last executing test programs: 1.886407501s ago: executing program 4 (id=3420): unshare(0x2040400) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0) 1.715930476s ago: executing program 4 (id=3424): close(0x3) r0 = socket(0x2, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000440)={r2, 0xf346}, &(0x7f0000000480)=0x8) 1.603989466s ago: executing program 4 (id=3428): r0 = socket$can_raw(0x1d, 0x3, 0x1) recvmmsg(r0, &(0x7f0000005880)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000005c0)=""/219, 0xdb}, {&(0x7f00000006c0)=""/198, 0xc6}], 0x2}, 0xffffff51}], 0x1, 0x4002, &(0x7f0000005a00)={0x0, 0x989680}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0x20000000) 987.69842ms ago: executing program 1 (id=3446): write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4c050) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) 973.447986ms ago: executing program 3 (id=3448): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x3d, 0x0, 0x0, 0x100}, {0x6, 0x9, 0x0, 0x3}]}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @dccp_packet={0xc, 0x6, "896e24", 0x10, 0x21, 0x0, @empty, @mcast2, {[], {{0x4e23, 0x5, 0x4, 0x1, 0x7, 0x0, 0x0, 0x7, 0x2, "1aa6c5", 0x4, "acc0a4"}}}}}}}, 0x0) 918.271391ms ago: executing program 0 (id=3449): r0 = socket$netlink(0x10, 0x3, 0x10) pread64(0xffffffffffffffff, &(0x7f0000001440)=""/126, 0x7e, 0x44) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {0x0, 0x3}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x20008884}, 0x8000) 795.560423ms ago: executing program 1 (id=3452): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x41, 0x1, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@id={0x1e, 0x3, 0x0, {0x8f}}, 0x10, 0x0}, 0x0) 795.341832ms ago: executing program 3 (id=3453): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0xfffffffc}, 0x1c) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 714.533866ms ago: executing program 1 (id=3454): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x2, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, 0x0, 0x0) 683.923154ms ago: executing program 4 (id=3455): r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000280)=0x3, 0x4) 600.050672ms ago: executing program 0 (id=3456): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000001000010029bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8427000024010000140003006e657464657673696d30000000000000140016"], 0x5c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) 599.855953ms ago: executing program 3 (id=3457): r0 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) 570.391451ms ago: executing program 0 (id=3458): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10) bind$tipc(r0, 0x0, 0x0) 533.599527ms ago: executing program 1 (id=3459): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x69801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendto$packet(r0, &(0x7f0000000280)=',', 0x1, 0x6040004, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @local}, 0x14) 478.570458ms ago: executing program 2 (id=3460): r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0xffde, 0x100000, @mcast1, 0x9}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=[@rthdr={{0x18, 0x29, 0x39, {0x29, 0x0, 0x1, 0x4}}}], 0x18}, 0x0) 478.444765ms ago: executing program 0 (id=3461): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0xb, 0x4) 423.969751ms ago: executing program 4 (id=3462): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x30}}, 0x20000000) 419.573127ms ago: executing program 3 (id=3463): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@alu={0x4, 0x0, 0x1, 0x9, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, @exit], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00'}, 0x94) 405.938827ms ago: executing program 2 (id=3464): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)="449f6aed244825b22ab6c0ec1ca000"/24, 0x18}, {&(0x7f00000014c0)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea", 0x122}], 0x2}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="050843cb1008", 0x6}, {&(0x7f0000000340)="f742c97e8353ef9d8afd344747fb058fea97deff79dbb8e7b56b20a2d430240bf6d32e802d80bb22b2c4ec0293eb6e0c35c0e2e244ad426db18e9403dc1b6b93bfb0ea8f4cb3f3f9cf3a2379cbb191020885ad9a829313c85064a06bc36da8d9a89b20656f349ba2f202c322bd93c50ad4a2d407383bfb6bef053dbb620324f60dfce9383279f82f5e7148e317cfa432eb7d7d38db6d1c70af445a17b02ad5957e83336c68286d2fccc1dfa976d5a08b894e72aed5ee5efd35", 0xb9}, {&(0x7f0000000dc0)="924a47d58460977aa3ca02e0fa7e5a29c19a836ac747ed79c3facf74da5b89e37c7fb07ad69ad60dd950679dbaaf69904a056fbcd90000c4942a8eff18f6001044c0e8a4c64eb587af1e9cc889e3501dc87f5d05a6b7aa1e5e9856ef93d5e8fd4c51224726606167d8bcdff5d293d6970c989916fef40f4aa2c101f0e17fc3a38af487252221eb68e281615125c80dbe7788c13611b6ec3bfa8980b79684a50897fafc9050ed78acd4e96f7be064083294f9da8c6ab75536b927498dd7f1ada75f1b43f32a2a9cef99f1c75c7ea9e59a0505cadc25938d54974b37d29aa07c3b9ad3f5fff07e063007156e4e88d9df52a9f05d1e44742ebf5d0fbc60b2d2f9966dd64d043705c7d650d71aeb1fa9afc8f3c89d19b61109000000e0f821f16d74ec99d410105c5a02f2aae85d72dc96a5fb60824603769132929dae05bd379d6eb48dbb2a9a0334341d109c990805140c540f3d4b564c0befad33ebab4d74dc16c5f0b2b13dc8434d7b76a167dbe2a57fcb6a277af3779fb81b28886abc5c270ec1d47c5ccbb392d0ea7d29f24ca358a995ed9ae64df67fe427f653dbd299259856df6f8b73b09227cc5c3b3553779557a41c836789a77c29a827092a239363ba009bc08a", 0x1c4}], 0x3}}], 0x2, 0x40408e0) 295.9739ms ago: executing program 3 (id=3465): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="600000000001010400000000141a00000200000020000180140001800800010064010102080002"], 0x60}}, 0x0) 295.803983ms ago: executing program 2 (id=3466): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="050000000c000000400000000300"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140), &(0x7f0000000040), 0x1003, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f0000000300), 0x0}, 0x20) 295.626537ms ago: executing program 4 (id=3467): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x48, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}}, 0x20008090) 239.537696ms ago: executing program 2 (id=3468): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000)=0x4, 0x4) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000a00)={0xa, 0x4e21, 0x0, @local, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918"], 0x590}}], 0x1, 0x8008801) 222.814969ms ago: executing program 0 (id=3469): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x3a, 0xd0, 0x0, 0x6a) 135.946202ms ago: executing program 1 (id=3470): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x30, 0x0, 0x0, 0xfffff021}]}, 0x10) 135.660233ms ago: executing program 3 (id=3471): socketpair(0x22, 0x6, 0x5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40440c4}, 0x90) 135.380552ms ago: executing program 2 (id=3472): r0 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000040)=0x10000) 101.501209ms ago: executing program 0 (id=3473): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) sendmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r3, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) 54.077755ms ago: executing program 2 (id=3474): bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) socket$inet_smc(0x2b, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x11}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r1, r3, 0x25, 0x2, @val=@netfilter={0x3, 0x1, 0x0, 0x1}}, 0x20) syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0) 0s ago: executing program 1 (id=3475): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): 0.919722][T10419] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.933502][T10419] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.950773][T10419] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 260.967036][T11829] tipc: Enabled bearer , priority 0 [ 260.974753][T11829] syzkaller0: entered promiscuous mode [ 260.981731][T11829] syzkaller0: entered allmulticast mode [ 261.010818][T11828] tipc: Resetting bearer [ 261.045362][T11849] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 261.058565][T11828] tipc: Disabling bearer [ 261.325008][T11872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1567'. [ 261.338239][T11872] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1567'. [ 261.423516][T11876] veth0: entered promiscuous mode [ 261.491612][T11875] veth0: left promiscuous mode [ 261.555411][T11884] netlink: 'syz.4.1574': attribute type 3 has an invalid length. [ 261.991439][T11909] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1583'. [ 262.014029][T11915] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1582'. [ 262.211838][T11924] tipc: Enabled bearer , priority 0 [ 262.219618][T11924] syzkaller0: entered promiscuous mode [ 262.225268][T11924] syzkaller0: entered allmulticast mode [ 262.305045][T11924] tipc: Resetting bearer [ 262.390467][T11923] tipc: Resetting bearer [ 262.442623][T11923] tipc: Disabling bearer [ 262.665667][T11956] netlink: 'syz.0.1595': attribute type 23 has an invalid length. [ 262.744141][T11954] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1594'. [ 262.767880][T11958] netlink: 'syz.2.1596': attribute type 2 has an invalid length. [ 262.853107][T11964] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 262.931020][T11967] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 262.961091][T11967] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 263.077038][T11967] macvlan2: entered promiscuous mode [ 263.082387][T11967] macvlan2: entered allmulticast mode [ 263.091344][T11967] bond5: (slave macvlan2): Error -98 calling set_mac_address [ 263.176780][T11991] xt_hashlimit: size too large, truncated to 1048576 [ 263.193833][T11995] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 263.310137][T11997] dvmrp0: entered allmulticast mode [ 263.346601][T12002] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 263.404948][T12002] team1: entered promiscuous mode [ 263.431376][T12002] team1: entered allmulticast mode [ 263.516530][T12006] ipvlan2: entered promiscuous mode [ 263.554839][T11997] dvmrp0: left allmulticast mode [ 264.145872][T12033] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 264.348999][T12045] xt_policy: output policy not valid in PREROUTING and INPUT [ 264.397944][T12050] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 264.716652][T12060] netlink: 'syz.0.1626': attribute type 1 has an invalid length. [ 264.790251][T12064] x_tables: duplicate underflow at hook 3 [ 264.860553][T12066] bond6: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 264.883907][T12066] bond6 (unregistering): Released all slaves [ 265.106993][T12087] netlink: 'syz.4.1637': attribute type 9 has an invalid length. [ 265.168381][T12093] netlink: 'syz.1.1639': attribute type 1 has an invalid length. [ 265.238146][ T5844] Bluetooth: hci0: command tx timeout [ 265.292364][T12094] gretap3: entered promiscuous mode [ 265.320618][T12094] bond2: (slave gretap3): making interface the new active one [ 265.330114][T12094] bond2: (slave gretap3): Enslaving as an active interface with an up link [ 265.720910][T12125] __nla_validate_parse: 14 callbacks suppressed [ 265.720930][T12125] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1649'. [ 265.897402][T12141] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1653'. [ 265.980376][T12145] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1654'. [ 265.991784][T12145] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1654'. [ 266.008048][T12142] macvlan0: mtu greater than device maximum [ 266.014201][T12142] macvlan0: mtu greater than device maximum [ 266.061868][T12142] macvlan0: mtu greater than device maximum [ 266.068208][T12142] macvlan0: mtu greater than device maximum [ 266.089492][T12142] macvlan0: mtu greater than device maximum [ 266.111738][T12142] macvlan0: mtu greater than device maximum [ 266.123683][T12142] macvlan0: mtu greater than device maximum [ 266.156088][T12142] macvlan0: mtu greater than device maximum [ 266.181859][T12142] macvlan0: mtu greater than device maximum [ 266.442330][T12159] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1658'. [ 266.452353][T12161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1659'. [ 266.472938][T12159] bond3: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-tlb(5) [ 266.579554][T12159] bond3 (unregistering): Released all slaves [ 266.806212][T12176] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1665'. [ 266.816814][T12176] netlink: 'syz.1.1665': attribute type 7 has an invalid length. [ 266.824704][T12176] netlink: 'syz.1.1665': attribute type 8 has an invalid length. [ 266.840304][T12176] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1665'. [ 266.880344][T12183] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 266.921582][T12176] batadv_slave_1: entered promiscuous mode [ 266.963782][T12176] batadv_slave_1: left promiscuous mode [ 267.273424][T12217] x_tables: duplicate underflow at hook 1 [ 267.471943][T12230] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 267.488622][T12227] vlan0: entered promiscuous mode [ 267.618955][T12233] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1679'. [ 267.655695][T12241] IPVS: set_ctl: invalid protocol: 2 100.1.1.1:20001 [ 267.666466][T12237] syzkaller0: entered promiscuous mode [ 267.671969][T12237] syzkaller0: entered allmulticast mode [ 267.821468][T12249] netlink: 'syz.4.1684': attribute type 10 has an invalid length. [ 267.851589][T12251] lec:lec_atm_send: lec0: Unknown message type -1808097232 [ 267.889969][T12249] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.928292][T12249] team0: entered promiscuous mode [ 267.934758][T12249] C: entered promiscuous mode [ 267.951189][T12249] bond0: (slave team0): Enslaving as an active interface with an up link [ 267.979336][T12252] netlink: 'syz.0.1683': attribute type 29 has an invalid length. [ 267.993917][T12252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1683'. [ 268.055423][T12205] vlan2: entered promiscuous mode [ 268.083747][T12205] bond0: entered promiscuous mode [ 268.093826][T12205] bond_slave_0: entered promiscuous mode [ 268.101492][T12205] bond_slave_1: entered promiscuous mode [ 268.107932][T12205] geneve1: entered promiscuous mode [ 268.113528][T12205] bridge0: entered promiscuous mode [ 268.131902][T12205] bond0: (slave vlan2): Opening slave failed [ 268.146867][T12258] netlink: 'syz.0.1683': attribute type 29 has an invalid length. [ 268.148452][T12268] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 268.163275][T12204] lec:lec_atm_close: lec0: Shut down! [ 268.474440][T12287] netlink: 'syz.4.1693': attribute type 23 has an invalid length. [ 268.840214][T12312] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 268.929741][ T5844] Bluetooth: hci0: command tx timeout [ 269.022353][T12328] net_ratelimit: 24 callbacks suppressed [ 269.022369][T12328] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 269.063909][T12323] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 269.541528][T12359] syzkaller1: entered promiscuous mode [ 269.549011][T12359] syzkaller1: entered allmulticast mode [ 270.140498][T12395] netlink: 'syz.1.1720': attribute type 13 has an invalid length. [ 270.475054][T12423] netlink: 'syz.1.1727': attribute type 11 has an invalid length. [ 270.543490][T12429] bond7: peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms [ 270.559222][T12429] bond7: entered promiscuous mode [ 270.565020][T12429] bond7: entered allmulticast mode [ 270.572866][T12429] 8021q: adding VLAN 0 to HW filter on device bond7 [ 270.580268][T12427] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 270.603533][T12427] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 270.646262][T12427] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 270.661253][T12427] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 270.721584][T12427] batadv0 (unregistering): left promiscuous mode [ 270.750997][T12451] xt_cgroup: invalid path, errno=-2 [ 270.760956][T12451] __nla_validate_parse: 15 callbacks suppressed [ 270.760973][T12451] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1734'. [ 270.768850][T12445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1732'. [ 270.787832][T12445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1732'. [ 270.811537][T12439] tipc: Enabled bearer , priority 0 [ 270.830953][T12433] syzkaller0: entered promiscuous mode [ 270.837027][T12433] syzkaller0: