last executing test programs: 1.69586521s ago: executing program 1 (id=5366): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, 0x0, 0x4800) 1.512038802s ago: executing program 0 (id=5371): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000100050005000200000011000300686173683a69702c706f727400"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 1.511824864s ago: executing program 3 (id=5372): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x6, 0xfffffffc, 0x10000010}, 0xf) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000001200010a000000000000800080"], 0x24}}, 0x0) 1.511625661s ago: executing program 1 (id=5373): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "bb28ced7b820ec2d", "ca08bd91171e6405c84cdc6e52f57229", "f5ce6f37", "fe017c9f4e95f742"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) 1.41092515s ago: executing program 0 (id=5375): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x7c}}, 0x0) 1.31592961s ago: executing program 3 (id=5376): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newtaction={0x60, 0x30, 0xcac229faa96ee65b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x6, 0x1, 0x8}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x500}, 0x0) 1.315769942s ago: executing program 1 (id=5377): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_BURST={0x8, 0x6, 0x58}]}}]}, 0x60}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}}}, 0x24}}, 0x0) 1.284831453s ago: executing program 1 (id=5378): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='mptcp_subflow_get_send\x00', r1}, 0x18) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x5ec0, @empty}, 0x1c) listen(r0, 0x9) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_REMOVE(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x14000801}, 0x40000) 1.171003252s ago: executing program 2 (id=5380): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x4000, 0x6d}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 1.170774088s ago: executing program 0 (id=5381): syz_80211_inject_frame(0x0, 0x0, 0x32) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) 1.142127725s ago: executing program 3 (id=5382): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0) socket(0x400000000010, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x448d3}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa0100"], 0x18) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x481d5) socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0xb00, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0) 999.896607ms ago: executing program 2 (id=5384): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0xff}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x3, 0x8}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x20080050) 938.229463ms ago: executing program 2 (id=5386): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18, 0x4000095}}], 0x1, 0x20008051) 835.771898ms ago: executing program 3 (id=5388): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) listen(r1, 0x80) accept$netrom(r1, 0x0, 0x0) 831.01069ms ago: executing program 2 (id=5389): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xefff}}}}}}}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x11, 0x0, 0x2, {[@timestamp={0x8, 0xa, 0xafcf, 0x3ff}]}}}}}}}}, 0x0) 742.434062ms ago: executing program 2 (id=5391): bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 683.280626ms ago: executing program 4 (id=5392): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5}}}, 0x24}}, 0x0) 631.711936ms ago: executing program 2 (id=5393): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 512.559641ms ago: executing program 4 (id=5394): unshare(0x6020480) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="11000000040000000400000009"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r0}, 0x48) 509.524695ms ago: executing program 3 (id=5395): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x61, 0x61, 0x5f, 0x61]}}, 0x0, 0x36, 0x0, 0x0, 0x1f8}, 0x28) 406.866912ms ago: executing program 3 (id=5396): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0xff}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x3, 0x8}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x20080050) 343.968908ms ago: executing program 4 (id=5397): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x64, 0x2, 0x7, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4}, @NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xe}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xef0}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80000001}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4040800}, 0x40000) 343.748085ms ago: executing program 1 (id=5398): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000d00)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800040000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) 343.561405ms ago: executing program 0 (id=5399): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000"], 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080) 252.807466ms ago: executing program 1 (id=5400): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000980)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000009c0)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x80, 0x5}, {0x0, 0xb}, {0x6f, 0x5}, {0x3, 0x6}], "11c7d8a27d3a1343"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000885}, 0x0) 239.737629ms ago: executing program 4 (id=5401): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000002030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084000000060005"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 230.699734ms ago: executing program 0 (id=5402): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0xffffffffffffffff, 0x0) 116.996825ms ago: executing program 0 (id=5403): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x60, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x60}}, 0x20000000) 116.537088ms ago: executing program 4 (id=5404): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000f2ffffff00000000ff000000850000002a000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0}, 0xc) 0s ago: executing program 4 (id=5405): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000240)=0x1, 0x4) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xfff3, 0xfff3}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x404c083}, 0x20000050) kernel console output (not intermixed with test programs): er parsing attributes in process `syz.0.3253'. [ 338.721536][T17268] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.729001][T17268] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.737657][T17268] bridge_slave_0: entered allmulticast mode [ 338.747223][T17268] bridge_slave_0: entered promiscuous mode [ 338.787203][T17268] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.794917][T17268] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.802280][T17268] bridge_slave_1: entered allmulticast mode [ 338.822258][T17268] bridge_slave_1: entered promiscuous mode [ 338.894061][T17268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 338.896999][T17321] netlink: 'syz.3.3257': attribute type 2 has an invalid length. [ 338.923638][T17321] xt_TPROXY: Can be used only with -p tcp or -p udp [ 338.937843][T17317] tipc: Resetting bearer [ 338.959288][T17268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.040915][T17325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3259'. [ 339.051666][T17325] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 339.058975][T17325] IPv6: NLM_F_CREATE should be set when creating new route [ 339.186487][T17268] team0: Port device team_slave_0 added [ 339.211877][T17268] team0: Port device team_slave_1 added [ 339.280808][T17268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.289154][T17268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 339.317335][T17268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.356389][T17268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.374311][T17268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 339.402154][T17268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.578478][T17341] sit1: entered promiscuous mode [ 339.592585][T17341] sit1: entered allmulticast mode [ 339.646008][ T5846] Bluetooth: hci1: command tx timeout [ 339.715326][T17268] hsr_slave_0: entered promiscuous mode [ 339.737891][T17345] netlink: 'syz.0.3267': attribute type 5 has an invalid length. [ 339.745911][T17345] netlink: 'syz.0.3267': attribute type 6 has an invalid length. [ 339.753504][T17268] hsr_slave_1: entered promiscuous mode [ 339.770831][T17268] debugfs: 'hsr0' already exists in 'hsr' [ 339.793906][T17268] Cannot create hsr debugfs directory [ 339.812486][T17356] ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz_tun! [ 340.392610][T17268] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 340.416967][T17268] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20003 - 0 [ 340.589486][T17268] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 340.623409][T17268] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20003 - 0 [ 340.787165][T17268] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 340.829069][T17268] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20003 - 0 [ 340.952449][T17268] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 340.982371][T17268] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20003 - 0 [ 341.016736][T17420] tipc: Started in network mode [ 341.022689][T17420] tipc: Node identity e0000001, cluster identity 4711 [ 341.030047][T17420] tipc: Enabling of bearer rejected, failed to enable media [ 341.395613][T17268] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 341.443652][T17268] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 341.513791][T17268] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 341.559199][T17268] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 341.733792][ T5846] Bluetooth: hci1: command tx timeout [ 341.770873][T17471] openvswitch: netlink: Missing key (keys=40, expected=80) [ 341.889258][T17268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.929157][T17268] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.966399][T16362] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.973698][T16362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.995020][T17483] netlink: 'syz.4.3303': attribute type 1 has an invalid length. [ 342.020019][T16362] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.027250][T16362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.141816][T17486] bond1: (slave geneve2): making interface the new active one [ 342.151964][T17486] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 342.174224][T17495] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.203367][T16362] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 342.226244][T16362] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 342.307923][T16362] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 342.320883][T16362] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 342.544261][T17511] netlink: 'syz.2.3311': attribute type 3 has an invalid length. [ 342.598654][T17505] __nla_validate_parse: 12 callbacks suppressed [ 342.598675][T17505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3310'. [ 342.640424][T17520] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3313'. [ 342.870582][T17534] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3317'. [ 342.880354][T17534] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 342.905419][T17534] 0ªî{X¹¦: entered allmulticast mode [ 342.911414][T17534] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 342.946095][T17268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 343.056139][T17268] veth0_vlan: entered promiscuous mode [ 343.063364][T17539] netlink: 'syz.4.3319': attribute type 1 has an invalid length. [ 343.076899][T17268] veth1_vlan: entered promiscuous mode [ 343.141852][T17539] 8021q: adding VLAN 0 to HW filter on device bond2 [ 343.194827][T17541] vlan2: entered promiscuous mode [ 343.199916][T17541] bond2: entered promiscuous mode [ 343.205365][T17541] vlan2: entered allmulticast mode [ 343.210517][T17541] bond2: entered allmulticast mode [ 343.309317][T17268] veth0_macvtap: entered promiscuous mode [ 343.324661][T17268] veth1_macvtap: entered promiscuous mode [ 343.376488][T17268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.503674][T17268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.543829][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.577475][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.620902][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.653923][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.803160][ T5846] Bluetooth: hci1: command tx timeout [ 343.948206][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.971980][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.068351][T16364] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.089101][T17605] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap0 [ 344.100766][T17608] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3335'. [ 344.111528][T16364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.147359][T17608] syzkaller0: entered promiscuous mode [ 344.153314][T17608] syzkaller0: entered allmulticast mode [ 344.215679][T17608] tipc: Started in network mode [ 344.220843][T17608] tipc: Node identity 7a5b0f0f12ba, cluster identity 4711 [ 344.228507][T17608] tipc: Enabled bearer , priority 0 [ 344.237276][T17612] tipc: Enabling of bearer rejected, already enabled [ 344.295722][T17618] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3340'. [ 344.635745][T17635] netem: incorrect gi model size [ 344.654282][T17635] netem: change failed [ 344.772687][T17641] netlink: 'syz.0.3346': attribute type 2 has an invalid length. [ 344.927518][T17606] tipc: Resetting bearer [ 344.965626][T17606] tipc: Disabling bearer [ 345.102311][T17664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3352'. [ 345.251532][T17672] syzkaller0: entered promiscuous mode [ 345.270977][T17672] syzkaller0: entered allmulticast mode [ 345.331872][T17672] netlink: 324 bytes leftover after parsing attributes in process `syz.4.3354'. [ 345.367603][T17679] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:20001 [ 345.394771][T17679] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:20001 [ 345.411228][T17679] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:20001 [ 345.425997][T17679] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:20001 [ 345.591549][T17688] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3360'. [ 345.656401][T17694] netlink: 'syz.1.3362': attribute type 11 has an invalid length. [ 345.672132][T17694] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3362'. [ 345.703273][T17697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3364'. [ 345.710025][T17688] bond1: entered allmulticast mode [ 345.724595][T17699] openvswitch: netlink: Flow key attr not present in new flow. [ 345.737924][T17699] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 345.745296][T17688] 8021q: adding VLAN 0 to HW filter on device bond1 [ 345.883953][ T5846] Bluetooth: hci1: command tx timeout [ 355.729587][T12162] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 150 seconds [ 355.740391][T12162] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 150 seconds [ 355.752027][T12162] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 150 seconds [ 355.763304][ T56] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 150 seconds [ 355.774736][ T56] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 150 seconds [ 355.786068][ T56] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 150 seconds [ 355.797162][T12162] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 150 seconds [ 355.813060][T12162] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 150 seconds [ 378.768466][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.805141][T12162] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 180 seconds [ 385.816761][ T56] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 180 seconds [ 385.827544][T12162] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 180 seconds [ 385.838643][ T56] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 180 seconds [ 385.851019][T12162] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 180 seconds [ 385.862223][ T56] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 180 seconds [ 385.873832][ T56] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 180 seconds [ 385.885491][T12162] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 180 seconds [ 