed [ 1484.167465][ T9866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10915'. [ 1484.202646][ T9868] netlink: 'syz.4.10916': attribute type 1 has an invalid length. [ 1484.293131][ T9874] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10916'. [ 1484.371867][ T9871] bond48: (slave dummy0): Releasing backup interface [ 1484.401294][ T9881] netlink: 'syz.3.10917': attribute type 32 has an invalid length. [ 1484.486825][ T9881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10917'. [ 1484.627478][ T1303] net_ratelimit: 9 callbacks suppressed [ 1484.627497][ T1303] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 1484.651438][ T1303] lec:lec_start_xmit: lec0:No lecd attached [ 1484.688484][ T9868] bond52: entered promiscuous mode [ 1484.699000][ T9868] 8021q: adding VLAN 0 to HW filter on device bond52 [ 1484.762772][ T9866] 8021q: adding VLAN 0 to HW filter on device bond50 [ 1484.772176][ T9874] bond52: entered allmulticast mode [ 1484.845372][ T9881] bond85: option coupled_control: invalid value (10) [ 1484.854280][ T9881] bond85 (unregistering): Released all slaves [ 1484.910201][ T9887] bond52: (slave bridge25): making interface the new active one [ 1484.961483][ T9887] bridge25: entered promiscuous mode [ 1484.967083][ T9887] bridge25: entered allmulticast mode [ 1484.984959][ T9887] bond52: (slave bridge25): Enslaving as an active interface with an up link [ 1485.196665][ T9900] netlink: 'syz.0.10922': attribute type 1 has an invalid length. [ 1485.258689][ T9902] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10922'. [ 1485.384621][ T9900] bond60: entered promiscuous mode [ 1485.434297][ T9900] 8021q: adding VLAN 0 to HW filter on device bond60 [ 1485.474691][ T9902] bond60: entered allmulticast mode [ 1485.576847][ T9900] bond60: (slave bridge26): making interface the new active one [ 1485.592902][ T9900] bridge26: entered promiscuous mode [ 1485.598506][ T9900] bridge26: entered allmulticast mode [ 1485.639923][ T9900] bond60: (slave bridge26): Enslaving as an active interface with an up link [ 1485.944665][ T9926] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10930'. [ 1486.001520][ T9929] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10929'. [ 1486.273161][ T9942] netlink: 'syz.3.10932': attribute type 1 has an invalid length. [ 1486.281575][ T9926] 8021q: adding VLAN 0 to HW filter on device bond58 [ 1486.515674][ T9942] 8021q: adding VLAN 0 to HW filter on device bond85 [ 1487.028576][ T9969] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10943'. [ 1487.368942][ T9983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10945'. [ 1487.469630][ T9984] netlink: 'syz.1.10946': attribute type 1 has an invalid length. [ 1487.500667][ T9983] 8021q: adding VLAN 0 to HW filter on device bond59 [ 1487.515857][ T9984] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10946'. [ 1488.196603][T10002] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10951'. [ 1489.116507][T10032] netlink: 'syz.2.10959': attribute type 1 has an invalid length. [ 1489.981350][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5330 ms [ 1489.989477][ C1] lec:lec_tx_timeout: lec0 [ 1490.235686][T10068] __nla_validate_parse: 4 callbacks suppressed [ 1490.235709][T10068] netlink: 44 bytes leftover after parsing attributes in process `syz.1.10969'. [ 1490.257298][T10070] netlink: 'syz.3.10970': attribute type 1 has an invalid length. [ 1490.352973][T10075] netlink: 'syz.2.10972': attribute type 1 has an invalid length. [ 1490.365798][T10070] 8021q: adding VLAN 0 to HW filter on device bond86 [ 1490.373587][T10071] lo: Caught tx_queue_len zero misconfig [ 1490.422494][T10077] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10972'. [ 1490.428531][T10079] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10973'. [ 1490.451929][T10079] openvswitch: netlink: Invalid VLAN frame [ 1490.555133][T10075] bond60: entered promiscuous mode [ 1490.611109][T10075] 8021q: adding VLAN 0 to HW filter on device bond60 [ 1490.658714][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10975'. [ 1490.678104][T10077] bond60: entered allmulticast mode [ 1490.728129][T10088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10976'. [ 1490.763109][T10075] bond60: (slave bridge26): making interface the new active one [ 1490.784594][T10075] bridge26: entered promiscuous mode [ 1490.790984][T10088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10976'. [ 1490.799813][T10075] bridge26: entered allmulticast mode [ 1490.824062][T10075] bond60: (slave bridge26): Enslaving as an active interface with an up link [ 1490.991169][T10096] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1491.130029][T10101] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10980'. [ 1491.141364][T10100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10981'. [ 1491.664475][T10119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10986'. [ 1491.704006][T10119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10986'. [ 1491.804465][T10119] bond25: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1491.904517][T10119] bond25: (slave lo): Enslaving as an active interface with an up link [ 1491.944019][T10119] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1491.989657][T10134] netlink: 'syz.4.10990': attribute type 1 has an invalid length. [ 1492.000427][ T5941] lo speed is unknown, defaulting to 1000 [ 1492.006859][ T5941] sqz0: Port: 1 Link ACTIVE [ 1492.019534][T28406] lo speed is unknown, defaulting to 1000 [ 1492.036802][T10132] wg1: Caught tx_queue_len zero misconfig [ 1492.139059][T10140] netlink: 'syz.0.10991': attribute type 1 has an invalid length. [ 1492.198706][T10140] 8021q: adding VLAN 0 to HW filter on device bond61 [ 1492.446162][T10146] syzkaller0: entered promiscuous mode [ 1492.461771][T10146] syzkaller0: entered allmulticast mode [ 1492.509372][T10151] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1492.752534][T10161] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1493.296700][T10179] syzkaller1: entered promiscuous mode [ 1493.330509][T10179] syzkaller1: entered allmulticast mode [ 1493.367658][T10183] netlink: 'syz.2.11007': attribute type 1 has an invalid length. [ 1493.636557][T10183] 8021q: adding VLAN 0 to HW filter on device bond61 [ 1493.880216][T10202] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1494.003312][T10207] netlink: 'syz.3.11012': attribute type 16 has an invalid length. [ 1494.077586][T10207] netlink: 'syz.3.11012': attribute type 17 has an invalid length. [ 1494.222812][ T1735] block nbd0: Possible stuck request ffff888026e38000: control (read@0,1024B). Runtime 1020 seconds [ 1494.233760][ T1735] block nbd0: Possible stuck request ffff888026e38200: control (read@1024,1024B). Runtime 1020 seconds [ 1494.245294][ T1735] block nbd0: Possible stuck request ffff888026e38400: control (read@2048,1024B). Runtime 1020 seconds [ 1494.256569][ T1735] block nbd0: Possible stuck request ffff888026e38600: control (read@3072,1024B). Runtime 1020 seconds [ 1494.353013][T10185] delete_channel: no stack [ 1494.385224][T10207] 8021q: adding VLAN 0 to HW filter on device team0 [ 1494.452989][T10207] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1495.096136][T10238] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1495.208260][T10240] syzkaller1: entered promiscuous mode [ 1495.224569][T10240] syzkaller1: entered allmulticast mode [ 1495.249872][T10238] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1495.463872][T10238] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1495.613902][T10238] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1495.928229][T10256] netlink: 'syz.0.11029': attribute type 16 has an invalid length. [ 1495.970559][T18566] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1495.986905][T10256] netlink: 'syz.0.11029': attribute type 17 has an invalid length. [ 1495.996256][T18566] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1496.063124][T18566] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1496.124567][T10256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1496.179956][T18566] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1496.978809][T10279] lo speed is unknown, defaulting to 1000 [ 1497.336379][T10279] hsr0 speed is unknown, defaulting to 1000 [ 1497.374241][T10279] lo speed is unknown, defaulting to 1000 [ 1497.438821][T10294] __nla_validate_parse: 12 callbacks suppressed [ 1497.438843][T10294] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11046'. [ 1497.649825][T10301] netlink: 'syz.0.11048': attribute type 1 has an invalid length. [ 1497.755308][T10306] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11048'. [ 1497.856931][T10301] bond62: entered promiscuous mode [ 1497.919388][T10301] 8021q: adding VLAN 0 to HW filter on device bond62 [ 1497.972970][T10306] bond62: entered allmulticast mode [ 1498.066759][T10301] bond62: (slave bridge27): making interface the new active one [ 1498.082242][T10301] bridge27: entered promiscuous mode [ 1498.106573][T10301] bridge27: entered allmulticast mode [ 1498.144922][T10301] bond62: (slave bridge27): Enslaving as an active interface with an up link [ 1498.229831][T10309] syzkaller1: entered promiscuous mode [ 1498.271368][T10309] syzkaller1: entered allmulticast mode [ 1498.863900][T10326] netlink: 'syz.1.11053': attribute type 32 has an invalid length. [ 1498.920797][T10326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11053'. [ 1499.285032][T10326] bond51: option coupled_control: invalid value (10) [ 1499.338485][T10326] bond51 (unregistering): Released all slaves [ 1499.659386][T10346] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11057'. [ 1499.679552][T10346] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11057'. [ 1499.705370][T10346] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11057'. [ 1499.831784][T10349] netlink: 'syz.4.11058': attribute type 10 has an invalid length. [ 1499.884371][T10339] syzkaller0: entered promiscuous mode [ 1499.907862][T10349] netlink: 228 bytes leftover after parsing attributes in process `syz.4.11058'. [ 1499.935743][T10339] syzkaller0: entered allmulticast mode [ 1500.054720][T10359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11061'. [ 1503.756386][T10364] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11062'. [ 1503.784852][T10368] FAULT_INJECTION: forcing a failure. [ 1503.784852][T10368] name failslab, interval 1, probability 0, space 0, times 0 [ 1503.819744][T10366] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11063'. [ 1503.837319][T10368] CPU: 0 UID: 0 PID: 10368 Comm: syz.0.11064 Not tainted syzkaller #0 PREEMPT(full) [ 1503.837347][T10368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1503.837360][T10368] Call Trace: [ 1503.837368][T10368] [ 1503.837394][T10368] dump_stack_lvl+0xe8/0x150 [ 1503.837431][T10368] should_fail_ex+0x412/0x560 [ 1503.837468][T10368] should_failslab+0xa8/0x100 [ 1503.837498][T10368] __kmalloc_noprof+0xe8/0x760 [ 1503.837523][T10368] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1503.837552][T10368] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1503.837586][T10368] ? tomoyo_path_number_perm+0x219/0x630 [ 1503.837615][T10368] tomoyo_path_number_perm+0x246/0x630 [ 1503.837648][T10368] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1503.837687][T10368] ? __lock_acquire+0x6b5/0x2cf0 [ 1503.837727][T10368] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1503.837778][T10368] ? __fget_files+0x2a/0x420 [ 1503.837801][T10368] ? __fget_files+0x2a/0x420 [ 1503.837819][T10368] ? __fget_files+0x3a0/0x420 [ 1503.837837][T10368] ? __fget_files+0x2a/0x420 [ 1503.837860][T10368] security_file_ioctl+0xc3/0x2a0 [ 1503.837890][T10368] __se_sys_ioctl+0x47/0x170 [ 1503.837918][T10368] do_syscall_64+0x14d/0xf80 [ 1503.837945][T10368] ? trace_irq_disable+0x3b/0x150 [ 1503.837963][T10368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.837985][T10368] ? clear_bhb_loop+0x40/0x90 [ 1503.838011][T10368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.838031][T10368] RIP: 0033:0x7fd03279c819 [ 1503.838051][T10368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1503.838068][T10368] RSP: 002b:00007fd03360d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1503.838090][T10368] RAX: ffffffffffffffda RBX: 00007fd032a15fa0 RCX: 00007fd03279c819 [ 1503.838106][T10368] RDX: 0000200000000040 RSI: 0000000000008931 RDI: 0000000000000003 [ 1503.838119][T10368] RBP: 00007fd03360d090 R08: 0000000000000000 R09: 0000000000000000 [ 1503.838132][T10368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1503.838145][T10368] R13: 00007fd032a16038 R14: 00007fd032a15fa0 R15: 00007fff4dae4808 [ 1503.838180][T10368] [ 1503.838189][T10368] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1504.379286][T10385] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1504.628607][T10391] netlink: 68 bytes leftover after parsing attributes in process `syz.2.11071'. [ 1504.648969][T10386] syzkaller1: entered promiscuous mode [ 1504.671415][T10386] syzkaller1: entered allmulticast mode [ 1504.694134][T10391] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11071'. [ 1505.307730][T10423] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11084'. [ 1505.382585][T10431] netlink: 'syz.0.11085': attribute type 32 has an invalid length. [ 1505.415475][T10431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11085'. [ 1505.634817][T10431] bond63: option coupled_control: invalid value (10) [ 1505.683292][T10431] bond63 (unregistering): Released all slaves [ 1506.214751][T10461] FAULT_INJECTION: forcing a failure. [ 1506.214751][T10461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1506.272975][T10464] netlink: 'syz.0.11096': attribute type 1 has an invalid length. [ 1506.291477][T10461] CPU: 0 UID: 0 PID: 10461 Comm: syz.1.11095 Not tainted syzkaller #0 PREEMPT(full) [ 1506.291507][T10461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1506.291521][T10461] Call Trace: [ 1506.291530][T10461] [ 1506.291539][T10461] dump_stack_lvl+0xe8/0x150 [ 1506.291576][T10461] should_fail_ex+0x412/0x560 [ 1506.291614][T10461] _copy_from_iter+0x1d3/0x1670 [ 1506.291643][T10461] ? rcu_is_watching+0x15/0xb0 [ 1506.291680][T10461] ? __pfx__copy_from_iter+0x10/0x10 [ 1506.291712][T10461] ? netlink_sendmsg+0x650/0xb40 [ 1506.291735][T10461] ? skb_put+0x11b/0x210 [ 1506.291765][T10461] netlink_sendmsg+0x6c0/0xb40 [ 1506.291800][T10461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1506.291829][T10461] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1506.291864][T10461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1506.291893][T10461] ____sys_sendmsg+0x972/0x9f0 [ 1506.291933][T10461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1506.291972][T10461] ? import_iovec+0x73/0xa0 [ 1506.292001][T10461] ___sys_sendmsg+0x2a5/0x360 [ 1506.292037][T10461] ? __pfx____sys_sendmsg+0x10/0x10 [ 1506.292105][T10461] ? __fget_files+0x2a/0x420 [ 1506.292124][T10461] ? __fget_files+0x3a0/0x420 [ 1506.292155][T10461] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1506.292188][T10461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1506.292229][T10461] ? __pfx_ksys_write+0x10/0x10 [ 1506.292266][T10461] do_syscall_64+0x14d/0xf80 [ 