entered allmulticast mode [ 270.999372][T12446] tipc: Resetting bearer [ 271.018887][T12432] tipc: Resetting bearer [ 271.067127][T12432] tipc: Disabling bearer [ 271.082497][T12463] netlink: 'syz.3.1738': attribute type 10 has an invalid length. [ 271.120375][T12457] syzkaller0: entered promiscuous mode [ 271.134662][T12457] syzkaller0: entered allmulticast mode [ 271.247177][T12475] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 271.505007][T12490] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 271.803959][T12509] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1748'. [ 271.824090][T12513] nftables ruleset with unbound set [ 272.026811][T12533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1754'. [ 272.272871][T12547] netlink: 'syz.3.1761': attribute type 1 has an invalid length. [ 272.294982][T12547] netlink: 'syz.3.1761': attribute type 16 has an invalid length. [ 272.336306][T12547] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1761'. [ 272.477095][T12564] raw_sendmsg: syz.0.1765 forgot to set AF_INET. Fix it! [ 272.508261][T12569] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1767'. [ 272.563121][T12572] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1767'. [ 272.676922][T12572] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1767'. [ 272.693628][T12580] netlink: 'syz.0.1768': attribute type 10 has an invalid length. [ 272.783466][T12580] team0: Port device dummy0 added [ 272.821765][T12586] IPv6: sit3: Disabled Multicast RS [ 272.850734][T12586] sit3: entered allmulticast mode [ 273.033581][T12594] tipc: Enabled bearer , priority 0 [ 273.050185][T12594] syzkaller0: entered promiscuous mode [ 273.066410][T12594] syzkaller0: entered allmulticast mode [ 273.160837][T12604] tipc: Resetting bearer [ 273.179019][T12606] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1774'. [ 273.202147][T12593] tipc: Resetting bearer [ 273.270434][T12593] tipc: Disabling bearer [ 273.767600][T12639] netlink: 'syz.2.1782': attribute type 1 has an invalid length. [ 273.808568][T12642] xt_HMARK: spi-set and port-set can't be combined [ 273.818797][T12639] vlan2: entered allmulticast mode [ 273.823942][T12639] erspan0: entered allmulticast mode [ 274.183155][T12668] netlink: 'syz.2.1792': attribute type 1 has an invalid length. [ 274.193616][T12668] netlink: 'syz.2.1792': attribute type 4 has an invalid length. [ 274.267786][T12676] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 274.594889][T12692] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 274.988053][T12728] netlink: 'syz.4.1808': attribute type 12 has an invalid length. [ 275.034949][T12729] geneve3: entered promiscuous mode [ 275.419527][T12756] tipc: Enabled bearer , priority 0 [ 275.448147][T12754] netlink: 'syz.3.1816': attribute type 17 has an invalid length. [ 275.461725][T12756] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 275.485424][T12756] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 275.569348][T12770] netlink: 'syz.4.1820': attribute type 10 has an invalid length. [ 275.605785][T12756] tipc: Resetting bearer [ 275.697532][T12776] Cannot find del_set index 509 as target [ 275.844707][T12793] __nla_validate_parse: 13 callbacks suppressed [ 275.844724][T12793] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1822'. [ 275.895185][T12798] netlink: 'syz.3.1826': attribute type 10 has an invalid length. [ 275.952887][T12798] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 275.989687][T12794] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1824'. [ 276.050333][T12810] bond0: Error: Cannot enslave bond to itself. [ 276.124223][T12818] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 276.454571][T12851] netlink: 'syz.2.1836': attribute type 3 has an invalid length. [ 276.496647][T12851] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1836'. [ 276.598844][ T5844] Bluetooth: hci0: command tx timeout [ 276.656070][T12861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1839'. [ 276.767977][T12865] netem: incorrect gi model size [ 276.773247][T12865] netem: change failed [ 276.991332][T12881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1843'. [ 277.017656][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 277.024301][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.032281][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.040139][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.048078][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.055900][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.063856][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.071709][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.079644][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.087484][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.095382][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.103236][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.111181][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.115849][T12887] netlink: 'syz.2.1844': attribute type 1 has an invalid length. [ 277.119076][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.119171][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 277.119188][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 277.155159][T12887] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1844'. [ 277.209665][T12887] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1844'. [ 277.386901][T12897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1848'. [ 277.448411][T12891] netlink: 71 bytes leftover after parsing attributes in process `syz.2.1849'. [ 277.528982][T12905] netlink: 'syz.4.1852': attribute type 21 has an invalid length. [ 277.539324][T12903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1850'. [ 277.895325][T12941] vlan4: entered allmulticast mode [ 277.905540][T12941] bridge_slave_0: entered allmulticast mode [ 278.049196][T12951] tipc: Enabling of bearer rejected, already enabled [ 278.057925][T12953] tipc: Enabling of bearer rejected, already enabled [ 278.147794][T12962] netlink: 'syz.0.1867': attribute type 11 has an invalid length. [ 278.165233][T12962] netlink: 'syz.0.1867': attribute type 11 has an invalid length. [ 278.595960][T12997] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 279.058883][T13022] pim6reg1: entered promiscuous mode [ 279.076778][T13022] pim6reg1: entered allmulticast mode [ 279.083674][ T5893] IPVS: starting estimator thread 0... [ 279.177663][T13032] IPVS: using max 33 ests per chain, 79200 per kthread [ 279.251271][T13040] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 279.419274][T13047] syzkaller0: entered promiscuous mode [ 279.424897][T13047] syzkaller0: entered allmulticast mode [ 279.702840][T13070] syzkaller0: entered promiscuous mode [ 279.712073][T13070] syzkaller0: entered allmulticast mode [ 279.794045][T13077] tipc: Enabled bearer , priority 0 [ 279.874680][T13077] tipc: Disabling bearer [ 279.913234][T13074] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6) [ 280.033010][T13097] netlink: 'syz.2.1904': attribute type 2 has an invalid length. [ 280.051080][T13100] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 280.184522][T13110] netlink: 'syz.3.1910': attribute type 2 has an invalid length. [ 280.325968][T13116] bridge35: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 280.589705][T13140] batadv_slave_1: entered promiscuous mode [ 280.730993][T13147] bond7: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 280.748501][T13147] bond7 (unregistering): Released all slaves [ 280.961123][T13164] hsr0 speed is unknown, defaulting to 1000 [ 280.991893][T13164] wg1 speed is unknown, defaulting to 1000 [ 281.009904][T13170] __nla_validate_parse: 17 callbacks suppressed [ 281.009920][T13170] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1925'. [ 281.057211][T13167] gtp0: entered promiscuous mode [ 281.063114][T13167] gtp0: entered allmulticast mode [ 281.178561][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1930'. [ 281.291290][T13184] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 281.345403][T13194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1933'. [ 281.417960][T13138] batadv_slave_1: left promiscuous mode [ 281.500850][T13201] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1937'. [ 281.532966][T13207] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1938'. [ 281.594576][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1936'. [ 281.680701][T13215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1940'. [ 281.743234][T13225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1939'. [ 281.816884][T13230] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1944'. [ 281.928602][T13236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1945'. [ 282.019948][T13240] syzkaller0: entered promiscuous mode [ 282.025457][T13240] syzkaller0: entered allmulticast mode [ 282.176424][T13247] syz.4.1949: vmalloc error: size 69206016, failed to allocated page array size 135168, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 282.212195][T13247] CPU: 0 UID: 0 PID: 13247 Comm: syz.4.1949 Not tainted syzkaller #0 PREEMPT(full) [ 282.212220][T13247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 282.212243][T13247] Call Trace: [ 282.212250][T13247] [ 282.212258][T13247] dump_stack_lvl+0x189/0x250 [ 282.212289][T13247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.212311][T13247] ? __pfx__printk+0x10/0x10 [ 282.212329][T13247] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 282.212351][T13247] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 282.212375][T13247] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 282.212400][T13247] warn_alloc+0x214/0x310 [ 282.212431][T13247] ? __pfx_warn_alloc+0x10/0x10 [ 282.212465][T13247] ? __get_vm_area_node+0x28f/0x300 [ 282.212488][T13247] ? nf_tables_newset+0x1330/0x2540 [ 282.212513][T13247] __vmalloc_node_range_noprof+0x690/0x12d0 [ 282.212566][T13247] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 282.212590][T13247] ? nf_tables_newset+0x1330/0x2540 [ 282.212613][T13247] ? rcu_is_watching+0x15/0xb0 [ 282.212633][T13247] ? nf_tables_newset+0x1330/0x2540 [ 282.212653][T13247] __kvmalloc_node_noprof+0x674/0x910 [ 282.212678][T13247] ? nf_tables_newset+0x1330/0x2540 [ 282.212702][T13247] ? nft_set_lookup+0x128/0x150 [ 282.212722][T13247] ? nft_hash_privsize+0x7f/0xf0 [ 282.212743][T13247] nf_tables_newset+0x1330/0x2540 [ 282.212775][T13247] ? __pfx_nf_tables_newset+0x10/0x10 [ 282.212815][T13247] ? __nla_parse+0x40/0x60 [ 282.212839][T13247] nfnetlink_rcv+0x11d9/0x2590 [ 282.212898][T13247] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 282.212935][T13247] ? ref_tracker_free+0x63a/0x7d0 [ 282.212979][T13247] ? __netlink_deliver_tap+0x807/0x850 [ 282.213005][T13247] ? netlink_deliver_tap+0x2e/0x1b0 [ 282.213048][T13247] netlink_unicast+0x82f/0x9e0 [ 282.213086][T13247] ? __pfx_netlink_unicast+0x10/0x10 [ 282.213111][T13247] ? netlink_sendmsg+0x642/0xb30 [ 282.213126][T13247] ? skb_put+0x11b/0x210 [ 282.213147][T13247] netlink_sendmsg+0x805/0xb30 [ 282.213174][T13247] ? __pfx_netlink_sendmsg+0x10/0x10 [ 282.213194][T13247] ? aa_sock_msg_perm+0xf1/0x1d0 [ 282.213221][T13247] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 282.213239][T13247] ? __pfx_netlink_sendmsg+0x10/0x10 [ 282.213257][T13247] __sock_sendmsg+0x21c/0x270 [ 282.213282][T13247] ____sys_sendmsg+0x505/0x830 [ 282.213307][T13247] ? __pfx_____sys_sendmsg+0x10/0x10 [ 282.213336][T13247] ? import_iovec+0x74/0xa0 [ 282.213361][T13247] ___sys_sendmsg+0x21f/0x2a0 [ 282.213382][T13247] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.213438][T13247] ? __fget_files+0x2a/0x420 [ 282.213455][T13247] ? __fget_files+0x3a0/0x420 [ 282.213482][T13247] __x64_sys_sendmsg+0x19b/0x260 [ 282.213504][T13247] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 282.213541][T13247] ? do_syscall_64+0xbe/0xfa0 [ 282.213567][T13247] do_syscall_64+0xfa/0xfa0 [ 282.213588][T13247] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.213609][T13247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.213627][T13247] ? clear_bhb_loop+0x60/0xb0 [ 282.213649][T13247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.213666][T13247] RIP: 0033:0x7f5edb58efc9 [ 282.213697][T13247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.213712][T13247] RSP: 002b:00007f5edc45a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.213732][T13247] RAX: ffffffffffffffda RBX: 00007f5edb7e5fa0 RCX: 00007f5edb58efc9 [ 282.213746][T13247] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 282.213757][T13247] RBP: 00007f5edb611f91 R08: 0000000000000000 R09: 0000000000000000 [ 282.213769][T13247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 282.213779][T13247] R13: 00007f5edb7e6038 R14: 00007f5edb7e5fa0 R15: 00007ffc06f58498 [ 282.213811][T13247] [ 282.213818][T13247] Mem-Info: [ 282.233986][T13260] netlink: 'syz.1.1953': attribute type 11 has an invalid length. [ 282.426848][T13266] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 282.429443][T13247] active_anon:5772 inactive_anon:0 isolated_anon:0 [ 282.429443][T13247] active_file:2821 inactive_file:39932 isolated_file:0 [ 282.429443][T13247] unevictable:768 dirty:57 writeback:0 [ 282.429443][T13247] slab_reclaimable:12035 slab_unreclaimable:116610 [ 282.429443][T13247] mapped:29161 shmem:1364 pagetables:1205 [ 282.429443][T13247] sec_pagetables:0 bounce:0 [ 282.429443][T13247] kernel_misc_reclaimable:0 [ 282.429443][T13247] free:1304835 free_pcp:14404 free_cma:0 [ 282.656159][T13247] Node 0 active_anon:23288kB inactive_anon:0kB active_file:11284kB inactive_file:159524kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116644kB dirty:224kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13828kB pagetables:4976kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 282.699472][T13247] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 282.753522][T13247] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 282.791476][T13247] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 282.840822][T13247] Node 0 DMA32 free:1309332kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22940kB inactive_anon:0kB active_file:11284kB inactive_file:159524kB unevictable:1536kB writepending:224kB zspages:0kB present:3129332kB managed:2565172kB mlocked:0kB bounce:0kB free_pcp:43492kB local_pcp:23960kB free_cma:0kB [ 282.890322][T13247] lowmem_reserve[]: 0 0 0 0 0 [ 282.895367][T13247] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 282.938256][T13247] lowmem_reserve[]: 0 0 0 0 0 [ 282.943112][T13247] Node 1 Normal free:3893868kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15808kB local_pcp:8544kB free_cma:0kB [ 282.980802][T13292] Z7nz>RA: renamed from lo (while UP) [ 282.994223][T13247] lowmem_reserve[]: 0 0 0 0 0 [ 283.036582][T13247] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 283.058792][T13247] Node 0 DMA32: 309*4kB (ME) 605*8kB (UM) 665*16kB (UME) 1459*32kB (UM) 487*64kB (UM) 26*128kB (UME) 6*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 3*2048kB (M) 293*4096kB (UM) = 1309292kB [ 283.118032][T13247] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 283.160644][T13247] Node 1 Normal: 219*4kB (UME) 42*8kB (UME) 41*16kB (UME) 113*32kB (UME) 30*64kB (UME) 7*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (UM) 1*2048kB (E) 947*4096kB (M) = 3893868kB [ 283.162540][T13303] netlink: 'syz.3.1965': attribute type 2 has an invalid length. [ 283.180022][T13247] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 283.199111][T13247] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 283.209993][T13247] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 283.223200][T13247] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 283.233738][T13247] 44113 total pagecache pages [ 283.240982][T13247] 0 pages in swap cache [ 283.245618][T13247] Free swap = 124996kB [ 283.251998][T13247] Total swap = 124996kB [ 283.257613][T13247] 2097051 pages RAM [ 283.261437][T13247] 0 pages HighMem/MovableOnly [ 283.266870][T13247] 424116 pages reserved [ 283.275889][T13247] 0 pages cma reserved [ 283.299074][T13315] netlink: 'syz.2.1968': attribute type 1 has an invalid length. [ 283.312162][T13315] netlink: 'syz.2.1968': attribute type 2 has an invalid length. [ 283.322712][T13316] netlink: 'syz.2.1968': attribute type 1 has an invalid length. [ 283.337658][T13316] netlink: 