403.872577][T17708] __nla_validate_parse: 1 callbacks suppressed [ 403.872599][T17708] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.3366'. [ 403.909583][T17709] bridge_slave_0: left allmulticast mode [ 403.916573][T17709] bridge_slave_0: left promiscuous mode [ 403.922432][T17709] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.968311][T17709] bridge_slave_1: left allmulticast mode [ 403.980704][T17709] bridge_slave_1: left promiscuous mode [ 403.991052][T17709] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.026638][T17709] bond0: (slave bond_slave_0): Releasing backup interface [ 404.068113][T17709] bond0: (slave bond_slave_1): Releasing backup interface [ 404.112985][T17709] team0: Port device team_slave_0 removed [ 404.141131][T17709] team0: Port device team_slave_1 removed [ 404.155573][T17709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 404.174260][T17709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.198037][T17709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.219983][T17709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.251240][T17709] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 404.330223][T17730] tipc: Enabled bearer , priority 0 [ 404.355075][T17718] tipc: Resetting bearer [ 404.399625][T17722] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3370'. [ 404.507187][T17733] syzkaller0: entered allmulticast mode [ 404.535320][T17716] tipc: Disabling bearer [ 404.839917][T17760] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 404.851715][T17761] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 404.852548][T17764] tipc: Enabled bearer , priority 0 [ 404.901259][T17764] syzkaller0: entered promiscuous mode [ 404.909510][T17764] syzkaller0: entered allmulticast mode [ 404.932379][T17764] tipc: Resetting bearer [ 404.945941][T17763] tipc: Resetting bearer [ 404.991510][T17763] tipc: Disabling bearer [ 405.013231][T17766] netlink: 'syz.0.3381': attribute type 3 has an invalid length. [ 405.021149][T17766] netlink: 666 bytes leftover after parsing attributes in process `syz.0.3381'. [ 405.036092][T17768] netlink: 516 bytes leftover after parsing attributes in process `syz.4.3382'. [ 405.192407][T17775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3385'. [ 405.228908][T17777] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.238407][T17777] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.355059][T17777] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3384'. [ 405.463757][T17790] netlink: 'syz.2.3388': attribute type 8 has an invalid length. [ 405.540749][T17793] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3390'. [ 405.880018][T17814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3399'. [ 405.923212][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3399'. [ 405.998304][T17818] IPv6: NLM_F_REPLACE set, but no existing node found! [ 406.170760][T17824] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 406.397323][T17837] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3409'. [ 408.590318][T17955] syzkaller0: entered promiscuous mode [ 408.597428][T17955] syzkaller0: entered allmulticast mode [ 408.600155][T17961] FAULT_INJECTION: forcing a failure. [ 408.600155][T17961] name failslab, interval 1, probability 0, space 0, times 1 [ 408.623301][T17961] CPU: 1 UID: 0 PID: 17961 Comm: syz.1.3466 Not tainted syzkaller #0 PREEMPT(full) [ 408.623333][T17961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 408.623345][T17961] Call Trace: [ 408.623352][T17961] [ 408.623361][T17961] dump_stack_lvl+0x189/0x250 [ 408.623395][T17961] ? __pfx____ratelimit+0x10/0x10 [ 408.623421][T17961] ? __pfx_dump_stack_lvl+0x10/0x10 [ 408.623447][T17961] ? __pfx__printk+0x10/0x10 [ 408.623473][T17961] ? __pfx___might_resched+0x10/0x10 [ 408.623493][T17961] ? fs_reclaim_acquire+0x7d/0x100 [ 408.623527][T17961] should_fail_ex+0x414/0x560 [ 408.623562][T17961] should_failslab+0xa8/0x100 [ 408.623586][T17961] __kmalloc_cache_noprof+0x6f/0x6f0 [ 408.623614][T17961] ? sctp_association_new+0x89/0x25f0 [ 408.623641][T17961] sctp_association_new+0x89/0x25f0 [ 408.623664][T17961] ? sctp_has_association+0x1cd/0x1f0 [ 408.623684][T17961] ? sctp_has_association+0x2f/0x1f0 [ 408.623708][T17961] ? __ipv6_addr_type+0x247/0x2f0 [ 408.623736][T17961] sctp_connect_new_asoc+0x2c5/0x690 [ 408.623760][T17961] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 408.623782][T17961] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 408.623801][T17961] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 408.623819][T17961] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 408.623840][T17961] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 408.623861][T17961] ? security_sctp_bind_connect+0x7e/0x2e0 [ 408.623888][T17961] sctp_sendmsg+0x155c/0x2810 [ 408.623934][T17961] ? __pfx_sctp_sendmsg+0x10/0x10 [ 408.623969][T17961] ? aa_sk_perm+0x81e/0x950 [ 408.624002][T17961] ? __pfx_aa_sk_perm+0x10/0x10 [ 408.624033][T17961] ? sock_rps_record_flow+0x19/0x410 [ 408.624067][T17961] ? inet_sendmsg+0x2f4/0x370 [ 408.624093][T17961] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 408.624126][T17961] __sock_sendmsg+0x19c/0x270 [ 408.624157][T17961] __sys_sendto+0x3bd/0x520 [ 408.624180][T17961] ? __pfx___sys_sendto+0x10/0x10 [ 408.624207][T17961] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 408.624252][T17961] ? __fget_files+0x3a0/0x420 [ 408.624286][T17961] ? ksys_write+0x22a/0x250 [ 408.624316][T17961] ? __pfx_ksys_write+0x10/0x10 [ 408.624348][T17961] __x64_sys_sendto+0xde/0x100 [ 408.624371][T17961] do_syscall_64+0xfa/0xfa0 [ 408.624397][T17961] ? lockdep_hardirqs_on+0x9c/0x150 [ 408.624424][T17961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.624444][T17961] ? clear_bhb_loop+0x60/0xb0 [ 408.624468][T17961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.624487][T17961] RIP: 0033:0x7fa37578efc9 [ 408.624507][T17961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.624525][T17961] RSP: 002b:00007fa376581038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 408.624547][T17961] RAX: ffffffffffffffda RBX: 00007fa3759e5fa0 RCX: 00007fa37578efc9 [ 408.624562][T17961] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 408.624575][T17961] RBP: 00007fa376581090 R08: 0000200000000100 R09: 000000000000001c [ 408.624588][T17961] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 408.624601][T17961] R13: 00007fa3759e6038 R14: 00007fa3759e5fa0 R15: 00007ffef37cf8a8 [ 408.624637][T17961] [ 409.176819][T17978] vcan0: tx drop: invalid sa for name 0x2000000000000000 [ 409.671541][T17986] __nla_validate_parse: 5 callbacks suppressed [ 409.671564][T17986] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3472'. [ 409.672469][T17987] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3472'. [ 410.649501][T17977] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3468'. [ 411.064872][T18019] FAULT_INJECTION: forcing a failure. [ 411.064872][T18019] name failslab, interval 1, probability 0, space 0, times 0 [ 411.069842][T18020] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3481'. [ 411.077797][T18019] CPU: 0 UID: 0 PID: 18019 Comm: syz.2.3482 Not tainted syzkaller #0 PREEMPT(full) [ 411.077824][T18019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 411.077836][T18019] Call Trace: [ 411.077845][T18019] [ 411.077854][T18019] dump_stack_lvl+0x189/0x250 [ 411.077888][T18019] ? __pfx____ratelimit+0x10/0x10 [ 411.077915][T18019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.077943][T18019] ? __pfx__printk+0x10/0x10 [ 411.077971][T18019] ? __pfx___might_resched+0x10/0x10 [ 411.077993][T18019] ? fs_reclaim_acquire+0x7d/0x100 [ 411.078029][T18019] should_fail_ex+0x414/0x560 [ 411.078066][T18019] should_failslab+0xa8/0x100 [ 411.078088][T18019] __kmalloc_cache_noprof+0x6f/0x6f0 [ 411.078115][T18019] ? __genradix_ptr_alloc+0x463/0x4a0 [ 411.078139][T18019] ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 411.078173][T18019] sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 411.078212][T18019] sctp_association_new+0x15d3/0x25f0 [ 411.078252][T18019] sctp_connect_new_asoc+0x2c5/0x690 [ 411.078276][T18019] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 411.078299][T18019] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 411.078320][T18019] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 411.078347][T18019] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 411.078369][T18019] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 411.078390][T18019] ? security_sctp_bind_connect+0x7e/0x2e0 [ 411.078418][T18019] sctp_sendmsg+0x155c/0x2810 [ 411.078464][T18019] ? __pfx_sctp_sendmsg+0x10/0x10 [ 411.078499][T18019] ? aa_sk_perm+0x81e/0x950 [ 411.078533][T18019] ? __pfx_aa_sk_perm+0x10/0x10 [ 411.078564][T18019] ? sock_rps_record_flow+0x19/0x410 [ 411.078598][T18019] ? inet_sendmsg+0x2f4/0x370 [ 411.078625][T18019] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 411.078648][T18019] __sock_sendmsg+0x19c/0x270 [ 411.078680][T18019] __sys_sendto+0x3bd/0x520 [ 411.078704][T18019] ? __pfx___sys_sendto+0x10/0x10 [ 411.078731][T18019] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 411.078776][T18019] ? __fget_files+0x3a0/0x420 [ 411.078809][T18019] ? ksys_write+0x22a/0x250 [ 411.078839][T18019] ? __pfx_ksys_write+0x10/0x10 [ 411.078872][T18019] __x64_sys_sendto+0xde/0x100 [ 411.078896][T18019] do_syscall_64+0xfa/0xfa0 [ 411.078922][T18019] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.078948][T18019] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.078968][T18019] ? clear_bhb_loop+0x60/0xb0 [ 411.078990][T18019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.079006][T18019] RIP: 0033:0x7f123d38efc9 [ 411.079023][T18019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.079039][T18019] RSP: 002b:00007f123e269038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 411.079059][T18019] RAX: ffffffffffffffda RBX: 00007f123d5e5fa0 RCX: 00007f123d38efc9 [ 411.079073][T18019] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 411.079084][T18019] RBP: 00007f123e269090 R08: 0000200000000100 R09: 000000000000001c [ 411.079096][T18019] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 411.079107][T18019] R13: 00007f123d5e6038 R14: 00007f123d5e5fa0 R15: 00007ffd28404fb8 [ 411.079139][T18019] [ 411.158102][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.417928][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.427875][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.435775][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.443806][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.451614][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.459610][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.467998][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.476502][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.486229][T18024] netlink: 'syz.1.3473': attribute type 3 has an invalid length. [ 411.585515][T17989] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 412.006949][T18063] FAULT_INJECTION: forcing a failure. [ 412.006949][T18063] name failslab, interval 1, probability 0, space 0, times 0 [ 412.031649][T18063] CPU: 0 UID: 0 PID: 18063 Comm: syz.1.3493 Not tainted syzkaller #0 PREEMPT(full) [ 412.031680][T18063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 412.031692][T18063] Call Trace: [ 412.031700][T18063] [ 412.031710][T18063] dump_stack_lvl+0x189/0x250 [ 412.031742][T18063] ? __pfx____ratelimit+0x10/0x10 [ 412.031770][T18063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.031797][T18063] ? __pfx__printk+0x10/0x10 [ 412.031814][T18063] ? crng_make_state+0x34c/0x700 [ 412.031840][T18063] ? crng_make_state+0x3fc/0x700 [ 412.031863][T18063] ? crng_make_state+0x13a/0x700 [ 412.031888][T18063] should_fail_ex+0x414/0x560 [ 412.031923][T18063] should_failslab+0xa8/0x100 [ 412.031946][T18063] __kmalloc_cache_noprof+0x6f/0x6f0 [ 412.031974][T18063] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 412.031998][T18063] ? sctp_add_bind_addr+0x8c/0x370 [ 412.032031][T18063] sctp_add_bind_addr+0x8c/0x370 [ 412.032063][T18063] sctp_copy_local_addr_list+0x30b/0x4e0 [ 412.032093][T18063] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 412.032128][T18063] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 412.032157][T18063] ? sctp_v6_is_any+0x64/0x80 [ 412.032186][T18063] ? sctp_copy_one_addr+0x93/0x360 [ 412.032217][T18063] sctp_bind_addr_copy+0xb3/0x3c0 [ 412.032245][T18063] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 412.032273][T18063] sctp_connect_new_asoc+0x2e0/0x690 [ 412.032298][T18063] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 412.032321][T18063] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 412.032341][T18063] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 412.032358][T18063] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 412.032378][T18063] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 412.032400][T18063] ? security_sctp_bind_connect+0x7e/0x2e0 [ 412.032428][T18063] sctp_sendmsg+0x155c/0x2810 [ 412.032474][T18063] ? __pfx_sctp_sendmsg+0x10/0x10 [ 412.032509][T18063] ? aa_sk_perm+0x81e/0x950 [ 412.032543][T18063] ? __pfx_aa_sk_perm+0x10/0x10 [ 412.032575][T18063] ? sock_rps_record_flow+0x19/0x410 [ 412.032608][T18063] ? inet_sendmsg+0x2f4/0x370 [ 412.032641][T18063] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 412.032665][T18063] __sock_sendmsg+0x19c/0x270 [ 412.032697][T18063] __sys_sendto+0x3bd/0x520 [ 412.032720][T18063] ? __pfx___sys_sendto+0x10/0x10 [ 412.032745][T18063] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 412.032790][T18063] ? __fget_files+0x3a0/0x420 [ 412.032822][T18063] ? ksys_write+0x22a/0x250 [ 412.032853][T18063] ? __pfx_ksys_write+0x10/0x10 [ 412.032885][T18063] __x64_sys_sendto+0xde/0x100 [ 412.032910][T18063] do_syscall_64+0xfa/0xfa0 [ 412.032936][T18063] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.032962][T18063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.032982][T18063] ? clear_bhb_loop+0x60/0xb0 [ 412.033009][T18063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.033028][T18063] RIP: 0033:0x7fa37578efc9 [ 412.033047][T18063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.033065][T18063] RSP: 002b:00007fa376581038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 412.033088][T18063] RAX: ffffffffffffffda RBX: 00007fa3759e5fa0 RCX: 00007fa37578efc9 [ 412.033103][T18063] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 412.033116][T18063] RBP: 00007fa376581090 R08: 0000200000000100 R09: 000000000000001c [ 412.033137][T18063] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 412.033150][T18063] R13: 00007fa3759e6038 R14: 00007fa3759e5fa0 R15: 00007ffef37cf8a8 [ 412.033188][T18063] [ 412.487803][T18071] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3492'. [ 412.735903][ T5904] IPVS: starting estimator thread 0... [ 412.755668][T18090] IPVS: set_ctl: invalid protocol: 60 100.1.1.0:20004 [ 412.864558][T18092] IPVS: using max 23 ests per chain, 55200 per kthread [ 413.216328][T18066] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 414.453860][ T5846] Bluetooth: hci0: command 0x0401 tx timeout [ 415.886512][ T56] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 210 seconds [ 415.897421][T12162] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 210 seconds [ 415.908264][ T56] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 210 seconds [ 415.919773][T12162] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 210 seconds [ 415.931025][ T56] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 210 seconds [ 415.942141][T12162] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 210 seconds [ 415.963227][T12162] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 210 seconds [ 415.974358][ T56] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 210 seconds [ 416.523391][ T5846] Bluetooth: hci0: command 0x0401 tx timeout [ 437.163309][ T52] Bluetooth: hci5: command 0x0411 tx timeout [ 440.205771][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.963980][T12162] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 240 seconds [ 445.974828][ T56] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 240 seconds [ 445.985606][T12162] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 240 seconds [ 445.997204][ T56] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 240 seconds [ 446.008405][T12162] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 240 seconds [ 446.019499][ T56] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 240 seconds [ 446.032992][ T56] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 240 seconds [ 446.044179][T12162] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 