1506.292293][T10461] ? trace_irq_disable+0x3b/0x150 [ 1506.292312][T10461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1506.292334][T10461] ? clear_bhb_loop+0x40/0x90 [ 1506.292360][T10461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1506.292388][T10461] RIP: 0033:0x7f8e09d9c819 [ 1506.292408][T10461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1506.292427][T10461] RSP: 002b:00007f8e0acec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1506.292449][T10461] RAX: ffffffffffffffda RBX: 00007f8e0a015fa0 RCX: 00007f8e09d9c819 [ 1506.292465][T10461] RDX: 0000000000004004 RSI: 0000200000000200 RDI: 0000000000000003 [ 1506.292480][T10461] RBP: 00007f8e0acec090 R08: 0000000000000000 R09: 0000000000000000 [ 1506.292493][T10461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1506.292506][T10461] R13: 00007f8e0a016038 R14: 00007f8e0a015fa0 R15: 00007fff9da80538 [ 1506.292541][T10461] [ 1506.692149][T10468] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11098'. [ 1506.804065][T10464] 8021q: adding VLAN 0 to HW filter on device bond63 [ 1506.827603][T10475] pim6reg: entered allmulticast mode [ 1506.963756][T10482] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.11103'. [ 1507.042049][T10486] pimreg: tun_chr_ioctl cmd 2147767520 [ 1507.086390][T10486] Timeout policy `syz0' can only be used by L3 protocol number 25 [ 1507.157780][T10489] team_slave_1: Caught tx_queue_len zero misconfig [ 1507.230110][T10493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11108'. [ 1507.248311][T10491] bridge0: port 3(erspan0) entered disabled state [ 1507.270005][T10493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11108'. [ 1507.298119][T10498] netlink: 'syz.2.11107': attribute type 16 has an invalid length. [ 1507.359062][T10498] netlink: 'syz.2.11107': attribute type 17 has an invalid length. [ 1507.557962][T10498] bridge0: port 3(erspan0) entered blocking state [ 1507.564686][T10498] bridge0: port 3(erspan0) entered forwarding state [ 1507.607198][T10498] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1508.395279][T10540] netlink: 'syz.2.11126': attribute type 6 has an invalid length. [ 1508.674303][T10554] FAULT_INJECTION: forcing a failure. [ 1508.674303][T10554] name failslab, interval 1, probability 0, space 0, times 0 [ 1508.740284][T10554] CPU: 1 UID: 0 PID: 10554 Comm: syz.2.11128 Not tainted syzkaller #0 PREEMPT(full) [ 1508.740312][T10554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1508.740325][T10554] Call Trace: [ 1508.740333][T10554] [ 1508.740341][T10554] dump_stack_lvl+0xe8/0x150 [ 1508.740374][T10554] should_fail_ex+0x412/0x560 [ 1508.740409][T10554] should_failslab+0xa8/0x100 [ 1508.740444][T10554] __kmalloc_cache_noprof+0x88/0x660 [ 1508.740467][T10554] ? xfrm_policy_alloc+0x78/0x2b0 [ 1508.740494][T10554] xfrm_policy_alloc+0x78/0x2b0 [ 1508.740519][T10554] xfrm_policy_construct+0x39/0x6b0 [ 1508.740556][T10554] xfrm_add_policy+0x286/0x820 [ 1508.740588][T10554] ? __pfx_xfrm_add_policy+0x10/0x10 [ 1508.740611][T10554] ? apparmor_capable+0x126/0x170 [ 1508.740638][T10554] ? __nla_parse+0x40/0x60 [ 1508.740664][T10554] xfrm_user_rcv_msg+0x7ae/0xc40 [ 1508.740696][T10554] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1508.740755][T10554] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1508.740788][T10554] ? rcu_is_watching+0x15/0xb0 [ 1508.740817][T10554] ? trace_contention_end+0x3d/0x150 [ 1508.740838][T10554] ? __mutex_lock+0x319/0x1300 [ 1508.740871][T10554] netlink_rcv_skb+0x232/0x4b0 [ 1508.740896][T10554] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1508.740923][T10554] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1508.740959][T10554] ? netlink_deliver_tap+0x2e/0x1b0 [ 1508.740980][T10554] ? netlink_deliver_tap+0x2e/0x1b0 [ 1508.741004][T10554] xfrm_netlink_rcv+0x79/0x90 [ 1508.741029][T10554] netlink_unicast+0x80f/0x9b0 [ 1508.741057][T10554] ? __pfx_netlink_unicast+0x10/0x10 [ 1508.741079][T10554] ? netlink_sendmsg+0x650/0xb40 [ 1508.741099][T10554] ? skb_put+0x11b/0x210 [ 1508.741127][T10554] netlink_sendmsg+0x813/0xb40 [ 1508.741159][T10554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1508.741184][T10554] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1508.741216][T10554] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1508.741241][T10554] ____sys_sendmsg+0x972/0x9f0 [ 1508.741277][T10554] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1508.741317][T10554] ? import_iovec+0x73/0xa0 [ 1508.741344][T10554] ___sys_sendmsg+0x2a5/0x360 [ 1508.741376][T10554] ? __pfx____sys_sendmsg+0x10/0x10 [ 1508.741454][T10554] ? __fget_files+0x2a/0x420 [ 1508.741491][T10554] ? __fget_files+0x3a0/0x420 [ 1508.741523][T10554] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1508.741556][T10554] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1508.741596][T10554] ? __pfx_ksys_write+0x10/0x10 [ 1508.741634][T10554] do_syscall_64+0x14d/0xf80 [ 1508.741661][T10554] ? trace_irq_disable+0x3b/0x150 [ 1508.741680][T10554] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1508.741702][T10554] ? clear_bhb_loop+0x40/0x90 [ 1508.741730][T10554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1508.741751][T10554] RIP: 0033:0x7ff0ba79c819 [ 1508.741772][T10554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1508.741791][T10554] RSP: 002b:00007ff0bb6e9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1508.741819][T10554] RAX: ffffffffffffffda RBX: 00007ff0baa15fa0 RCX: 00007ff0ba79c819 [ 1508.741834][T10554] RDX: 0000000000004004 RSI: 0000200000000200 RDI: 0000000000000003 [ 1508.741849][T10554] RBP: 00007ff0bb6e9090 R08: 0000000000000000 R09: 0000000000000000 [ 1508.741862][T10554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1508.741874][T10554] R13: 00007ff0baa16038 R14: 00007ff0baa15fa0 R15: 00007fff2a085b98 [ 1508.741909][T10554] [ 1509.368879][T10574] __nla_validate_parse: 3 callbacks suppressed [ 1509.368898][T10574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11134'. [ 1509.516448][T10574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11134'. [ 1509.598229][T10579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11135'. [ 1509.601855][T10574] netlink: 1 bytes leftover after parsing attributes in process `syz.3.11134'. [ 1509.732320][T10584] netlink: 'syz.1.11137': attribute type 1 has an invalid length. [ 1509.858470][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11137'. [ 1509.877067][T10586] can: request_module (can-proto-0) failed. [ 1510.031912][T10584] bond51: entered promiscuous mode [ 1510.091815][T10584] 8021q: adding VLAN 0 to HW filter on device bond51 [ 1510.098306][T10602] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11140'. [ 1510.161384][T10593] bond51: entered allmulticast mode [ 1510.286463][T10602] 8021q: adding VLAN 0 to HW filter on device bond64 [ 1510.333404][T10605] bond64: (slave dummy0): Enslaving as an active interface with an up link [ 1510.371622][T10584] bond51: (slave bridge15): making interface the new active one [ 1510.391633][T10584] bridge15: entered promiscuous mode [ 1510.411695][T10584] bridge15: entered allmulticast mode [ 1510.419518][T10584] bond51: (slave bridge15): Enslaving as an active interface with an up link [ 1510.466689][T10610] bond0: Caught tx_queue_len zero misconfig [ 1510.676153][T10625] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11147'. [ 1510.752475][T10625] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11147'. [ 1510.979308][T10642] netlink: 'syz.0.11153': attribute type 1 has an invalid length. [ 1510.999550][T10641] batadv_slave_1: entered promiscuous mode [ 1511.011992][T10641] netlink: 'syz.2.11152': attribute type 32 has an invalid length. [ 1511.020430][T10641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11152'. [ 1511.028797][T10642] netlink: 224 bytes leftover after parsing attributes in process `syz.0.11153'. [ 1511.148529][T10641] bond62: option coupled_control: invalid value (10) [ 1511.170583][T10641] bond62 (unregistering): Released all slaves [ 1511.279174][T10637] batadv_slave_1: left promiscuous mode [ 1511.384510][T10659] €Â: renamed from dummy0 [ 1511.996608][T10683] netlink: 'syz.3.11163': attribute type 1 has an invalid length. [ 1512.333365][T10696] netlink: 'syz.4.11168': attribute type 1 has an invalid length. [ 1512.406430][T10688] bond87: entered promiscuous mode [ 1512.431096][T10688] 8021q: adding VLAN 0 to HW filter on device bond87 [ 1512.854319][T10719] netlink: 'syz.0.11171': attribute type 32 has an invalid length. [ 1513.029077][T10719] bond65: option coupled_control: invalid value (10) [ 1513.158625][T10719] bond65 (unregistering): Released all slaves [ 1513.285276][T10711] syzkaller0: entered promiscuous mode [ 1513.290976][T10711] syzkaller0: entered allmulticast mode [ 1514.339116][T10757] syzkaller1: entered promiscuous mode [ 1514.361895][T10757] syzkaller1: entered allmulticast mode [ 1514.765283][T10771] tipc: Enabling of bearer rejected, already enabled [ 1514.837355][T10771] mac80211_hwsim hwsim1 syzkaller0: entered promiscuous mode [ 1514.865370][T10771] mac80211_hwsim hwsim1 syzkaller0: entered allmulticast mode [ 1515.113106][T10781] syzkaller1: entered promiscuous mode [ 1515.118758][T10781] syzkaller1: entered allmulticast mode [ 1515.772851][T18565] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1515.781101][T18565] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1515.839165][T18565] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1515.862202][T18565] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1516.113619][T10813] __nla_validate_parse: 10 callbacks suppressed [ 1516.113640][T10813] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11203'. [ 1516.523448][T10831] netlink: 'syz.3.11207': attribute type 16 has an invalid length. [ 1516.543245][T10831] netlink: 'syz.3.11207': attribute type 17 has an invalid length. [ 1516.616053][T10831] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1516.702076][T10832] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1516.964861][T10832] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1517.063632][T10840] bond62: option ad_select: invalid value (34) [ 1517.075239][T10840] bond62 (unregistering): Released all slaves [ 1517.115929][T10832] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1517.200644][T10850] syzkaller1: entered promiscuous mode [ 1517.207351][T10850] syzkaller1: entered allmulticast mode [ 1517.221139][T10832] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1517.478264][T10855] netlink: 120 bytes leftover after parsing attributes in process `syz.2.11215'. [ 1517.480900][T18557] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1517.549674][T18561] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1517.616326][T18557] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1517.715909][T18559] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1518.013923][T10870] netlink: 'syz.0.11220': attribute type 16 has an invalid length. [ 1518.088556][T10870] netlink: 'syz.0.11220': attribute type 17 has an invalid length. [ 1518.155170][T10870] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1518.634952][T10888] netlink: 'syz.4.11226': attribute type 1 has an invalid length. [ 1518.663923][T10888] netlink: 224 bytes leftover after parsing attributes in process `syz.4.11226'. [ 1518.888312][T10896] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11228'. [ 1519.177747][T10908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11232'. [ 1519.493355][T10923] netlink: 'syz.0.11235': attribute type 1 has an invalid length. [ 1519.608697][T10926] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11235'. [ 1519.650711][T10929] netlink: 68 bytes leftover after parsing attributes in process `syz.4.11238'. [ 1519.725582][T10929] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11238'. [ 1519.771960][T10923] bond65: entered promiscuous mode [ 1519.804913][T10923] 8021q: adding VLAN 0 to HW filter on device bond65 [ 1519.865877][T10926] bond65: entered allmulticast mode [ 1519.954095][T10943] netlink: 'syz.1.11239': attribute type 32 has an invalid length. [ 1519.972410][T10943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11239'. [ 1520.032767][T10938] bond65: (slave bridge29): making interface the new active one [ 1520.057691][T10938] bridge29: entered promiscuous mode [ 1520.082029][T10938] bridge29: entered allmulticast mode [ 1520.108157][T10938] bond65: (slave bridge29): Enslaving as an active interface with an up link [ 1520.239021][T10943] bond52: option coupled_control: invalid value (10) [ 1520.511797][T10943] bond52 (unregistering): Released all slaves [ 1520.696511][T10962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11246'. [ 1521.451277][T10992] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1521.666781][T10999] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1522.146839][T11013] __nla_validate_parse: 3 callbacks suppressed [ 1522.146859][T11013] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11266'. [ 1522.293017][T11023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11268'. [ 1522.304658][T11018] lo speed is unknown, defaulting to 1000 [ 1522.368120][T11023] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11268'. [ 1522.384204][T11030] sctp: [Deprecated]: syz.3.11269 (pid 11030) Use of int in maxseg socket option. [ 1522.384204][T11030] Use struct sctp_assoc_value instead [ 1522.467118][ T6331] lec:lec_start_xmit: lec0:No lecd attached [ 1522.525800][T11032] netlink: 'syz.0.11270': attribute type 16 has an invalid length. [ 1522.571110][T11032] netlink: 'syz.0.11270': attribute type 17 has an invalid length. [ 1522.688078][T11032] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1522.950668][T11044] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11273'. [ 1523.235586][T11055] netlink: 'syz.0.11277': attribute type 1 has an invalid length. [ 1523.281748][T11055] netlink: 224 bytes leftover after parsing attributes in process `syz.0.11277'. [ 1523.561563][T11069] netlink: 'syz.3.11279': attribute type 2 has an invalid length. [ 1523.651486][T11018] hsr0 speed is unknown, defaulting to 1000 [ 1523.683215][T11018] lo speed is unknown, defaulting to 1000 [ 1523.872249][T11073] netlink: 'syz.0.11281': attribute type 1 has an invalid length. [ 1524.106138][T11073] 8021q: adding VLAN 0 to HW filter on device bond66 [ 1524.205424][T11081] tipc: Enabling of bearer rejected, already enabled [ 1524.308001][ T1735] block nbd0: Possible stuck request ffff888026e38000: control (read@0,1024B). Runtime 1050 seconds [ 1524.321278][ T1735] block nbd0: Possible stuck request ffff888026e38200: control (read@1024,1024B). Runtime 1050 seconds [ 1524.336761][ T1735] block nbd0: Possible stuck request ffff888026e38400: control (read@2048,1024B). Runtime 1050 seconds [ 1524.348213][ T1735] block nbd0: Possible stuck request ffff888026e38600: control (read@3072,1024B). Runtime 1050 seconds [ 1524.472307][T11093] netlink: 'syz.3.11286': attribute type 1 has an invalid length. [ 1524.539699][T11098] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11286'. [ 1524.773948][T11093] bond88: entered promiscuous mode [ 1524.794088][T11093] 8021q: adding VLAN 0 to HW filter on device bond88 [ 1524.830803][T11098] bond88: entered allmulticast mode [ 