'syz.2.1968': attribute type 2 has an invalid length. [ 283.874174][T13353] netlink: 'syz.4.1978': attribute type 4 has an invalid length. [ 283.970331][T13353] netlink: 'syz.4.1978': attribute type 4 has an invalid length. [ 284.436514][ T5844] Bluetooth: hci0: command tx timeout [ 285.048348][T13452] sctp: [Deprecated]: syz.1.2004 (pid 13452) Use of struct sctp_assoc_value in delayed_ack socket option. [ 285.048348][T13452] Use struct sctp_sack_info instead [ 286.089982][T13526] __nla_validate_parse: 12 callbacks suppressed [ 286.090000][T13526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2023'. [ 286.107186][T13524] bond4: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 286.119610][T13519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2020'. [ 286.128870][T13519] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2020'. [ 286.140133][T13524] bond4 (unregistering): Released all slaves [ 286.192197][T13527] netlink: 'syz.0.2022': attribute type 11 has an invalid length. [ 286.201393][T13527] netlink: 199788 bytes leftover after parsing attributes in process `syz.0.2022'. [ 286.311113][T13548] netlink: 'syz.3.2025': attribute type 10 has an invalid length. [ 286.332624][T13548] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 286.369874][T13552] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 286.389500][T13551] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2027'. [ 286.487453][T13557] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2027'. [ 286.542206][T13565] pim6reg: entered allmulticast mode [ 286.613820][T13565] pim6reg: left allmulticast mode [ 286.684955][T13574] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2034'. [ 286.720952][T13574] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2034'. [ 286.748969][T13574] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2034'. [ 286.764409][T13574] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2034'. [ 286.823315][T13573] netlink: 'syz.4.2033': attribute type 11 has an invalid length. [ 287.087570][T13604] net veth1_virt_wifi .: renamed from virt_wifi0 [ 287.107829][T13604] netlink: 'syz.0.2041': attribute type 17 has an invalid length. [ 287.137025][T13601] hsr0 speed is unknown, defaulting to 1000 [ 287.161641][T13601] wg1 speed is unknown, defaulting to 1000 [ 287.383816][T13616] netlink: 'syz.0.2044': attribute type 4 has an invalid length. [ 288.457304][T13665] netlink: 'syz.0.2056': attribute type 83 has an invalid length. [ 288.644078][T13680] tipc: Enabled bearer , priority 0 [ 288.655527][T13680] syzkaller0: MTU too low for tipc bearer [ 288.661438][T13680] tipc: Disabling bearer [ 289.338307][T13722] nbd: illegal input index 2960425 [ 289.448332][T13726] netlink: 'syz.1.2072': attribute type 2 has an invalid length. [ 289.513850][T13730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 289.534625][T13726] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 289.542076][T13726] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 289.984249][T13770] tipc: Enabling of bearer rejected, failed to enable media [ 290.193648][T13786] netlink: 'syz.1.2091': attribute type 4 has an invalid length. [ 290.276441][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 180 seconds [ 290.306762][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 180 seconds [ 290.317920][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 180 seconds [ 290.329337][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 180 seconds [ 290.474891][T13807] netlink: 'syz.2.2099': attribute type 1 has an invalid length. [ 290.540810][T13807] bond8: (slave gretap1): making interface the new active one [ 290.549240][T13807] bond8: (slave gretap1): Enslaving as an active interface with an up link [ 290.892001][T13837] netlink: 'syz.0.2109': attribute type 1 has an invalid length. [ 290.901269][T13834] syzkaller1: entered promiscuous mode [ 290.907966][T13834] syzkaller1: entered allmulticast mode [ 290.962597][T13837] 8021q: adding VLAN 0 to HW filter on device bond7 [ 291.068764][T13850] xt_CT: You must specify a L4 protocol and not use inversions on it [ 291.078296][T13851] xt_CT: You must specify a L4 protocol and not use inversions on it [ 291.309756][T13873] netlink: 'syz.0.2119': attribute type 1 has an invalid length. [ 291.424966][T13877] 8021q: adding VLAN 0 to HW filter on device bond9 [ 291.432638][T13873] __nla_validate_parse: 80 callbacks suppressed [ 291.432656][T13873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2119'. [ 291.435178][T13877] bond8: (slave bond9): making interface the new active one [ 291.458348][T13877] bond8: (slave bond9): Enslaving as an active interface with an up link [ 291.501706][T13873] 8021q: adding VLAN 0 to HW filter on device bond8 [ 291.645558][T13894] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2123'. [ 291.768067][T13902] tipc: Enabled bearer , priority 0 [ 291.775601][T13902] syzkaller0: entered promiscuous mode [ 291.781644][T13902] syzkaller0: entered allmulticast mode [ 291.872431][T13902] tipc: Resetting bearer [ 291.905949][T13901] tipc: Resetting bearer [ 291.961999][T13901] tipc: Disabling bearer [ 292.487547][T13950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2137'. [ 292.505712][T13950] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2137'. [ 292.556564][T13953] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 292.571381][T13950] bond7: Unable to set peer notification delay as MII monitoring is disabled [ 292.594832][T13950] bond7 (unregistering): Released all slaves [ 292.780453][T13966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2145'. [ 293.004900][T13966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'. [ 294.218373][T13986] netlink: 'syz.0.2149': attribute type 29 has an invalid length. [ 294.282349][T13998] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 294.414214][T14009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2157'. [ 294.429628][T14009] netlink: 'syz.3.2157': attribute type 3 has an invalid length. [ 294.445762][T14009] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2157'. [ 294.504305][T14015] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20003 [ 294.539139][T14018] netlink: 'syz.4.2159': attribute type 1 has an invalid length. [ 294.569646][T14020] netlink: 'syz.1.2161': attribute type 30 has an invalid length. [ 294.578268][T14011] hsr0 speed is unknown, defaulting to 1000 [ 294.596718][ T5844] Bluetooth: hci0: command tx timeout [ 294.627288][T14020] bond4: option arp_missed_max: invalid value (0) [ 294.633912][T14020] bond4: option arp_missed_max: allowed values 1 - 255 [ 294.644053][T14020] bond4 (unregistering): Released all slaves [ 294.671810][T14011] wg1 speed is unknown, defaulting to 1000 [ 294.722650][T14018] 8021q: adding VLAN 0 to HW filter on device bond7 [ 294.768588][T14026] veth3: entered promiscuous mode [ 294.974497][T14042] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 295.184154][T10180] IPVS: starting estimator thread 0... [ 295.281532][T14071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2173'. [ 295.293777][T14071] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 295.298067][T14067] IPVS: using max 27 ests per chain, 64800 per kthread [ 295.327646][T14073] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 295.338430][T14073] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 295.406717][T14075] tipc: Enabled bearer , priority 0 [ 295.413756][T14075] tipc: Enabling of bearer rejected, already enabled [ 295.448026][T14076] syzkaller0: entered promiscuous mode [ 295.453536][T14076] syzkaller0: entered allmulticast mode [ 295.502584][T10180] wg1 speed is unknown, defaulting to 1000 [ 295.539077][T14076] tipc: Resetting bearer [ 295.620340][T14076] tipc: Disabling bearer [ 295.929699][T14114] IPVS: set_ctl: invalid protocol: 59 10.1.1.2:20002 [ 295.962020][T14121] IPVS: set_ctl: invalid protocol: 59 10.1.1.2:20002 [ 296.208797][T14142] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2196'. [ 296.443889][T14158] pim6reg1: entered promiscuous mode [ 296.450162][T14158] pim6reg1: entered allmulticast mode [ 296.901425][T14180] bond9: option arp_all_targets: invalid value (18446744073709551613) [ 296.935871][T14192] __nla_validate_parse: 1 callbacks suppressed [ 296.935888][T14192] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2210'. [ 296.938521][T14180] bond9 (unregistering): Released all slaves [ 296.942587][T14192] openvswitch: netlink: Tunnel attr 15060 out of range max 16 [ 296.969988][T14192] x_tables: duplicate entry at hook 3 [ 296.996289][ T5844] Bluetooth: hci0: command tx timeout [ 297.040960][T14181] bond9: option arp_all_targets: invalid value (18446744073709551613) [ 297.054837][T14181] bond9 (unregistering): Released all slaves [ 297.085319][T14190] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2209'. [ 297.144225][T14205] netlink: 'syz.3.2211': attribute type 8 has an invalid length. [ 297.410818][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.430386][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.458099][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.486535][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.517915][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.548999][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.558879][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 297.587362][T14222] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2218'. [ 298.105694][T14264] syzkaller1: entered promiscuous mode [ 298.111690][T14264] syzkaller1: entered allmulticast mode [ 298.475973][T14290] netlink: 'syz.1.2241': attribute type 6 has an invalid length. [ 298.510842][T14281] netlink: 'syz.0.2239': attribute type 3 has an invalid length. [ 298.680290][T14302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.719061][T14304] vlan0: entered promiscuous mode [ 298.724493][T14304] vlan0: entered allmulticast mode [ 298.730835][T14304] veth0_vlan: entered allmulticast mode [ 298.803513][T14310] netlink: 'syz.4.2247': attribute type 2 has an invalid length. [ 298.986071][T14323] syzkaller1: entered promiscuous mode [ 298.993158][T14323] syzkaller1: entered allmulticast mode [ 299.230809][T14339] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 299.332639][T14346] IPVS: set_ctl: invalid protocol: 92 10.1.1.1:20000 [ 299.704083][T14376] netlink: 'syz.4.2269': attribute type 10 has an invalid length. [ 299.713861][T14376] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.721182][T14376] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.887418][T14384] netlink: 'syz.1.2272': attribute type 9 has an invalid length. [ 299.891942][T14386] xt_nfacct: accounting object `\$9ZM#mU|^c\F9YⳈ' does not exist [ 300.150489][T14406] netlink: 'syz.4.2278': attribute type 1 has an invalid length. [ 300.207188][T14413] tipc: Enabling of bearer rejected, already enabled [ 300.218406][T14414] tipc: Enabling of bearer rejected, already enabled [ 300.493664][T14429] bond4: (slave bond_slave_1): Device is not our slave [ 300.502343][T14429] bond4: option active_slave: invalid value (bond_slave_1) [ 300.514170][T14429] bond4 (unregistering): Released all slaves [ 300.794498][T14444] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 300.833371][T14453] syzkaller0: entered promiscuous mode [ 300.841474][T14453] syzkaller0: entered allmulticast mode [ 301.004264][T14466] netlink: 'syz.3.2295': attribute type 3 has an invalid length. [ 301.469211][T14487] hsr0 speed is unknown, defaulting to 1000 [ 301.488373][T14487] wg1 speed is unknown, defaulting to 1000 [ 301.602207][T14493] hsr0 speed is unknown, defaulting to 1000 [ 301.613125][T14493] wg1 speed is unknown, defaulting to 1000 [ 301.865264][T14514] veth0_to_bond: entered allmulticast mode [ 301.913473][T14517] delete_channel: no stack [ 302.125659][T14537] __nla_validate_parse: 54 callbacks suppressed [ 302.125678][T14537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2315'. [ 302.147846][T14537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2315'. [ 302.175460][T14540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2317'. [ 302.194666][T14536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2317'. [ 302.226899][T14536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2317'. [ 302.246532][T14540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2317'. [ 302.290356][T14549] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2322'. [ 302.312492][T14549] x_tables: duplicate entry at hook 3 [ 302.446217][T14562] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2324'. [ 302.574434][T14565] veth1_to_hsr: default FDB implementation only supports local addresses [ 302.599557][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2327'. [ 302.615105][T14573] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2327'. [ 302.685821][T14580] SET target dimension over the limit! [ 302.912769][T14600] bond7: entered allmulticast mode [ 302.932223][T14600] 8021q: adding VLAN 0 to HW filter on device bond7 [ 302.944884][T14600] bridge0: port 1(bond7) entered blocking state [ 302.945007][T14606] xt_CT: You must specify a L4 protocol and not use inversions on it [ 302.953527][T14600] bridge0: port 1(bond7) entered disabled state [ 302.971900][T14600] bond7: entered promiscuous mode [ 303.583625][T14648] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 303.769946][T14657] netlink: 'syz.2.2344': attribute type 9 has an invalid length. [ 304.063837][T14675] netlink: del zone limit has 4 unknown bytes [ 304.212838][T14686] xt_CT: You must specify a L4 protocol and not use inversions on it [ 304.269525][T14691] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 304.369006][T14705] netlink: 'syz.0.2355': attribute type 4 has an invalid length. [ 304.500293][T14709] xt_l2tp: v2 doesn't support IP mode [ 304.505338][T14710] netlink: 'syz.2.2360': attribute type 17 has an invalid length. [ 304.657698][T14721] netlink: 'syz.3.2364': attribute type 1 has an invalid length. [ 304.753257][T14721] netlink: 'syz.3.2364': attribute type 13 has an invalid length. [ 304.787144][T14727] sctp: [Deprecated]: syz.0.2365 (pid 14727) Use of struct sctp_assoc_value in delayed_ack socket option. [ 304.787144][T14727] Use struct sctp_sack_info instead [ 304.922210][T14721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.938618][T14721] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 304.955300][T14734] syzkaller0: entered promiscuous mode [ 304.964847][T14734] syzkaller0: entered allmulticast mode [ 305.067718][T14739] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 305.151593][T14749] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 305.172119][T14750] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 305.283386][T14743] syzkaller0: entered promiscuous mode [ 305.289116][T14743] syzkaller0: entered allmulticast mode [ 305.305354][T14749] syzkaller0: entered promiscuous mode [ 305.312496][T14749] syzkaller0: entered allmulticast mode [ 305.340046][T14759] wg1: entered promiscuous mode [ 305.344951][T14759] wg1: entered allmulticast mode [ 306.678228][T14750] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 306.921772][T14792] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 307.076273][ T5844] Bluetooth: hci0: command tx timeout [ 307.312503][T14814] netlink: 'syz.3.2389': attribute type 11 has an invalid length. [ 307.349771][T14814] __nla_validate_parse: 17 callbacks suppressed [ 307.349790][T14814] netlink: 199828 bytes leftover after parsing attributes in process `syz.3.2389'. [ 307.444140][T14824] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 307.468381][T14821] hsr0 speed is unknown, defaulting to 1000 [ 307.476473][T14821] wg1 speed is unknown, defaulting to 1000 [ 307.795985][T14836] IPVS: ip_vs_add_dest(): server weight less than zero [ 308.028872][T14850] netlink: 'syz.1.2398': attribute type 13 has an invalid length. [ 308.040288][T14850] gretap0: refused to change device tx_queue_len [ 308.050071][T14850] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 308.255323][T14864] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 308.601150][T14886] netlink: 'syz.2.2408': attribute type 1 has an invalid length. [ 308.616192][T14886] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2408'. [ 308.634255][T14887] netlink: 'syz.2.2408': attribute type 1 has an invalid length. [ 