240 seconds [ 447.407633][ T5846] Bluetooth: hci2: command 0x0406 tx timeout [ 447.407905][T11276] Bluetooth: hci0: command 0x0401 tx timeout [ 452.523258][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 472.467914][T18131] batadv1: entered allmulticast mode [ 473.158963][T18161] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3522'. [ 473.169508][T18161] 1ªî{X¹¦: renamed from 30ªî{X¹¦ (while UP) [ 473.180858][T18161] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 473.374626][T18172] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3527'. [ 473.400666][T18172] team0: No ports can be present during mode change [ 473.930076][T18205] validate_nla: 45 callbacks suppressed [ 473.930099][T18205] netlink: 'syz.3.3542': attribute type 1 has an invalid length. [ 473.948875][T18205] netlink: 'syz.3.3542': attribute type 2 has an invalid length. [ 474.737312][T18247] netpci0: tun_chr_ioctl cmd 21731 [ 474.755161][T18247] netpci0: tun_chr_ioctl cmd 35108 [ 475.599972][T18288] syzkaller0: entered promiscuous mode [ 475.606929][T18288] syzkaller0: entered allmulticast mode [ 475.718474][T18300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3587'. [ 475.746211][T18300] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3587'. [ 476.051867][T12162] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 270 seconds [ 476.064737][ T56] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 270 seconds [ 476.076339][ T56] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 270 seconds [ 476.087544][T12162] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 270 seconds [ 476.100961][ T56] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 270 seconds [ 476.112156][T12162] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 270 seconds [ 476.124378][ T56] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 270 seconds [ 476.142985][ T56] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 270 seconds [ 476.787682][T18331] FAULT_INJECTION: forcing a failure. [ 476.787682][T18331] name failslab, interval 1, probability 0, space 0, times 0 [ 476.800913][T18331] CPU: 1 UID: 0 PID: 18331 Comm: syz.4.3601 Not tainted syzkaller #0 PREEMPT(full) [ 476.800933][T18331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 476.800941][T18331] Call Trace: [ 476.800947][T18331] [ 476.800952][T18331] dump_stack_lvl+0x189/0x250 [ 476.800975][T18331] ? __pfx____ratelimit+0x10/0x10 [ 476.800993][T18331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.801011][T18331] ? __pfx__printk+0x10/0x10 [ 476.801034][T18331] should_fail_ex+0x414/0x560 [ 476.801056][T18331] should_failslab+0xa8/0x100 [ 476.801070][T18331] __kmalloc_cache_noprof+0x6f/0x6f0 [ 476.801086][T18331] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 476.801102][T18331] ? sctp_v6_cmp_addr+0x15/0xd0 [ 476.801117][T18331] ? sctp_add_bind_addr+0x8c/0x370 [ 476.801137][T18331] sctp_add_bind_addr+0x8c/0x370 [ 476.801156][T18331] sctp_copy_local_addr_list+0x30b/0x4e0 [ 476.801174][T18331] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 476.801189][T18331] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 476.801207][T18331] ? sctp_v6_is_any+0x64/0x80 [ 476.801224][T18331] ? sctp_copy_one_addr+0x93/0x360 [ 476.801242][T18331] sctp_bind_addr_copy+0xb3/0x3c0 [ 476.801259][T18331] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 476.801275][T18331] sctp_connect_new_asoc+0x2e0/0x690 [ 476.801289][T18331] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 476.801302][T18331] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 476.801314][T18331] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 476.801331][T18331] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 476.801351][T18331] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 476.801372][T18331] ? security_sctp_bind_connect+0x7e/0x2e0 [ 476.801399][T18331] sctp_sendmsg+0x155c/0x2810 [ 476.801444][T18331] ? __pfx_sctp_sendmsg+0x10/0x10 [ 476.801470][T18331] ? aa_sk_perm+0x81e/0x950 [ 476.801498][T18331] ? __pfx_aa_sk_perm+0x10/0x10 [ 476.801516][T18331] ? sock_rps_record_flow+0x19/0x410 [ 476.801537][T18331] ? inet_sendmsg+0x2f4/0x370 [ 476.801554][T18331] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 476.801568][T18331] __sock_sendmsg+0x19c/0x270 [ 476.801586][T18331] __sys_sendto+0x3bd/0x520 [ 476.801600][T18331] ? __pfx___sys_sendto+0x10/0x10 [ 476.801616][T18331] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 476.801642][T18331] ? __fget_files+0x3a0/0x420 [ 476.801662][T18331] ? ksys_write+0x22a/0x250 [ 476.801680][T18331] ? __pfx_ksys_write+0x10/0x10 [ 476.801699][T18331] __x64_sys_sendto+0xde/0x100 [ 476.801713][T18331] do_syscall_64+0xfa/0xfa0 [ 476.801731][T18331] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.801747][T18331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.801759][T18331] ? clear_bhb_loop+0x60/0xb0 [ 476.801774][T18331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.801785][T18331] RIP: 0033:0x7f37c1b8efc9 [ 476.801798][T18331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.801808][T18331] RSP: 002b:00007f37c2a53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 476.801822][T18331] RAX: ffffffffffffffda RBX: 00007f37c1de5fa0 RCX: 00007f37c1b8efc9 [ 476.801831][T18331] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 476.801839][T18331] RBP: 00007f37c2a53090 R08: 0000200000000100 R09: 000000000000001c [ 476.801846][T18331] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 476.801854][T18331] R13: 00007f37c1de6038 R14: 00007f37c1de5fa0 R15: 00007fff5d35b258 [ 476.801875][T18331] [ 478.097077][T18302] ip6gre1: entered promiscuous mode [ 478.102314][T18302] ip6gre1: entered allmulticast mode [ 478.109806][T16364] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 478.117799][T16364] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 478.133287][ T5925] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 478.154327][T18333] !€ÿ: renamed from bond_slave_0 (while UP) [ 478.421631][T18348] netlink: zone id is out of range [ 478.453106][ T5925] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 478.641133][T18362] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3611'. [ 478.646342][T18359] team0: entered promiscuous mode [ 478.661252][T18362] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3611'. [ 478.672870][T18359] team_slave_0: entered promiscuous mode [ 478.682089][T18359] team_slave_1: entered promiscuous mode [ 478.714983][T18366] FAULT_INJECTION: forcing a failure. [ 478.714983][T18366] name failslab, interval 1, probability 0, space 0, times 0 [ 478.757654][T18366] CPU: 1 UID: 0 PID: 18366 Comm: syz.0.3612 Not tainted syzkaller #0 PREEMPT(full) [ 478.757685][T18366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 478.757706][T18366] Call Trace: [ 478.757715][T18366] [ 478.757724][T18366] dump_stack_lvl+0x189/0x250 [ 478.757758][T18366] ? __pfx____ratelimit+0x10/0x10 [ 478.757785][T18366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 478.757812][T18366] ? __pfx__printk+0x10/0x10 [ 478.757852][T18366] should_fail_ex+0x414/0x560 [ 478.757889][T18366] should_failslab+0xa8/0x100 [ 478.757912][T18366] __kmalloc_cache_noprof+0x6f/0x6f0 [ 478.757939][T18366] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 478.757966][T18366] ? sctp_add_bind_addr+0x8c/0x370 [ 478.758000][T18366] sctp_add_bind_addr+0x8c/0x370 [ 478.758032][T18366] sctp_copy_local_addr_list+0x30b/0x4e0 [ 478.758064][T18366] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 478.758090][T18366] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 478.758119][T18366] ? sctp_v6_is_any+0x64/0x80 [ 478.758148][T18366] ? sctp_copy_one_addr+0x93/0x360 [ 478.758180][T18366] sctp_bind_addr_copy+0xb3/0x3c0 [ 478.758207][T18366] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 478.758236][T18366] sctp_connect_new_asoc+0x2e0/0x690 [ 478.758268][T18366] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 478.758290][T18366] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 478.758310][T18366] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 478.758326][T18366] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 478.758346][T18366] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 478.758366][T18366] ? security_sctp_bind_connect+0x7e/0x2e0 [ 478.758394][T18366] sctp_sendmsg+0x155c/0x2810 [ 478.758439][T18366] ? __pfx_sctp_sendmsg+0x10/0x10 [ 478.758473][T18366] ? aa_sk_perm+0x81e/0x950 [ 478.758507][T18366] ? __pfx_aa_sk_perm+0x10/0x10 [ 478.758539][T18366] ? sock_rps_record_flow+0x19/0x410 [ 478.758573][T18366] ? inet_sendmsg+0x2f4/0x370 [ 478.758601][T18366] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 478.758625][T18366] __sock_sendmsg+0x19c/0x270 [ 478.758663][T18366] __sys_sendto+0x3bd/0x520 [ 478.758686][T18366] ? __pfx___sys_sendto+0x10/0x10 [ 478.758720][T18366] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 478.758765][T18366] ? __fget_files+0x3a0/0x420 [ 478.758798][T18366] ? ksys_write+0x22a/0x250 [ 478.758828][T18366] ? __pfx_ksys_write+0x10/0x10 [ 478.758860][T18366] __x64_sys_sendto+0xde/0x100 [ 478.758884][T18366] do_syscall_64+0xfa/0xfa0 [ 478.758909][T18366] ? lockdep_hardirqs_on+0x9c/0x150 [ 478.758937][T18366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.758957][T18366] ? clear_bhb_loop+0x60/0xb0 [ 478.758982][T18366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.759001][T18366] RIP: 0033:0x7f339e78efc9 [ 478.759020][T18366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.759038][T18366] RSP: 002b:00007f339f666038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 478.759059][T18366] RAX: ffffffffffffffda RBX: 00007f339e9e5fa0 RCX: 00007f339e78efc9 [ 478.759073][T18366] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 478.759085][T18366] RBP: 00007f339f666090 R08: 0000200000000100 R09: 000000000000001c [ 478.759098][T18366] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 478.759110][T18366] R13: 00007f339e9e6038 R14: 00007f339e9e5fa0 R15: 00007ffe4f91c128 [ 478.759145][T18366] [ 478.766562][T18367] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3613'. [ 478.853817][T18370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3613'. [ 478.964808][T18375] xt_CT: You must specify a L4 protocol and not use inversions on it [ 479.093069][ T981] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 479.663439][T18403] netlink: 'syz.4.3619': attribute type 12 has an invalid length. [ 479.671315][T18403] netlink: 'syz.4.3619': attribute type 29 has an invalid length. [ 479.711490][T18403] netlink: 148 bytes leftover after parsing attributes in process `syz.4.3619'. [ 479.746374][T18403] netlink: 'syz.4.3619': attribute type 1 has an invalid length. [ 479.895101][T18423] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3624'. [ 480.006738][T18430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3628'. [ 480.182335][ T5925] IPVS: starting estimator thread 0... [ 480.266840][T18441] dvmrp0: entered allmulticast mode [ 480.275334][T18442] IPVS: using max 26 ests per chain, 62400 per kthread [ 480.461854][T18456] FAULT_INJECTION: forcing a failure. [ 480.461854][T18456] name failslab, interval 1, probability 0, space 0, times 0 [ 480.488909][T18456] CPU: 1 UID: 0 PID: 18456 Comm: syz.3.3635 Not tainted syzkaller #0 PREEMPT(full) [ 480.488941][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 480.488953][T18456] Call Trace: [ 480.488961][T18456] [ 480.488970][T18456] dump_stack_lvl+0x189/0x250 [ 480.489004][T18456] ? __pfx____ratelimit+0x10/0x10 [ 480.489030][T18456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.489056][T18456] ? __pfx__printk+0x10/0x10 [ 480.489094][T18456] should_fail_ex+0x414/0x560 [ 480.489132][T18456] should_failslab+0xa8/0x100 [ 480.489154][T18456] __kmalloc_cache_noprof+0x6f/0x6f0 [ 480.489180][T18456] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 480.489207][T18456] ? sctp_add_bind_addr+0x8c/0x370 [ 480.489239][T18456] sctp_add_bind_addr+0x8c/0x370 [ 480.489270][T18456] sctp_copy_local_addr_list+0x30b/0x4e0 [ 480.489301][T18456] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 480.489326][T18456] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 480.489355][T18456] ? sctp_v6_is_any+0x64/0x80 [ 480.489383][T18456] ? sctp_copy_one_addr+0x93/0x360 [ 480.489412][T18456] sctp_bind_addr_copy+0xb3/0x3c0 [ 480.489440][T18456] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 480.489476][T18456] sctp_connect_new_asoc+0x2e0/0x690 [ 480.489500][T18456] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 480.489522][T18456] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 480.489541][T18456] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 480.489558][T18456] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 480.489579][T18456] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 480.489600][T18456] ? security_sctp_bind_connect+0x7e/0x2e0 [ 480.489628][T18456] sctp_sendmsg+0x155c/0x2810 [ 480.489671][T18456] ? __pfx_sctp_sendmsg+0x10/0x10 [ 480.489704][T18456] ? aa_sk_perm+0x81e/0x950 [ 480.489742][T18456] ? __pfx_aa_sk_perm+0x10/0x10 [ 480.489772][T18456] ? sock_rps_record_flow+0x19/0x410 [ 480.489803][T18456] ? inet_sendmsg+0x2f4/0x370 [ 480.489829][T18456] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 480.489853][T18456] __sock_sendmsg+0x19c/0x270 [ 480.489884][T18456] __sys_sendto+0x3bd/0x520 [ 480.489907][T18456] ? __pfx___sys_sendto+0x10/0x10 [ 480.489934][T18456] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 480.489979][T18456] ? __fget_files+0x3a0/0x420 [ 480.490011][T18456] ? ksys_write+0x22a/0x250 [ 480.490042][T18456] ? __pfx_ksys_write+0x10/0x10 [ 480.490074][T18456] __x64_sys_sendto+0xde/0x100 [ 480.490098][T18456] do_syscall_64+0xfa/0xfa0 [ 480.490124][T18456] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.490150][T18456] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.490171][T18456] ? clear_bhb_loop+0x60/0xb0 [ 480.490197][T18456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.490215][T18456] RIP: 0033:0x7f952d58efc9 [ 480.490233][T18456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.490249][T18456] RSP: 002b:00007f952e498038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 480.490272][T18456] RAX: ffffffffffffffda RBX: 00007f952d7e5fa0 RCX: 00007f952d58efc9 [ 480.490286][T18456] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 480.490298][T18456] RBP: 00007f952e498090 R08: 0000200000000100 R09: 000000000000001c [ 480.490311][T18456] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000001 [ 480.490323][T18456] R13: 00007f952d7e6038 R14: 00007f952d7e5fa0 R15: 00007fff3576cf88 [ 480.490361][T18456] [ 480.860777][T18460] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3638'. [ 481.178812][T18481] syzkaller1: entered promiscuous mode [ 481.184850][T18481] syzkaller1: entered allmulticast mode [ 481.192204][T18477] tipc: Enabled bearer , priority 0 [ 481.246308][T18477] syzkaller0: entered promiscuous mode [ 481.251841][T18477] syzkaller0: entered allmulticast mode [ 481.342674][T18476] tipc: Resetting bearer [ 481.390213][T18476] tipc: Disabling bearer [ 481.510916][T18499] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3649'. [ 481.564822][T18500] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3651'. [ 481.697441][T18509] veth1_macvtap: left promiscuous mode [ 481.861892][T18517] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 482.203188][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 483.046220][T18576] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 483.052170][T18576] pim6reg0: linktype set to 823 [ 483.532640][T18605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.542635][T18605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.552240][T18605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.566761][T18605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.576205][T18605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.586990][T18603] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.685306][T18611] __nla_validate_parse: 7 callbacks suppressed [ 483.685328][T18611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3704'. [ 484.203849][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 484.319619][T18641] bridge_slave_0: left allmulticast mode [ 484.327442][T18641] bridge_slave_0: left promiscuous mode [ 484.335298][T18641] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.348094][T18641] bridge_slave_1: left allmulticast mode [ 484.354166][T18641] bridge_slave_1: left promiscuous mode [ 484.360195][T18641] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.377941][T18641] bond0: (slave bond_slave_0): Releasing backup interface [ 