1525.596407][T11110] bond88: (slave bridge26): making interface the new active one [ 1525.666511][T11110] bridge26: entered promiscuous mode [ 1525.681702][T11110] bridge26: entered allmulticast mode [ 1525.698868][T11110] bond88: (slave bridge26): Enslaving as an active interface with an up link [ 1525.936315][T11125] netlink: 'syz.3.11294': attribute type 16 has an invalid length. [ 1525.964106][T11125] netlink: 'syz.3.11294': attribute type 17 has an invalid length. [ 1525.980319][T11126] netlink: 88 bytes leftover after parsing attributes in process `syz.1.11292'. [ 1526.787670][T11125] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1527.031616][T11139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11297'. [ 1527.061059][T11139] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11297'. [ 1527.102025][T11139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11297'. [ 1527.166096][T11139] netlink: 'syz.0.11297': attribute type 5 has an invalid length. [ 1527.548652][T11154] netlink: 'syz.3.11302': attribute type 16 has an invalid length. [ 1527.577055][T11154] netlink: 'syz.3.11302': attribute type 17 has an invalid length. [ 1527.733816][T11154] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1527.981349][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5510 ms [ 1527.989439][ C1] lec:lec_tx_timeout: lec0 [ 1528.263815][T11168] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.398719][T11169] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.415552][T11140] lo speed is unknown, defaulting to 1000 [ 1528.479294][T11174] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11310'. [ 1528.533546][T11168] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.641082][T11169] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.695127][T11168] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.853457][T11169] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1528.975789][T11181] netlink: 'syz.2.11312': attribute type 1 has an invalid length. [ 1528.996068][T11169] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1529.079083][T11168] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1529.114437][T11181] IPVS: Unknown mcast interface: vcan0 [ 1529.144454][T11140] hsr0 speed is unknown, defaulting to 1000 [ 1529.176239][T11140] lo speed is unknown, defaulting to 1000 [ 1529.297602][T18557] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.469106][T18557] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.503862][T18557] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.637501][T18557] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.656307][T18557] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.686780][T18557] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.816707][T18565] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1529.834840][T18565] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1530.133311][T11206] netlink: 88 bytes leftover after parsing attributes in process `syz.1.11322'. [ 1530.431085][T11228] FAULT_INJECTION: forcing a failure. [ 1530.431085][T11228] name failslab, interval 1, probability 0, space 0, times 0 [ 1530.481706][T11229] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11327'. [ 1530.534548][T11228] CPU: 1 UID: 0 PID: 11228 Comm: syz.2.11328 Not tainted syzkaller #0 PREEMPT(full) [ 1530.534576][T11228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1530.534589][T11228] Call Trace: [ 1530.534598][T11228] [ 1530.534607][T11228] dump_stack_lvl+0xe8/0x150 [ 1530.534639][T11228] should_fail_ex+0x412/0x560 [ 1530.534693][T11228] should_failslab+0xa8/0x100 [ 1530.534723][T11228] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1530.534747][T11228] ? __alloc_skb+0x186/0x7d0 [ 1530.534771][T11228] ? __alloc_skb+0x1d0/0x7d0 [ 1530.534794][T11228] ? __local_bh_enable_ip+0xd0/0x130 [ 1530.534827][T11228] __alloc_skb+0x1d0/0x7d0 [ 1530.534851][T11228] ? netlink_ack_tlv_len+0x6c/0x210 [ 1530.534878][T11228] netlink_ack+0x146/0xa50 [ 1530.534904][T11228] ? __pfx___up_read+0x10/0x10 [ 1530.534936][T11228] rdma_nl_rcv+0x3f1/0xa10 [ 1530.534970][T11228] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 1530.534991][T11228] ? __netlink_lookup+0x7e4/0x8b0 [ 1530.535034][T11228] ? netlink_deliver_tap+0x2e/0x1b0 [ 1530.535066][T11228] netlink_unicast+0x80f/0x9b0 [ 1530.535096][T11228] ? __pfx_netlink_unicast+0x10/0x10 [ 1530.535118][T11228] ? netlink_sendmsg+0x650/0xb40 [ 1530.535140][T11228] ? skb_put+0x11b/0x210 [ 1530.535169][T11228] netlink_sendmsg+0x813/0xb40 [ 1530.535202][T11228] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1530.535229][T11228] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1530.535264][T11228] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1530.535291][T11228] ____sys_sendmsg+0x972/0x9f0 [ 1530.535329][T11228] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1530.535401][T11228] ? import_iovec+0x73/0xa0 [ 1530.535431][T11228] ___sys_sendmsg+0x2a5/0x360 [ 1530.535465][T11228] ? __pfx____sys_sendmsg+0x10/0x10 [ 1530.535531][T11228] ? __fget_files+0x2a/0x420 [ 1530.535549][T11228] ? __fget_files+0x3a0/0x420 [ 1530.535579][T11228] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1530.535610][T11228] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1530.535650][T11228] ? __pfx_ksys_write+0x10/0x10 [ 1530.535686][T11228] do_syscall_64+0x14d/0xf80 [ 1530.535712][T11228] ? trace_irq_disable+0x3b/0x150 [ 1530.535730][T11228] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1530.535751][T11228] ? clear_bhb_loop+0x40/0x90 [ 1530.535777][T11228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1530.535797][T11228] RIP: 0033:0x7ff0ba79c819 [ 1530.535817][T11228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1530.535836][T11228] RSP: 002b:00007ff0bb6e9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1530.535858][T11228] RAX: ffffffffffffffda RBX: 00007ff0baa15fa0 RCX: 00007ff0ba79c819 [ 1530.535874][T11228] RDX: 0000000000000004 RSI: 00002000000005c0 RDI: 0000000000000003 [ 1530.535887][T11228] RBP: 00007ff0bb6e9090 R08: 0000000000000000 R09: 0000000000000000 [ 1530.535901][T11228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1530.535913][T11228] R13: 00007ff0baa16038 R14: 00007ff0baa15fa0 R15: 00007fff2a085b98 [ 1530.535945][T11228] [ 1530.987586][T11229] 8021q: adding VLAN 0 to HW filter on device bond67 [ 1531.413175][T11236] bond64: (slave dummy0): Releasing backup interface [ 1531.541750][T11252] netlink: 'syz.2.11334': attribute type 4 has an invalid length. [ 1531.609571][T11236] bond67: (slave dummy0): Enslaving as an active interface with an up link [ 1531.680899][T11256] sit5: entered promiscuous mode [ 1531.900511][T11265] netlink: 164 bytes leftover after parsing attributes in process `syz.2.11338'. [ 1532.024867][T11269] netlink: 'syz.3.11340': attribute type 1 has an invalid length. [ 1532.074963][T11269] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11340'. [ 1532.146861][T11273] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11342'. [ 1532.208275][T11273] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11342'. [ 1532.227498][T11281] x_tables: duplicate underflow at hook 2 [ 1532.452421][T11288] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11346'. [ 1532.492515][T11288] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11346'. [ 1532.523152][T11290] FAULT_INJECTION: forcing a failure. [ 1532.523152][T11290] name failslab, interval 1, probability 0, space 0, times 0 [ 1532.591666][T11290] CPU: 1 UID: 0 PID: 11290 Comm: syz.3.11348 Not tainted syzkaller #0 PREEMPT(full) [ 1532.591694][T11290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1532.591708][T11290] Call Trace: [ 1532.591717][T11290] [ 1532.591726][T11290] dump_stack_lvl+0xe8/0x150 [ 1532.591761][T11290] should_fail_ex+0x412/0x560 [ 1532.591812][T11290] should_failslab+0xa8/0x100 [ 1532.591842][T11290] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1532.591866][T11290] ? __alloc_skb+0x186/0x7d0 [ 1532.591890][T11290] ? __alloc_skb+0x1d0/0x7d0 [ 1532.591911][T11290] ? __local_bh_enable_ip+0xd0/0x130 [ 1532.591943][T11290] __alloc_skb+0x1d0/0x7d0 [ 1532.591973][T11290] netlink_sendmsg+0x5d4/0xb40 [ 1532.592007][T11290] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1532.592035][T11290] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1532.592068][T11290] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1532.592097][T11290] ____sys_sendmsg+0x972/0x9f0 [ 1532.592135][T11290] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1532.592172][T11290] ? import_iovec+0x73/0xa0 [ 1532.592201][T11290] ___sys_sendmsg+0x2a5/0x360 [ 1532.592235][T11290] ? __pfx____sys_sendmsg+0x10/0x10 [ 1532.592300][T11290] ? __fget_files+0x2a/0x420 [ 1532.592319][T11290] ? __fget_files+0x3a0/0x420 [ 1532.592349][T11290] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1532.592379][T11290] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1532.592418][T11290] ? __pfx_ksys_write+0x10/0x10 [ 1532.592462][T11290] do_syscall_64+0x14d/0xf80 [ 1532.592487][T11290] ? trace_irq_disable+0x3b/0x150 [ 1532.592506][T11290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1532.592527][T11290] ? clear_bhb_loop+0x40/0x90 [ 1532.592552][T11290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1532.592573][T11290] RIP: 0033:0x7f111a19c819 [ 1532.592592][T11290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1532.592610][T11290] RSP: 002b:00007f111afc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1532.592632][T11290] RAX: ffffffffffffffda RBX: 00007f111a415fa0 RCX: 00007f111a19c819 [ 1532.592647][T11290] RDX: 000000002400c810 RSI: 0000200000000b00 RDI: 0000000000000003 [ 1532.592678][T11290] RBP: 00007f111afc3090 R08: 0000000000000000 R09: 0000000000000000 [ 1532.592691][T11290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1532.592702][T11290] R13: 00007f111a416038 R14: 00007f111a415fa0 R15: 00007ffd498e8ca8 [ 1532.592733][T11290] [ 1533.121893][T11301] netlink: 164 bytes leftover after parsing attributes in process `syz.4.11352'. [ 1533.423505][T11314] netlink: 'syz.4.11355': attribute type 1 has an invalid length. [ 1533.464647][T11312] syzkaller1: entered promiscuous mode [ 1533.470294][T11312] syzkaller1: entered allmulticast mode [ 1533.550671][T11321] __nla_validate_parse: 1 callbacks suppressed [ 1533.550691][T11321] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11357'. [ 1533.599176][T11314] 8021q: adding VLAN 0 to HW filter on device bond54 [ 1533.684288][T11303] syzkaller1: entered promiscuous mode [ 1533.689828][T11303] syzkaller1: entered allmulticast mode [ 1533.781715][T11328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11358'. [ 1533.811492][T11328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11358'. [ 1533.894997][T11332] sch_tbf: burst 372 is lower than device ip6tnl0 mtu (1280) ! [ 1534.117357][T11339] netlink: 'syz.4.11361': attribute type 1 has an invalid length. [ 1534.135822][T11339] netlink: 224 bytes leftover after parsing attributes in process `syz.4.11361'. [ 1534.386770][T11348] syzkaller1: entered promiscuous mode [ 1534.408553][T11348] syzkaller1: entered allmulticast mode [ 1534.556210][T11356] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11368'. [ 1534.736461][T11362] netlink: 'syz.3.11370': attribute type 10 has an invalid length. [ 1534.755131][T11364] netlink: 'syz.1.11371': attribute type 1 has an invalid length. [ 1534.852229][T11362] bond78: (slave dummy0): Releasing backup interface [ 1534.966769][T11362] team0: Port device dummy0 added [ 1535.067219][T11364] 8021q: adding VLAN 0 to HW filter on device bond52 [ 1535.079472][T11375] netlink: 'syz.4.11372': attribute type 16 has an invalid length. [ 1535.103333][T11375] netlink: 'syz.4.11372': attribute type 17 has an invalid length. [ 1535.164064][T11376] netlink: 36 bytes leftover after parsing attributes in process `syz.0.11373'. [ 1535.256119][T11375] 8021q: adding VLAN 0 to HW filter on device .` [ 1535.297616][T11375] 8021q: adding VLAN 0 to HW filter on device team0 [ 1535.317555][T11380] netlink: 'syz.1.11374': attribute type 1 has an invalid length. [ 1535.335551][T11375] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1535.984754][T11404] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 1536.165359][T11408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11383'. [ 1537.705083][T11459] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11397'. [ 1537.743470][T11459] netlink: 92 bytes leftover after parsing attributes in process `syz.0.11397'. [ 1538.190239][T11484] netlink: 'syz.2.11399': attribute type 1 has an invalid length. [ 1538.271268][T11484] netlink: 224 bytes leftover after parsing attributes in process `syz.2.11399'. [ 1540.188807][T11497] netlink: 'syz.0.11402': attribute type 1 has an invalid length. [ 1540.241041][T11497] 8021q: adding VLAN 0 to HW filter on device bond68 [ 1540.262701][T11501] netlink: 56 bytes leftover after parsing attributes in process `syz.0.11402'. [ 1541.359055][T11531] netlink: 68 bytes leftover after parsing attributes in process `syz.3.11409'. [ 1541.407611][T11531] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11409'. [ 1541.740785][T11549] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11412'. [ 1541.774108][T11550] netlink: 'syz.3.11413': attribute type 1 has an invalid length. [ 1541.782235][T11550] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11413'. [ 1542.533006][T11580] netlink: 'syz.1.11424': attribute type 32 has an invalid length. [ 1542.581420][T11580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11424'. [ 1542.731669][T11580] bond53: option coupled_control: invalid value (10) [ 1542.744803][T11580] bond53 (unregistering): Released all slaves [ 1543.295521][T11608] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11432'. [ 1543.519894][T11615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11434'. [ 1543.944144][T11625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11436'. [ 1544.139141][T11632] bridge0: port 3(erspan0) entered disabled state [ 1544.205112][T11636] FAULT_INJECTION: forcing a failure. [ 1544.205112][T11636] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.247213][T11632] netlink: 'syz.2.11440': attribute type 16 has an invalid length. [ 1544.261490][T11636] CPU: 0 UID: 0 PID: 11636 Comm: syz.0.11441 Not tainted syzkaller #0 PREEMPT(full) [ 1544.261519][T11636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1544.261533][T11636] Call Trace: [ 1544.261543][T11636] [ 1544.261559][T11636] dump_stack_lvl+0xe8/0x150 [ 1544.261596][T11636] should_fail_ex+0x412/0x560 [ 1544.261636][T11636] should_failslab+0xa8/0x100 [ 1544.261663][T11636] ? skb_clone+0x212/0x3a0 [ 1544.261693][T11636] kmem_cache_alloc_noprof+0x87/0x650 [ 1544.261726][T11636] skb_clone+0x212/0x3a0 [ 1544.261759][T11636] __netlink_deliver_tap+0x404/0x850 [ 1544.261800][T11636] ? netlink_deliver_tap+0x2e/0x1b0 [ 1544.261827][T11636] netlink_deliver_tap+0x19c/0x1b0 [ 1544.261853][T11636] netlink_sendskb+0x68/0x140 [ 1544.261888][T11636] netlink_unicast+0x3a3/0x9b0 [ 1544.261920][T11636] ? __pfx_netlink_unicast+0x10/0x10 [ 1544.261952][T11636] netlink_rcv_skb+0x2b6/0x4b0 [ 