308.634491][T14884] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2409'. [ 308.664154][T14887] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2408'. [ 308.746982][T14894] xt_recent: Unsupported userspace flags (000000b1) [ 308.754999][T14895] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2410'. [ 308.795885][T14899] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2412'. [ 308.888628][T14903] tipc: Enabled bearer , priority 0 [ 308.928892][T14903] syzkaller0: entered promiscuous mode [ 308.934469][T14903] syzkaller0: entered allmulticast mode [ 308.993933][T14903] tipc: Resetting bearer [ 309.017998][T14903] openvswitch: netlink: Unknown key attributes 2 [ 309.034111][T14902] tipc: Resetting bearer [ 309.043840][T14912] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 309.117424][T14902] tipc: Disabling bearer [ 309.141748][T14918] netlink: 'syz.3.2419': attribute type 2 has an invalid length. [ 309.151851][T14918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2419'. [ 309.174872][T14922] openvswitch: netlink: Unknown nsh attribute 0 [ 309.192892][T14922] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 309.436576][T14941] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2427'. [ 309.568323][T14946] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 309.639137][T14953] ip6gre1: entered allmulticast mode [ 309.674640][T14953] netlink: 'syz.4.2432': attribute type 5 has an invalid length. [ 309.726866][T14961] xt_NFQUEUE: number of queues (16) out of range (got 65549) [ 309.765696][T14964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2436'. [ 309.809151][T14964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2436'. [ 310.033077][T14982] bond8 (unregistering): Released all slaves [ 310.083929][T14979] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 310.091351][T14979] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 310.103258][T14979] netlink: 'syz.1.2440': attribute type 1 has an invalid length. [ 310.177429][T14989] syzkaller0: entered promiscuous mode [ 310.186611][T14989] syzkaller0: entered allmulticast mode [ 310.224158][T14991] nbd: must specify an index to disconnect [ 310.276249][ T5844] Bluetooth: hci0: command tx timeout [ 310.544920][T15010] netlink: 'syz.3.2451': attribute type 1 has an invalid length. [ 311.087187][T15046] sit1: entered promiscuous mode [ 311.092173][T15046] sit1: entered allmulticast mode [ 311.211069][T15057] syzkaller1: entered allmulticast mode [ 311.866858][T15099] hsr0 speed is unknown, defaulting to 1000 [ 311.899322][T15099] wg1 speed is unknown, defaulting to 1000 [ 311.953738][T15105] delete_channel: no stack [ 312.463614][T15121] netlink: 'syz.3.2480': attribute type 2 has an invalid length. [ 312.476054][T15121] __nla_validate_parse: 7 callbacks suppressed [ 312.476069][T15121] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2480'. [ 312.663559][T15136] bond0: option ad_select: unable to set because the bond device is up [ 312.892148][T15151] openvswitch: netlink: IP tunnel dst address not specified [ 312.901495][T15152] openvswitch: netlink: IP tunnel dst address not specified [ 312.933007][T15148] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 312.958596][T15155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2492'. [ 312.968338][T15158] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 313.019058][ T5844] block nbd1: Receive control failed (result -107) [ 313.170268][T15171] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2496'. [ 313.223683][T15169] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2496'. [ 313.248661][T15171] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2496'. [ 313.462562][T15180] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2501'. [ 313.575388][T15185] netlink: 'syz.0.2503': attribute type 4 has an invalid length. [ 313.607660][T15192] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2506'. [ 313.627545][T15192] netlink: 'syz.1.2506': attribute type 27 has an invalid length. [ 313.640525][T15189] tipc: Enabled bearer , priority 0 [ 313.650286][T15189] syzkaller0: entered promiscuous mode [ 313.655910][T15189] syzkaller0: entered allmulticast mode [ 313.677530][T15188] tipc: Resetting bearer [ 313.711224][T15188] tipc: Disabling bearer [ 313.903944][T15213] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 313.925265][T15218] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2512'. [ 314.274090][T15237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2517'. [ 314.343794][T15237] 8021q: adding VLAN 0 to HW filter on device bond4 [ 314.346548][T15242] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2518'. [ 314.365672][T15243] bond4: entered allmulticast mode [ 314.643173][T15260] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 314.771502][T15273] netlink: 'syz.4.2526': attribute type 1 has an invalid length. [ 315.045233][T15295] 0{X: renamed from gretap0 (while UP) [ 315.088214][T15295] 0{X: entered allmulticast mode [ 315.096791][T15295] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 315.398587][T15318] netlink: 'syz.0.2538': attribute type 33 has an invalid length. [ 315.420860][T15319] bond8: option packets_per_slave: invalid value (18446744073709551615) [ 315.430495][T15319] bond8: option packets_per_slave: allowed values 0 - 65535 [ 315.444960][T15319] bond8 (unregistering): Released all slaves [ 315.957770][ T5844] Bluetooth: hci0: command tx timeout [ 316.479925][T15399] 8021q: VLANs not supported on ip_vti0 [ 316.649210][T15417] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 316.661199][T15417] bridge_slave_0: left promiscuous mode [ 316.667723][T15417] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.910702][T15444] sctp: [Deprecated]: syz.1.2571 (pid 15444) Use of int in max_burst socket option. [ 316.910702][T15444] Use struct sctp_assoc_value instead [ 317.123787][T15451] ip6t_srh: unknown srh invflags 4000 [ 317.162530][T15460] ip6t_srh: unknown srh invflags 4000 [ 317.162657][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.604212][T15482] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 317.791523][T15493] hsr0 speed is unknown, defaulting to 1000 [ 317.817179][T15493] wg1 speed is unknown, defaulting to 1000 [ 317.890843][T15501] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 318.060066][T15516] __nla_validate_parse: 17 callbacks suppressed [ 318.060084][T15516] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2589'. [ 318.076487][T15511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2588'. [ 318.145885][T15516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.247740][T15509] tipc: Enabling of bearer rejected, failed to enable media [ 318.627609][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2595'. [ 318.711596][T15530] bridge0: port 2(ipvlan2) entered blocking state [ 318.718526][T15530] bridge0: port 2(ipvlan2) entered disabled state [ 318.725289][T15530] ipvlan2: entered allmulticast mode [ 318.731145][T15530] bridge0: entered allmulticast mode [ 318.752094][T15555] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 318.753714][T15530] ipvlan2: left allmulticast mode [ 318.781767][T15530] bridge0: left allmulticast mode [ 318.799601][T15556] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 318.892794][T15562] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2600'. [ 318.940208][T15564] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2601'. [ 318.950877][T15565] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2601'. [ 318.982590][T15568] Cannot find add_set index 2 as target [ 319.082747][T15562] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2600'. [ 319.114314][T15575] netlink: 'syz.0.2604': attribute type 26 has an invalid length. [ 319.350883][T15579] netlink: 'syz.3.2605': attribute type 1 has an invalid length. [ 319.364285][T15579] netlink: 'syz.3.2605': attribute type 3 has an invalid length. [ 319.372171][T15579] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2605'. [ 319.383267][T15579] NCSI netlink: No device for ifindex 813332851 [ 319.391973][T15581] netlink: 'syz.2.2606': attribute type 1 has an invalid length. [ 319.401786][T15581] netlink: 'syz.2.2606': attribute type 3 has an invalid length. [ 319.411442][T15581] netlink: 172 bytes leftover after parsing attributes in process `syz.2.2606'. [ 319.421108][T15581] NCSI netlink: No device for ifindex 813332851 [ 319.516574][ C1] af_packet: tpacket_rcv: packet too big, clamped from 12 to 4294967272. macoff=96 [ 319.554106][T15591] netlink: 'syz.2.2609': attribute type 23 has an invalid length. [ 319.956276][ T5844] Bluetooth: hci0: command tx timeout [ 320.070925][T15617] nbd: must specify at least one socket [ 320.094265][T15619] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 320.319567][T15636] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2626'. [ 320.356839][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 210 seconds [ 320.368222][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 210 seconds [ 320.379567][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 210 seconds [ 320.391646][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 210 seconds [ 320.533332][T15654] IPv6: addrconf: prefix option has invalid lifetime [ 320.733062][T15663] tipc: Enabling of bearer rejected, already enabled [ 320.763991][T15663] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 320.787067][T15663] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 320.811352][T15663] sch_tbf: burst 127 is lower than device syzkaller0 mtu (313) ! [ 320.855024][T15663] syzkaller0: mtu greater than device maximum [ 321.009579][T15691] netlink: 'syz.3.2645': attribute type 1 has an invalid length. [ 321.186064][T15704] netlink: 'syz.1.2649': attribute type 13 has an invalid length. [ 321.209422][T15704] gretap0: refused to change device tx_queue_len [ 321.225242][T15704] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 321.227255][T15700] IPVS: persistence engine module ip_vs_pe_ not found [ 321.366443][T15720] tipc: New replicast peer: 255.255.255.255 [ 321.374946][T15720] tipc: Enabled bearer , priority 10 [ 321.407672][T15723] xt_CT: No such helper "syz1" [ 321.618822][T15744] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 322.074287][T15785] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 322.116649][ T5844] Bluetooth: hci0: command tx timeout [ 322.374024][T15812] sctp: [Deprecated]: syz.3.2679 (pid 15812) Use of struct sctp_assoc_value in delayed_ack socket option. [ 322.374024][T15812] Use struct sctp_sack_info instead [ 322.484124][T15817] openvswitch: netlink: Duplicate or invalid key (type 0). [ 322.491595][T15817] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 322.496389][ T5893] tipc: Node number set to 2061468705 [ 323.201854][T15869] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 323.221439][T15874] __nla_validate_parse: 12 callbacks suppressed [ 323.221457][T15874] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2695'. [ 323.240162][T15875] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2695'. [ 323.275631][T15874] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.339496][T15882] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2697'. [ 323.458741][T15892] netlink: 'syz.1.2699': attribute type 1 has an invalid length. [ 323.538902][T15892] 8021q: adding VLAN 0 to HW filter on device bond5 [ 323.632049][T15899] bond5: (slave veth9): Enslaving as an active interface with a down link [ 323.767106][T15908] hsr0 speed is unknown, defaulting to 1000 [ 323.790347][T15908] wg1 speed is unknown, defaulting to 1000 [ 323.807853][T15916] netlink: 'syz.3.2706': attribute type 2 has an invalid length. [ 323.851813][T15916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2706'. [ 323.968065][T15916] bond8: option xmit_hash_policy: invalid value (64) [ 323.982138][T15916] bond8 (unregistering): Released all slaves [ 324.268571][T15934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2709'. [ 324.330957][T15936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2712'. [ 324.362270][T15940] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2711'. [ 324.382662][T15940] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2711'. [ 324.545377][T15936] macvtap1: entered promiscuous mode [ 324.555195][T15936] vlan0: entered promiscuous mode [ 324.561301][T15936] macvtap1: entered allmulticast mode [ 324.569076][T15936] vlan0: entered allmulticast mode [ 324.574324][T15936] veth0_vlan: entered allmulticast mode [ 324.736429][T15958] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2719'. [ 324.951887][T15972] netlink: 'syz.1.2722': attribute type 3 has an invalid length. [ 324.985984][T15973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2722'. [ 324.995455][T15976] netlink: 'syz.2.2724': attribute type 4 has an invalid length. [ 325.039361][T15976] netlink: 'syz.2.2724': attribute type 4 has an invalid length. [ 325.476685][T16023] syzkaller0: entered promiscuous mode [ 325.487626][T16023] syzkaller0: entered allmulticast mode [ 326.673047][T16088] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 326.709445][T16088] Cannot find set identified by id 65534 to match [ 327.060987][T16120] geneve5: entered promiscuous mode [ 327.066498][T16120] geneve5: entered allmulticast mode [ 327.075601][ T6976] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.108873][ T6976] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.126260][ T6976] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.134510][ T6976] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.166605][T16125] bridge36: entered allmulticast mode [ 327.184598][T16125] bridge36: left allmulticast mode [ 327.262594][T16134] bond0: (slave bridge0): Releasing backup interface [ 327.280355][T16134] bridge0: left promiscuous mode [ 327.280970][T16136] xt_nat: multiple ranges no longer supported [ 327.294248][T16134] bridge_slave_0: left allmulticast mode [ 327.304410][T16134] bridge_slave_0: left promiscuous mode [ 327.315192][T16134] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.363445][T16134] bond0: (slave bond_slave_0): Releasing backup interface [ 327.374633][T16134] bond_slave_0: left promiscuous mode [ 327.383359][T16142] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 327.383502][T16134] bond0: (slave bond_slave_1): Releasing backup interface [ 327.401190][T16134] bond_slave_1: left promiscuous mode [ 327.407515][T16134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.415503][T16134] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 327.574677][T16145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 327.591159][T16147] netlink: 'syz.1.2773': attribute type 29 has an invalid length. [ 327.618277][T16147] netlink: 'syz.1.2773': attribute type 29 has an invalid length. [ 327.649646][T16147] netlink: zone id is out of range [ 327.667756][T16147] netlink: zone id is out of range [ 327.685850][T16147] netlink: zone id is out of range [ 327.699985][T16147] netlink: zone id is out of range [ 327.717756][T16147] netlink: zone id is out of range [ 327.734195][T16147] netlink: zone id is out of range [ 327.760574][T16147] netlink: zone id is out of range [ 327.780230][T16159] wg2: entered allmulticast mode [ 327.862071][T16165] netlink: 'syz.3.2779': attribute type 1 has an invalid length. [ 327.942679][T16165] bond8: entered promiscuous mode [ 327.948111][T16165] bond8: entered allmulticast mode [ 327.953629][T16165] 8021q: adding VLAN 0 to HW filter on device bond8 [ 328.022489][T16173] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 328.508989][T16209] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 328.566652][T16213] __nla_validate_parse: 20 callbacks suppressed [ 328.566670][T16213] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2797'. [ 328.698881][T16213] bond8 (unregistering): Released all slaves [ 328.971029][T16240] sock: sock_timestamping_bind_phc: sock not bind to device [ 329.108960][T16253] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2809'. [ 329.173589][T16256] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 329.294448][T16263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2813'. [ 329.308003][T16264] netlink: 'syz.2.2812': attribute type 11 has an invalid length. [ 329.308777][T16263] netlink: 'syz.4.2813': attribute type 1 has an invalid length. [ 329.316336][T16264] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2812'. [ 