484.393925][T18641] bond0: (slave bond_slave_1): Releasing backup interface [ 484.410105][T18641] team0: Port device team_slave_0 removed [ 484.424291][T18641] team0: Port device team_slave_1 removed [ 484.437603][T18641] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 484.446345][T18641] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 484.458078][T18641] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 484.465817][T18641] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 484.475691][T18652] xt_TCPMSS: Only works on TCP SYN packets [ 484.480443][T18641] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 484.611338][T18657] FAULT_INJECTION: forcing a failure. [ 484.611338][T18657] name failslab, interval 1, probability 0, space 0, times 0 [ 484.626949][T18657] CPU: 1 UID: 0 PID: 18657 Comm: syz.4.3723 Not tainted syzkaller #0 PREEMPT(full) [ 484.626980][T18657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 484.626993][T18657] Call Trace: [ 484.627001][T18657] [ 484.627010][T18657] dump_stack_lvl+0x189/0x250 [ 484.627044][T18657] ? __pfx____ratelimit+0x10/0x10 [ 484.627072][T18657] ? __pfx_dump_stack_lvl+0x10/0x10 [ 484.627099][T18657] ? __pfx__printk+0x10/0x10 [ 484.627139][T18657] should_fail_ex+0x414/0x560 [ 484.627175][T18657] should_failslab+0xa8/0x100 [ 484.627198][T18657] kmem_cache_alloc_node_noprof+0x77/0x710 [ 484.627226][T18657] ? __alloc_skb+0x112/0x2d0 [ 484.627284][T18657] __alloc_skb+0x112/0x2d0 [ 484.627319][T18657] sctp_packet_transmit+0x2cc/0x2bb0 [ 484.627361][T18657] ? sctp_outq_flush+0xbef/0x3140 [ 484.627391][T18657] ? sctp_outq_flush+0xbef/0x3140 [ 484.627413][T18657] ? sctp_outq_flush+0xbef/0x3140 [ 484.627438][T18657] sctp_outq_flush+0xecb/0x3140 [ 484.627460][T18657] ? sctp_outq_flush+0xbef/0x3140 [ 484.627493][T18657] ? _parse_integer_limit+0x1ae/0x1f0 [ 484.627528][T18657] ? __pfx_sctp_outq_flush+0x10/0x10 [ 484.627557][T18657] ? sctp_outq_is_empty+0x4d/0xf0 [ 484.627583][T18657] ? sctp_outq_uncork+0x62/0xa0 [ 484.627609][T18657] sctp_do_sm+0x3ea7/0x5a20 [ 484.627660][T18657] ? __pfx_sctp_do_sm+0x10/0x10 [ 484.627734][T18657] ? rcu_is_watching+0x15/0xb0 [ 484.627758][T18657] ? trace_inet_sock_set_state+0x80/0x200 [ 484.627785][T18657] sctp_primitive_SHUTDOWN+0x98/0xc0 [ 484.627808][T18657] ? __pfx_sctp_shutdown+0x10/0x10 [ 484.627837][T18657] inet_shutdown+0x271/0x390 [ 484.627870][T18657] __x64_sys_shutdown+0x13f/0x1a0 [ 484.627895][T18657] do_syscall_64+0xfa/0xfa0 [ 484.627921][T18657] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.627954][T18657] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.627974][T18657] ? clear_bhb_loop+0x60/0xb0 [ 484.627999][T18657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.628017][T18657] RIP: 0033:0x7f37c1b8efc9 [ 484.628036][T18657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.628053][T18657] RSP: 002b:00007f37c2a53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 484.628076][T18657] RAX: ffffffffffffffda RBX: 00007f37c1de5fa0 RCX: 00007f37c1b8efc9 [ 484.628091][T18657] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003 [ 484.628103][T18657] RBP: 00007f37c2a53090 R08: 0000000000000000 R09: 0000000000000000 [ 484.628116][T18657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.628128][T18657] R13: 00007f37c1de6038 R14: 00007f37c1de5fa0 R15: 00007fff5d35b258 [ 484.628165][T18657] [ 485.003665][ T7966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.165678][ T5904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.418514][T18692] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3733'. [ 485.443236][ T7966] IPVS: starting estimator thread 0... [ 485.533636][T18694] IPVS: using max 22 ests per chain, 52800 per kthread [ 485.588697][T18700] bridge_slave_0: left allmulticast mode [ 485.603510][T18700] bridge_slave_0: left promiscuous mode [ 485.609395][T18700] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.666268][T18700] bridge_slave_1: left promiscuous mode [ 485.698960][T18700] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.722009][T18700] bond0: (slave bond_slave_0): Releasing backup interface [ 485.732314][T18710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3740'. [ 485.756583][T18700] bond0: (slave bond_slave_1): Releasing backup interface [ 485.802304][T18700] team0: Port device team_slave_0 removed [ 485.846500][T18700] team0: Port device team_slave_1 removed [ 485.867073][T18700] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 485.875243][T18700] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.216186][T18728] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3746'. [ 486.250889][T18732] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3747'. [ 486.268576][T18732] netlink: 'syz.2.3747': attribute type 7 has an invalid length. [ 486.278507][T18732] netlink: 'syz.2.3747': attribute type 8 has an invalid length. [ 486.344713][T18732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3747'. [ 486.495713][T18748] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3752'. [ 486.558975][T18748] vlan2: entered promiscuous mode [ 486.578533][T18748] bridge0: entered promiscuous mode [ 486.627807][T18758] bridge_slave_0: left allmulticast mode [ 486.660039][T18758] bridge_slave_0: left promiscuous mode [ 486.694556][T18758] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.741422][T18758] bond0: (slave bridge_slave_1): Releasing backup interface [ 486.765212][T18758] bond0: (slave 1!€ÿ): Releasing backup interface [ 486.801486][T18758] bond0: (slave bond_slave_1): Releasing backup interface [ 486.827634][T18758] team0: Port device team_slave_0 removed [ 486.866664][T18758] team0: Port device team_slave_1 removed [ 486.888303][T18758] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 486.897300][T18758] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.908912][T18758] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 486.919785][T18758] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 487.016799][T18775] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3761'. [ 487.634265][T18797] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3769'. [ 487.656263][T18797] netlink: 'syz.0.3769': attribute type 3 has an invalid length. [ 487.678970][T18797] netlink: 'syz.0.3769': attribute type 3 has an invalid length. [ 487.905495][T18814] tipc: Enabling of bearer rejected, failed to enable media [ 487.942541][T18818] x_tables: duplicate underflow at hook 1 [ 487.977379][T18818] IPVS: set_ctl: invalid protocol: 60 172.20.20.11:20002 [ 488.416011][T18845] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3781'. [ 488.575946][T18851] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 488.644782][T18851] bond1: Unable to set down delay as MII monitoring is disabled [ 488.655966][T18851] bond1 (unregistering): Released all slaves [ 488.747263][T18849] infiniband !yz!: set down [ 488.752087][T18849] infiniband !yz!: added team_slave_0 [ 488.825887][T18849] RDS/IB: !yz!: added [ 488.832678][T18849] smc: adding ib device !yz! with port count 1 [ 488.839600][T18849] smc: ib device !yz! port 1 has no pnetid [ 489.336806][ T7975] net_ratelimit: 18 callbacks suppressed [ 489.336826][ T7975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 489.403775][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 489.533163][T18873] lo speed is unknown, defaulting to 1000 [ 489.571707][T18871] netlink: 'syz.2.3790': attribute type 6 has an invalid length. [ 489.791877][T18875] __nla_validate_parse: 1 callbacks suppressed [ 489.791899][T18875] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3792'. [ 490.040342][T18886] FAULT_INJECTION: forcing a failure. [ 490.040342][T18886] name failslab, interval 1, probability 0, space 0, times 0 [ 490.079666][T18887] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 490.093591][T18886] CPU: 0 UID: 0 PID: 18886 Comm: syz.0.3797 Not tainted syzkaller #0 PREEMPT(full) [ 490.093622][T18886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 490.093644][T18886] Call Trace: [ 490.093653][T18886] [ 490.093662][T18886] dump_stack_lvl+0x189/0x250 [ 490.093696][T18886] ? __pfx____ratelimit+0x10/0x10 [ 490.093723][T18886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 490.093749][T18886] ? __pfx__printk+0x10/0x10 [ 490.093789][T18886] should_fail_ex+0x414/0x560 [ 490.093827][T18886] should_failslab+0xa8/0x100 [ 490.093850][T18886] __kmalloc_cache_noprof+0x6f/0x6f0 [ 490.093878][T18886] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 490.093904][T18886] ? sctp_v6_cmp_addr+0x15/0xd0 [ 490.093928][T18886] ? sctp_add_bind_addr+0x8c/0x370 [ 490.093952][T18886] ? sctp_add_bind_addr+0xb0/0x370 [ 490.093984][T18886] sctp_add_bind_addr+0x8c/0x370 [ 490.094015][T18886] sctp_copy_local_addr_list+0x30b/0x4e0 [ 490.094046][T18886] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 490.094072][T18886] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 490.094100][T18886] ? sctp_v6_is_any+0x64/0x80 [ 490.094129][T18886] ? sctp_copy_one_addr+0x93/0x360 [ 490.094159][T18886] sctp_bind_addr_copy+0xb3/0x3c0 [ 490.094188][T18886] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 490.094216][T18886] sctp_connect_new_asoc+0x2e0/0x690 [ 490.094241][T18886] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 490.094264][T18886] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 490.094284][T18886] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 490.094301][T18886] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 490.094322][T18886] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 490.094343][T18886] ? security_sctp_bind_connect+0x7e/0x2e0 [ 490.094370][T18886] sctp_sendmsg+0x155c/0x2810 [ 490.094416][T18886] ? __pfx_sctp_sendmsg+0x10/0x10 [ 490.094451][T18886] ? aa_sk_perm+0x81e/0x950 [ 490.094485][T18886] ? __pfx_aa_sk_perm+0x10/0x10 [ 490.094517][T18886] ? sock_rps_record_flow+0x19/0x410 [ 490.094550][T18886] ? inet_sendmsg+0x2f4/0x370 [ 490.094578][T18886] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 490.094602][T18886] __sock_sendmsg+0x19c/0x270 [ 490.094641][T18886] __sys_sendto+0x3bd/0x520 [ 490.094664][T18886] ? __pfx___sys_sendto+0x10/0x10 [ 490.094691][T18886] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 490.094737][T18886] ? __fget_files+0x3a0/0x420 [ 490.094772][T18886] ? ksys_write+0x22a/0x250 [ 490.094802][T18886] ? __pfx_ksys_write+0x10/0x10 [ 490.094835][T18886] __x64_sys_sendto+0xde/0x100 [ 490.094859][T18886] do_syscall_64+0xfa/0xfa0 [ 490.094885][T18886] ? lockdep_hardirqs_on+0x9c/0x150 [ 490.094911][T18886] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.094931][T18886] ? clear_bhb_loop+0x60/0xb0 [ 490.094957][T18886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.094977][T18886] RIP: 0033:0x7f339e78efc9 [ 490.094996][T18886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.095014][T18886] RSP: 002b:00007f339f666038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 490.095037][T18886] RAX: ffffffffffffffda RBX: 00007f339e9e5fa0 RCX: 00007f339e78efc9 [ 490.095052][T18886] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 490.095065][T18886] RBP: 00007f339f666090 R08: 0000200000000100 R09: 000000000000001c [ 490.095078][T18886] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000002 [ 490.095090][T18886] R13: 00007f339e9e6038 R14: 00007f339e9e5fa0 R15: 00007ffe4f91c128 [ 490.095128][T18886] [ 490.441197][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 490.472654][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.583144][ T30] audit: type=1800 audit(1762212199.223:4): pid=18896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3800" name=4996AE17DFFC2E43C8174B54B620636894AAACF28FF62616363C70A440AEC4014CAF28C0ADC04308 dev="tmpfs" ino=984 res=0 errno=0 [ 491.483752][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.794199][T18956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3816'. [ 492.076335][T18972] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3822'. [ 492.363471][ T7975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.390812][T18988] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3826'. [ 492.534916][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.133450][T19011] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3838'. [ 493.179453][T19015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3840'. [ 493.202103][T19015] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3840'. [ 493.564536][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.737505][T19035] team0: Mode changed to "loadbalance" [ 494.605603][ T7975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.613910][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.010414][T19104] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 495.030287][T19104] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.039741][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.074594][T19099] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 495.323583][T19122] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3888'. [ 495.404050][ T7975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.570569][T19136] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3891'. [ 495.580110][T19136] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3891'. [ 495.595469][T19136] netlink: 'syz.3.3891': attribute type 5 has an invalid length. [ 495.604934][T19136] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3891'. [ 495.643569][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.685818][ T5862] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.555506][T19165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3900'. [ 497.610578][T19161] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3899'. [ 497.760886][T19176] Cannot find del_set index 4 as target [ 498.081651][T19189] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3907'. [ 498.108827][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3907'. [ 498.350524][T19212] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3914'. [ 498.531444][T19219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3917'. [ 498.639647][T19223] lo speed is unknown, defaulting to 1000 [ 499.401803][T19246] SET target dimension over the limit! [ 499.817461][T19272] tipc: Enabling of bearer rejected, failed to enable media [ 499.929001][T19275] netlink: 'syz.4.3934': attribute type 58 has an invalid length. [ 500.067633][T19281] netlink: 'syz.0.3936': attribute type 1 has an invalid length. [ 500.552621][T19308] netlink: 'syz.1.3942': attribute type 1 has an invalid length. [ 500.628970][T19313] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 500.670339][T19308] __nla_validate_parse: 3 callbacks suppressed [ 500.670361][T19308] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3942'. [ 500.691884][T19320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3946'. [ 500.724963][T19322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3946'. [ 501.647236][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.310412][T19396] batadv_slave_0: entered promiscuous mode [ 502.994671][T19431] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3999'. [ 503.554091][T19456] ipt_ECN: cannot use operation on non-tcp rule [ 503.601097][T19459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4013'. [ 503.634858][T19460] FAULT_INJECTION: forcing a failure. [ 503.634858][T19460] name failslab, interval 1, probability 0, space 0, times 0 [ 503.637310][T19464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4015'. [ 503.672653][T19460] CPU: 1 UID: 0 PID: 19460 Comm: syz.2.4012 Not tainted syzkaller #0 PREEMPT(full) [ 503.672683][T19460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 503.672701][T19460] Call Trace: [ 503.672709][T19460] [ 503.672718][T19460] dump_stack_lvl+0x189/0x250 [ 503.672751][T19460] ? __pfx____ratelimit+0x10/0x10 [ 503.672779][T19460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 503.672807][T19460] ? __pfx__printk+0x10/0x10 [ 503.672845][T19460] should_fail_ex+0x414/0x560 [ 503.672881][T19460] should_failslab+0xa8/0x100 [ 503.672903][T19460] __kmalloc_cache_noprof+0x6f/0x6f0 [ 503.672929][T19460] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 503.672952][T19460] ? sctp_add_bind_addr+0x8c/0x370 [ 503.672975][T19460] ? sctp_add_bind_addr+0xb0/0x370 [ 503.673006][T19460] sctp_add_bind_addr+0x8c/0x370 [ 503.673037][T19460] sctp_copy_local_addr_list+0x30b/0x4e0 [ 503.673067][T19460] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 503.673093][T19460] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 503.673121][T19460] ? sctp_v6_is_any+0x64/0x80 [ 503.673149][T19460] ? sctp_copy_one_addr+0x93/0x360 [ 503.673180][T19460] sctp_bind_addr_copy+0xb3/0x3c0 [ 503.673207][T19460] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 503.673235][T19460] sctp_connect_new_asoc+0x2e0/0x690 [ 503.673270][T19460] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 503.673291][T19460] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 503.673312][T19460] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 503.673329][T19460] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 503.673349][T19460] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 503.673370][T19460] ? security_sctp_bind_connect+0x7e/0x2e0 [ 503.673398][T19460] sctp_sendmsg+0x155c/0x2810 [ 503.673442][T19460] ? __pfx_sctp_sendmsg+0x10/0x10 [ 503.673476][T19460] ? aa_sk_perm+0x81e/0x950 [ 503.673510][T19460] ? __pfx_aa_sk_perm+0x10/0x10 [ 503.673540][T19460] ? sock_rps_record_flow+0x19/0x410 [ 503.673574][T19460] ? inet_sendmsg+0x2f4/0x370 [ 503.673600][T19460] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 503.673624][T19460] __sock_sendmsg+0x19c/0x270 [ 503.673656][T19460] __sys_sendto+0x3bd/0x520 [ 503.673679][T19460] ? __pfx___sys_sendto+0x10/0x10 [ 503.673707][T19460] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 503.673752][T19460] ? __fget_files+0x3a0/0x420 [ 503.673785][T19460] ? ksys_write+0x22a/0x250 [ 503.673815][T19460] ? __pfx_ksys_write+0x10/0x10 [ 503.673847][T19460] __x64_sys_sendto+0xde/0x100 [ 503.673872][T19460] do_syscall_64+0xfa/0xfa0 [ 503.673897][T19460] ? lockdep_hardirqs_on+0x9c/0x150 [ 503.673923][T19460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.673943][T19460] ? clear_bhb_loop+0x60/0xb0 [ 503.673968][T19460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.673988][T19460] RIP: 0033:0x7f123d38efc9 [ 503.674007][T19460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.674025][T19460] RSP: 002b:00007f123e269038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 503.674048][T19460] RAX: ffffffffffffffda RBX: 00007f123d5e5fa0 RCX: 00007f123d38efc9 [ 503.674063][T19460] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 503.674076][T19460] RBP: 00007f123e269090 R08: 0000200000000100 R09: 000000000000001c [ 503.674090][T19460] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000002 [ 503.674102][T19460] R13: 00007f123d5e6038 R14: 00007f123d5e5fa0 R15: 00007ffd28404fb8 [ 503.674139][T19460] [ 504.170830][T19477] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4021'. [ 504.252855][T19479] x_tables: duplicate underflow at hook 1 [ 504.270635][T19484] tls_set_device_offload_rx: netdev not found [ 504.352163][T19490] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4026'. [ 505.378010][T19510] syzkaller0: entered promiscuous mode [ 505.406732][T19510] syzkaller0: entered allmulticast mode [ 505.419872][T19509] tipc: Enabled bearer , priority 0 [ 505.435519][T19517] netlink: 'syz.1.4033': attribute type 2 has an invalid length. [ 505.453259][T19517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4033'. [ 505.477898][T19509] x_tables: duplicate underflow at hook 2 [ 505.479361][T19510] tipc: Resetting bearer [ 505.523773][T19506] tipc: Resetting bearer [ 505.577286][T19522] netlink: 'syz.0.4036': attribute type 1 has an invalid length. [ 505.599575][T19522] netlink: 228 bytes leftover after parsing attributes in process `syz.0.4036'. [ 505.609724][T19506] tipc: Disabling bearer [ 505.656178][T19522] netlink: 'syz.0.4036': attribute type 21 has an invalid length. [ 505.678593][T19522] __nla_validate_parse: 1 callbacks suppressed [ 505.678614][T19522] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4036'. [ 505.814596][T19539] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 505.839591][T19540] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 505.925917][T19544] veth0_to_hsr: entered promiscuous mode [ 505.943070][T19544] macvtap1: entered allmulticast mode [ 505.958583][T19544] veth0_to_hsr: entered allmulticast mode [ 505.966595][T19547] tipc: Enabled bearer , priority 0 [ 505.984851][T19551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4043'. [ 506.012276][T19551] bridge0: mtu less than device minimum [ 506.019966][T19547] tipc: Resetting bearer [ 506.036481][T19545] tipc: Disabling bearer [ 506.129066][T12162] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 300 seconds [ 506.140043][ T56] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 300 seconds [ 506.151151][T12162] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 300 seconds [ 506.164175][ T56] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 300 seconds [ 506.175360][ T56] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 300 seconds [ 506.187289][T12162] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 300 seconds [ 506.198892][T12162] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 300 seconds [ 506.225581][T12162] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 300 seconds [ 506.539874][T19575] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4051'. [ 506.549182][T19575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4051'. [ 506.628968][T19583] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4053'. [ 506.640445][T19584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4052'. [ 506.680906][ T36] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.681363][T19584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4052'. [ 506.692128][ T36] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.730769][ T36] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.750251][ T36] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 506.762985][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 506.968664][T19603] netlink: 'syz.4.4059': attribute type 1 has an invalid length. [ 507.073832][T19603] 8021q: adding VLAN 0 to HW filter on device bond5 [ 507.120103][T19610] vlan4: entered promiscuous mode [ 507.125814][T19610] bond5: entered promiscuous mode [ 507.131232][T19610] vlan4: entered allmulticast mode [ 507.138028][T19610] bond5: entered allmulticast mode [ 507.171937][T19612] bond5: (slave gretap1): making interface the new active one [ 507.180079][T19612] gretap1: entered promiscuous mode [ 507.191445][T19612] gretap1: entered allmulticast mode [ 507.204514][T19612] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 507.246580][T19612] syz.4.4059 (19612) used greatest stack depth: 16760 bytes left [ 507.275457][T19619] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4063'. [ 507.553606][T19629] pimreg3: entered allmulticast mode [ 507.580611][T19632] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4067'. [ 507.702181][T19632] syzkaller1: entered promiscuous mode [ 507.719288][T19632] syzkaller1: entered allmulticast mode [ 508.032521][T19660] tipc: Started in network mode [ 508.060789][T19660] tipc: Node identity , cluster identity 4711 [ 508.091059][T19660] tipc: Failed to set node id, please configure manually [ 508.096232][T19664] netlink: 'syz.0.4077': attribute type 1 has an invalid length. [ 508.110449][T19660] tipc: Enabling of bearer rejected, failed to enable media [ 508.115505][T19665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4076'. [ 508.668894][T19693] netlink: 'syz.1.4085': attribute type 1 has an invalid length. [ 508.677912][T19695] tunl0: entered promiscuous mode [ 508.704155][T19695] netlink: 'syz.3.4084': attribute type 3 has an invalid length. [ 508.734155][T19697] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 508.974957][T19709] netlink: 'syz.2.4089': attribute type 9 has an invalid length. [ 508.977406][T19715] sctp: [Deprecated]: syz.3.4091 (pid 19715) Use of int in maxseg socket option. [ 508.977406][T19715] Use struct sctp_assoc_value instead [ 509.054553][T19717] xt_hashlimit: size too large, truncated to 1048576 [ 509.276643][T19727] vlan2: entered allmulticast mode [ 509.281848][T19727] mac80211_hwsim hwsim24 wlan0: entered allmulticast mode [ 509.896564][T19751] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 510.015312][ T9417] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.054483][ T9417] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.088462][ T9417] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.118614][ T9417] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.150799][T19757] syzkaller1: entered promiscuous mode [ 510.170955][T19757] syzkaller1: entered allmulticast mode [ 510.291266][T19764] syzkaller1: entered promiscuous mode [ 510.308838][T19764] syzkaller1: entered allmulticast mode [ 510.698509][T19785] __nla_validate_parse: 7 callbacks suppressed [ 510.698531][T19785] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4116'. [ 510.778700][T19786] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 511.058450][T19807] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4126'. [ 511.092626][T19807] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.100736][T19807] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.172055][T19813] syzkaller1: entered promiscuous mode [ 511.186916][T19813] syzkaller1: entered allmulticast mode [ 511.200700][T19811] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4129'. [ 511.273519][T19818] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4131'. [ 511.474019][T19822] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 511.640022][T19833] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4139'. [ 511.756766][T19840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4142'. [ 512.195165][T19854] syzkaller0: entered promiscuous mode [ 512.200707][T19854] syzkaller0: entered allmulticast mode [ 512.252602][T19861] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 513.285069][T19911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4174'. [ 513.317297][T19913] tipc: Enabled bearer , priority 0 [ 513.325608][T19913] syzkaller0: entered promiscuous mode [ 513.331254][T19913] syzkaller0: entered allmulticast mode [ 513.387351][T19913] tipc: Resetting bearer [ 513.428148][T19912] tipc: Resetting bearer [ 513.517762][T19912] tipc: Disabling bearer [ 514.050533][T19939] netlink: 'syz.1.4187': attribute type 10 has an invalid length. [ 514.091144][T19939] openvswitch: netlink: Message has 3 unknown bytes. [ 514.997921][T19967] tipc: Started in network mode [ 515.004415][T19967] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 515.015668][T19967] tipc: Enabled bearer , priority 10 [ 515.233890][T19982] netlink: 'syz.0.4207': attribute type 3 has an invalid length. [ 515.242064][T19982] netlink: 'syz.0.4207': attribute type 2 has an invalid length. [ 516.134170][ T7966] tipc: Node number set to 1 [ 516.780469][T20068] xt_policy: output policy not valid in PREROUTING and INPUT [ 516.946006][T20077] netlink: 'syz.2.4252': attribute type 63 has an invalid length. [ 516.991695][T20077] netlink: 'syz.2.4252': attribute type 63 has an invalid length. [ 516.998447][T20080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4253'. [ 517.364213][T20094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4259'. [ 517.461193][T20097] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 517.572049][T20103] syzkaller0: entered promiscuous mode [ 517.583696][T20103] syzkaller0: entered allmulticast mode [ 517.652573][T20103] tipc: Enabled bearer , priority 0 [ 518.083300][T20102] tipc: Resetting bearer [ 518.145247][T20102] tipc: Disabling bearer [ 518.622949][T20150] wg2: entered promiscuous mode [ 518.636459][T20150] wg2: entered allmulticast mode [ 518.675669][T20155] veth0_vlan: entered allmulticast mode [ 518.749586][T20157] ÿÿÿÿÿÿ: renamed from vlan1 [ 518.816351][T20161] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4284'. [ 519.150403][T20179] tipc: Enabled bearer , priority 0 [ 519.175661][T20179] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 519.243346][T20179] tipc: Resetting bearer [ 519.296538][T20176] tipc: Resetting bearer [ 519.329009][T20176] tipc: Disabling bearer [ 519.347560][T20192] netlink: 'syz.3.4298': attribute type 1 has an invalid length. [ 519.561342][T20200] lo speed is unknown, defaulting to 1000 [ 519.858620][T20211] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 519.861078][ T981] IPVS: starting estimator thread 0... [ 519.985031][T20215] IPVS: using max 25 ests per chain, 60000 per kthread [ 520.255089][T20232] FAULT_INJECTION: forcing a failure. [ 520.255089][T20232] name failslab, interval 1, probability 0, space 0, times 0 [ 520.285597][T20232] CPU: 1 UID: 0 PID: 20232 Comm: syz.2.4316 Not tainted syzkaller #0 PREEMPT(full) [ 520.285627][T20232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 520.285640][T20232] Call Trace: [ 520.285648][T20232] [ 520.285657][T20232] dump_stack_lvl+0x189/0x250 [ 520.285689][T20232] ? __pfx____ratelimit+0x10/0x10 [ 520.285715][T20232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 520.285742][T20232] ? __pfx__printk+0x10/0x10 [ 520.285780][T20232] should_fail_ex+0x414/0x560 [ 520.285817][T20232] should_failslab+0xa8/0x100 [ 520.285839][T20232] __kmalloc_cache_noprof+0x6f/0x6f0 [ 520.285864][T20232] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 520.285890][T20232] ? sctp_add_bind_addr+0x8c/0x370 [ 520.285922][T20232] sctp_add_bind_addr+0x8c/0x370 [ 520.285953][T20232] sctp_copy_local_addr_list+0x30b/0x4e0 [ 520.285981][T20232] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 520.286007][T20232] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 520.286036][T20232] ? sctp_v6_is_any+0x64/0x80 [ 520.286063][T20232] ? sctp_copy_one_addr+0x93/0x360 [ 520.286092][T20232] sctp_bind_addr_copy+0xb3/0x3c0 [ 520.286119][T20232] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 520.286148][T20232] sctp_connect_new_asoc+0x2e0/0x690 [ 520.286171][T20232] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 520.286193][T20232] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 520.286213][T20232] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 520.286231][T20232] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 520.286251][T20232] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 520.286272][T20232] ? security_sctp_bind_connect+0x7e/0x2e0 [ 520.286311][T20232] sctp_sendmsg+0x155c/0x2810 [ 520.286357][T20232] ? __pfx_sctp_sendmsg+0x10/0x10 [ 520.286392][T20232] ? aa_sk_perm+0x81e/0x950 [ 520.286426][T20232] ? __pfx_aa_sk_perm+0x10/0x10 [ 520.286458][T20232] ? sock_rps_record_flow+0x19/0x410 [ 520.286492][T20232] ? inet_sendmsg+0x2f4/0x370 [ 520.286518][T20232] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 520.286543][T20232] __sock_sendmsg+0x19c/0x270 [ 520.286574][T20232] __sys_sendto+0x3bd/0x520 [ 520.286598][T20232] ? __pfx___sys_sendto+0x10/0x10 [ 520.286624][T20232] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 520.286670][T20232] ? __fget_files+0x3a0/0x420 [ 520.286703][T20232] ? ksys_write+0x22a/0x250 [ 520.286734][T20232] ? __pfx_ksys_write+0x10/0x10 [ 520.286766][T20232] __x64_sys_sendto+0xde/0x100 [ 520.286790][T20232] do_syscall_64+0xfa/0xfa0 [ 520.286815][T20232] ? lockdep_hardirqs_on+0x9c/0x150 [ 520.286841][T20232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.286862][T20232] ? clear_bhb_loop+0x60/0xb0 [ 520.286887][T20232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.286906][T20232] RIP: 0033:0x7f123d38efc9 [ 520.286949][T20232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.286967][T20232] RSP: 002b:00007f123e269038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 520.286990][T20232] RAX: ffffffffffffffda RBX: 00007f123d5e5fa0 RCX: 00007f123d38efc9 [ 520.287005][T20232] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 520.287018][T20232] RBP: 00007f123e269090 R08: 0000200000000100 R09: 000000000000001c [ 520.287030][T20232] R10: 0000000008044004 R11: 0000000000000246 R12: 0000000000000002 [ 520.287041][T20232] R13: 00007f123d5e6038 R14: 00007f123d5e5fa0 R15: 00007ffd28404fb8 [ 520.287074][T20232] [ 520.852411][T20242] netlink: 277 bytes leftover after parsing attributes in process `syz.3.4320'. [ 520.888450][T20246] netlink: 277 bytes leftover after parsing attributes in process `syz.3.4320'. [ 521.055953][T20253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4323'. [ 521.070375][T20251] nbd: must specify at least one socket [ 521.384165][T20267] lo speed is unknown, defaulting to 1000 [ 521.698584][T20289] netlink: 'syz.2.4334': attribute type 3 has an invalid length. [ 521.725542][T20288] xt_cgroup: xt_cgroup: no path or classid specified [ 521.739577][T20289] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4334'. [ 522.027745][T20304] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4340'. [ 522.037620][T20305] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4340'. [ 522.051534][T20305] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input6 [ 522.322635][T20326] netdevsim