1544.261978][T11636] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1544.262005][T11636] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1544.262042][T11636] ? netlink_deliver_tap+0x2e/0x1b0 [ 1544.262075][T11636] netlink_unicast+0x80f/0x9b0 [ 1544.262107][T11636] ? __pfx_netlink_unicast+0x10/0x10 [ 1544.262131][T11636] ? netlink_sendmsg+0x650/0xb40 [ 1544.262153][T11636] ? skb_put+0x11b/0x210 [ 1544.262184][T11636] netlink_sendmsg+0x813/0xb40 [ 1544.262220][T11636] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1544.262249][T11636] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1544.262284][T11636] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1544.262315][T11636] ____sys_sendmsg+0x972/0x9f0 [ 1544.262355][T11636] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1544.262396][T11636] ? import_iovec+0x73/0xa0 [ 1544.262426][T11636] ___sys_sendmsg+0x2a5/0x360 [ 1544.262461][T11636] ? __pfx____sys_sendmsg+0x10/0x10 [ 1544.262536][T11636] ? __fget_files+0x2a/0x420 [ 1544.262563][T11636] ? __fget_files+0x3a0/0x420 [ 1544.262595][T11636] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1544.262628][T11636] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1544.262677][T11636] ? __pfx_ksys_write+0x10/0x10 [ 1544.262712][T11636] do_syscall_64+0x14d/0xf80 [ 1544.262737][T11636] ? trace_irq_disable+0x3b/0x150 [ 1544.262754][T11636] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1544.262775][T11636] ? clear_bhb_loop+0x40/0x90 [ 1544.262800][T11636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1544.262820][T11636] RIP: 0033:0x7fd03279c819 [ 1544.262838][T11636] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1544.262855][T11636] RSP: 002b:00007fd03360d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1544.262875][T11636] RAX: ffffffffffffffda RBX: 00007fd032a15fa0 RCX: 00007fd03279c819 [ 1544.262890][T11636] RDX: 000000002400c810 RSI: 0000200000000b00 RDI: 0000000000000003 [ 1544.262903][T11636] RBP: 00007fd03360d090 R08: 0000000000000000 R09: 0000000000000000 [ 1544.262915][T11636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1544.262927][T11636] R13: 00007fd032a16038 R14: 00007fd032a15fa0 R15: 00007fff4dae4808 [ 1544.262978][T11636] [ 1544.573064][T11632] netlink: 'syz.2.11440': attribute type 17 has an invalid length. [ 1544.604634][T11632] bridge0: port 3(erspan0) entered blocking state [ 1544.611253][T11632] bridge0: port 3(erspan0) entered forwarding state [ 1544.743109][T11632] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1546.066436][ T1303] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 1546.086141][ T1303] lec:lec_start_xmit: lec0:No lecd attached [ 1546.249674][T11608] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1546.551632][T11656] sch_tbf: peakrate 32768 is lower than or equals to rate 3019887682285241779 ! [ 1546.606754][T11661] netlink: 'syz.1.11449': attribute type 32 has an invalid length. [ 1546.641469][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11449'. [ 1546.766320][T11661] bond53: option coupled_control: invalid value (10) [ 1546.843166][T11661] bond53 (unregistering): Released all slaves [ 1546.900461][T11669] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11452'. [ 1546.935855][T11669] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11452'. [ 1547.046043][T11675] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11455'. [ 1547.114655][T11677] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11456'. [ 1547.363281][T11689] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1547.451188][T11696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11460'. [ 1547.534780][T11684] syzkaller1: entered promiscuous mode [ 1547.540361][T11684] syzkaller1: entered allmulticast mode [ 1547.609075][T11689] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1547.789804][T11689] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1547.974372][T11711] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11466'. [ 1547.992987][T11689] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1548.141061][T11719] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1548.222270][T11727] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11470'. [ 1548.310237][T11729] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11471'. [ 1548.387433][T18558] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.445431][T11734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11473'. [ 1548.464890][T18557] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.549445][T11739] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1548.558717][T18557] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.588190][T11734] veth0_to_hsr: Caught tx_queue_len zero misconfig [ 1548.656668][T18557] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1549.032547][T11758] netlink: 'syz.0.11478': attribute type 16 has an invalid length. [ 1549.083216][T11758] netlink: 'syz.0.11478': attribute type 17 has an invalid length. [ 1549.094648][T11759] netlink: 'syz.4.11482': attribute type 1 has an invalid length. [ 1549.229957][T11770] netlink: 'syz.2.11479': attribute type 10 has an invalid length. [ 1549.247509][T11759] 8021q: adding VLAN 0 to HW filter on device bond55 [ 1549.308496][T11758] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1549.403994][T11770] bridge0: port 3(erspan0) entered disabled state [ 1549.430287][T11770] bridge0: port 3(erspan0) entered blocking state [ 1549.436958][T11770] bridge0: port 3(erspan0) entered forwarding state [ 1549.475051][T11770] bridge0: entered promiscuous mode [ 1549.603559][T11770] bridge0: port 3(erspan0) entered disabled state [ 1549.658136][T11777] 8021q: adding VLAN 0 to HW filter on device bond89 [ 1549.695052][T11783] netlink: 'syz.0.11487': attribute type 1 has an invalid length. [ 1549.713394][T11781] team0: Port device dummy0 removed [ 1549.749095][T11781] bond89: (slave dummy0): Enslaving as an active interface with an up link [ 1550.243961][T11794] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1550.529222][T11794] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1550.754454][T11815] vxcan5: entered promiscuous mode [ 1550.819713][T11794] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1550.907636][T11820] netlink: 'syz.1.11498': attribute type 1 has an invalid length. [ 1550.994189][T11794] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1551.102124][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 1551.110204][ C1] lec:lec_tx_timeout: lec0 [ 1551.247995][T18557] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1551.416672][T18557] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1551.435807][T18557] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1551.543893][T18561] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1551.612990][T11846] netlink: 'syz.1.11507': attribute type 7 has an invalid length. [ 1551.819752][T11852] lo speed is unknown, defaulting to 1000 [ 1552.015758][T11866] __nla_validate_parse: 13 callbacks suppressed [ 1552.015778][T11866] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11516'. [ 1552.284651][T11881] netlink: 36 bytes leftover after parsing attributes in process `syz.4.11522'. [ 1552.553413][T11884] syzkaller1: entered promiscuous mode [ 1552.602773][T11884] syzkaller1: entered allmulticast mode [ 1552.703811][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11527'. [ 1552.752272][T11852] hsr0 speed is unknown, defaulting to 1000 [ 1552.777828][T11852] lo speed is unknown, defaulting to 1000 [ 1553.003402][T11906] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11530'. [ 1553.027559][T11911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1553.043519][T11901] netlink: 'syz.2.11529': attribute type 4 has an invalid length. [ 1553.109457][T11904] netlink: 'syz.2.11529': attribute type 4 has an invalid length. [ 1553.236849][T11918] netlink: 'syz.0.11533': attribute type 32 has an invalid length. [ 1553.263227][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11533'. [ 1553.334714][T11918] bond69: option coupled_control: invalid value (10) [ 1553.373309][T11918] bond69 (unregistering): Released all slaves [ 1553.630331][T11924] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11535'. [ 1553.757856][T11927] tipc: Enabled bearer , priority 0 [ 1553.773063][T11927] syzkaller0: entered promiscuous mode [ 1553.778697][T11927] syzkaller0: entered allmulticast mode [ 1553.908210][T11927] tipc: Resetting bearer [ 1553.917951][T11925] tipc: Resetting bearer [ 1553.984854][T11925] tipc: Disabling bearer [ 1554.395742][ T1735] block nbd0: Possible stuck request ffff888026e38000: control (read@0,1024B). Runtime 1080 seconds [ 1554.411394][ T1735] block nbd0: Possible stuck request ffff888026e38200: control (read@1024,1024B). Runtime 1080 seconds [ 1554.423424][ T1735] block nbd0: Possible stuck request ffff888026e38400: control (read@2048,1024B). Runtime 1080 seconds [ 1554.434916][ T1735] block nbd0: Possible stuck request ffff888026e38600: control (read@3072,1024B). Runtime 1080 seconds [ 1554.690703][T11944] netlink: 'syz.4.11543': attribute type 16 has an invalid length. [ 1554.719822][T11944] netlink: 'syz.4.11543': attribute type 17 has an invalid length. [ 1554.889663][T11944] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1555.075700][T11955] netlink: 'syz.0.11545': attribute type 8 has an invalid length. [ 1555.332604][T11964] netlink: 132 bytes leftover after parsing attributes in process `syz.4.11547'. [ 1555.653262][T11976] netlink: 'syz.1.11551': attribute type 32 has an invalid length. [ 1555.661225][T11976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11551'. [ 1555.800212][T11976] bond53: option coupled_control: invalid value (10) [ 1555.912203][T11976] bond53 (unregistering): Released all slaves [ 1556.005951][T11986] netlink: 'syz.0.11555': attribute type 2 has an invalid length. [ 1556.033382][T11986] úÁàél24): entered promiscuous mode [ 1556.147209][T11990] netlink: 68 bytes leftover after parsing attributes in process `syz.0.11557'. [ 1556.184624][T11990] netlink: 44 bytes leftover after parsing attributes in process `syz.0.11557'. [ 1556.465119][T11999] netlink: 'syz.0.11559': attribute type 16 has an invalid length. [ 1556.535415][T12002] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1556.544676][T11999] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1556.854527][T12000] syzkaller1: entered promiscuous mode [ 1556.860218][T12000] syzkaller1: entered allmulticast mode [ 1557.131040][T12020] __nla_validate_parse: 1 callbacks suppressed [ 1557.131062][T12020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11567'. [ 1557.218042][T12020] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11567'. [ 1557.241351][T12020] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11567'. [ 1557.612773][T12041] validate_nla: 1 callbacks suppressed [ 1557.612792][T12041] netlink: 'syz.3.11574': attribute type 4 has an invalid length. [ 1557.856793][T12049] FAULT_INJECTION: forcing a failure. [ 1557.856793][T12049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1557.891227][T12049] CPU: 1 UID: 0 PID: 12049 Comm: syz.4.11577 Not tainted syzkaller #0 PREEMPT(full) [ 1557.891275][T12049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1557.891289][T12049] Call Trace: [ 1557.891298][T12049] [ 1557.891307][T12049] dump_stack_lvl+0xe8/0x150 [ 1557.891343][T12049] should_fail_ex+0x412/0x560 [ 1557.891386][T12049] _copy_to_user+0x31/0xb0 [ 1557.891413][T12049] bpf_test_finish+0x22c/0x6b0 [ 1557.891440][T12049] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1557.891484][T12049] ? __pfx_bpf_test_finish+0x10/0x10 [ 1557.891515][T12049] ? _copy_from_user+0x94/0xb0 [ 1557.891540][T12049] ? bpf_test_init+0x113/0x150 [ 1557.891564][T12049] bpf_prog_test_run_xdp+0x8fa/0x1160 [ 1557.891607][T12049] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1557.891637][T12049] ? __fget_files+0x2a/0x420 [ 1557.891663][T12049] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1557.891688][T12049] bpf_prog_test_run+0x2c7/0x340 [ 1557.891715][T12049] __sys_bpf+0x643/0x950 [ 1557.891738][T12049] ? __pfx___sys_bpf+0x10/0x10 [ 1557.891776][T12049] ? ksys_write+0x242/0x270 [ 1557.891803][T12049] ? __pfx_ksys_write+0x10/0x10 [ 1557.891836][T12049] __x64_sys_bpf+0x7c/0x90 [ 1557.891867][T12049] do_syscall_64+0x14d/0xf80 [ 1557.891894][T12049] ? trace_irq_disable+0x3b/0x150 [ 1557.891912][T12049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1557.891934][T12049] ? clear_bhb_loop+0x40/0x90 [ 1557.891960][T12049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1557.891982][T12049] RIP: 0033:0x7f2aba59c819 [ 1557.892002][T12049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1557.892021][T12049] RSP: 002b:00007f2abb4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1557.892042][T12049] RAX: ffffffffffffffda RBX: 00007f2aba815fa0 RCX: 00007f2aba59c819 [ 1557.892057][T12049] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 1557.892070][T12049] RBP: 00007f2abb4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 1557.892083][T12049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1557.892095][T12049] R13: 00007f2aba816038 R14: 00007f2aba815fa0 R15: 00007ffde5d63578 [ 1557.892130][T12049] [ 1558.476041][T12055] netlink: 176 bytes leftover after parsing attributes in process `syz.4.11578'. [ 1558.508385][T12055] x_tables: duplicate entry at hook 3 [ 1558.523974][T12056] netlink: 'syz.0.11579': attribute type 1 has an invalid length. [ 1558.586946][T12058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11580'. [ 1558.767762][T12056] 8021q: adding VLAN 0 to HW filter on device bond69 [ 1558.858175][T12059] bond69: (slave geneve7): making interface the new active one [ 1558.895586][T12059] bond69: (slave geneve7): Enslaving as an active interface with an up link [ 1558.918193][ T8252] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1558.950765][ T8252] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1558.980391][ T8252] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1559.125341][ T8252] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1559.380678][T12086] netlink: 'syz.1.11585': attribute type 32 has an invalid length. [ 1559.436497][T12086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11585'. [ 1559.643270][T12086] bond53: option coupled_control: invalid value (10) [ 1559.709343][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11587'. [ 1559.719798][T12086] bond53 (unregistering): Released all slaves [ 1560.117441][T12111] geneve0: entered promiscuous mode [ 1560.124866][T12111] geneve0: entered allmulticast mode [ 1560.135992][T12098] dummy0: entered promiscuous mode [ 1560.141150][T12098] dummy0: entered allmulticast mode [ 1560.201911][T18558] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1560.263656][T18558] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1560.291386][T18558] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1560.321507][T18558] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1560.507673][T12120] syzkaller1: entered promiscuous mode [ 1560.513594][T12120] syzkaller1: entered allmulticast mode [ 1560.706158][T12124] netlink: 49 bytes leftover after parsing attributes in process `syz.3.11595'. [ 1560.741538][T12124] netlink: 140 bytes leftover after parsing attributes in process `syz.3.11595'. [ 