329.343839][T16263] netlink: 16110 bytes leftover after parsing attributes in process `syz.4.2813'. [ 329.375057][T16263] netlink: 'syz.4.2813': attribute type 75 has an invalid length. [ 329.378795][T16268] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2814'. [ 329.383808][T16267] pim6reg527: entered allmulticast mode [ 329.396355][ T5844] Bluetooth: hci0: command tx timeout [ 329.541140][T16281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2816'. [ 329.619810][T16283] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2817'. [ 329.964607][T16304] netlink: 'syz.1.2824': attribute type 2 has an invalid length. [ 329.993484][T16304] netlink: 119 bytes leftover after parsing attributes in process `syz.1.2824'. [ 330.078773][T16314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2825'. [ 330.518353][T16344] netlink: 'syz.0.2834': attribute type 1 has an invalid length. [ 330.584409][T16344] 8021q: adding VLAN 0 to HW filter on device bond10 [ 330.670515][T16349] veth7: entered promiscuous mode [ 330.682480][T16349] bond10: (slave veth7): Enslaving as an active interface with an up link [ 330.820371][T16368] netlink: 'syz.2.2842': attribute type 4 has an invalid length. [ 330.871628][T16371] IPVS: set_ctl: invalid protocol: 50 172.20.20.19:20004 [ 330.989892][T16378] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 331.058603][T16381] 8021q: VLANs not supported on ip6tnl0 [ 331.268907][T16396] dvmrp0: entered allmulticast mode [ 331.295474][T16396] dvmrp0: left allmulticast mode [ 331.540097][T16415] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 331.732822][T16417] syzkaller0: entered promiscuous mode [ 331.738461][T16417] syzkaller0: entered allmulticast mode [ 331.797757][T16435] sctp: [Deprecated]: syz.4.2860 (pid 16435) Use of struct sctp_assoc_value in delayed_ack socket option. [ 331.797757][T16435] Use struct sctp_sack_info instead [ 332.997883][ T5844] Bluetooth: hci0: command tx timeout [ 333.123175][T16451] geneve6: entered promiscuous mode [ 333.148642][T10424] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20002 - 0 [ 333.177110][T10424] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20002 - 0 [ 333.185439][T10424] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20002 - 0 [ 333.211365][T10424] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20002 - 0 [ 333.233765][T16465] netlink: 'syz.1.2872': attribute type 1 has an invalid length. [ 333.267946][T16467] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 333.365234][T16465] 8021q: adding VLAN 0 to HW filter on device bond6 [ 333.415727][T16469] bond6: (slave gretap4): making interface the new active one [ 333.437635][T16469] bond6: (slave gretap4): Enslaving as an active interface with an up link [ 333.548706][T16494] netlink: 'syz.4.2879': attribute type 1 has an invalid length. [ 333.861349][T16521] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 334.040167][T16527] tipc: Enabled bearer , priority 0 [ 334.072029][T16527] tipc: Disabling bearer [ 334.432475][T16551] netlink: 'syz.3.2894': attribute type 29 has an invalid length. [ 334.441437][T16551] netlink: 'syz.3.2894': attribute type 29 has an invalid length. [ 334.455782][T16551] __nla_validate_parse: 6 callbacks suppressed [ 334.455801][T16551] netlink: 548 bytes leftover after parsing attributes in process `syz.3.2894'. [ 334.480085][T16551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2894'. [ 334.558133][T16555] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2895'. [ 334.574425][T16551] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 334.599719][ T5844] block nbd2: Receive control failed (result -32) [ 334.670698][T16561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2898'. [ 334.680837][T16561] netlink: 'syz.1.2898': attribute type 7 has an invalid length. [ 334.689100][T16561] netlink: 'syz.1.2898': attribute type 8 has an invalid length. [ 334.697664][T16561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2898'. [ 334.781645][T16567] sock: sock_timestamping_bind_phc: sock not bind to device [ 334.900184][T16572] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 334.987731][T16579] xt_hashlimit: size too large, truncated to 1048576 [ 335.169305][T16587] syzkaller0: entered promiscuous mode [ 335.177662][T16587] syzkaller0: entered allmulticast mode [ 335.316940][T16598] nbd: must specify at least one socket [ 335.318873][ T5844] Bluetooth: hci0: command tx timeout [ 335.353756][T16601] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2908'. [ 335.378095][T16604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2908'. [ 335.461419][T16610] x_tables: duplicate underflow at hook 1 [ 335.483626][T16612] netlink: 'syz.0.2912': attribute type 3 has an invalid length. [ 335.497253][T16612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2912'. [ 335.521295][T16618] x_tables: duplicate underflow at hook 1 [ 335.532378][T16620] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 335.597363][T16612] block nbd3: server does not support multiple connections per device. [ 335.606739][T16612] block nbd3: shutting down sockets [ 336.276857][T16664] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 336.461590][T16672] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2929'. [ 336.913435][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 336.924755][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 336.933523][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 336.942467][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 336.953550][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 336.971254][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 336.978976][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 336.986502][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 337.014554][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 337.028969][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 337.097037][T16700] hsr0 speed is unknown, defaulting to 1000 [ 337.104752][T16700] wg1 speed is unknown, defaulting to 1000 [ 337.153945][T16710] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2942'. [ 337.192365][T16710] gre0: entered promiscuous mode [ 337.257543][T16707] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 337.530705][T16700] chnl_net:caif_netlink_parms(): no params data found [ 337.725924][T16700] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.736613][T16700] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.743969][T16700] bridge_slave_0: entered allmulticast mode [ 337.752595][T16700] bridge_slave_0: entered promiscuous mode [ 337.762539][T16700] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.772787][T16700] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.780183][T16700] bridge_slave_1: entered allmulticast mode [ 337.788721][T16700] bridge_slave_1: entered promiscuous mode [ 337.859432][T16700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.889920][T16700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 338.040698][T16700] team0: Port device team_slave_0 added [ 338.051038][T16746] netlink: 'syz.1.2948': attribute type 1 has an invalid length. [ 338.059696][T16700] team0: Port device team_slave_1 added [ 338.143213][T16700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 338.160045][T16700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 338.188215][T16700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 338.226975][T16700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 338.233953][T16700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 338.263133][T16700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.407852][T16700] hsr_slave_0: entered promiscuous mode [ 338.414607][T16700] hsr_slave_1: entered promiscuous mode [ 338.458135][T16700] debugfs: 'hsr0' already exists in 'hsr' [ 338.463922][T16700] Cannot create hsr debugfs directory [ 338.558420][T16770] net_ratelimit: 9 callbacks suppressed [ 338.558437][T16770] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 338.835767][T16788] netlink: 'syz.0.2961': attribute type 33 has an invalid length. [ 338.888598][T16788] team0: Port device dummy0 removed [ 339.003528][T16700] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.076796][ T5844] Bluetooth: hci0: command tx timeout [ 339.090029][T16800] netlink: 'syz.0.2965': attribute type 10 has an invalid length. [ 339.192877][T16700] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.294341][T16700] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.423578][T16700] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.648191][T16823] netlink: 'syz.0.2971': attribute type 6 has an invalid length. [ 339.707051][T16700] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 339.722099][T16700] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 339.776408][T16700] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 339.790228][T16833] __nla_validate_parse: 8 callbacks suppressed [ 339.790244][T16833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2974'. [ 339.800870][T16700] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 339.814562][T16833] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2974'. [ 340.027484][T16850] sch_tbf: burst 21990 is lower than device lo mtu (11337746) ! [ 340.072782][T16700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.102374][T16857] A link change request failed with some changes committed already. Interface Z7nz>RA may have been left with an inconsistent configuration, please check. [ 340.160475][T16861] netlink: 'syz.3.2979': attribute type 1 has an invalid length. [ 340.186444][T16861] netlink: 'syz.3.2979': attribute type 4 has an invalid length. [ 340.197127][T16861] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2979'. [ 340.204958][T16862] netlink: 4552 bytes leftover after parsing attributes in process `syz.0.2980'. [ 340.241445][T16700] 8021q: adding VLAN 0 to HW filter on device team0 [ 340.257987][T16858] syzkaller1: entered promiscuous mode [ 340.263564][T16858] syzkaller1: entered allmulticast mode [ 340.269811][T16865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2981'. [ 340.313399][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.320621][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.354782][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.362032][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.380255][T16869] netlink: 'syz.0.2980': attribute type 26 has an invalid length. [ 340.429405][T16873] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2984'. [ 340.484513][T16700] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 340.674298][T16889] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 340.821192][T16700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.843385][T16898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2991'. [ 340.895560][T16906] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2993'. [ 341.156529][ T5844] Bluetooth: hci0: command tx timeout [ 341.275744][T16930] veth0: entered promiscuous mode [ 341.287026][T16929] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2998'. [ 341.296044][T16930] veth0: left promiscuous mode [ 341.364369][T16700] veth0_vlan: entered promiscuous mode [ 341.404213][T16700] veth1_vlan: entered promiscuous mode [ 341.424600][T16930] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2997'. [ 341.455699][T16930] bridge: RTM_NEWNEIGH with invalid ether address [ 341.519056][T16700] veth0_macvtap: entered promiscuous mode [ 341.538724][T16700] veth1_macvtap: entered promiscuous mode [ 341.588026][T16700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.609313][T16700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 341.632970][ T14] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.654360][ T14] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.698299][ T14] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.709072][ T14] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.777760][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.793192][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.827817][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.839875][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.420503][T16996] A link change request failed with some changes committed already. Interface Z7nz>RA may have been left with an inconsistent configuration, please check. [ 342.665016][T17007] netlink: 'syz.2.3018': attribute type 2 has an invalid length. [ 342.673559][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 342.686544][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 342.714387][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 342.732014][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 342.760516][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 342.852857][T17022] netlink: 'syz.3.3021': attribute type 1 has an invalid length. [ 342.941861][T17013] hsr0 speed is unknown, defaulting to 1000 [ 342.949699][T17013] wg1 speed is unknown, defaulting to 1000 [ 343.019067][T17027] netlink: 'syz.1.3023': attribute type 83 has an invalid length. [ 343.236509][ T5834] Bluetooth: hci0: command tx timeout [ 343.278618][T17013] chnl_net:caif_netlink_parms(): no params data found [ 343.460698][T17013] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.478035][T17013] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.488584][T17013] bridge_slave_0: entered allmulticast mode [ 343.502408][T17013] bridge_slave_0: entered promiscuous mode [ 343.521276][T17013] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.528625][T17013] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.537627][T17013] bridge_slave_1: entered allmulticast mode [ 343.545647][T17013] bridge_slave_1: entered promiscuous mode [ 343.672088][T17013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.687235][T17013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.740551][T17013] team0: Port device team_slave_0 added [ 343.748662][T17013] team0: Port device team_slave_1 added [ 343.798447][T17013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.815642][T17013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.844229][T17013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.859122][T17013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.866851][T17013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.894207][T17013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.958481][T17013] hsr_slave_0: entered promiscuous mode [ 343.965421][T17013] hsr_slave_1: entered promiscuous mode [ 343.971992][T17013] debugfs: 'hsr0' already exists in 'hsr' [ 343.977850][T17013] Cannot create hsr debugfs directory [ 344.100454][T17013] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.192752][T17013] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.343758][T17013] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.378181][T17083] netlink: 'syz.3.3039': attribute type 1 has an invalid length. [ 344.505263][T17013] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.522957][T17088] netlink: 'syz.3.3039': attribute type 1 has an invalid length. [ 344.681746][T17013] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 344.711156][T17013] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 344.740881][T17013] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 344.771913][T17102] FAULT_INJECTION: forcing a failure. [ 344.771913][T17102] name failslab, interval 1, probability 0, space 0, times 1 [ 344.778329][T17013] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 344.811983][T17102] CPU: 1 UID: 0 PID: 17102 Comm: syz.4.3044 Not tainted syzkaller #0 PREEMPT(full) [ 344.812032][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 344.812059][T17102] Call Trace: [ 344.812067][T17102] [ 344.812074][T17102] dump_stack_lvl+0x189/0x250 [ 344.812104][T17102] ? __pfx____ratelimit+0x10/0x10 [ 344.812126][T17102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.812149][T17102] ? __pfx__printk+0x10/0x10 [ 344.812277][T17102] ? __pfx___might_resched+0x10/0x10 [ 344.812307][T17102] should_fail_ex+0x414/0x560 [ 344.812338][T17102] should_failslab+0xa8/0x100 [ 344.812362][T17102] __kmalloc_noprof+0xcb/0x7f0 [ 344.812383][T17102] ? kfree+0x4d/0x6d0 [ 344.812401][T17102] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 344.812433][T17102] tomoyo_realpath_from_path+0xe3/0x5d0 [ 344.812459][T17102] ? tomoyo_domain+0xd9/0x130 [ 344.812481][T17102] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 344.812503][T17102] tomoyo_path_number_perm+0x1e8/0x5a0 [ 344.812527][T17102] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 344.812579][T17102] ? __fget_files+0x2a/0x420 [ 344.812600][T17102] ? __fget_files+0x3a0/0x420 [ 344.812616][T17102] ? __fget_files+0x2a/0x420 [ 344.812636][T17102] security_file_ioctl+0xcb/0x2d0 [ 344.812658][T17102] __se_sys_ioctl+0x47/0x170 [ 344.812682][T17102] do_syscall_64+0xfa/0xfa0 [ 344.812703][T17102] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.812725][T17102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.812743][T17102] ? clear_bhb_loop+0x60/0xb0 [ 344.812764][T17102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.812781][T17102] RIP: 0033:0x7f869858efc9 [ 344.812799][T17102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.812814][T17102] RSP: 002b:00007f8699407038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 344.812834][T17102] RAX: ffffffffffffffda RBX: 00007f86987e5fa0 RCX: 00007f869858efc9 [ 344.812849][T17102] RDX: 00002000000001c0 RSI: 00000000000089f4 RDI: 0000000000000007 [ 344.812861][T17102] RBP: 00007f8699407090 R08: 0000000000000000 R09: 0000000000000000 [ 344.812872][T17102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 344.812883][T17102] R13: 00007f86987e6038 R14: 00007f86987e5fa0 R15: 00007ffce7eea468 [ 344.812919][T17102] [ 344.812927][T17102] ERROR: Out of memory at tomoyo_realpath_from_path. [ 344.883339][ T5834] Bluetooth: hci5: command tx timeout [ 345.274989][T17013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.301250][T17013] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.316509][ T5834] Bluetooth: hci0: command 0x0419 tx timeout [ 345.343353][T10422] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.350544][T10422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.381852][T10422] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.389075][T10422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.722500][T17159] __nla_validate_parse: 7 callbacks suppressed [ 345.722518][T17159] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3057'. [ 345.864163][T17013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.033558][T17013] veth0_vlan: entered promiscuous mode [ 346.069635][T17181] netlink: 'syz.2.3059': attribute type 11 has an invalid length. [ 346.074011][T17013] veth1_vlan: entered promiscuous mode [ 346.126650][T17181] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3059'. [ 346.166692][T17013] veth0_macvtap: entered promiscuous mode [ 346.188007][T17013] veth1_macvtap: entered promiscuous mode [ 346.226726][T17013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 346.247033][T17013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.272031][ T14] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.282355][ T14] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.330841][ T14] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.403607][ T14] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.588798][T10422] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.606259][T10422] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.683187][T17207] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3066'. [ 346.709863][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.722055][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.077952][ T5834] Bluetooth: hci5: command tx timeout [ 347.396020][T17249] netlink: 'syz.4.3078': attribute type 83 has an invalid length. [ 347.404678][ T5834] Bluetooth: hci0: command 0x0419 tx timeout [ 347.538752][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 347.550115][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 347.560127][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 347.568763][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 347.578186][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 349.156798][ T5844] Bluetooth: hci5: command tx timeout [ 349.476460][ T5844] Bluetooth: hci0: command 0x0419 tx timeout [ 349.636559][ T5844] Bluetooth: hci3: command tx timeout [ 350.232326][ T1152] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.253313][ T1152] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 350.283975][T17260] netlink: 'syz.3.3081': attribute type 6 has an invalid length. [ 350.342876][ T1152] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.376963][ T1152] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 350.437162][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 240 seconds [ 350.448293][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 240 seconds [ 350.459564][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 240 seconds [ 350.471328][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 240 seconds [ 350.502282][T17251] hsr0 speed is unknown, defaulting to 1000 [ 350.547973][ T1152] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.567822][ T1152] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 350.597870][T17251] wg1 speed is unknown, defaulting to 1000 [ 350.689746][ T1152] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.705797][ T1152] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 350.715644][T17286] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3089'. [ 350.759876][T17290] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3089'. [ 350.788029][T17290] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3089'. [ 350.801001][T17282] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3087'. [ 351.055994][T17309] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3093'. [ 351.134417][ T36] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.147042][T17251] chnl_net:caif_netlink_parms(): no params data found [ 351.186738][T10424] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.235977][T10424] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.244300][ T5844] Bluetooth: hci5: command tx timeout [ 351.250503][T17317] netlink: 'syz.3.3095': attribute type 7 has an invalid length. [ 351.271179][T17320] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3096'. [ 351.281982][T17320] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3096'. [ 351.306912][T17320] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3096'. [ 351.319442][ T14] netdevsim netdevsim1 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.319772][T17320] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3096'. [ 351.441908][T17333] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3100'. [ 351.545556][T17287] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 351.675648][ T1152] bond2 (unregistering): (slave gretap3): Releasing active interface [ 351.695701][ T1152] bond6 (unregistering): (slave gretap4): Releasing active interface [ 351.726493][ T5844] Bluetooth: hci3: command tx timeout [ 351.727108][ T1152] bond1 (unregistering): (slave gre1): Releasing backup interface [ 351.818956][ T1152] bond0 (unregistering): (slave geneve1): Releasing backup interface [ 351.829774][ T1152] geneve1 (unregistering): left promiscuous mode [ 352.756677][ T5844] Bluetooth: hci0: command 0x0419 tx timeout [ 353.592229][ T1152] bond0 (unregistering): Released all slaves [ 353.686216][ T1152] bond1 (unregistering): Released all slaves [ 353.699483][ T1152] bond2 (unregistering): Released all slaves [ 353.712053][ T1152] bond3 (unregistering): Released all slaves [ 353.796613][ T5844] Bluetooth: hci3: command tx timeout [ 353.815820][ T1152] bond4 (unregistering): Released all slaves [ 353.908298][ T1152] bond5 (unregistering): (slave veth9): Releasing active interface [ 353.918497][ T1152] bond5 (unregistering): Released all slaves [ 354.009537][ T1152] bond6 (unregistering): Released all slaves [ 354.104941][T17345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3102'. [ 354.128164][T17251] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.135313][T17251] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.160110][T17251] bridge_slave_0: entered allmulticast mode [ 354.178320][T17251] bridge_slave_0: entered promiscuous mode [ 354.190624][T17251] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.203870][T17251] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.213757][T17251] bridge_slave_1: entered allmulticast mode [ 354.225067][T17251] bridge_slave_1: entered promiscuous mode [ 354.234535][ T1152] tipc: Disabling bearer [ 354.241064][ T1152] tipc: Disabling bearer [ 354.265194][T17354] netlink: 'syz.4.3104': attribute type 3 has an invalid length. [ 354.299431][ T1152] tipc: Left network mode [ 354.522609][T17251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 354.614445][T17251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 354.771918][T17251] team0: Port device team_slave_0 added [ 354.796917][T17251] team0: Port device team_slave_1 added [ 354.952517][T17395] IPv6: NLM_F_CREATE should be specified when creating new route [ 355.005867][T17251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 355.030910][T17251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.110576][T17251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.173272][T17251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.194013][T17251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.273973][T17251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 355.708586][T17415] team0 (unregistering): Port device team_slave_0 removed [ 355.720818][T17415] team0 (unregistering): Port device team_slave_1 removed [ 355.770986][T17418] __nla_validate_parse: 2 callbacks suppressed [ 355.771002][T17418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3121'. [ 355.817110][T17251] hsr_slave_0: entered promiscuous mode [ 355.835833][T17251] hsr_slave_1: entered promiscuous mode [ 355.852548][T17251] debugfs: 'hsr0' already exists in 'hsr' [ 355.866646][T17251] Cannot create hsr debugfs directory [ 355.883945][ T5844] Bluetooth: hci3: command tx timeout [ 355.893983][T17418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3121'. [ 355.913419][T17419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.930201][T10424] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 355.940420][T10424] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 355.956003][T10424] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 355.985513][T10424] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.132309][T17251] netdevsim netdevsim1 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.183994][T17251] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.235339][ T1152] hsr_slave_0: left promiscuous mode [ 356.241300][ T1152] hsr_slave_1: left promiscuous mode [ 356.834026][T17251] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.901409][T17251] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.023773][T17251] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 357.043738][T17251] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 357.059353][T17251] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 357.069001][T17251] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 357.162490][T17251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 357.181405][T17251] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.196668][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.203838][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 357.218617][T10419] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.225779][T10419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 357.249241][ T1152] IPVS: stop unused estimator thread 0... [ 357.400726][T17251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 357.440029][T17251] veth0_vlan: entered promiscuous mode [ 357.451000][T17251] veth1_vlan: entered promiscuous mode [ 357.477302][T17251] veth0_macvtap: entered promiscuous mode [ 357.488434][T17251] veth1_macvtap: entered promiscuous mode [ 357.505371][T17251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.520364][T17251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.534514][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.544165][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.554146][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.563895][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.619683][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.629223][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.652609][T10419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.660776][T10419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.710970][T17454] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3073'. [ 380.518712][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 270 seconds [ 380.529712][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 270 seconds [ 380.542698][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 270 seconds [ 380.553812][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 270 seconds [ 410.606340][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 300 seconds [ 410.617426][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 300 seconds [ 410.628882][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 300 seconds [ 410.639923][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 300 seconds [ 421.414756][T17458] xt_hashlimit: size too large, truncated to 1048576 [ 421.506733][T17462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3129'. [ 421.879009][T17482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3134'. [ 422.092205][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 422.109034][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 422.118011][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 422.135203][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 422.143110][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 422.190255][T17493] netlink: 'syz.0.3136': attribute type 1 has an invalid length. [ 422.251462][T17498] netlink: 'syz.0.3136': attribute type 1 has an invalid length. [ 422.281634][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 422.427973][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 422.431073][T17510] netlink: 'syz.1.3140': attribute type 10 has an invalid length. [ 422.463099][T17488] hsr0 speed is unknown, defaulting to 1000 [ 422.484689][T17510] veth1_macvtap: left promiscuous mode [ 422.501640][T17515] Cannot find set identified by id 65534 to match [ 422.541497][T17488] wg1 speed is unknown, defaulting to 1000 [ 422.602124][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 422.779129][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 422.867498][T17527] bond1: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 422.882455][T17527] bond1 (unregistering): Released all slaves [ 423.217675][T17559] netlink: 'syz.4.3155': attribute type 4 has an invalid length. [ 423.247263][T10419] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.287207][T10419] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.311273][T10419] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.321579][T17571] netlink: 'syz.3.3157': attribute type 1 has an invalid length. [ 423.333379][T10419] netdevsim netdevsim2 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.884471][ T36] bond8 (unregistering): (slave gretap1): Releasing active interface [ 423.927222][ T36] bond6 (unregistering): (slave geneve2): Releasing backup interface [ 424.199072][ T5844] Bluetooth: hci2: command tx timeout [ 425.752358][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 425.763127][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 425.773535][ T36] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 425.783771][ T36] bond0 (unregistering): Released all slaves [ 425.870117][ T36] bond1 (unregistering): (slave bond2): Releasing backup interface [ 425.881025][ T36] bond1 (unregistering): Released all slaves [ 425.970835][ T36] bond2 (unregistering): Released all slaves [ 426.064554][ T36] bond3 (unregistering): Released all slaves [ 426.154338][ T36] bond4 (unregistering): Released all slaves [ 426.243810][ T36] bond5 (unregistering): Released all slaves [ 426.255836][ T36] bond6 (unregistering): Released all slaves [ 426.278585][ T5844] Bluetooth: hci2: command tx timeout [ 426.361166][ T36] bond7 (unregistering): Released all slaves [ 426.374070][ T36] bond8 (unregistering): Released all slaves [ 426.394224][T17488] chnl_net:caif_netlink_parms(): no