netdevsim0: Firmware load for './file0/../file0' refused, path contains '..' component [ 522.327759][T20323] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4345'. [ 522.345906][T20323] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4345'. [ 522.393610][T20323] º: renamed from veth1_vlan (while UP) [ 522.457300][T20332] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4348'. [ 522.960158][T20359] xt_NFQUEUE: number of total queues is 0 [ 523.201119][T20367] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4360'. [ 523.291959][T20372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4363'. [ 523.316898][T20373] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 523.591253][T20384] geneve2: entered promiscuous mode [ 523.730968][T20399] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 523.913434][T20407] IPv6: sit1: Disabled Multicast RS [ 523.938505][T20409] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4373'. [ 524.020107][T20411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4374'. [ 524.038604][T20409] ip_vti0: entered promiscuous mode [ 524.053733][T20409] ip_vti0: entered allmulticast mode [ 524.076871][T20409] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4373'. [ 524.715106][T20451] ksmbd: Unknown IPC event: 3, ignore. [ 525.086684][T20473] netlink: 'syz.4.4388': attribute type 1 has an invalid length. [ 525.236045][T20483] netlink: 'syz.1.4392': attribute type 6 has an invalid length. [ 525.274530][T20476] veth5: entered allmulticast mode [ 525.281579][T20483] netlink: 'syz.1.4392': attribute type 6 has an invalid length. [ 525.362077][T20491] netlink: 'syz.0.4394': attribute type 2 has an invalid length. [ 525.388071][T20491] : entered promiscuous mode [ 525.522180][T20500] tipc: Enabling of bearer rejected, failed to enable media [ 526.246466][T20537] syzkaller0: entered promiscuous mode [ 526.252010][T20537] syzkaller0: entered allmulticast mode [ 526.841953][T20570] 8021q: adding VLAN 0 to HW filter on device bond2 [ 526.858104][T20574] macvlan2: entered promiscuous mode [ 526.872269][T20574] bond2: entered promiscuous mode [ 526.896261][T20574] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 526.946976][T20574] bond2: left promiscuous mode [ 527.364359][T20599] x_tables: ip6_tables: CLASSIFY.0 target: invalid size 8 (kernel) != (user) 16 [ 527.653476][T20610] __nla_validate_parse: 14 callbacks suppressed [ 527.653501][T20610] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4442'. [ 527.871231][T20620] tipc: Enabled bearer , priority 0 [ 527.899897][T20620] syzkaller0: entered promiscuous mode [ 527.905783][T20620] syzkaller0: entered allmulticast mode [ 527.988027][T20626] tipc: Enabled bearer , priority 0 [ 528.008469][T20628] syzkaller0: entered promiscuous mode [ 528.038048][T20628] syzkaller0: entered allmulticast mode [ 528.067363][T20620] tipc: Resetting bearer [ 528.088162][T20626] tipc: Resetting bearer [ 528.102046][T20619] tipc: Resetting bearer [ 528.135399][T20619] tipc: Disabling bearer [ 528.151355][T20623] tipc: Resetting bearer [ 528.169852][T20623] tipc: Disabling bearer [ 528.319466][T20641] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4458'. [ 528.370068][T20647] netlink: 904 bytes leftover after parsing attributes in process `syz.1.4460'. [ 528.407562][T20647] netlink: 368 bytes leftover after parsing attributes in process `syz.1.4460'. [ 528.426246][T20647] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4460'. [ 528.486807][T20653] geneve3: entered promiscuous mode [ 528.960913][T20673] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4474'. [ 529.340556][T20693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4484'. [ 529.361691][T20691] tipc: Enabling of bearer rejected, failed to enable media [ 529.422585][T20696] syzkaller0: entered promiscuous mode [ 529.437829][T20696] syzkaller0: entered allmulticast mode [ 529.593113][T20707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4490'. [ 530.090876][T20736] netlink: 'syz.3.4501': attribute type 3 has an invalid length. [ 530.131315][T20721] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 530.154628][T20721] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 530.362243][ T36] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.384770][ T36] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.424530][ T36] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.453218][ T36] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.952422][T20778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 531.015375][T20778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 531.038761][T20778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 531.055231][T20783] ip6gretap1: entered promiscuous mode [ 531.100939][T20785] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4522'. [ 531.921568][T20822] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.4536'. [ 532.065858][T20831] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 532.494535][T20857] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 532.542961][T20857] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 532.578419][T20863] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 532.655993][T20866] netlink: 'syz.4.4558': attribute type 3 has an invalid length. [ 532.674230][T20867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 532.921414][T20883] __nla_validate_parse: 3 callbacks suppressed [ 532.921695][T20883] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.4566'. [ 533.068766][T20891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4569'. [ 533.078334][T20891] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 533.129204][T20893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4571'. [ 533.174856][T20893] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 533.204584][T20897] netlink: 'syz.2.4573': attribute type 2 has an invalid length. [ 533.331491][T20903] syzkaller1: entered promiscuous mode [ 533.338185][T20903] syzkaller1: entered allmulticast mode [ 533.384785][T20906] tipc: Enabled bearer , priority 0 [ 533.392324][T20906] syzkaller0: entered promiscuous mode [ 533.398778][T20906] syzkaller0: entered allmulticast mode [ 533.428036][T20906] tipc: Resetting bearer [ 533.438792][T20905] tipc: Resetting bearer [ 533.457685][T20905] tipc: Disabling bearer [ 533.618202][T20914] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4580'. [ 534.504248][T20940] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4592'. [ 534.864066][T20954] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4599'. [ 535.491931][T20972] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.4607'. [ 535.599334][T20977] syzkaller0: entered promiscuous mode [ 535.605214][T20977] syzkaller0: entered allmulticast mode [ 535.644677][T20980] netlink: 'syz.3.4611': attribute type 11 has an invalid length. [ 535.652583][T20980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4611'. [ 535.839070][T20988] netlink: 'syz.0.4615': attribute type 1 has an invalid length. [ 535.886617][T20988] bond3: entered promiscuous mode [ 535.895215][T20988] 8021q: adding VLAN 0 to HW filter on device bond3 [ 535.948280][T20995] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4617'. [ 536.030971][T20997] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4618'. [ 536.206263][ T56] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 330 seconds [ 536.218192][T12162] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 330 seconds [ 536.229120][ T56] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 330 seconds [ 536.240351][T12162] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 330 seconds [ 536.252227][ T56] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 330 seconds [ 536.264789][T12162] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 330 seconds [ 536.276770][ T56] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 330 seconds [ 536.293039][ T56] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 330 seconds [ 536.438597][T21019] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 537.528837][T21066] tipc: Enabled bearer , priority 0 [ 537.555305][T21066] syzkaller0: entered promiscuous mode [ 537.582393][T21066] syzkaller0: entered allmulticast mode [ 537.676367][T21066] tipc: Resetting bearer [ 537.733617][T21064] tipc: Resetting bearer [ 537.792513][T21064] tipc: Disabling bearer [ 538.120248][T21105] __nla_validate_parse: 7 callbacks suppressed [ 538.120269][T21105] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4669'. [ 538.181265][T21109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4671'. [ 538.196146][T21109] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4671'. [ 538.277277][T21113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4673'. [ 538.437563][T21120] netlink: 'syz.1.4676': attribute type 10 has an invalid length. [ 538.459702][T21120] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 538.995457][T21154] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4693'. [ 539.169293][T21165] ipvlan3: entered promiscuous mode [ 539.188134][T21165] bridge0: port 3(ipvlan3) entered blocking state [ 539.195428][T21165] bridge0: port 3(ipvlan3) entered disabled state [ 539.202286][T21165] ipvlan3: entered allmulticast mode [ 539.208106][T21165] bridge0: entered allmulticast mode [ 539.241099][T21165] ipvlan3: left allmulticast mode [ 539.251627][T21165] bridge0: left allmulticast mode [ 539.791579][T21201] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4717'. [ 540.211269][T21225] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4730'. [ 540.234196][T21228] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 540.264241][T21228] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 540.512142][T21244] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20000 [ 540.541026][T21244] netlink: 'syz.2.4738': attribute type 11 has an invalid length. [ 540.545346][T21245] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4737'. [ 540.595390][T21242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.759470][T21255] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4740'. [ 540.904365][T21266] bridge_slave_0: left allmulticast mode [ 540.910165][T21266] bridge_slave_0: left promiscuous mode [ 540.916396][T21266] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.956680][T21266] bridge_slave_1: left allmulticast mode [ 540.965127][T21266] bridge_slave_1: left promiscuous mode [ 540.971131][T21266] bridge0: port 2(bridge_slave_1) entered disabled state [ 541.016672][T21266] bond0: (slave bond_slave_0): Releasing backup interface [ 541.037322][T21266] bond0: (slave bond_slave_1): Releasing backup interface [ 541.049174][T21266] team_slave_0: left promiscuous mode [ 541.065990][T21266] team0: Port device team_slave_0 removed [ 541.080314][T21266] team_slave_1: left promiscuous mode [ 541.102448][T21266] team0: Port device team_slave_1 removed [ 541.125836][T21266] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 541.155628][T21266] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 541.178618][T21266] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 541.400190][T21282] netlink: 'syz.1.4751': attribute type 11 has an invalid length. [ 541.825056][T21302] team0: left promiscuous mode [ 541.839974][T21302] bond1: left allmulticast mode [ 541.859724][T21302] ip6gre1: left promiscuous mode [ 541.866014][T21302] ip6gre1: left allmulticast mode [ 541.887899][T21302] vlan2: left allmulticast mode [ 541.902019][T21302] mac80211_hwsim hwsim24 wlan0: left allmulticast mode [ 541.909613][T21302] veth5: left allmulticast mode [ 541.916708][T21302] ip6gretap1: left promiscuous mode [ 542.119039][T21316] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 542.911792][T21365] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 542.970156][T21367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4777'. [ 543.048170][T21371] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 543.061137][T21371] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 543.077085][T21368] netlink: 'syz.0.4775': attribute type 9 has an invalid length. [ 543.126916][T21375] __nla_validate_parse: 2 callbacks suppressed [ 543.126935][T21375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4778'. [ 543.164685][T21371] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 543.170728][T21371] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 543.185256][T21371] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 543.198748][T21375] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 543.215543][T21371] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 543.235742][T21371] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 543.271468][T21371] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 543.301743][T21371] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 543.308048][T21371] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 543.539400][T21388] netlink: 1026 bytes leftover after parsing attributes in process `syz.0.4783'. [ 543.719880][T21399] syzkaller1: entered promiscuous mode [ 543.727133][T21399] syzkaller1: entered allmulticast mode [ 543.968879][T21411] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4791'. [ 544.051569][T21411] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 544.249970][T21426] bond6: entered promiscuous mode [ 544.262902][T21426] bond6: entered allmulticast mode [ 544.268707][T21426] 8021q: adding VLAN 0 to HW filter on device bond6 [ 544.307039][T21432] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 544.359095][T21439] netlink: 'syz.0.4798': attribute type 11 has an invalid length. [ 544.406905][T21443] warn_alloc: 1 callbacks suppressed [ 544.406926][T21443] syz.4.4800: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 544.428384][T21443] CPU: 0 UID: 0 PID: 21443 Comm: syz.4.4800 Not tainted syzkaller #0 PREEMPT(full) [ 544.428416][T21443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 544.428429][T21443] Call Trace: [ 544.428437][T21443] [ 544.428447][T21443] dump_stack_lvl+0x189/0x250 [ 544.428487][T21443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 544.428516][T21443] ? __pfx__printk+0x10/0x10 [ 544.428539][T21443] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 544.428569][T21443] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 544.428597][T21443] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 544.428629][T21443] warn_alloc+0x214/0x310 [ 544.428661][T21443] ? stack_depot_save_flags+0x40/0x860 [ 544.428699][T21443] ? __pfx_warn_alloc+0x10/0x10 [ 544.428732][T21443] ? kasan_save_track+0x3e/0x80 [ 544.428758][T21443] ? __kasan_kmalloc+0x93/0xb0 [ 544.428789][T21443] ? xsk_setsockopt+0x4dc/0x8d0 [ 544.428811][T21443] ? do_sock_setsockopt+0x17c/0x1b0 [ 544.428828][T21443] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 544.428846][T21443] ? do_syscall_64+0xfa/0xfa0 [ 544.428872][T21443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.428906][T21443] __vmalloc_node_range_noprof+0x125/0x12d0 [ 544.428973][T21443] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 544.429008][T21443] ? __kasan_kmalloc+0x93/0xb0 [ 544.429046][T21443] vmalloc_user_noprof+0xad/0xf0 [ 544.429099][T21443] ? xskq_create+0xbf/0x170 [ 544.429125][T21443] xskq_create+0xbf/0x170 [ 544.429155][T21443] xsk_init_queue+0xb0/0x110 [ 544.429184][T21443] xsk_setsockopt+0x4dc/0x8d0 [ 544.429212][T21443] ? __pfx_xsk_setsockopt+0x10/0x10 [ 544.429240][T21443] ? __pfx_aa_sk_perm+0x10/0x10 [ 544.429271][T21443] ? aa_sock_opt_perm+0xff/0x1b0 [ 544.429310][T21443] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 544.429330][T21443] ? __pfx_xsk_setsockopt+0x10/0x10 [ 544.429356][T21443] do_sock_setsockopt+0x17c/0x1b0 [ 544.429384][T21443] __x64_sys_setsockopt+0x13f/0x1b0 [ 544.429411][T21443] do_syscall_64+0xfa/0xfa0 [ 544.429437][T21443] ? lockdep_hardirqs_on+0x9c/0x150 [ 544.429463][T21443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.429483][T21443] ? clear_bhb_loop+0x60/0xb0 [ 544.429508][T21443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.429528][T21443] RIP: 0033:0x7f37c1b8efc9 [ 544.429548][T21443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.429567][T21443] RSP: 002b:00007f37c2a53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 544.429591][T21443] RAX: ffffffffffffffda RBX: 00007f37c1de5fa0 RCX: 00007f37c1b8efc9 [ 544.429606][T21443] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 544.429619][T21443] RBP: 00007f37c1c11f91 R08: 0000000000000004 R09: 0000000000000000 [ 544.429631][T21443] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.429644][T21443] R13: 00007f37c1de6038 R14: 00007f37c1de5fa0 R15: 00007fff5d35b258 [ 