1560.784203][T12124] netlink: 49 bytes leftover after parsing attributes in process `syz.3.11595'. [ 1561.272884][T12152] ip6tnl0: Caught tx_queue_len zero misconfig [ 1561.289562][T12152] netem: change failed [ 1561.599579][T12162] syzkaller1: entered promiscuous mode [ 1561.613159][T12162] syzkaller1: entered allmulticast mode [ 1561.885694][T12171] team_slave_1: Caught tx_queue_len zero misconfig [ 1561.909336][T12177] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1561.945988][T12178] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1562.108938][T12186] syzkaller1: entered promiscuous mode [ 1562.141442][T12186] syzkaller1: entered allmulticast mode [ 1562.174461][T12182] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11612'. [ 1562.187096][T12182] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11612'. [ 1562.220332][T12182] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11612'. [ 1562.648969][T12205] netlink: 1 bytes leftover after parsing attributes in process `syz.4.11622'. [ 1562.696971][T12215] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11619'. [ 1563.422661][T12247] netlink: 68 bytes leftover after parsing attributes in process `syz.3.11633'. [ 1563.497668][T12247] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11633'. [ 1563.738672][T12258] netlink: 332 bytes leftover after parsing attributes in process `syz.4.11628'. [ 1563.747958][T12258] netlink: 'syz.4.11628': attribute type 9 has an invalid length. [ 1563.758130][T12258] netlink: 108 bytes leftover after parsing attributes in process `syz.4.11628'. [ 1563.791624][T12258] netlink: 32 bytes leftover after parsing attributes in process `syz.4.11628'. [ 1563.908245][T12266] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1564.286115][T12274] syzkaller1: entered promiscuous mode [ 1564.292728][T12274] syzkaller1: entered allmulticast mode [ 1564.865378][T12301] netlink: 'syz.3.11650': attribute type 1 has an invalid length. [ 1565.098334][T12301] bond90: entered promiscuous mode [ 1565.148156][T12301] 8021q: adding VLAN 0 to HW filter on device bond90 [ 1565.155906][T12307] bond90: entered allmulticast mode [ 1565.361143][T12308] macsec0: left allmulticast mode [ 1566.127437][T12301] bond90: (slave bridge27): making interface the new active one [ 1566.142726][T12301] bridge27: entered promiscuous mode [ 1566.162091][T12301] bridge27: entered allmulticast mode [ 1566.179490][T12301] bond90: (slave bridge27): Enslaving as an active interface with an up link [ 1566.438677][T12328] netlink: 'syz.4.11659': attribute type 1 has an invalid length. [ 1566.532938][T12334] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1566.704784][T12328] 8021q: adding VLAN 0 to HW filter on device bond56 [ 1566.817949][T12345] syzkaller1: entered promiscuous mode [ 1566.823597][T12345] syzkaller1: entered allmulticast mode [ 1567.148748][T12350] lo speed is unknown, defaulting to 1000 [ 1567.357550][T12364] netlink: 'syz.0.11669': attribute type 1 has an invalid length. [ 1567.368458][T12365] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1567.405749][T12364] __nla_validate_parse: 7 callbacks suppressed [ 1567.405765][T12364] netlink: 224 bytes leftover after parsing attributes in process `syz.0.11669'. [ 1567.477459][T12368] netlink: 'syz.3.11670': attribute type 10 has an invalid length. [ 1567.991795][T12388] netlink: 88 bytes leftover after parsing attributes in process `syz.3.11673'. [ 1568.200199][T12350] hsr0 speed is unknown, defaulting to 1000 [ 1568.690205][T12350] lo speed is unknown, defaulting to 1000 [ 1568.710458][T12398] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11677'. [ 1568.771495][T12399] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11677'. [ 1569.037553][T12415] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1569.486493][T12431] netlink: 104 bytes leftover after parsing attributes in process `syz.3.11684'. [ 1569.550393][T12434] netlink: 'syz.3.11684': attribute type 1 has an invalid length. [ 1569.560217][T12434] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11684'. [ 1569.805690][T12437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11685'. [ 1569.882529][T12437] 8021q: adding VLAN 0 to HW filter on device bond62 [ 1569.946049][T12439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11686'. [ 1570.645909][T12470] netlink: 'syz.2.11694': attribute type 58 has an invalid length. [ 1570.696016][T12470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11694'. [ 1570.780366][T12474] netlink: 'syz.1.11696': attribute type 13 has an invalid length. [ 1570.937617][T12461] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1570.944942][T12461] IPv6: NLM_F_CREATE should be set when creating new route [ 1570.952351][T12461] IPv6: NLM_F_CREATE should be set when creating new route [ 1571.254462][T12484] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1571.288879][T12474] erspan0: refused to change device tx_queue_len [ 1571.297583][T12474] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1571.379577][T12479] bond53: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1571.438771][T12479] bond53 (unregistering): Released all slaves [ 1571.467449][ T1220] lo speed is unknown, defaulting to 1000 [ 1571.473952][ T1220] syz0: Port: 1 Link DOWN [ 1571.686833][ T1220] lo speed is unknown, defaulting to 1000 [ 1571.696928][T12489] netlink: 'syz.3.11698': attribute type 11 has an invalid length. [ 1571.774160][T12489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11698'. [ 1571.916123][T12495] 8021q: adding VLAN 0 to HW filter on device bond70 [ 1572.174284][T12498] bond67: (slave dummy0): Releasing backup interface [ 1572.230601][T12498] bond70: (slave dummy0): Enslaving as an active interface with an up link [ 1572.246725][T12514] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 1572.888290][T12539] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1573.030627][T12545] netlink: 'syz.2.11713': attribute type 5 has an invalid length. [ 1573.067192][T12545] __nla_validate_parse: 4 callbacks suppressed [ 1573.067212][T12545] netlink: 140 bytes leftover after parsing attributes in process `syz.2.11713'. [ 1573.125395][T12545] netlink: 56 bytes leftover after parsing attributes in process `syz.2.11713'. [ 1573.247760][T12550] netlink: 480 bytes leftover after parsing attributes in process `syz.3.11714'. [ 1574.106843][T12591] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1574.606811][T12611] netlink: 68 bytes leftover after parsing attributes in process `syz.4.11733'. [ 1574.673824][T12611] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11733'. [ 1574.835765][T12609] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11732'. [ 1575.069159][T12624] netlink: 68 bytes leftover after parsing attributes in process `syz.2.11735'. [ 1575.128066][T12620] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 1575.278152][T12618] 8021q: adding VLAN 0 to HW filter on device macvlan27 [ 1575.611512][T12639] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1576.640969][T12671] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11751'. [ 1576.661940][T12676] netlink: 'syz.4.11752': attribute type 11 has an invalid length. [ 1576.985586][T12684] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1577.056116][T12682] netlink: 104 bytes leftover after parsing attributes in process `syz.0.11755'. [ 1577.407124][T12696] netlink: 'syz.4.11759': attribute type 13 has an invalid length. [ 1577.415331][T12696] netlink: 'syz.4.11759': attribute type 17 has an invalid length. [ 1577.477148][T12696] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1577.591941][T12704] openvswitch: netlink: IP tunnel dst address not specified [ 1578.285929][T12726] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1579.022631][T12740] tipc: Enabling of bearer rejected, already enabled [ 1579.479232][T12744] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11776'. [ 1579.665851][T12767] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11781'. [ 1579.760871][T12773] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11783'. [ 1580.101949][T12782] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1580.755091][T12803] netlink: 'syz.0.11793': attribute type 12 has an invalid length. [ 1580.765334][T12807] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11795'. [ 1580.774579][T12803] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11793'. [ 1580.774600][T12803] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11793'. [ 1580.916193][T12817] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11799'. [ 1580.953846][T12817] netlink: 'syz.3.11799': attribute type 7 has an invalid length. [ 1580.976885][T12815] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1580.984967][T12817] netlink: 'syz.3.11799': attribute type 8 has an invalid length. [ 1581.004026][T12817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11799'. [ 1581.331518][T12825] netlink: 'syz.3.11805': attribute type 1 has an invalid length. [ 1581.361404][T12825] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11805'. [ 1581.511990][T12831] netlink: 'syz.4.11806': attribute type 32 has an invalid length. [ 1581.540355][T12831] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11806'. [ 1581.650261][T12840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1581.677310][T12840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1581.693232][T12840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1581.704005][T12840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1581.713484][T12831] bond57: option coupled_control: invalid value (10) [ 1581.720449][T12840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1581.789299][T12831] bond57 (unregistering): Released all slaves [ 1581.848913][T25928] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1581.857849][T25928] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1581.865734][T25928] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1581.879432][T25928] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1581.887555][T25928] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1582.106378][T12836] bond71: option fail_over_mac: invalid value (127) [ 1582.175495][T12836] bond71 (unregistering): Released all slaves [ 1582.363401][T12838] lo speed is unknown, defaulting to 1000 [ 1582.870629][T12873] netlink: 'syz.2.11815': attribute type 1 has an invalid length. [ 1582.897423][T12874] netlink: 'syz.4.11816': attribute type 83 has an invalid length. [ 1582.993294][T12873] 8021q: adding VLAN 0 to HW filter on device bond63 [ 1583.036309][T12876] bond63: (slave gretap0): making interface the new active one [ 1583.067931][T12876] bond63: (slave gretap0): Enslaving as an active interface with an up link [ 1583.114430][T12882] netlink: 'syz.0.11817': attribute type 16 has an invalid length. [ 1583.157405][T12882] netlink: 'syz.0.11817': attribute type 17 has an invalid length. [ 1583.313455][T12879] veth65: entered allmulticast mode [ 1583.328388][T12879] bond57: (slave veth65): Enslaving as an active interface with an up link [ 1583.421822][T12881] bond57 (unregistering): (slave veth65): Releasing backup interface [ 1583.437751][T12881] bond57 (unregistering): Released all slaves [ 1583.454600][T12887] netlink: 'syz.2.11819': attribute type 2 has an invalid length. [ 1583.473930][T12887] netlink: 'syz.2.11819': attribute type 1 has an invalid length. [ 1583.510980][T12838] hsr0 speed is unknown, defaulting to 1000 [ 1583.522208][T12882] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1583.541374][T12888] netlink: 'syz.2.11819': attribute type 2 has an invalid length. [ 1583.566609][T12888] netlink: 'syz.2.11819': attribute type 1 has an invalid length. [ 1583.586965][T12887] xt_nfacct: accounting object `syz0' does not exist [ 1583.594500][T12838] lo speed is unknown, defaulting to 1000 [ 1583.901415][T12840] Bluetooth: hci5: command tx timeout [ 1584.084844][T12909] netlink: 'syz.4.11825': attribute type 1 has an invalid length. [ 1584.303943][T12909] bond57: entered promiscuous mode [ 1584.338129][T12909] 8021q: adding VLAN 0 to HW filter on device bond57 [ 1584.374883][T12911] bond57: entered allmulticast mode [ 1584.488072][ T1735] block nbd0: Possible stuck request ffff888026e38000: control (read@0,1024B). Runtime 1110 seconds [ 1584.499268][ T1735] block nbd0: Possible stuck request ffff888026e38200: control (read@1024,1024B). Runtime 1110 seconds [ 1584.510617][ T1735] block nbd0: Possible stuck request ffff888026e38400: control (read@2048,1024B). Runtime 1110 seconds [ 1584.522073][ T1735] block nbd0: Possible stuck request ffff888026e38600: control (read@3072,1024B). Runtime 1110 seconds [ 1584.691838][T12909] bond57: (slave bridge27): making interface the new active one [ 1584.713798][T12909] bridge27: entered promiscuous mode [ 1584.734120][T12909] bridge27: entered allmulticast mode [ 1584.742149][T12909] bond57: (slave bridge27): Enslaving as an active interface with an up link [ 1584.899217][T12926] __nla_validate_parse: 7 callbacks suppressed [ 1584.899238][T12926] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11830'. [ 1585.047733][T12935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11833'. [ 1585.549336][T12838] chnl_net:caif_netlink_parms(): no params data found [ 1585.674021][ T30] audit: type=1107 audit(1775700241.979:8): pid=12952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1585.758203][T12957] netlink: 'syz.3.11841': attribute type 1 has an invalid length. [ 1585.846410][T12965] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11841'. [ 1585.953109][T12957] bond91: entered promiscuous mode [ 1585.968947][T12957] 8021q: adding VLAN 0 to HW filter on device bond91 [ 1585.981900][T12840] Bluetooth: hci5: command tx timeout [ 1586.082476][T12965] bond91: entered allmulticast mode [ 1586.234258][T12968] bond91: (slave bridge28): making interface the new active one [ 1586.250270][T12968] bridge28: entered promiscuous mode [ 1586.256215][T12968] bridge28: entered allmulticast mode [ 1586.266313][T12968] bond91: (slave bridge28): Enslaving as an active interface with an up link [ 1586.349911][T12838] bridge0: port 1(bridge_slave_0) entered blocking state [ 1586.377934][T12838] bridge0: port 1(bridge_slave_0) entered disabled state [ 1586.408478][T12838] bridge_slave_0: entered allmulticast mode [ 1586.442398][ T6331] lec:lec_start_xmit: lec0:No lecd attached [ 1586.463603][T12838] bridge_slave_0: entered promiscuous mode [ 1586.510542][T12838] bridge0: port 2(bridge_slave_1) entered blocking state [ 1586.543240][T12838] bridge0: port 2(bridge_slave_1) entered disabled state [ 1586.546866][T12982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11846'. [ 1586.551152][T12838] bridge_slave_1: entered allmulticast mode [ 1586.633525][T12838] bridge_slave_1: entered promiscuous mode [ 1586.720462][T12982] bond71: option coupled_control: invalid value (10) [ 1586.745747][T12982] bond71 (unregistering): Released all slaves [ 1586.965631][T12997] 8021q: adding VLAN 0 to HW filter on device bond92 [ 1587.010595][T12838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1587.074093][T13000] bond92: (slave geneve6): making interface the new active one [ 1587.111773][T13000] bond92: (slave geneve6): Enslaving