params data found [ 426.742225][ T36] tipc: Left network mode [ 426.819093][T17600] bridge10: entered promiscuous mode [ 426.824586][T17600] bridge10: entered allmulticast mode [ 426.930245][T17598] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3164'. [ 426.962932][T17598] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3164'. [ 427.125843][T17632] sctp: [Deprecated]: syz.1.3170 (pid 17632) Use of struct sctp_assoc_value in delayed_ack socket option. [ 427.125843][T17632] Use struct sctp_sack_info instead [ 428.367112][ T5844] Bluetooth: hci2: command tx timeout [ 428.418867][T17488] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.426034][T17488] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.435618][T17488] bridge_slave_0: entered allmulticast mode [ 428.446656][T17488] bridge_slave_0: entered promiscuous mode [ 428.457704][T17488] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.464842][T17488] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.487835][T17488] bridge_slave_1: entered allmulticast mode [ 428.495714][T17488] bridge_slave_1: entered promiscuous mode [ 428.603267][T17648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 428.627038][T17648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 428.641872][T17488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.656652][T17646] C: renamed from lo (while UP) [ 428.706684][T17488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 428.792174][T17655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3176'. [ 428.819361][ T36] hsr_slave_0: left promiscuous mode [ 428.825571][ T36] hsr_slave_1: left promiscuous mode [ 428.826238][T17658] xt_SECMARK: invalid mode: 9 [ 428.831838][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.860350][ T36] vlan0: left allmulticast mode [ 428.865257][ T36] veth0_vlan: left allmulticast mode [ 428.871909][ T36] vlan0: left promiscuous mode [ 428.908979][ T36] pim6reg527 (unregistering): left allmulticast mode [ 429.410249][ T36] pim6reg (unregistering): left allmulticast mode [ 429.690267][ T36] team0 (unregistering): Port device team_slave_0 removed [ 430.049880][T17488] team0: Port device team_slave_0 added [ 430.117793][T17488] team0: Port device team_slave_1 added [ 430.185756][T17690] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3188'. [ 430.199105][T17691] netlink: 'syz.3.3189': attribute type 12 has an invalid length. [ 430.230147][T17690] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3188'. [ 430.258873][T17690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3188'. [ 430.273136][T17691] bond9: option primary_reselect: invalid value (255) [ 430.299467][T17691] bond9 (unregistering): Released all slaves [ 430.355577][T17488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 430.363028][T17488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 430.392755][T17488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 430.436719][ T5844] Bluetooth: hci2: command tx timeout [ 430.449535][T17488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 430.470249][T17488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 430.553242][T17488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 430.590970][T17704] sctp: [Deprecated]: syz.3.3194 (pid 17704) Use of int in maxseg socket option. [ 430.590970][T17704] Use struct sctp_assoc_value instead [ 430.735559][T17488] hsr_slave_0: entered promiscuous mode [ 430.761021][T17488] hsr_slave_1: entered promiscuous mode [ 430.777311][T17488] debugfs: 'hsr0' already exists in 'hsr' [ 430.799899][T17488] Cannot create hsr debugfs directory [ 431.138684][T17488] netdevsim netdevsim2 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.220177][T17488] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.319645][T17488] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.370375][T17760] geneve2: entered promiscuous mode [ 431.375751][T17760] geneve2: entered allmulticast mode [ 431.405025][T17488] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.652626][T17488] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 431.680188][T17488] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 431.693953][T17488] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 431.712285][T17488] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 431.806829][T17782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3214'. [ 431.874216][T17488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.908848][T17488] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.938207][T10424] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.945578][T10424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.972138][T10422] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.979444][T10422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.052899][T17797] netlink: 'syz.3.3219': attribute type 1 has an invalid length. [ 432.091440][T17797] 8021q: adding VLAN 0 to HW filter on device bond9 [ 432.123624][T17797] bond9: (slave gretap1): making interface the new active one [ 432.134475][T17797] bond9: (slave gretap1): Enslaving as an active interface with an up link [ 432.172336][T17800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3220'. [ 432.275359][T17809] tipc: Enabled bearer , priority 0 [ 432.285463][T17807] tipc: Resetting bearer [ 432.320784][T17807] tipc: Disabling bearer [ 432.559428][T17817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3223'. [ 432.570870][T17488] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 432.601852][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3224'. [ 432.691456][T17488] veth0_vlan: entered promiscuous mode [ 432.715748][T17488] veth1_vlan: entered promiscuous mode [ 432.765837][T17488] veth0_macvtap: entered promiscuous mode [ 432.780990][T17488] veth1_macvtap: entered promiscuous mode [ 432.846341][T17488] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 432.911513][T17488] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.931260][T10419] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.941750][T10424] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.953124][T17830] syzkaller1: entered promiscuous mode [ 432.960537][T17830] syzkaller1: entered allmulticast mode [ 432.985104][T10424] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.007417][T17832] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3228'. [ 433.028309][T10424] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.144914][T10424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.165135][T10424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.210620][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.221839][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.223087][T17837] netlink: 'syz.1.3231': attribute type 3 has an invalid length. [ 433.302732][T17840] netlink: 'syz.1.3232': attribute type 13 has an invalid length. [ 433.323367][T17840] veth0_macvtap: left promiscuous mode [ 433.332760][T17840] macvtap0: entered allmulticast mode [ 433.342443][T17840] macvtap0: refused to change device tx_queue_len [ 433.431720][T17838] bond1: option arp_all_targets: invalid value (18446744073709551613) [ 433.469843][T17838] bond1 (unregistering): Released all slaves [ 433.514864][T17853] bridge_slave_0: invalid flags given to default FDB implementation [ 433.559440][T17855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3235'. [ 433.611322][T17853] bridge_slave_0: invalid flags given to default FDB implementation [ 433.777442][T17866] netlink: 'syz.1.3238': attribute type 1 has an invalid length. [ 433.959723][T17866] 8021q: adding VLAN 0 to HW filter on device bond1 [ 434.052298][T17875] vlan1: entered promiscuous mode [ 434.086264][T17875] bond1: entered promiscuous mode [ 434.091504][T17875] vlan1: entered allmulticast mode [ 434.108531][T17875] bond1: entered allmulticast mode [ 434.116726][T17871] tap0: tun_chr_ioctl cmd 1074025677 [ 434.122251][T17871] tap0: linktype set to 65534 [ 434.204395][T17866] bond1: (slave gretap1): making interface the new active one [ 434.222231][T17866] gretap1: entered promiscuous mode [ 434.237325][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 434.237388][T17866] gretap1: entered allmulticast mode [ 434.259029][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 434.268112][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 434.269787][T17866] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 434.292639][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 434.304616][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 434.529058][T17890] netlink: 'syz.4.3244': attribute type 21 has an invalid length. [ 434.541631][T17890] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3244'. [ 434.558544][T17880] wg1 speed is unknown, defaulting to 1000 [ 434.574219][T17890] netlink: 'syz.4.3244': attribute type 5 has an invalid length. [ 434.583283][T17890] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3244'. [ 434.594397][T17893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3244'. [ 434.607520][T17892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3245'. [ 434.836689][T17899] sctp: [Deprecated]: syz.4.3248 (pid 17899) Use of int in max_burst socket option. [ 434.836689][T17899] Use struct sctp_assoc_value instead [ 435.029625][T17880] chnl_net:caif_netlink_parms(): no params data found [ 435.062892][T17918] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3254'. [ 435.179435][T17925] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 435.271559][T17934] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664 [ 435.322555][T17880] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.346340][T17880] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.353752][T17880] bridge_slave_0: entered allmulticast mode [ 435.364291][T17880] bridge_slave_0: entered promiscuous mode [ 435.378290][T17880] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.406668][T17880] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.416090][T17880] bridge_slave_1: entered allmulticast mode [ 435.427838][T17880] bridge_slave_1: entered promiscuous mode [ 435.533921][T17880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 435.574742][T17880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 435.690974][T17948] team0: Port device team_slave_1 removed [ 435.698509][T17955] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 435.742113][T17953] sit1: entered allmulticast mode [ 435.777459][T17880] team0: Port device team_slave_0 added [ 435.838653][T17880] team0: Port device team_slave_1 added [ 435.936914][T17966] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 436.245475][T17983] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 436.286631][T17880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.293789][T17880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 436.320671][T17880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.333552][ T66] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 436.343476][ T66] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 436.356462][ T5834] Bluetooth: hci1: command tx timeout [ 436.378932][T17880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.385945][T17880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 436.412487][T17880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.435990][ T66] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 436.444908][ T66] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 436.504007][T17880] hsr_slave_0: entered promiscuous mode [ 436.510846][T17880] hsr_slave_1: entered promiscuous mode [ 436.518219][T17880] debugfs: 'hsr0' already exists in 'hsr' [ 436.523990][T17880] Cannot create hsr debugfs directory [ 436.748927][T17992] bond1: entered promiscuous mode [ 436.754641][T17992] 8021q: adding VLAN 0 to HW filter on device bond1 [ 436.879947][T17880] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.019216][T17880] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.142488][T17880] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.892071][T17880] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 437.915059][T17880] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 437.943658][T17880] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 438.012685][T17880] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 438.199115][T18046] __nla_validate_parse: 9 callbacks suppressed [ 438.199134][T18046] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3286'. [ 438.324024][T18054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3288'. [ 438.337742][T18052] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3287'. [ 438.349619][T18052] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3287'. [ 438.367713][T18052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3287'. [ 438.431974][T18058] netlink: 'syz.1.3287': attribute type 1 has an invalid length. [ 438.447101][ T5834] Bluetooth: hci1: command tx timeout [ 438.585022][T17880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.618773][T18060] batadv_slave_0: entered promiscuous mode [ 438.632878][T18059] batadv_slave_0: left promiscuous mode [ 438.704126][T17880] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.721406][T10419] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.728661][T10419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 438.760095][T10419] bridge0: port 2(bridge_slave_1) entered blocking state [ 438.767325][T10419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 438.910312][T18073] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3295'. [ 439.149987][T18085] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3297'. [ 439.212619][T18087] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3298'. [ 439.309839][T18092] vlan0: entered allmulticast mode [ 439.322955][T18092] hsr0: entered allmulticast mode [ 439.353877][T18092] hsr_slave_0: entered allmulticast mode [ 439.378836][T18092] hsr_slave_1: entered allmulticast mode [ 439.403068][T17880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.423212][T18094] tipc: Failed to obtain node identity [ 439.446833][T18094] tipc: Enabling of bearer rejected, failed to enable media [ 439.580721][T17880] veth0_vlan: entered promiscuous mode [ 439.601329][T17880] veth1_vlan: entered promiscuous mode [ 439.710496][T17880] veth0_macvtap: entered promiscuous mode [ 439.768828][T17880] veth1_macvtap: entered promiscuous mode [ 439.860105][T17880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 439.942714][T17880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 439.987151][ T6976] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.000635][ T6976] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.015066][T18120] Unsupported ieee802154 address type: 0 [ 440.026860][ T6976] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.035714][ T6976] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.340380][T10419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 440.379831][T10419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.484404][ T6976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 440.496540][ T6976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.523026][T18138] sctp: [Deprecated]: syz.4.3313 (pid 18138) Use of int in maxseg socket option. [ 440.523026][T18138] Use struct sctp_assoc_value instead [ 440.526950][ T5834] Bluetooth: hci1: command tx timeout [ 440.681579][ T51] block nbd0: Possible stuck request ffff888024c05080: control (read@0,1024B). Runtime 330 seconds [ 440.692679][ T51] block nbd0: Possible stuck request ffff888024c05240: control (read@1024,1024B). Runtime 330 seconds [ 440.704722][ T51] block nbd0: Possible stuck request ffff888024c05400: control (read@2048,1024B). Runtime 330 seconds [ 440.717317][ T51] block nbd0: Possible stuck request ffff888024c055c0: control (read@3072,1024B). Runtime 330 seconds [ 440.881584][T18152] veth0_vlan: left promiscuous mode [ 440.887837][T18151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3316'. [ 440.917022][T18158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3316'. [ 440.936563][T18152] vlan0: entered promiscuous mode [ 440.959249][T18152] veth0_vlan: entered promiscuous mode [ 440.971972][T18152] vlan0: entered allmulticast mode [ 440.986999][T18152] veth0_vlan: entered allmulticast mode [ 441.311023][T18185] dvmrp0: entered allmulticast mode [ 441.429658][T18194] vlan2: entered