544.429681][T21443] [ 544.429779][T21443] Mem-Info: [ 544.618786][T21448] netlink: 596 bytes leftover after parsing attributes in process `syz.2.4802'. [ 544.619194][T21443] active_anon:4646 inactive_anon:0 isolated_anon:0 [ 544.619194][T21443] active_file:3404 inactive_file:40046 isolated_file:0 [ 544.619194][T21443] unevictable:768 dirty:118 writeback:0 [ 544.619194][T21443] slab_reclaimable:12615 slab_unreclaimable:131329 [ 544.619194][T21443] mapped:29297 shmem:1362 pagetables:1011 [ 544.619194][T21443] sec_pagetables:0 bounce:0 [ 544.619194][T21443] kernel_misc_reclaimable:0 [ 544.619194][T21443] free:1297602 free_pcp:12563 free_cma:0 [ 544.821698][T21443] Node 0 active_anon:18684kB inactive_anon:0kB active_file:13616kB inactive_file:159980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117188kB dirty:468kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:15092kB pagetables:4104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 544.865422][T21443] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 544.900190][T21443] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 544.933772][T21443] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 544.940322][T21443] Node 0 DMA32 free:1275220kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18484kB inactive_anon:0kB active_file:13616kB inactive_file:159980kB unevictable:1536kB writepending:468kB zspages:0kB present:3129332kB managed:2565164kB mlocked:0kB bounce:0kB free_pcp:35956kB local_pcp:16000kB free_cma:0kB [ 544.950931][T21461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4807'. [ 544.975861][T21443] lowmem_reserve[]: 0 0 0 0 0 [ 544.998325][T21443] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 545.072605][T21443] lowmem_reserve[]: 0 0 0 0 0 [ 545.081923][T21443] Node 1 Normal free:3899828kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:14400kB local_pcp:8320kB free_cma:0kB [ 545.096326][T21461] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 545.165756][T21443] lowmem_reserve[]: 0 0 0 0 0 [ 545.184849][T21443] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 545.284239][T21443] Node 0 DMA32: 830*4kB (ME) 566*8kB (UM) 309*16kB (UM) 228*32kB (UME) 130*64kB (UM) 57*128kB (UM) 27*256kB (UM) 11*512kB (UM) 2*1024kB (UM) 5*2048kB (UM) 296*4096kB (UM) = 1272952kB [ 545.321317][T21443] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 545.352943][T21443] Node 1 Normal: 181*4kB (UME) 48*8kB (UME) 40*16kB (UME) 171*32kB (UME) 52*64kB (UME) 15*128kB (UME) 5*256kB (UM) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 947*4096kB (M) = 3899828kB [ 545.399386][T21471] sch_tbf: burst 8 is lower than device ip6tnl0 mtu (1452) ! [ 545.413063][T21443] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 545.444714][T21443] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 545.485811][T21443] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 545.544221][T21443] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 545.553808][T21443] 44809 total pagecache pages [ 545.566702][T21443] 0 pages in swap cache [ 545.574284][T21443] Free swap = 124996kB [ 545.575862][T21486] netlink: 'syz.3.4814': attribute type 11 has an invalid length. [ 545.578558][T21443] Total swap = 124996kB [ 545.591506][T21443] 2097051 pages RAM [ 545.596161][T21443] 0 pages HighMem/MovableOnly [ 545.611154][T21443] 424118 pages reserved [ 545.621280][T21443] 0 pages cma reserved [ 545.747234][T21493] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 545.869143][T21498] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 545.911981][T21503] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4823'. [ 545.959469][T21503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4823'. [ 546.029489][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4826'. [ 546.032028][T21504] svc: failed to register nfsdv3 RPC service (errno 111). [ 546.059522][T21504] svc: failed to register nfsaclv3 RPC service (errno 111). [ 546.210539][T21519] netlink: 'syz.3.4829': attribute type 1 has an invalid length. [ 546.250167][T21519] 8021q: adding VLAN 0 to HW filter on device bond1 [ 546.306257][T21519] bond1: (slave veth3): Enslaving as an active interface with a down link [ 546.335129][T21519] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 546.562655][T21530] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 546.610629][T21534] netlink: 'syz.1.4836': attribute type 13 has an invalid length. [ 546.632933][T21534] netlink: 'syz.1.4836': attribute type 27 has an invalid length. [ 546.788692][T21545] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4840'. [ 546.830730][T21547] bridge1: entered promiscuous mode [ 546.858239][T21547] bridge1: entered allmulticast mode [ 546.901017][T21553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4843'. [ 547.311850][T21567] xt_CT: You must specify a L4 protocol and not use inversions on it [ 547.317533][T21569] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 549.082533][ T30] audit: type=1107 audit(1762212257.713:5): pid=21632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 549.361382][T21645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4886'. [ 549.372353][T21647] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4887'. [ 549.809344][T21669] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4897'. [ 549.831870][T21669] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 549.844008][T21669] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 549.852028][T21669] gretap1: entered promiscuous mode [ 549.857430][T21669] gretap1: entered allmulticast mode [ 550.198309][T21680] netlink: 'syz.2.4902': attribute type 29 has an invalid length. [ 550.218392][T21680] netlink: 'syz.2.4902': attribute type 29 has an invalid length. [ 550.228676][T21680] netlink: 'syz.2.4902': attribute type 29 has an invalid length. [ 550.238638][T21680] netlink: 'syz.2.4902': attribute type 29 has an invalid length. [ 550.634752][T21693] FAULT_INJECTION: forcing a failure. [ 550.634752][T21693] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 550.673064][T21693] CPU: 1 UID: 0 PID: 21693 Comm: syz.4.4907 Not tainted syzkaller #0 PREEMPT(full) [ 550.673095][T21693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 550.673107][T21693] Call Trace: [ 550.673116][T21693] [ 550.673125][T21693] dump_stack_lvl+0x189/0x250 [ 550.673157][T21693] ? __pfx____ratelimit+0x10/0x10 [ 550.673184][T21693] ? __pfx_dump_stack_lvl+0x10/0x10 [ 550.673210][T21693] ? __pfx__printk+0x10/0x10 [ 550.673231][T21693] ? __might_fault+0xb0/0x130 [ 550.673273][T21693] should_fail_ex+0x414/0x560 [ 550.673309][T21693] _copy_from_user+0x2d/0xb0 [ 550.673336][T21693] csum_and_copy_from_iter_full+0x1e1/0x1ed0 [ 550.673359][T21693] ? rcu_is_watching+0x15/0xb0 [ 550.673389][T21693] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 550.673414][T21693] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 550.673440][T21693] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 550.673467][T21693] ? policy_nodemask+0x27c/0x720 [ 550.673502][T21693] ip_generic_getfrag+0x12f/0x2b0 [ 550.673534][T21693] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 550.673561][T21693] ? skb_page_frag_refill+0x199/0x320 [ 550.673596][T21693] __ip_append_data+0x213b/0x40c0 [ 550.673649][T21693] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 550.673702][T21693] ? __pfx___ip_append_data+0x10/0x10 [ 550.673735][T21693] ? __local_bh_enable_ip+0x12d/0x1c0 [ 550.673757][T21693] ? lockdep_hardirqs_on+0x9c/0x150 [ 550.673788][T21693] ip_append_data+0x10e/0x190 [ 550.673819][T21693] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 550.673849][T21693] udp_sendmsg+0x541/0x2170 [ 550.673886][T21693] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 550.673923][T21693] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 550.673953][T21693] ? __pfx_udp_sendmsg+0x10/0x10 [ 550.673989][T21693] ? __lock_acquire+0xab9/0xd20 [ 550.674047][T21693] ? __pfx_aa_sk_perm+0x10/0x10 [ 550.674071][T21693] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 550.674105][T21693] ? __fget_files+0x2a/0x420 [ 550.674124][T21693] ? sock_rps_record_flow+0x19/0x410 [ 550.674157][T21693] ? inet_sendmsg+0x29c/0x370 [ 550.674184][T21693] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 550.674209][T21693] __sock_sendmsg+0x19c/0x270 [ 550.674240][T21693] __sys_sendto+0x3bd/0x520 [ 550.674263][T21693] ? __pfx___sys_sendto+0x10/0x10 [ 550.674291][T21693] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 550.674335][T21693] ? __fget_files+0x3a0/0x420 [ 550.674367][T21693] ? ksys_write+0x22a/0x250 [ 550.674397][T21693] ? __pfx_ksys_write+0x10/0x10 [ 550.674428][T21693] __x64_sys_sendto+0xde/0x100 [ 550.674452][T21693] do_syscall_64+0xfa/0xfa0 [ 550.674478][T21693] ? lockdep_hardirqs_on+0x9c/0x150 [ 550.674505][T21693] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.674526][T21693] ? clear_bhb_loop+0x60/0xb0 [ 550.674551][T21693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.674569][T21693] RIP: 0033:0x7f37c1b8efc9 [ 550.674589][T21693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.674608][T21693] RSP: 002b:00007f37c2a53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 550.674629][T21693] RAX: ffffffffffffffda RBX: 00007f37c1de5fa0 RCX: 00007f37c1b8efc9 [ 550.674644][T21693] RDX: 000000000000fdbe RSI: 0000200000000100 RDI: 0000000000000005 [ 550.674657][T21693] RBP: 00007f37c2a53090 R08: 0000000000000000 R09: 0000000011000a00 [ 550.674670][T21693] R10: 0000000004004084 R11: 0000000000000246 R12: 0000000000000001 [ 550.674683][T21693] R13: 00007f37c1de6038 R14: 00007f37c1de5fa0 R15: 00007fff5d35b258 [ 550.674720][T21693] [ 551.162205][T21702] netlink: 'syz.0.4910': attribute type 1 has an invalid length. [ 551.261546][T21707] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4911'. [ 551.287336][T21708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4913'. [ 551.356155][T21711] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4913'. [ 551.504418][T21710] bond7: option resend_igmp: invalid value (32767) [ 551.526759][T21710] bond7: option resend_igmp: allowed values 0 - 255 [ 551.547588][T21710] bond7 (unregistering): Released all slaves [ 551.827894][T21723] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4918'. [ 551.976229][T21726] erspan0: entered promiscuous mode [ 551.981509][T21726] erspan0: entered allmulticast mode [ 552.231773][T21735] bond3: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 552.247480][T21735] bond3 (unregistering): Released all slaves [ 552.594956][T21747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4922'. [ 552.975227][T21744] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4923'. [ 553.065537][T21751] sctp: [Deprecated]: syz.3.4923 (pid 21751) Use of int in maxseg socket option. [ 553.065537][T21751] Use struct sctp_assoc_value instead [ 553.391274][T21763] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4928'. [ 553.432285][T21763] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 554.386097][T21794] tipc: Enabled bearer , priority 0 [ 554.408068][T21788] tipc: Resetting bearer [ 554.597565][T21800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4944'. [ 555.398137][ T5904] tipc: Node number set to 168702109 [ 555.825715][T21667] Set syz1 is full, maxelem 65536 reached [ 556.971101][T21788] tipc: Disabling bearer [ 557.232950][T21824] netlink: 'syz.3.4954': attribute type 11 has an invalid length. [ 557.244477][T21824] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4954'. [ 557.274143][T21823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 557.407395][T21837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4958'. [ 557.596860][T21848] syzkaller1: entered promiscuous mode [ 557.610276][T21848] syzkaller1: entered allmulticast mode [ 557.647765][T21855] netlink: 'syz.3.4965': attribute type 3 has an invalid length. [ 557.948212][T21872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4972'. [ 557.958332][T21872] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4972'. [ 558.743296][T21910] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4990'. [ 559.107039][T21932] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4999'. [ 559.313571][T21942] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 559.446774][T21950] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5007'. [ 560.261620][T21987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5024'. [ 560.459236][T21995] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 561.497530][T22063] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5055'. [ 561.977229][T22091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5069'. [ 562.087299][T22095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5070'. [ 562.340011][T22111] pim6reg1: entered promiscuous mode [ 562.355400][T22111] pim6reg1: entered allmulticast mode [ 562.513136][T22119] netlink: 'syz.0.5083': attribute type 16 has an invalid length. [ 562.534758][T22119] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5083'. [ 563.087482][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.146557][T22155] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 108 [ 563.370298][T22166] pimreg: entered allmulticast mode [ 563.408947][T22166] pimreg: left allmulticast mode [ 563.695033][T22183] syzkaller1: entered promiscuous mode [ 563.700569][T22183] syzkaller1: entered allmulticast mode [ 564.207150][T22208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5125'. [ 564.254244][T22208] tipc: Enabling of bearer rejected, failed to enable media [ 564.542016][T22223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5132'. [ 565.264093][T22258] tipc: Started in network mode [ 565.273734][T22258] tipc: Node identity 46e4e44ad528, cluster identity 4711 [ 565.293491][T22258] tipc: Enabled bearer , priority 0 [ 565.459597][T22263] syzkaller0: entered promiscuous mode [ 565.468432][T22263] syzkaller0: entered allmulticast mode [ 565.523386][T22256] tipc: Resetting bearer [ 565.597501][T22256] tipc: Disabling bearer [ 566.010464][T22305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5168'. [ 566.212196][T22318] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5173'. [ 566.284241][ T56] block nbd1: Possible stuck request ffff888024fe0000: control (read@0,1024B). Runtime 360 seconds [ 566.295484][ T56] block nbd1: Possible stuck request ffff888024fe01c0: control (read@1024,1024B). Runtime 360 seconds [ 566.307347][ T56] block nbd1: Possible stuck request ffff888024fe0380: control (read@2048,1024B). Runtime 360 seconds [ 566.319887][ T39] block nbd2: Possible stuck request ffff888025417000: control (read@0,1024B). Runtime 360 seconds [ 566.330747][ T56] block nbd1: Possible stuck request ffff888024fe0540: control (read@3072,1024B). Runtime 360 seconds [ 566.342245][ T39] block nbd2: Possible stuck request ffff8880254171c0: control (read@1024,1024B). Runtime 360 seconds [ 566.354258][ T39] block nbd2: Possible stuck request ffff888025417380: control (read@2048,1024B). Runtime 360 seconds [ 566.367945][ T39] block nbd2: Possible stuck request ffff888025417540: control (read@3072,1024B). Runtime 360 seconds [ 566.815219][T22353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 567.043285][T22368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5195'. [ 567.332276][T22379] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 567.814514][T22409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5214'. [ 567.961737][T22417] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 567.996964][ C0] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 568.665019][T22457] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 568.672890][T22459] sctp: [Deprecated]: syz.0.5236 (pid 22459) Use of int in max_burst socket option deprecated. [ 568.672890][T22459] Use struct sctp_assoc_value instead [ 569.037873][T22474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5244'. [ 569.058289][T22474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5244'. [ 569.083544][T22474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5244'. [ 569.100881][T22474] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5244'. [ 569.212173][T22485] netlink: 'syz.2.5249': attribute type 1 has an invalid length. [ 569.239273][T22483] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 569.338559][T22485] 8021q: adding VLAN 0 to HW filter on device bond3 [ 569.464090][T22489] bond3: (slave veth7): Enslaving as an active interface with a down link [ 569.559529][T22485] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 569.575621][T22485] bond3: (slave batadv1): making interface the new active one [ 569.594829][T22485] batadv1: entered promiscuous mode [ 