as an active interface with an up link [ 1587.164075][T12838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1587.239641][T18561] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.264560][T18561] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.312228][T13007] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11852'. [ 1587.451823][T13007] 8021q: adding VLAN 0 to HW filter on device bond58 [ 1587.460489][T18561] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.491755][T18561] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.534364][T12838] team0: Port device team_slave_0 added [ 1587.599734][T13021] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11856'. [ 1587.613982][T12838] team0: Port device team_slave_1 added [ 1587.655202][T13025] FAULT_INJECTION: forcing a failure. [ 1587.655202][T13025] name failslab, interval 1, probability 0, space 0, times 0 [ 1587.701396][T13025] CPU: 1 UID: 0 PID: 13025 Comm: syz.0.11858 Not tainted syzkaller #0 PREEMPT(full) [ 1587.701421][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1587.701434][T13025] Call Trace: [ 1587.701442][T13025] [ 1587.701451][T13025] dump_stack_lvl+0xe8/0x150 [ 1587.701502][T13025] should_fail_ex+0x412/0x560 [ 1587.701541][T13025] should_failslab+0xa8/0x100 [ 1587.701568][T13025] ? skb_clone+0x212/0x3a0 [ 1587.701597][T13025] kmem_cache_alloc_noprof+0x87/0x650 [ 1587.701620][T13025] ? __netlink_lookup+0xc6/0x8b0 [ 1587.701652][T13025] skb_clone+0x212/0x3a0 [ 1587.701686][T13025] __netlink_deliver_tap+0x404/0x850 [ 1587.701722][T13025] ? netlink_deliver_tap+0x2e/0x1b0 [ 1587.701748][T13025] netlink_deliver_tap+0x19c/0x1b0 [ 1587.701773][T13025] netlink_unicast+0x7e3/0x9b0 [ 1587.701803][T13025] ? __pfx_netlink_unicast+0x10/0x10 [ 1587.701826][T13025] ? netlink_sendmsg+0x650/0xb40 [ 1587.701848][T13025] ? skb_put+0x11b/0x210 [ 1587.701878][T13025] netlink_sendmsg+0x813/0xb40 [ 1587.701919][T13025] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1587.701948][T13025] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1587.701982][T13025] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1587.702011][T13025] ____sys_sendmsg+0x972/0x9f0 [ 1587.702049][T13025] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1587.702089][T13025] ? import_iovec+0x73/0xa0 [ 1587.702135][T13025] ___sys_sendmsg+0x2a5/0x360 [ 1587.702171][T13025] ? __pfx____sys_sendmsg+0x10/0x10 [ 1587.702241][T13025] ? __fget_files+0x2a/0x420 [ 1587.702260][T13025] ? __fget_files+0x3a0/0x420 [ 1587.702292][T13025] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1587.702326][T13025] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1587.702367][T13025] ? __pfx_ksys_write+0x10/0x10 [ 1587.702406][T13025] do_syscall_64+0x14d/0xf80 [ 1587.702440][T13025] ? trace_irq_disable+0x3b/0x150 [ 1587.702459][T13025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1587.702482][T13025] ? clear_bhb_loop+0x40/0x90 [ 1587.702508][T13025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1587.702530][T13025] RIP: 0033:0x7fd03279c819 [ 1587.702550][T13025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1587.702569][T13025] RSP: 002b:00007fd03360d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1587.702604][T13025] RAX: ffffffffffffffda RBX: 00007fd032a15fa0 RCX: 00007fd03279c819 [ 1587.702620][T13025] RDX: 000000002400c040 RSI: 00002000000004c0 RDI: 0000000000000003 [ 1587.702634][T13025] RBP: 00007fd03360d090 R08: 0000000000000000 R09: 0000000000000000 [ 1587.702647][T13025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1587.702671][T13025] R13: 00007fd032a16038 R14: 00007fd032a15fa0 R15: 00007fff4dae4808 [ 1587.702703][T13025] [ 1587.887017][T12838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1588.080821][T12840] Bluetooth: hci5: command tx timeout [ 1588.161340][T12838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1588.273650][T12838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1588.317281][T12838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1588.332067][T12838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1588.421488][T12838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1588.676167][T12838] hsr_slave_0: entered promiscuous mode [ 1588.722730][T12838] hsr_slave_1: entered promiscuous mode [ 1588.764370][T13054] netlink: 68 bytes leftover after parsing attributes in process `syz.3.11868'. [ 1588.782205][T13056] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11869'. [ 1588.822452][T13054] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11868'. [ 1588.927275][T13062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11870'. [ 1589.030033][T13062] 8021q: adding VLAN 0 to HW filter on device bond64 [ 1589.295336][T12838] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1589.516355][T12838] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1589.752946][T12838] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1589.945822][T12838] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1590.144385][T12840] Bluetooth: hci5: command tx timeout [ 1590.393981][T13110] __nla_validate_parse: 1 callbacks suppressed [ 1590.394002][T13110] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11886'. [ 1590.436333][T13111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11885'. [ 1590.527118][T13110] 8021q: adding VLAN 0 to HW filter on device bond59 [ 1590.753566][T12838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1590.787357][T12838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1591.021325][T12838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1591.179146][T12838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1591.326214][T13151] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1591.434488][T13165] FAULT_INJECTION: forcing a failure. [ 1591.434488][T13165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1591.501791][T13165] CPU: 1 UID: 0 PID: 13165 Comm: syz.2.11892 Not tainted syzkaller #0 PREEMPT(full) [ 1591.501819][T13165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1591.501833][T13165] Call Trace: [ 1591.501842][T13165] [ 1591.501851][T13165] dump_stack_lvl+0xe8/0x150 [ 1591.501889][T13165] should_fail_ex+0x412/0x560 [ 1591.501928][T13165] _copy_from_user+0x2d/0xb0 [ 1591.501955][T13165] kstrtouint_from_user+0xd6/0x180 [ 1591.501992][T13165] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1591.502045][T13165] proc_fail_nth_write+0x8e/0x210 [ 1591.502078][T13165] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1591.502116][T13165] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1591.502150][T13165] vfs_write+0x29a/0xb90 [ 1591.502185][T13165] ? __pfx_vfs_write+0x10/0x10 [ 1591.502212][T13165] ? __fget_files+0x2a/0x420 [ 1591.502236][T13165] ? __fget_files+0x3a0/0x420 [ 1591.502255][T13165] ? __fget_files+0x2a/0x420 [ 1591.502285][T13165] ksys_write+0x150/0x270 [ 1591.502312][T13165] ? __pfx_ksys_write+0x10/0x10 [ 1591.502357][T13165] do_syscall_64+0x14d/0xf80 [ 1591.502384][T13165] ? trace_irq_disable+0x3b/0x150 [ 1591.502403][T13165] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1591.502425][T13165] ? clear_bhb_loop+0x40/0x90 [ 1591.502453][T13165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1591.502474][T13165] RIP: 0033:0x7ff0ba75d04e [ 1591.502494][T13165] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1591.502513][T13165] RSP: 002b:00007ff0bb6e8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1591.502536][T13165] RAX: ffffffffffffffda RBX: 00007ff0bb6e96c0 RCX: 00007ff0ba75d04e [ 1591.502552][T13165] RDX: 0000000000000001 RSI: 00007ff0bb6e90a0 RDI: 0000000000000004 [ 1591.502565][T13165] RBP: 00007ff0bb6e9090 R08: 0000000000000000 R09: 0000000000000000 [ 1591.502580][T13165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1591.502593][T13165] R13: 00007ff0baa16038 R14: 00007ff0baa15fa0 R15: 00007fff2a085b98 [ 1591.502629][T13165] [ 1591.764443][T12838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1591.981302][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5540 ms [ 1591.989356][ C1] lec:lec_tx_timeout: lec0 [ 1591.996169][T12838] 8021q: adding VLAN 0 to HW filter on device team0 [ 1592.064693][T18566] bridge0: port 1(bridge_slave_0) entered blocking state [ 1592.071933][T18566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1592.123677][T18566] bridge0: port 2(bridge_slave_1) entered blocking state [ 1592.130978][T18566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1592.353392][T13180] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1592.581094][T13192] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11901'. [ 1592.670734][T13180] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1592.802746][T13180] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1592.962132][T13180] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1593.046168][T13205] FAULT_INJECTION: forcing a failure. [ 1593.046168][T13205] name failslab, interval 1, probability 0, space 0, times 0 [ 1593.078559][T13205] CPU: 1 UID: 0 PID: 13205 Comm: syz.2.11906 Not tainted syzkaller #0 PREEMPT(full) [ 1593.078587][T13205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1593.078601][T13205] Call Trace: [ 1593.078610][T13205] [ 1593.078624][T13205] dump_stack_lvl+0xe8/0x150 [ 1593.078660][T13205] should_fail_ex+0x412/0x560 [ 1593.078699][T13205] should_failslab+0xa8/0x100 [ 1593.078730][T13205] __kvmalloc_node_noprof+0x178/0x8a0 [ 1593.078755][T13205] ? is_bpf_text_address+0x26/0x2b0 [ 1593.078778][T13205] ? bpf_test_run_xdp_live+0x1f2/0x1cf0 [ 1593.078813][T13205] bpf_test_run_xdp_live+0x1f2/0x1cf0 [ 1593.078836][T13205] ? arch_stack_walk+0xfb/0x150 [ 1593.078884][T13205] ? __pfx_stack_trace_save+0x10/0x10 [ 1593.078910][T13205] ? stack_depot_save_flags+0x33/0x810 [ 1593.078952][T13205] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 1593.078976][T13205] ? bpf_test_init+0x9f/0x150 [ 1593.078995][T13205] ? bpf_prog_test_run_xdp+0x529/0x1160 [ 1593.079018][T13205] ? bpf_prog_test_run+0x2c7/0x340 [ 1593.079039][T13205] ? __sys_bpf+0x643/0x950 [ 1593.079056][T13205] ? __x64_sys_bpf+0x7c/0x90 [ 1593.079136][T13205] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1593.079173][T13205] ? _copy_from_user+0x94/0xb0 [ 1593.079206][T13205] ? bpf_test_init+0x113/0x150 [ 1593.079227][T13205] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1593.079254][T13205] bpf_prog_test_run_xdp+0x81c/0x1160 [ 1593.079295][T13205] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1593.079326][T13205] ? __fget_files+0x2a/0x420 [ 1593.079352][T13205] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1593.079377][T13205] bpf_prog_test_run+0x2c7/0x340 [ 1593.079404][T13205] __sys_bpf+0x643/0x950 [ 1593.079427][T13205] ? __pfx___sys_bpf+0x10/0x10 [ 1593.079465][T13205] ? ksys_write+0x242/0x270 [ 1593.079492][T13205] ? __pfx_ksys_write+0x10/0x10 [ 1593.079524][T13205] __x64_sys_bpf+0x7c/0x90 [ 1593.079556][T13205] do_syscall_64+0x14d/0xf80 [ 1593.079584][T13205] ? trace_irq_disable+0x3b/0x150 [ 1593.079602][T13205] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1593.079624][T13205] ? clear_bhb_loop+0x40/0x90 [ 1593.079651][T13205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1593.079673][T13205] RIP: 0033:0x7ff0ba79c819 [ 1593.079693][T13205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1593.079711][T13205] RSP: 002b:00007ff0bb6e9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1593.079734][T13205] RAX: ffffffffffffffda RBX: 00007ff0baa15fa0 RCX: 00007ff0ba79c819 [ 1593.079749][T13205] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 1593.079764][T13205] RBP: 00007ff0bb6e9090 R08: 0000000000000000 R09: 0000000000000000 [ 1593.079791][T13205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1593.079803][T13205] R13: 00007ff0baa16038 R14: 00007ff0baa15fa0 R15: 00007fff2a085b98 [ 1593.079837][T13205] [ 1594.102404][T11481] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1594.128617][T13225] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11913'. [ 1594.248013][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11912'. [ 1594.443716][T13239] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11915'. [ 1594.526215][T12838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1594.552953][T18566] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1594.561608][T18566] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1594.570054][T18566] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1594.591547][T18566] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1594.625500][T13239] macvlan28: entered allmulticast mode [ 1594.631003][T13239] bridge0: entered allmulticast mode [ 1594.658810][T13239] bridge0: port 4(macvlan28) entered blocking state [ 1594.671913][T13239] bridge0: port 4(macvlan28) entered disabled state [ 1594.721505][T13239] bridge0: left allmulticast mode [ 1594.730725][T13243] validate_nla: 3 callbacks suppressed [ 1594.730744][T13243] netlink: 'syz.0.11916': attribute type 1 has an invalid length. [ 1594.772094][T18566] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1594.780495][T18566] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1594.836471][T18566] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1594.845187][T18566] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1594.924738][T13243] 8021q: adding VLAN 0 to HW filter on device bond71 [ 1595.043500][T13244] bond71: (slave geneve8): making interface the new active one [ 1595.083926][T13244] bond71: (slave geneve8): Enslaving as an active interface with an up link [ 1595.149216][T18566] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.209672][T18566] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.254381][T11481] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.315213][T11481] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.380035][T13256] FAULT_INJECTION: forcing a failure. [ 1595.380035][T13256] name failslab, interval 1, probability 0, space 0, times 0 [ 1595.393970][T13256] CPU: 1 UID: 0 PID: 13256 Comm: syz.3.11918 Not tainted syzkaller #0 PREEMPT(full) [ 1595.393995][T13256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1595.394021][T13256] Call Trace: [ 1595.394029][T13256] [ 1595.394037][T13256] dump_stack_lvl+0xe8/0x150 [ 1595.394070][T13256] should_fail_ex+0x412/0x560 [ 1595.394105][T13256] should_failslab+0xa8/0x100 [ 1595.394133][T13256] __kmalloc_cache_node_noprof+0x8a/0x6b0 [ 1595.394157][T13256] ? trace_kmalloc+0x2a/0x110 [ 1595.394176][T13256] ? page_pool_create_percpu+0x76/0xb80 [ 1595.394209][T13256] page_pool_create_percpu+0x76/0xb80 [ 1595.394238][T13256] ? __kvmalloc_node_noprof+0x393/0x8a0 [ 1595.394267][T13256] bpf_test_run_xdp_live+0x23d/0x1cf0 [ 1595.394288][T13256] ? arch_stack_walk+0xfb/0x150 [ 1595.394331][T13256] ? __pfx_stack_trace_save+0x10/0x10 [ 1595.394373][T13256] ? stack_depot_save_flags+0x33/0x810 [ 1595.394414][T13256] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 1595.394436][T13256] ? bpf_test_init+0x9f/0x150 [ 1595.394455][T13256] ? bpf_prog_test_run_xdp+0x529/0x1160 [ 1595.394476][T13256] ? bpf_prog_test_run+0x2c7/0x340 [ 1595.394496][T13256] ? __sys_bpf+0x643/0x950 [ 1595.394513][T13256] ? __x64_sys_bpf+0x7c/0x90 [ 1595.394588][T13256] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1595.394624][T13256] ? _copy_from_user+0x94/0xb0 [ 1595.394653][T13256] ? bpf_test_init+0x113/0x150 [ 1595.394672][T13256] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1595.394698][T13256] bpf_prog_test_run_xdp+0x81c/0x1160 [ 1595.394737][T13256] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1595.394767][T13256] ? __fget_files+0x2a/0x420 [ 1595.394792][T13256] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1595.394816][T13256] bpf_prog_test_run+0x2c7/0x340 [ 1595.394841][T13256] __sys_bpf+0x643/0x950 [ 1595.394864][T13256] ? __pfx___sys_bpf+0x10/0x10 [ 1595.394901][T13256] ? ksys_write+0x242/0x270 [ 1595.394926][T13256] ? __pfx_ksys_write+0x10/0x10 [ 1595.394958][T13256] __x64_sys_bpf+0x7c/0x90 [ 1595.394988][T13256] do_syscall_64+0x14d/0xf80 [ 1595.395021][T13256] ? trace_irq_disable+0x3b/0x150 [ 1595.395040][T13256] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.395061][T13256] ? clear_bhb_loop+0x40/0x90 [ 1595.395086][T13256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.395107][T13256] RIP: 0033:0x7f111a19c819 [ 1595.395127][T13256] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1595.395144][T13256] RSP: 002b:00007f111afc3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1595.395166][T13256] RAX: ffffffffffffffda RBX: 00007f111a415fa0 RCX: 00007f111a19c819 [ 1595.395182][T13256] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 1595.395196][T13256] RBP: 00007f111afc3090 R08: 0000000000000000 R09: 0000000000000000 [ 1595.395210][T13256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1595.395223][T13256] R13: 00007f111a416038 R14: 00007f111a415fa0 R15: 00007ffd498e8ca8 [ 1595.395257][T13256] [ 1595.415116][T11481] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.594690][ T30] audit: type=1107 audit(1775700251.839:9): pid=13254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1595.816338][T13262] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 1595.914811][T11481] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1595.950732][T13265] netlink: 'syz.0.11922': attribute type 10 has an invalid length. [ 1595.985882][T11481] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1596.082359][T12838] veth0_vlan: entered promiscuous mode [ 1596.102961][T13269] FAULT_INJECTION: forcing a failure. [ 1596.102961][T13269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1596.137697][T13267] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11923'. [ 1596.176350][T13269] CPU: 0 UID: 0 PID: 13269 Comm: syz.0.11924 Not tainted syzkaller #0 PREEMPT(full) [ 1596.176375][T13269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1596.176388][T13269] Call Trace: [ 1596.176396][T13269] [ 1596.176405][T13269] dump_stack_lvl+0xe8/0x150 [ 1596.176439][T13269] should_fail_ex+0x412/0x560 [ 1596.176474][T13269] _copy_from_user+0x2d/0xb0 [ 1596.176499][T13269] ___sys_sendmsg+0x1c6/0x360 [ 1596.176532][T13269] ? __pfx____sys_sendmsg+0x10/0x10 [ 1596.176594][T13269] ? __fget_files+0x2a/0x420 [ 1596.176612][T13269] ? __fget_files+0x3a0/0x420 [ 1596.176640][T13269] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1596.176669][T13269] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1596.176705][T13269] ? __pfx_ksys_write+0x10/0x10 [ 1596.176740][T13269] do_syscall_64+0x14d/0xf80 [ 1596.176765][T13269] ? trace_irq_disable+0x3b/0x150 [ 1596.176783][T13269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1596.176803][T13269] ? clear_bhb_loop+0x40/0x90 [ 1596.176827][T13269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1596.176846][T13269] RIP: 0033:0x7fd03279c819 [ 1596.176864][T13269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1596.176880][T13269] RSP: 002b:00007fd03360d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1596.176901][T13269] RAX: ffffffffffffffda RBX: 00007fd032a15fa0 RCX: 00007fd03279c819 [ 1596.176916][T13269] RDX: 000000002c000010 RSI: 0000200000000180 RDI: 0000000000000003 [ 1596.176929][T13269] RBP: 00007fd03360d090 R08: 0000000000000000 R09: 0000000000000000 [ 1596.176941][T13269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1596.176953][T13269] R13: 00007fd032a16038 R14: 00007fd032a15fa0 R15: 00007fff4dae4808 [ 1596.176985][T13269] [ 1596.572990][T12838] veth1_vlan: entered promiscuous mode [ 1596.795789][T12838] veth0_macvtap: entered promiscuous mode [ 1596.868560][T12838] veth1_macvtap: entered promiscuous mode [ 1596.896797][T13293] netlink: 'syz.4.11932': attribute type 1 has an invalid length. [ 1596.921958][T13293] netlink: 224 bytes leftover after parsing attributes in process `syz.4.11932'. [ 1597.100980][T13307] netlink: 52 bytes leftover after parsing attributes in process `syz.3.11934'. [ 1597.368883][T12838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1597.401520][T13315] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11935'. [ 1597.496637][T12838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1597.565936][T18565] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.576871][T18565] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.687577][T18565] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.712617][T18565] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1598.146534][T18554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1598.181335][T18554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1598.433123][T18565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1598.441166][T13351] tipc: Enabling of bearer rejected, failed to enable media [ 1598.464263][T18565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1598.736624][T13358] syzkaller0: entered promiscuous mode [ 1598.746577][T13362] openvswitch: netlink: ERSPAN option length err (len 4112, max 255). [ 1598.787700][T13358] syzkaller0: entered allmulticast mode [ 1599.062838][T25928] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1599.104860][T25928] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1599.113522][T25928] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1599.135190][T25928] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1599.152648][T25928] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1599.295407][T13376] macvtap1: entered promiscuous mode [ 1599.503135][T13373] lo speed is unknown, defaulting to 1000 [ 1599.634142][T13384] veth63: entered promiscuous mode [ 1599.639662][T13384] veth63: entered allmulticast mode [ 1600.238950][T13373] hsr0 speed is unknown, defaulting to 1000 [ 1600.297827][T13373] lo speed is unknown, defaulting to 1000 [ 1600.461851][T13415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11976'. [ 1600.805565][T12840] block nbd8: Receive control failed (result -1) [ 1601.057972][T13422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11978'. [ 1601.158572][T13373] [ 1601.160952][T13373] ====================================================== [ 1601.167991][T13373] WARNING: possible circular locking dependency detected [ 1601.175043][T13373] syzkaller #0 Not tainted [ 1601.179483][T13373] ------------------------------------------------------ [ 1601.186521][T13373] syz-executor/13373 is trying to acquire lock: [ 1601.192775][T13373] ffffffff8e883780 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x152/0x650 [ 1601.201969][T13373] [ 1601.201969][T13373] but task is already holding lock: [ 1601.209349][T13373] ffffffff8e85db68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x218/0x19c0 [ 1601.219036][T13373] [ 1601.219036][T13373] which lock already depends on the new lock. [ 1601.219036][T13373] [ 1601.229453][T13373] [ 1601.229453][T13373] the existing dependency chain (in reverse order) is: [ 1601.238473][T13373] [ 1601.238473][T13373] -> #7 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 1601.246224][T13373] __mutex_lock+0x19f/0x1300 [ 1601.251363][T13373] pcpu_alloc_noprof+0x218/0x19c0 [ 1601.256943][T13373] bpf_prog_alloc_no_stats+0x10e/0x4f0 [ 1601.262931][T13373] bpf_prog_alloc+0x3c/0x1a0 [ 1601.268058][T13373] __get_filter+0xff/0x400 [ 1601.273023][T13373] sk_reuseport_attach_filter+0x24/0x210 [ 1601.279191][T13373] sk_setsockopt+0x1eca/0x2e80 [ 1601.284494][T13373] do_sock_setsockopt+0x11b/0x1b0 [ 1601.290067][T13373] __x64_sys_setsockopt+0x13d/0x1b0 [ 1601.295797][T13373] do_syscall_64+0x14d/0xf80 [ 1601.300925][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1601.307345][T13373] [ 1601.307345][T13373] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 1601.315119][T13373] lock_sock_nested+0x41/0x100 [ 1601.320439][T13373] inet_shutdown+0x6a/0x390 [ 1601.325487][T13373] nbd_mark_nsock_dead+0x2e9/0x560 [ 1601.331133][T13373] recv_work+0x1c7f/0x1d90 [ 1601.336090][T13373] process_scheduled_works+0xb6e/0x18c0 [ 1601.342191][T13373] worker_thread+0xa53/0xfc0 [ 1601.347329][T13373] kthread+0x388/0x470 [ 1601.351926][T13373] ret_from_fork+0x51e/0xb90 [ 1601.357074][T13373] ret_from_fork_asm+0x1a/0x30 [ 1601.362401][T13373] [ 1601.362401][T13373] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 1601.370065][T13373] __mutex_lock+0x19f/0x1300 [ 1601.375195][T13373] nbd_queue_rq+0x37b/0x1100 [ 1601.380321][T13373] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 1601.386400][T13373] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 1601.393279][T13373] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 1601.399803][T13373] blk_mq_run_hw_queue+0x348/0x4f0 [ 1601.405448][T13373] blk_mq_dispatch_list+0xd16/0xe10 [ 1601.411179][T13373] blk_mq_flush_plug_list+0x48d/0x570 [ 1601.417082][T13373] __blk_flush_plug+0x3ed/0x4d0 [ 1601.422490][T13373] __submit_bio+0x28d/0x580 [ 1601.427549][T13373] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 1601.433748][T13373] block_read_full_folio+0x599/0x830 [ 1601.439586][T13373] filemap_read_folio+0x137/0x3b0 [ 1601.445163][T13373] do_read_cache_folio+0x358/0x590 [ 1601.450826][T13373] read_part_sector+0xb6/0x2b0 [ 1601.456127][T13373] adfspart_check_ICS+0xa5/0xa40 [ 1601.461607][T13373] bdev_disk_changed+0x7ba/0x1550 [ 1601.467216][T13373] blkdev_get_whole+0x380/0x510 [ 1601.472615][T13373] bdev_open+0x31e/0xd30 [ 1601.477432][T13373] blkdev_open+0x470/0x610 [ 1601.482414][T13373] do_dentry_open+0x785/0x14e0 [ 1601.487815][T13373] vfs_open+0x3b/0x340 [ 1601.492433][T13373] path_openat+0x2e08/0x3860 [ 1601.497565][T13373] do_file_open+0x23e/0x4a0 [ 1601.502606][T13373] do_sys_openat2+0x113/0x200 [ 1601.507946][T13373] __x64_sys_openat+0x138/0x170 [ 1601.513374][T13373] do_syscall_64+0x14d/0xf80 [ 1601.518503][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1601.524945][T13373] [ 1601.524945][T13373] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 1601.532176][T13373] __mutex_lock+0x19f/0x1300 [ 1601.537319][T13373] nbd_queue_rq+0xc6/0x1100 [ 1601.542357][T13373] blk_mq_dispatch_rq_list+0xa70/0x1910 [ 1601.548460][T13373] __blk_mq_sched_dispatch_requests+0xdcc/0x1600 [ 1601.555344][T13373] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 1601.561880][T13373] blk_mq_run_hw_queue+0x348/0x4f0 [ 1601.567543][T13373] blk_mq_dispatch_list+0xd16/0xe10 [ 1601.573297][T13373] blk_mq_flush_plug_list+0x48d/0x570 [ 1601.579307][T13373] __blk_flush_plug+0x3ed/0x4d0 [ 1601.584716][T13373] __submit_bio+0x28d/0x580 [ 1601.589765][T13373] submit_bio_noacct_nocheck+0x2f4/0xa70 [ 1601.595931][T13373] block_read_full_folio+0x599/0x830 [ 1601.601783][T13373] filemap_read_folio+0x137/0x3b0 [ 1601.607352][T13373] do_read_cache_folio+0x358/0x590 [ 1601.612999][T13373] read_part_sector+0xb6/0x2b0 [ 1601.618304][T13373] adfspart_check_ICS+0xa5/0xa40 [ 1601.623804][T13373] bdev_disk_changed+0x7ba/0x1550 [ 1601.629370][T13373] blkdev_get_whole+0x380/0x510 [ 1601.634761][T13373] bdev_open+0x31e/0xd30 [ 1601.639541][T13373] blkdev_open+0x470/0x610 [ 1601.644533][T13373] do_dentry_open+0x785/0x14e0 [ 1601.649846][T13373] vfs_open+0x3b/0x340 [ 1601.654454][T13373] path_openat+0x2e08/0x3860 [ 1601.659577][T13373] do_file_open+0x23e/0x4a0 [ 1601.664629][T13373] do_sys_openat2+0x113/0x200 [ 1601.669877][T13373] __x64_sys_openat+0x138/0x170 [ 1601.675272][T13373] do_syscall_64+0x14d/0xf80 [ 1601.680403][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1601.686830][T13373] [ 1601.686830][T13373] -> #3 (set->srcu){.+.+}-{0:0}: [ 1601.693980][T13373] __synchronize_srcu+0xca/0x300 [ 1601.699483][T13373] elevator_switch+0x1e8/0x7a0 [ 1601.704802][T13373] elevator_change+0x2cc/0x450 [ 1601.710115][T13373] elevator_set_default+0x36c/0x430 [ 1601.715848][T13373] blk_register_queue+0x366/0x430 [ 1601.721407][T13373] __add_disk+0x677/0xd50 [ 1601.726298][T13373] add_disk_fwnode+0xfb/0x480 [ 1601.731522][T13373] nbd_dev_add+0x72c/0xb50 [ 1601.736474][T13373] nbd_init+0x168/0x1f0 [ 1601.741163][T13373] do_one_initcall+0x250/0x8d0 [ 1601.746468][T13373] do_initcall_level+0x104/0x190 [ 1601.751959][T13373] do_initcalls+0x59/0xa0 [ 1601.756836][T13373] kernel_init_freeable+0x2a6/0x3e0 [ 1601.762577][T13373] kernel_init+0x1d/0x1d0 [ 1601.767454][T13373] ret_from_fork+0x51e/0xb90 [ 1601.772582][T13373] ret_from_fork_asm+0x1a/0x30 [ 1601.777916][T13373] [ 1601.777916][T13373] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 1601.785754][T13373] __mutex_lock+0x19f/0x1300 [ 1601.790883][T13373] elevator_change+0x1b3/0x450 [ 1601.796189][T13373] elevator_set_none+0xb5/0x140 [ 1601.801620][T13373] blk_mq_update_nr_hw_queues+0x5e7/0x1a60 [ 1601.807974][T13373] nbd_start_device+0x17f/0xb10 [ 1601.813368][T13373] nbd_genl_connect+0x165b/0x1cf0 [ 1601.818928][T13373] genl_family_rcv_msg_doit+0x22a/0x330 [ 1601.825022][T13373] genl_rcv_msg+0x61c/0x7a0 [ 1601.830073][T13373] netlink_rcv_skb+0x232/0x4b0 [ 1601.835372][T13373] genl_rcv+0x28/0x40 [ 1601.839893][T13373] netlink_unicast+0x80f/0x9b0 [ 1601.845211][T13373] netlink_sendmsg+0x813/0xb40 [ 1601.850513][T13373] ____sys_sendmsg+0x972/0x9f0 [ 1601.855821][T13373] ___sys_sendmsg+0x2a5/0x360 [ 1601.861041][T13373] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1601.866520][T13373] do_syscall_64+0x14d/0xf80 [ 1601.871651][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1601.878080][T13373] [ 1601.878080][T13373] -> #1 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 1601.886705][T13373] blk_alloc_queue+0x546/0x680 [ 1601.892015][T13373] __blk_mq_alloc_disk+0x197/0x390 [ 1601.897669][T13373] nbd_dev_add+0x499/0xb50 [ 1601.902633][T13373] nbd_init+0x168/0x1f0 [ 1601.907335][T13373] do_one_initcall+0x250/0x8d0 [ 1601.912648][T13373] do_initcall_level+0x104/0x190 [ 1601.918133][T13373] do_initcalls+0x59/0xa0 [ 1601.922995][T13373] kernel_init_freeable+0x2a6/0x3e0 [ 1601.928726][T13373] kernel_init+0x1d/0x1d0 [ 1601.933587][T13373] ret_from_fork+0x51e/0xb90 [ 1601.938710][T13373] ret_from_fork_asm+0x1a/0x30 [ 1601.944031][T13373] [ 1601.944031][T13373] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 1601.951261][T13373] __lock_acquire+0x15a5/0x2cf0 [ 1601.956658][T13373] lock_acquire+0xf0/0x2e0 [ 1601.961627][T13373] fs_reclaim_acquire+0x71/0x100 [ 1601.967101][T13373] prepare_alloc_pages+0x152/0x650 [ 1601.972757][T13373] __alloc_frozen_pages_noprof+0x12f/0x380 [ 1601.979109][T13373] __alloc_pages_noprof+0xa/0x30 [ 1601.984589][T13373] pcpu_populate_chunk+0x182/0xb30 [ 1601.990356][T13373] pcpu_alloc_noprof+0xc6c/0x19c0 [ 1601.995920][T13373] ipv6_add_dev+0x536/0x13a0 [ 1602.001141][T13373] addrconf_notify+0x771/0x1050 [ 1602.006530][T13373] notifier_call_chain+0x1be/0x400 [ 