569.603640][T22485] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 569.825419][T22517] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5262'. [ 569.844805][T22517] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5262'. [ 570.012405][T22522] bond1: (slave veth0_to_bond): Releasing active interface [ 570.056845][T22522] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 570.729478][T22563] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 571.502510][T22611] __nla_validate_parse: 1 callbacks suppressed [ 571.502533][T22611] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5308'. [ 571.565721][T22616] lo speed is unknown, defaulting to 1000 [ 572.549515][T22656] tap0: tun_chr_ioctl cmd 1074025698 [ 572.863586][T22667] geneve2: entered promiscuous mode [ 572.874648][T22667] geneve2: entered allmulticast mode [ 573.416998][T22696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5347'. [ 573.461343][T22700] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5348'. [ 573.616863][T22708] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5353'. [ 573.735898][T22706] syzkaller0: entered promiscuous mode [ 573.753291][T22706] syzkaller0: entered allmulticast mode [ 575.624144][T22741] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5367'. [ 575.868861][T22754] netlink: 'syz.4.5368': attribute type 3 has an invalid length. [ 576.188520][T22777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5382'. [ 576.250201][T22783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5381'. [ 576.314551][T22774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 576.622411][T22803] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5392'. [ 576.730447][T22805] syzkaller0: entered promiscuous mode [ 576.737097][T22805] syzkaller0: entered allmulticast mode [ 576.978109][T22815] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5399'. [ 577.311397][T22833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5405'. [ 577.349193][T22826] [ 577.351593][T22826] ====================================================== [ 577.358717][T22826] WARNING: possible circular locking dependency detected [ 577.365736][T22826] syzkaller #0 Not tainted [ 577.370147][T22826] ------------------------------------------------------ [ 577.377166][T22826] syz.0.5403/22826 is trying to acquire lock: [ 577.383220][T22826] ffff888024d5e808 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1e5/0x4c0 [ 577.392710][T22826] [ 577.392710][T22826] but task is already holding lock: [ 577.400078][T22826] ffff888024d5e2c8 (&q->q_usage_counter(io)#56){++++}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 577.410347][T22826] [ 577.410347][T22826] which lock already depends on the new lock. [ 577.410347][T22826] [ 577.420915][T22826] [ 577.420915][T22826] the existing dependency chain (in reverse order) is: [ 577.429945][T22826] [ 577.429945][T22826] -> #6 (&q->q_usage_counter(io)#56){++++}-{0:0}: [ 577.438552][T22826] lock_acquire+0x120/0x360 [ 577.443611][T22826] blk_alloc_queue+0x538/0x620 [ 577.448898][T22826] __blk_mq_alloc_disk+0x15c/0x340 [ 577.454539][T22826] nbd_dev_add+0x46c/0xae0 [ 577.459490][T22826] nbd_init+0x1c6/0x240 [ 577.464173][T22826] do_one_initcall+0x236/0x820 [ 577.469458][T22826] do_initcall_level+0x104/0x190 [ 577.474909][T22826] do_initcalls+0x59/0xa0 [ 577.479748][T22826] kernel_init_freeable+0x334/0x4b0 [ 577.485459][T22826] kernel_init+0x1d/0x1d0 [ 577.490303][T22826] ret_from_fork+0x4bc/0x870 [ 577.495407][T22826] ret_from_fork_asm+0x1a/0x30 [ 577.500693][T22826] [ 577.500693][T22826] -> #5 (fs_reclaim){+.+.}-{0:0}: [ 577.507916][T22826] lock_acquire+0x120/0x360 [ 577.512939][T22826] fs_reclaim_acquire+0x72/0x100 [ 577.518422][T22826] kmem_cache_alloc_node_noprof+0x48/0x710 [ 577.524770][T22826] __alloc_skb+0x112/0x2d0 [ 577.529709][T22826] __ip6_append_data+0x2c16/0x3f30 [ 577.535360][T22826] ip6_append_data+0x1c1/0x380 [ 577.540647][T22826] rawv6_sendmsg+0x1286/0x1830 [ 577.545950][T22826] __sock_sendmsg+0x19c/0x270 [ 577.551334][T22826] ____sys_sendmsg+0x505/0x830 [ 577.556610][T22826] ___sys_sendmsg+0x21f/0x2a0 [ 577.561803][T22826] __x64_sys_sendmsg+0x19b/0x260 [ 577.567260][T22826] do_syscall_64+0xfa/0xfa0 [ 577.572298][T22826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.578702][T22826] [ 577.578702][T22826] -> #4 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 577.586457][T22826] lock_acquire+0x120/0x360 [ 577.591474][T22826] lock_sock_nested+0x48/0x100 [ 577.596781][T22826] inet_shutdown+0x6a/0x390 [ 577.601806][T22826] nbd_mark_nsock_dead+0x2e9/0x560 [ 577.607439][T22826] recv_work+0x1af4/0x1c10 [ 577.612382][T22826] process_scheduled_works+0xae1/0x17b0 [ 577.618446][T22826] worker_thread+0x8a0/0xda0 [ 577.623575][T22826] kthread+0x711/0x8a0 [ 577.628166][T22826] ret_from_fork+0x4bc/0x870 [ 577.633353][T22826] ret_from_fork_asm+0x1a/0x30 [ 577.638635][T22826] [ 577.638635][T22826] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 577.646377][T22826] lock_acquire+0x120/0x360 [ 577.651597][T22826] __mutex_lock+0x187/0x1350 [ 577.656706][T22826] nbd_queue_rq+0x257/0xf10 [ 577.661722][T22826] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 577.667785][T22826] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 577.674633][T22826] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 577.681148][T22826] blk_mq_run_hw_queue+0x348/0x4f0 [ 577.686865][T22826] blk_mq_dispatch_list+0xd0c/0xe00 [ 577.692615][T22826] blk_mq_flush_plug_list+0x469/0x550 [ 577.698552][T22826] __blk_flush_plug+0x3d3/0x4b0 [ 577.703953][T22826] __submit_bio+0x2d3/0x5a0 [ 577.708971][T22826] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 577.715128][T22826] block_read_full_folio+0x599/0x830 [ 577.720951][T22826] filemap_read_folio+0x117/0x380 [ 577.726500][T22826] do_read_cache_folio+0x350/0x590 [ 577.732132][T22826] read_part_sector+0xb6/0x2b0 [ 577.737427][T22826] adfspart_check_ICS+0xa4/0xa50 [ 577.742909][T22826] bdev_disk_changed+0x75f/0x14b0 [ 577.748471][T22826] blkdev_get_whole+0x380/0x510 [ 577.753841][T22826] bdev_open+0x31e/0xd30 [ 577.758608][T22826] blkdev_open+0x457/0x600 [ 577.763539][T22826] do_dentry_open+0x953/0x13f0 [ 577.768818][T22826] vfs_open+0x3b/0x340 [ 577.773398][T22826] path_openat+0x2ee5/0x3830 [ 577.778508][T22826] do_filp_open+0x1fa/0x410 [ 577.783544][T22826] do_sys_openat2+0x121/0x1c0 [ 577.788746][T22826] __x64_sys_openat+0x138/0x170 [ 577.794121][T22826] do_syscall_64+0xfa/0xfa0 [ 577.799159][T22826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.805583][T22826] [ 577.805583][T22826] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 577.812811][T22826] lock_acquire+0x120/0x360 [ 577.817854][T22826] __mutex_lock+0x187/0x1350 [ 577.822963][T22826] nbd_queue_rq+0xc8/0xf10 [ 577.827894][T22826] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 577.833963][T22826] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 577.840811][T22826] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 577.847326][T22826] blk_mq_run_hw_queue+0x348/0x4f0 [ 577.852960][T22826] blk_mq_dispatch_list+0xd0c/0xe00 [ 577.858780][T22826] blk_mq_flush_plug_list+0x469/0x550 [ 577.864687][T22826] __blk_flush_plug+0x3d3/0x4b0 [ 577.870062][T22826] __submit_bio+0x2d3/0x5a0 [ 577.875081][T22826] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 577.881255][T22826] block_read_full_folio+0x599/0x830 [ 577.887064][T22826] filemap_read_folio+0x117/0x380 [ 577.892627][T22826] do_read_cache_folio+0x350/0x590 [ 577.898275][T22826] read_part_sector+0xb6/0x2b0 [ 577.903589][T22826] adfspart_check_ICS+0xa4/0xa50 [ 577.909082][T22826] bdev_disk_changed+0x75f/0x14b0 [ 577.914643][T22826] blkdev_get_whole+0x380/0x510 [ 577.920017][T22826] bdev_open+0x31e/0xd30 [ 577.924798][T22826] blkdev_open+0x457/0x600 [ 577.929839][T22826] do_dentry_open+0x953/0x13f0 [ 577.935151][T22826] vfs_open+0x3b/0x340 [ 577.939753][T22826] path_openat+0x2ee5/0x3830 [ 577.944890][T22826] do_filp_open+0x1fa/0x410 [ 577.949915][T22826] do_sys_openat2+0x121/0x1c0 [ 577.955186][T22826] __x64_sys_openat+0x138/0x170 [ 577.960567][T22826] do_syscall_64+0xfa/0xfa0 [ 577.965599][T22826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.972010][T22826] [ 577.972010][T22826] -> #1 (set->srcu){.+.+}-{0:0}: [ 577.979215][T22826] lock_sync+0xba/0x160 [ 577.983917][T22826] __synchronize_srcu+0x96/0x3a0 [ 577.989553][T22826] elevator_switch+0x12b/0x640 [ 577.994863][T22826] elevator_change+0x315/0x4c0 [ 578.000162][T22826] elevator_set_default+0x186/0x260 [ 578.005874][T22826] blk_register_queue+0x34e/0x3f0 [ 578.011418][T22826] __add_disk+0x677/0xd50 [ 578.016284][T22826] add_disk_fwnode+0xfc/0x480 [ 578.021474][T22826] nbd_dev_add+0x717/0xae0 [ 578.026414][T22826] nbd_init+0x1c6/0x240 [ 578.031085][T22826] do_one_initcall+0x236/0x820 [ 578.036369][T22826] do_initcall_level+0x104/0x190 [ 578.041818][T22826] do_initcalls+0x59/0xa0 [ 578.046657][T22826] kernel_init_freeable+0x334/0x4b0 [ 578.052364][T22826] kernel_init+0x1d/0x1d0 [ 578.057216][T22826] ret_from_fork+0x4bc/0x870 [ 578.062408][T22826] ret_from_fork_asm+0x1a/0x30 [ 578.067708][T22826] [ 578.067708][T22826] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 578.075564][T22826] validate_chain+0xb9b/0x2140 [ 578.080859][T22826] __lock_acquire+0xab9/0xd20 [ 578.086061][T22826] lock_acquire+0x120/0x360 [ 578.091094][T22826] __mutex_lock+0x187/0x1350 [ 578.096221][T22826] elevator_change+0x1e5/0x4c0 [ 578.101514][T22826] elevator_set_none+0x42/0xb0 [ 578.106815][T22826] blk_mq_update_nr_hw_queues+0x598/0x1ab0 [ 578.113172][T22826] nbd_start_device+0x17f/0xb10 [ 578.118587][T22826] nbd_genl_connect+0x135b/0x18f0 [ 578.124215][T22826] genl_family_rcv_msg_doit+0x215/0x300 [ 578.130279][T22826] genl_rcv_msg+0x60e/0x790 [ 578.135319][T22826] netlink_rcv_skb+0x208/0x470 [ 578.140605][T22826] genl_rcv+0x28/0x40 [ 578.145203][T22826] netlink_unicast+0x82f/0x9e0 [ 578.150485][T22826] netlink_sendmsg+0x805/0xb30 [ 578.155766][T22826] __sock_sendmsg+0x21c/0x270 [ 578.160980][T22826] ____sys_sendmsg+0x505/0x830 [ 578.166257][T22826] ___sys_sendmsg+0x21f/0x2a0 [ 578.171447][T22826] __x64_sys_sendmsg+0x19b/0x260 [ 578.176900][T22826] do_syscall_64+0xfa/0xfa0 [ 578.181924][T22826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.188332][T22826] [ 578.188332][T22826] other info that might help us debug this: [ 578.188332][T22826] [ 578.198554][T22826] Chain exists of: [ 578.198554][T22826] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#56 [ 578.198554][T22826] [ 578.212285][T22826] Possible unsafe locking scenario: [ 578.212285][T22826] [ 578.219725][T22826] CPU0 CPU1 [ 578.225088][T22826] ---- ---- [ 578.230442][T22826] lock(&q->q_usage_counter(io)#56); [ 578.235916][T22826] lock(fs_reclaim); [ 578.242414][T22826] lock(&q->q_usage_counter(io)#56); [ 578.250408][T22826] lock(&q->elevator_lock); [ 578.255000][T22826] [ 578.255000][T22826] *** DEADLOCK *** [ 578.255000][T22826] [ 578.263306][T22826] 6 locks held by syz.0.5403/22826: [ 578.268522][T22826] #0: ffffffff8f331050 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 578.276797][T22826] #1: ffffffff8f330e68 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 578.285759][T22826] #2: ffff8880254cb9c8 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa7/0x1ab0 [ 578.297149][T22826] #3: ffff8880254cb8d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xba/0x1ab0 [ 578.308125][T22826] #4: ffff888024d5e2c8 (&q->q_usage_counter(io)#56){++++}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 578.318762][T22826] #5: ffff888024d5e300 (&q->q_usage_counter(queue)#40){+.+.}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 578.330683][T22826] [ 578.330683][T22826] stack backtrace: [ 578.336596][T22826] CPU: 0 UID: 0 PID: 22826 Comm: syz.0.5403 Not tainted syzkaller #0 PREEMPT(full) [ 578.336615][T22826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 578.336623][T22826] Call Trace: [ 578.336631][T22826] [ 578.336638][T22826] dump_stack_lvl+0x189/0x250 [ 578.336661][T22826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 578.336677][T22826] ? __pfx__printk+0x10/0x10 [ 578.336690][T22826] ? print_lock_name+0xde/0x100 [ 578.336702][T22826] print_circular_bug+0x2ee/0x310 [ 578.336719][T22826] check_noncircular+0x134/0x160 [ 578.336735][T22826] validate_chain+0xb9b/0x2140 [ 578.336758][T22826] __lock_acquire+0xab9/0xd20 [ 578.336771][T22826] ? elevator_change+0x1e5/0x4c0 [ 578.336788][T22826] lock_acquire+0x120/0x360 [ 578.336799][T22826] ? elevator_change+0x1e5/0x4c0 [ 578.336820][T22826] __mutex_lock+0x187/0x1350 [ 578.336837][T22826] ? elevator_change+0x1e5/0x4c0 [ 578.336855][T22826] ? xa_find_after+0xae/0x430 [ 578.336867][T22826] ? xa_find_after+0x402/0x430 [ 578.336877][T22826] ? elevator_change+0x1e5/0x4c0 [ 578.336893][T22826] ? xa_find_after+0xae/0x430 [ 578.336903][T22826] ? __pfx___mutex_lock+0x10/0x10 [ 578.336922][T22826] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 578.336936][T22826] elevator_change+0x1e5/0x4c0 [ 578.336955][T22826] elevator_set_none+0x42/0xb0 [ 578.336973][T22826] blk_mq_update_nr_hw_queues+0x598/0x1ab0 [ 578.336990][T22826] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 578.337007][T22826] ? sysfs_add_file_mode_ns+0x259/0x300 [ 578.337023][T22826] nbd_start_device+0x17f/0xb10 [ 578.337037][T22826] ? device_create_file+0xf4/0x1c0 [ 578.337050][T22826] nbd_genl_connect+0x135b/0x18f0 [ 578.337064][T22826] ? __pfx_nbd_genl_connect+0x10/0x10 [ 578.337077][T22826] ? rcu_is_watching+0x15/0xb0 [ 578.337091][T22826] ? __nla_parse+0x40/0x60 [ 578.337105][T22826] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 578.337123][T22826] genl_family_rcv_msg_doit+0x215/0x300 [ 578.337141][T22826] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 578.337159][T22826] ? stack_trace_save+0x9c/0xe0 [ 578.337176][T22826] genl_rcv_msg+0x60e/0x790 [ 578.337192][T22826] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.337206][T22826] ? __pfx_nbd_genl_connect+0x10/0x10 [ 578.337220][T22826] netlink_rcv_skb+0x208/0x470 [ 578.337238][T22826] ? __lock_acquire+0xab9/0xd20 [ 578.337249][T22826] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.337263][T22826] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 578.337286][T22826] ? down_read+0x1ad/0x2e0 [ 578.337297][T22826] genl_rcv+0x28/0x40 [ 578.337310][T22826] netlink_unicast+0x82f/0x9e0 [ 578.337329][T22826] ? __pfx_netlink_unicast+0x10/0x10 [ 578.337346][T22826] ? netlink_sendmsg+0x642/0xb30 [ 578.337356][T22826] ? skb_put+0x11b/0x210 [ 578.337368][T22826] netlink_sendmsg+0x805/0xb30 [ 578.337381][T22826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.337393][T22826] ? aa_sock_msg_perm+0xf1/0x1d0 [ 578.337419][T22826] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 578.337437][T22826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.337456][T22826] __sock_sendmsg+0x21c/0x270 [ 578.337485][T22826] ____sys_sendmsg+0x505/0x830 [ 578.337543][T22826] ? __pfx_____sys_sendmsg+0x10/0x10 [ 578.337558][T22826] ? import_iovec+0x74/0xa0 [ 578.337574][T22826] ___sys_sendmsg+0x21f/0x2a0 [ 578.337587][T22826] ? __pfx____sys_sendmsg+0x10/0x10 [ 578.337608][T22826] ? __fget_files+0x2a/0x420 [ 578.337619][T22826] ? __fget_files+0x3a0/0x420 [ 578.337632][T22826] __x64_sys_sendmsg+0x19b/0x260 [ 578.337645][T22826] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 578.337661][T22826] ? do_syscall_64+0xbe/0xfa0 [ 578.337679][T22826] do_syscall_64+0xfa/0xfa0 [ 578.337694][T22826] ? lockdep_hardirqs_on+0x9c/0x150 [ 578.337711][T22826] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.337723][T22826] ? clear_bhb_loop+0x60/0xb0 [ 578.337736][T22826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.337748][T22826] RIP: 0033:0x7f339e78efc9 [ 578.337763][T22826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.337774][T22826] RSP: 002b:00007f339f666038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 578.337789][T22826] RAX: ffffffffffffffda RBX: 00007f339e9e5fa0 RCX: 00007f339e78efc9 [ 578.337799][T22826] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004 [ 578.337807][T22826] RBP: 00007f339e811f91 R08: 0000000000000000 R09: 0000000000000000 [ 578.337815][T22826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.337822][T22826] R13: 00007f339e9e6038 R14: 00007f339e9e5fa0 R15: 00007ffe4f91c128 [ 578.337836][T22826] [ 578.922815][ T52] block nbd7: Receive control failed (result -32) [ 578.924814][ T5833] block nbd7: Receive control failed (result -32) [ 578.929411][ T52] block nbd7: Receive control failed (result -32) [ 578.935922][T11276] block nbd7: Receive control failed (result -32) [ 578.962803][T22826] nbd7: detected capacity change from 0 to 127 [ 582.073186][ T36] batadv1: left promiscuous mode