1602.012188][T13373] register_netdevice+0x173a/0x1cf0 [ 1602.017934][T13373] register_netdev+0x40/0x60 [ 1602.023077][T13373] sit_init_net+0x228/0x5d0 [ 1602.028118][T13373] ops_init+0x35c/0x5c0 [ 1602.032806][T13373] setup_net+0x118/0x340 [ 1602.037587][T13373] copy_net_ns+0x50e/0x730 [ 1602.042549][T13373] create_new_namespaces+0x3e7/0x6a0 [ 1602.048374][T13373] unshare_nsproxy_namespaces+0x11a/0x160 [ 1602.054629][T13373] ksys_unshare+0x51d/0x930 [ 1602.059673][T13373] __x64_sys_unshare+0x38/0x50 [ 1602.064997][T13373] do_syscall_64+0x14d/0xf80 [ 1602.070140][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.076665][T13373] [ 1602.076665][T13373] other info that might help us debug this: [ 1602.076665][T13373] [ 1602.086899][T13373] Chain exists of: [ 1602.086899][T13373] fs_reclaim --> sk_lock-AF_INET6 --> pcpu_alloc_mutex [ 1602.086899][T13373] [ 1602.099697][T13373] Possible unsafe locking scenario: [ 1602.099697][T13373] [ 1602.107155][T13373] CPU0 CPU1 [ 1602.112570][T13373] ---- ---- [ 1602.117957][T13373] lock(pcpu_alloc_mutex); [ 1602.122472][T13373] lock(sk_lock-AF_INET6); [ 1602.129511][T13373] lock(pcpu_alloc_mutex); [ 1602.136549][T13373] lock(fs_reclaim); [ 1602.140553][T13373] [ 1602.140553][T13373] *** DEADLOCK *** [ 1602.140553][T13373] [ 1602.148717][T13373] 3 locks held by syz-executor/13373: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1602.154098][T13373] #0: ffffffff8fbbbbb0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 [ 1602.163538][T13373] #1: ffffffff8fbca4c8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1602.172623][T13373] #2: ffffffff8e85db68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x218/0x19c0 [ 1602.182672][T13373] [ 1602.182672][T13373] stack backtrace: [ 1602.188575][T13373] CPU: 1 UID: 0 PID: 13373 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1602.188594][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1602.188604][T13373] Call Trace: [ 1602.188611][T13373] [ 1602.188619][T13373] dump_stack_lvl+0xe8/0x150 [ 1602.188643][T13373] print_circular_bug+0x2e1/0x300 [ 1602.188671][T13373] check_noncircular+0x12e/0x150 [ 1602.188699][T13373] __lock_acquire+0x15a5/0x2cf0 [ 1602.188733][T13373] ? __lock_acquire+0x6b5/0x2cf0 [ 1602.188759][T13373] lock_acquire+0xf0/0x2e0 [ 1602.188779][T13373] ? prepare_alloc_pages+0x152/0x650 [ 1602.188803][T13373] fs_reclaim_acquire+0x71/0x100 [ 1602.188822][T13373] ? prepare_alloc_pages+0x152/0x650 [ 1602.188841][T13373] prepare_alloc_pages+0x152/0x650 [ 1602.188864][T13373] __alloc_frozen_pages_noprof+0x12f/0x380 [ 1602.188887][T13373] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1602.188910][T13373] ? pcpu_block_update_hint_alloc+0x900/0xca0 [ 1602.188936][T13373] __alloc_pages_noprof+0xa/0x30 [ 1602.188955][T13373] pcpu_populate_chunk+0x182/0xb30 [ 1602.188977][T13373] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1602.189000][T13373] pcpu_alloc_noprof+0xc6c/0x19c0 [ 1602.189026][T13373] ipv6_add_dev+0x536/0x13a0 [ 1602.189053][T13373] addrconf_notify+0x771/0x1050 [ 1602.189072][T13373] notifier_call_chain+0x1be/0x400 [ 1602.189101][T13373] register_netdevice+0x173a/0x1cf0 [ 1602.189123][T13373] ? __mutex_lock+0x5ac/0x1300 [ 1602.189150][T13373] ? __pfx_register_netdevice+0x10/0x10 [ 1602.189177][T13373] ? alloc_netdev_mqs+0xe2a/0x11b0 [ 1602.189203][T13373] register_netdev+0x40/0x60 [ 1602.189226][T13373] sit_init_net+0x228/0x5d0 [ 1602.189244][T13373] ops_init+0x35c/0x5c0 [ 1602.189268][T13373] setup_net+0x118/0x340 [ 1602.189285][T13373] ? __pfx_setup_net+0x10/0x10 [ 1602.189304][T13373] ? preinit_net+0x47d/0x780 [ 1602.189321][T13373] copy_net_ns+0x50e/0x730 [ 1602.189340][T13373] create_new_namespaces+0x3e7/0x6a0 [ 1602.189362][T13373] ? security_capable+0x7e/0x2c0 [ 1602.189390][T13373] unshare_nsproxy_namespaces+0x11a/0x160 [ 1602.189413][T13373] ksys_unshare+0x51d/0x930 [ 1602.189437][T13373] ? fput_close_sync+0x11f/0x240 [ 1602.189477][T13373] ? __pfx_ksys_unshare+0x10/0x10 [ 1602.189505][T13373] __x64_sys_unshare+0x38/0x50 [ 1602.189518][T13373] do_syscall_64+0x14d/0xf80 [ 1602.189537][T13373] ? trace_irq_disable+0x3b/0x150 [ 1602.189550][T13373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.189565][T13373] ? clear_bhb_loop+0x40/0x90 [ 1602.189582][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.189616][T13373] RIP: 0033:0x7fde6d59dae7 [ 1602.189631][T13373] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1602.189646][T13373] RSP: 002b:00007ffc4127efd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 1602.189662][T13373] RAX: ffffffffffffffda RBX: 00007fde6d815f40 RCX: 00007fde6d59dae7 [ 1602.189674][T13373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1602.189685][T13373] RBP: 00007fde6d8167b8 R08: 0000000000000000 R09: 0000000000000000 [ 1602.189695][T13373] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 1602.189705][T13373] R13: 0000000000000003 R14: 00007ffc4127f218 R15: 0000000000000000 [ 1602.189729][T13373] [ 1602.815431][T12840] Bluetooth: hci1: command tx timeout [ 1603.583646][T18565] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1603.827215][T18565] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1603.896791][T18565] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1603.979805][T18565] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1604.141769][T18565] vlan2: left allmulticast mode [ 1604.147119][T18565] geneve0: left allmulticast mode [ 1604.155418][T18565] vlan2: left promiscuous mode [ 1604.160240][T18565] geneve0: left promiscuous mode [ 1604.166142][T18565] bridge0: port 3(vlan2) entered disabled state [ 1604.174373][T18565] bridge_slave_1: left allmulticast mode [ 1604.180045][T18565] bridge_slave_1: left promiscuous mode [ 1604.185791][T18565] bridge0: port 2(bridge_slave_1) entered disabled state [ 1604.210919][T18565] erspan0: left allmulticast mode [ 1604.216638][T18565] bridge9: port 1(erspan0) entered disabled state [ 1604.282246][T18565] bond3 (unregistering): (slave ip6erspan0): Releasing active interface [ 1604.327175][T18565] bond20 (unregistering): (slave ip6gretap2): Removing an active aggregator [ 1604.336663][T18565] bond20 (unregistering): (slave ip6gretap2): Releasing backup interface [ 1604.486000][T18565] batman_adv: batadv0: Removing interface: gretap1 [ 1604.532038][T18565] batman_adv: batadv0: Removing interface: gretap3 [ 1604.572561][T18565] bond15 (unregistering): (slave gretap4): Releasing active interface [ 1604.691683][T18565] bond71 (unregistering): (slave geneve8): Releasing active interface [ 1604.715821][T18565] bond69 (unregistering): (slave geneve7): Releasing active interface [ 1604.744143][T18565] bond28 (unregistering): (slave geneve4): Releasing active interface [ 1605.037156][T18565] bond10 (unregistering): (slave bridge3): Releasing backup interface [ 1605.115671][T18565] bond11 (unregistering): (slave bridge4): Releasing backup interface [ 1605.183929][T18565] bond12 (unregistering): (slave bridge5): Releasing backup interface [ 1605.284972][T18565] bond25 (unregistering): (slave bridge7): Releasing backup interface [ 1605.346623][T18565] bond27 (unregistering): (slave bridge8): Releasing backup interface [ 1605.556321][T18565] bond35 (unregistering): (slave bridge12): Releasing backup interface [ 1605.573129][T18565] bond35 (unregistering): (slave bridge12): the permanent HWaddr of slave - ca:65:a7:89:29:a8 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1605.669884][T18565] bond35 (unregistering): (slave bridge13): Releasing backup interface [ 1605.759137][T18565] bond37 (unregistering): (slave bridge14): Releasing backup interface [ 1605.821626][T18565] bond39 (unregistering): (slave bridge15): Releasing backup interface [ 1605.867847][T18565] bond40 (unregistering): (slave bridge16): Releasing backup interface [ 1605.925679][T18565] bond41 (unregistering): (slave bridge17): Releasing backup interface [ 1605.977218][T18565] bond43 (unregistering): (slave bridge18): Releasing backup interface [ 1606.017197][T18565] bond44 (unregistering): (slave bridge19): Releasing backup interface [ 1606.105996][T18565] bond45 (unregistering): (slave bridge20): Releasing backup interface [ 1606.222057][T18565] bond46 (unregistering): (slave bridge21): Releasing backup interface [ 1606.296340][T18565] bond55 (unregistering): (slave bridge22): Releasing backup interface [ 1606.367978][T18565] bond56 (unregistering): (slave bridge23): Releasing backup interface [ 1606.488301][T18565] bond59 (unregistering): (slave bridge25): Releasing backup interface [ 1606.511331][T18565] bridge25 (unregistering): left promiscuous mode [ 1606.517796][T18565] bridge25 (unregistering): left allmulticast mode [ 1606.585438][T18565] bond60 (unregistering): (slave bridge26): Releasing backup interface [ 1606.601360][T18565] bridge26 (unregistering): left promiscuous mode [ 1606.607832][T18565] bridge26 (unregistering): left allmulticast mode [ 1606.684897][T18565] bond62 (unregistering): (slave bridge27): Releasing backup interface [ 1606.705841][T18565] bridge27 (unregistering): left promiscuous mode [ 1606.722125][T18565] bridge27 (unregistering): left allmulticast mode [ 1606.838200][T18565] bond65 (unregistering): (slave bridge29): Releasing backup interface [ 1606.851327][T18565] bridge29 (unregistering): left promiscuous mode [ 1606.857813][T18565] bridge29 (unregistering): left allmulticast mode [ 1606.973409][T18565] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 1606.992214][T18565] bond_slave_0: left allmulticast mode [ 1607.002987][T18565] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 1607.023786][T18565] bond_slave_1: left allmulticast mode [ 1607.029533][T18565] .` (unregistering): Released all slaves [ 1607.054905][T18565] bond1 (unregistering): Released all slaves [ 1607.076449][T18565] bond2 (unregistering): Released all slaves [ 1607.096887][T18565] bond3 (unregistering): Released all slaves [ 1607.126537][T18565] bond4 (unregistering): Released all slaves [ 1607.149888][T18565] bond5 (unregistering): Released all slaves [ 1607.176510][T18565] bond6 (unregistering): Released all slaves [ 1607.198853][T18565] bond7 (unregistering): Released all slaves [ 1607.226540][T18565] bond8 (unregistering): Released all slaves [ 1607.261285][T18565] bond0 (unregistering): left promiscuous mode [ 1607.270368][T18565] bond0 (unregistering): Released all slaves [ 1607.296680][T18565] bond9 (unregistering): Released all slaves [ 1607.316511][T18565] bond10 (unregistering): Released all slaves [ 1607.346399][T18565] bond11 (unregistering): Released all slaves [ 1607.366724][T18565] bond12 (unregistering): Released all slaves [ 1607.392120][T18565] bond13 (unregistering): Released all slaves [ 1607.425444][T18565] bond14 (unregistering): Released all slaves [ 1607.452185][T18565] bond15 (unregistering): Released all slaves [ 1607.476118][T18565] bond16 (unregistering): Released all slaves [ 1607.504929][ T1303] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 1607.513541][T18565] bond17 (unregistering): Released all slaves [ 1607.518213][ T1303] lec:lec_start_xmit: lec0:No lecd attached [ 1607.546003][T18565] bond18 (unregistering): Released all slaves [ 1607.572350][T18565] bond19 (unregistering): Released all slaves [ 1607.596702][T18565] bond20 (unregistering): Released all slaves [ 1607.632085][T18565] bond21 (unregistering): Released all slaves [ 1607.653503][T18565] bond22 (unregistering): Released all slaves [ 1607.676035][T18565] bond23 (unregistering): Released all slaves [ 1607.696418][T18565] bond24 (unregistering): Released all slaves [ 1607.716303][T18565] bond25 (unregistering): Released all slaves [ 1607.740782][T18565] bond26 (unregistering): Released all slaves [ 1607.766780][T18565] bond27 (unregistering): Released all slaves [ 1607.796519][T18565] bond28 (unregistering): Released all slaves [ 1607.817070][T18565] bond29 (unregistering): Released all slaves [ 1607.840604][T18565] bond30 (unregistering): Released all slaves [ 1607.858895][T18565] bond31 (unregistering): Released all slaves [ 1607.874986][T18565] bond32 (unregistering): Released all slaves [ 1607.886801][T18565] bond33 (unregistering): Released all slaves [ 1607.899487][T18565] bond34 (unregistering): Released all slaves [ 1607.917831][T18565] bond35 (unregistering): Released all slaves [ 1607.929627][T18565] bond36 (unregistering): Released all slaves [ 1607.941445][T18565] bond37 (unregistering): Released all slaves [ 1607.957374][T18565] bond38 (unregistering): Released all slaves [ 1607.977416][T18565] bond39 (unregistering): Released all slaves [ 1607.993320][T18565] bond40 (unregistering): Released all slaves [ 1608.007321][T18565] bond41 (unregistering): Released all slaves [ 1608.022582][T18565] bond42 (unregistering): Released all slaves [ 1608.035910][T18565] bond43 (unregistering): Released all slaves [ 1608.052814][T18565] bond44 (unregistering): Released all slaves [ 1608.064366][T18565] bond45 (unregistering): Released all slaves [ 1608.085973][T18565] bond46 (unregistering): Released all slaves [ 1608.122094][T18565] bond47 (unregistering): Released all slaves [ 1608.142035][T18565] bond48 (unregistering): (slave veth61): Releasing active interface [ 1608.165402][T18565] bond48 (unregistering): Released all slaves [ 1608.186501][T18565] bond49 (unregistering): Released all slaves [ 1608.212172][T18565] bond50 (unregistering): Released all slaves [ 1608.233845][T18565] bond51 (unregistering): Released all slaves [ 1608.255421][T18565] bond52 (unregistering): Released all slaves [ 1608.278015][T18565] bond53 (unregistering): Released all slaves [ 1608.306429][T18565] bond54 (unregistering): Released all slaves [ 1608.331122][T18565] bond55 (unregistering): Released all slaves [ 1608.356643][T18565] bond56 (unregistering): Released all slaves [ 1608.382145][T18565] bond57 (unregistering): Released all slaves [ 1608.394236][T18565] bond58 (unregistering): Released all slaves [ 1608.406271][T18565] bond59 (unregistering): Released all slaves [ 1608.424917][T18565] bond60 (unregistering): Released all slaves [ 1608.440169][T18565] bond61 (unregistering): Released all slaves [ 1608.454874][T18565] bond62 (unregistering): Released all slaves [ 1608.471717][T18565] bond63 (unregistering): Released all slaves [ 1608.483331][T18565] bond64 (unregistering): Released all slaves [ 1608.495140][T18565] bond65 (unregistering): Released all slaves [ 1608.514782][T18565] bond66 (unregistering): Released all slaves [ 1608.528611][T18565] bond67 (unregistering): Released all slaves [ 1608.539757][T18565] bond68 (unregistering): Released all slaves [ 1608.552451][T18565] bond69 (unregistering): Released all slaves [ 1608.569392][T18565] bond70 (unregistering): (slave dummy0): Releasing backup interface [ 1608.585782][T18565] bond70 (unregistering): Released all slaves [ 1608.612814][T18565] bond71 (unregistering): Released all slaves [ 1608.868497][T18565] : left promiscuous mode [ 1608.949576][T18565] úÁàél24): left promiscuous mode [ 1609.034121][T18565] tipc: Disabling bearer [ 1609.059719][T18565] tipc: Disabling bearer [ 1609.072907][T18565] tipc: Disabling bearer [ 1609.085388][T18565] tipc: Left network mode [ 1610.734656][T18565] batman_adv: batadv0: Removing interface: batadv_slave_0