allmulticast mode [ 441.435609][T18194] veth1_macvtap: entered allmulticast mode [ 441.903445][T18224] bridge3: entered promiscuous mode [ 441.909055][T18224] bridge3: entered allmulticast mode [ 441.918910][T18233] netlink: 'syz.3.3343': attribute type 10 has an invalid length. [ 442.092346][T18237] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 442.105027][T18237] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.221428][T18237] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 442.232916][T18237] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.289655][T18253] netlink: 'syz.2.3350': attribute type 13 has an invalid length. [ 442.321044][T18249] syzkaller0: entered promiscuous mode [ 442.327901][T18249] syzkaller0: entered allmulticast mode [ 442.367369][T18237] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 442.385029][T18237] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.599964][ T5834] Bluetooth: hci1: command tx timeout [ 443.955719][T18237] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.967063][T18237] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.991490][T18277] veth1_macvtap: left promiscuous mode [ 443.997314][T18277] macsec0: entered promiscuous mode [ 444.002535][T18277] macsec0: entered allmulticast mode [ 444.128270][T18284] __nla_validate_parse: 3 callbacks suppressed [ 444.128286][T18284] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3356'. [ 444.243067][T10422] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.260188][T10422] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.305122][T10422] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.322233][T10422] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.369066][T18305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3362'. [ 444.414346][T10422] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.440509][T10422] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.491244][ T6977] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 444.506377][ T6977] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.651883][T18311] syzkaller1: entered promiscuous mode [ 444.676969][T18311] syzkaller1: entered allmulticast mode [ 444.970088][T18342] syzkaller1: entered promiscuous mode [ 444.976690][T18342] syzkaller1: entered allmulticast mode [ 444.990073][T18342] vcan0: tx address claim with dest, not broadcast [ 445.037156][T18350] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3374'. [ 445.186014][T18361] netlink: 'syz.0.3378': attribute type 29 has an invalid length. [ 445.224850][T18363] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3378'. [ 445.257269][T18361] netlink: 'syz.0.3378': attribute type 29 has an invalid length. [ 445.331962][T18370] netlink: 'syz.1.3380': attribute type 1 has an invalid length. [ 445.450555][T18370] 8021q: adding VLAN 0 to HW filter on device bond2 [ 445.507965][T18378] 8021q: adding VLAN 0 to HW filter on device bond2 [ 445.515106][T18378] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 445.529877][T18378] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 445.546027][T18393] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3386'. [ 445.598949][T18398] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3386'. [ 445.609510][T18398] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3386'. [ 445.625572][T18398] netlink: 'syz.3.3386': attribute type 6 has an invalid length. [ 445.643640][T18400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3380'. [ 445.649016][T18398] netlink: 'syz.3.3386': attribute type 5 has an invalid length. [ 445.688490][T18398] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3386'. [ 446.422110][T18399] veth3: entered allmulticast mode [ 446.483080][T18386] veth3: entered promiscuous mode [ 446.513477][T18386] bond2: (slave veth3): Enslaving as an active interface with a down link [ 446.561632][T18389] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.577356][T18394] bridge0: entered allmulticast mode [ 446.586947][T18400] 8021q: adding VLAN 0 to HW filter on device bond2 [ 447.125164][T18462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3402'. [ 447.859106][T18510] block nbd3: Unsupported socket: should be TCP or UNIX. [ 448.704272][T18573] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5 [ 449.151981][T18602] __nla_validate_parse: 4 callbacks suppressed [ 449.152001][T18602] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3465'. [ 449.196912][T18602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3465'. [ 449.398797][T18606] [ 449.401160][T18606] ====================================================== [ 449.408173][T18606] WARNING: possible circular locking dependency detected [ 449.415197][T18606] syzkaller #0 Not tainted [ 449.419595][T18606] ------------------------------------------------------ [ 449.426617][T18606] syz.4.3467/18606 is trying to acquire lock: [ 449.432750][T18606] ffff88802490b6f8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1e5/0x4c0 [ 449.442174][T18606] [ 449.442174][T18606] but task is already holding lock: [ 449.449528][T18606] ffff88802490b1b8 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 449.459800][T18606] [ 449.459800][T18606] which lock already depends on the new lock. [ 449.459800][T18606] [ 449.470188][T18606] [ 449.470188][T18606] the existing dependency chain (in reverse order) is: [ 449.479195][T18606] [ 449.479195][T18606] -> #6 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 449.487796][T18606] lock_acquire+0x120/0x360 [ 449.492812][T18606] blk_alloc_queue+0x538/0x620 [ 449.498085][T18606] __blk_mq_alloc_disk+0x15c/0x340 [ 449.503705][T18606] nbd_dev_add+0x46c/0xae0 [ 449.508643][T18606] nbd_init+0x1c6/0x240 [ 449.513322][T18606] do_one_initcall+0x236/0x820 [ 449.518611][T18606] do_initcall_level+0x104/0x190 [ 449.524063][T18606] do_initcalls+0x59/0xa0 [ 449.529160][T18606] kernel_init_freeable+0x334/0x4b0 [ 449.534878][T18606] kernel_init+0x1d/0x1d0 [ 449.539714][T18606] ret_from_fork+0x4bc/0x870 [ 449.544809][T18606] ret_from_fork_asm+0x1a/0x30 [ 449.550163][T18606] [ 449.550163][T18606] -> #5 (fs_reclaim){+.+.}-{0:0}: [ 449.557362][T18606] lock_acquire+0x120/0x360 [ 449.562390][T18606] fs_reclaim_acquire+0x72/0x100 [ 449.567838][T18606] kmem_cache_alloc_node_noprof+0x48/0x710 [ 449.574164][T18606] __alloc_skb+0x112/0x2d0 [ 449.579173][T18606] __ip6_append_data+0x2c16/0x3f30 [ 449.584793][T18606] ip6_append_data+0x1c1/0x380 [ 449.590062][T18606] rawv6_sendmsg+0x1286/0x1830 [ 449.595418][T18606] __sock_sendmsg+0x19c/0x270 [ 449.600601][T18606] ____sys_sendmsg+0x505/0x830 [ 449.605886][T18606] ___sys_sendmsg+0x21f/0x2a0 [ 449.611069][T18606] __x64_sys_sendmsg+0x19b/0x260 [ 449.616597][T18606] do_syscall_64+0xfa/0xfa0 [ 449.621621][T18606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.628021][T18606] [ 449.628021][T18606] -> #4 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 449.635747][T18606] lock_acquire+0x120/0x360 [ 449.640755][T18606] lock_sock_nested+0x48/0x100 [ 449.646035][T18606] inet_shutdown+0x6a/0x390 [ 449.651054][T18606] nbd_mark_nsock_dead+0x2e9/0x560 [ 449.656715][T18606] recv_work+0x1af4/0x1c10 [ 449.661638][T18606] process_scheduled_works+0xae1/0x17b0 [ 449.667949][T18606] worker_thread+0x8a0/0xda0 [ 449.673129][T18606] kthread+0x711/0x8a0 [ 449.677706][T18606] ret_from_fork+0x4bc/0x870 [ 449.682799][T18606] ret_from_fork_asm+0x1a/0x30 [ 449.688065][T18606] [ 449.688065][T18606] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 449.695696][T18606] lock_acquire+0x120/0x360 [ 449.700714][T18606] __mutex_lock+0x187/0x1350 [ 449.705821][T18606] nbd_queue_rq+0x257/0xf10 [ 449.710835][T18606] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 449.716904][T18606] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 449.723824][T18606] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 449.730328][T18606] blk_mq_run_hw_queue+0x348/0x4f0 [ 449.735976][T18606] blk_mq_dispatch_list+0xd0c/0xe00 [ 449.741723][T18606] blk_mq_flush_plug_list+0x469/0x550 [ 449.747616][T18606] __blk_flush_plug+0x3d3/0x4b0 [ 449.752988][T18606] __submit_bio+0x2d3/0x5a0 [ 449.757996][T18606] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 449.764142][T18606] block_read_full_folio+0x599/0x830 [ 449.769935][T18606] filemap_read_folio+0x117/0x380 [ 449.775466][T18606] do_read_cache_folio+0x350/0x590 [ 449.781086][T18606] read_part_sector+0xb6/0x2b0 [ 449.786373][T18606] adfspart_check_ICS+0xa4/0xa50 [ 449.792012][T18606] bdev_disk_changed+0x75f/0x14b0 [ 449.797553][T18606] blkdev_get_whole+0x380/0x510 [ 449.802916][T18606] bdev_open+0x31e/0xd30 [ 449.807665][T18606] blkdev_open+0x457/0x600 [ 449.812583][T18606] do_dentry_open+0x953/0x13f0 [ 449.817850][T18606] vfs_open+0x3b/0x340 [ 449.822427][T18606] path_openat+0x2ee5/0x3830 [ 449.827524][T18606] do_filp_open+0x1fa/0x410 [ 449.832531][T18606] do_sys_openat2+0x121/0x1c0 [ 449.837711][T18606] __x64_sys_openat+0x138/0x170 [ 449.843067][T18606] do_syscall_64+0xfa/0xfa0 [ 449.848081][T18606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.854491][T18606] [ 449.854491][T18606] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 449.861699][T18606] lock_acquire+0x120/0x360 [ 449.866715][T18606] __mutex_lock+0x187/0x1350 [ 449.871817][T18606] nbd_queue_rq+0xc8/0xf10 [ 449.876737][T18606] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 449.882794][T18606] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 449.889636][T18606] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 449.896134][T18606] blk_mq_run_hw_queue+0x348/0x4f0 [ 449.901941][T18606] blk_mq_dispatch_list+0xd0c/0xe00 [ 449.907646][T18606] blk_mq_flush_plug_list+0x469/0x550 [ 449.913532][T18606] __blk_flush_plug+0x3d3/0x4b0 [ 449.918892][T18606] __submit_bio+0x2d3/0x5a0 [ 449.923909][T18606] submit_bio_noacct_nocheck+0x2fb/0xa50 [ 449.930047][T18606] block_read_full_folio+0x599/0x830 [ 449.935840][T18606] filemap_read_folio+0x117/0x380 [ 449.941366][T18606] do_read_cache_folio+0x350/0x590 [ 449.946992][T18606] read_part_sector+0xb6/0x2b0 [ 449.952264][T18606] adfspart_check_ICS+0xa4/0xa50 [ 449.957714][T18606] bdev_disk_changed+0x75f/0x14b0 [ 449.963248][T18606] blkdev_get_whole+0x380/0x510 [ 449.968609][T18606] bdev_open+0x31e/0xd30 [ 449.973372][T18606] blkdev_open+0x457/0x600 [ 449.978289][T18606] do_dentry_open+0x953/0x13f0 [ 449.983553][T18606] vfs_open+0x3b/0x340 [ 449.988132][T18606] path_openat+0x2ee5/0x3830 [ 449.993230][T18606] do_filp_open+0x1fa/0x410 [ 449.998238][T18606] do_sys_openat2+0x121/0x1c0 [ 450.003418][T18606] __x64_sys_openat+0x138/0x170 [ 450.008771][T18606] do_syscall_64+0xfa/0xfa0 [ 450.013781][T18606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.020178][T18606] [ 450.020178][T18606] -> #1 (set->srcu){.+.+}-{0:0}: [ 450.027286][T18606] lock_sync+0xba/0x160 [ 450.031947][T18606] __synchronize_srcu+0x96/0x3a0 [ 450.037386][T18606] elevator_switch+0x12b/0x640 [ 450.042663][T18606] elevator_change+0x315/0x4c0 [ 450.047931][T18606] elevator_set_default+0x186/0x260 [ 450.053637][T18606] blk_register_queue+0x34e/0x3f0 [ 450.059202][T18606] __add_disk+0x677/0xd50 [ 450.064038][T18606] add_disk_fwnode+0xfc/0x480 [ 450.069224][T18606] nbd_dev_add+0x717/0xae0 [ 450.074174][T18606] nbd_init+0x1c6/0x240 [ 450.078835][T18606] do_one_initcall+0x236/0x820 [ 450.084105][T18606] do_initcall_level+0x104/0x190 [ 450.089551][T18606] do_initcalls+0x59/0xa0 [ 450.094385][T18606] kernel_init_freeable+0x334/0x4b0 [ 450.100092][T18606] kernel_init+0x1d/0x1d0 [ 450.104938][T18606] ret_from_fork+0x4bc/0x870 [ 450.110029][T18606] ret_from_fork_asm+0x1a/0x30 [ 450.115299][T18606] [ 450.115299][T18606] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 450.123104][T18606] validate_chain+0xb9b/0x2140 [ 450.128378][T18606] __lock_acquire+0xab9/0xd20 [ 450.133558][T18606] lock_acquire+0x120/0x360 [ 450.138568][T18606] __mutex_lock+0x187/0x1350 [ 450.143678][T18606] elevator_change+0x1e5/0x4c0 [ 450.148952][T18606] elevator_set_none+0x42/0xb0 [ 450.154314][T18606] blk_mq_update_nr_hw_queues+0x598/0x1ab0 [ 450.160624][T18606] nbd_start_device+0x17f/0xb10 [ 450.165985][T18606] nbd_genl_connect+0x135b/0x18f0 [ 450.171510][T18606] genl_family_rcv_msg_doit+0x215/0x300 [ 450.177560][T18606] genl_rcv_msg+0x60e/0x790 [ 450.182568][T18606] netlink_rcv_skb+0x208/0x470 [ 450.187839][T18606] genl_rcv+0x28/0x40 [ 450.192327][T18606] netlink_unicast+0x82f/0x9e0 [ 450.197595][T18606] netlink_sendmsg+0x805/0xb30 [ 450.202863][T18606] __sock_sendmsg+0x21c/0x270 [ 450.208054][T18606] ____sys_sendmsg+0x505/0x830 [ 450.213410][T18606] ___sys_sendmsg+0x21f/0x2a0 [ 450.218588][T18606] __x64_sys_sendmsg+0x19b/0x260 [ 450.224026][T18606] do_syscall_64+0xfa/0xfa0 [ 450.229035][T18606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.235430][T18606] [ 450.235430][T18606] other info that might help us debug this: [ 450.235430][T18606] [ 450.245634][T18606] Chain exists of: [ 450.245634][T18606] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#52 [ 450.245634][T18606] [ 450.259357][T18606] Possible unsafe locking scenario: [ 450.259357][T18606] [ 450.266786][T18606] CPU0 CPU1 [ 450.272132][T18606] ---- ---- [ 450.277475][T18606] lock(&q->q_usage_counter(io)#52); [ 450.282840][T18606] lock(fs_reclaim); [ 450.289321][T18606] lock(&q->q_usage_counter(io)#52); [ 450.297201][T18606] lock(&q->elevator_lock); [ 450.301772][T18606] [ 450.301772][T18606] *** DEADLOCK *** [ 450.301772][T18606] [ 450.309892][T18606] 6 locks held by syz.4.3467/18606: [ 450.315070][T18606] #0: ffffffff8f330fd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 450.323239][T18606] #1: ffffffff8f330de8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 450.332189][T18606] #2: ffff88802492e1c8 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa7/0x1ab0 [ 450.343567][T18606] #3: ffff88802492e0d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xba/0x1ab0 [ 450.354513][T18606] #4: ffff88802490b1b8 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 450.365119][T18606] #5: ffff88802490b1f0 (&q->q_usage_counter(queue)#36){+.+.}-{0:0}, at: elevator_change+0x1ca/0x4c0 [ 450.375991][T18606] [ 450.375991][T18606] stack backtrace: [ 450.381874][T18606] CPU: 0 UID: 0 PID: 18606 Comm: syz.4.3467 Not tainted syzkaller #0 PREEMPT(full) [ 450.381905][T18606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 450.381924][T18606] Call Trace: [ 450.381930][T18606] [ 450.381936][T18606] dump_stack_lvl+0x189/0x250 [ 450.381959][T18606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 450.381977][T18606] ? __pfx__printk+0x10/0x10 [ 450.381992][T18606] ? print_lock_name+0xde/0x100 [ 450.382006][T18606] print_circular_bug+0x2ee/0x310 [ 450.382024][T18606] check_noncircular+0x134/0x160 [ 450.382042][T18606] validate_chain+0xb9b/0x2140 [ 450.382065][T18606] __lock_acquire+0xab9/0xd20 [ 450.382080][T18606] ? elevator_change+0x1e5/0x4c0 [ 450.382099][T18606] lock_acquire+0x120/0x360 [ 450.382111][T18606] ? elevator_change+0x1e5/0x4c0 [ 450.382134][T18606] __mutex_lock+0x187/0x1350 [ 450.382153][T18606] ? elevator_change+0x1e5/0x4c0 [ 450.382173][T18606] ? xa_find_after+0xae/0x430 [ 450.382194][T18606] ? xa_find_after+0x402/0x430 [ 450.382212][T18606] ? elevator_change+0x1e5/0x4c0 [ 450.382230][T18606] ? xa_find_after+0xae/0x430 [ 450.382249][T18606] ? __pfx___mutex_lock+0x10/0x10 [ 450.382270][T18606] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 450.382286][T18606] elevator_change+0x1e5/0x4c0 [ 450.382307][T18606] elevator_set_none+0x42/0xb0 [ 450.382327][T18606] blk_mq_update_nr_hw_queues+0x598/0x1ab0 [ 450.382348][T18606] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 450.382367][T18606] ? sysfs_add_file_mode_ns+0x259/0x300 [ 450.382386][T18606] nbd_start_device+0x17f/0xb10 [ 450.382402][T18606] ? device_create_file+0xf4/0x1c0 [ 450.382418][T18606] nbd_genl_connect+0x135b/0x18f0 [ 450.382435][T18606] ? __pfx_nbd_genl_connect+0x10/0x10 [ 450.382449][T18606] ? rcu_is_watching+0x15/0xb0 [ 450.382466][T18606] ? __nla_parse+0x40/0x60 [ 450.382481][T18606] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 450.382502][T18606] genl_family_rcv_msg_doit+0x215/0x300 [ 450.382521][T18606] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 450.382542][T18606] ? stack_trace_save+0x9c/0xe0 [ 450.382561][T18606] genl_rcv_msg+0x60e/0x790 [ 450.382578][T18606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 450.382593][T18606] ? __pfx_nbd_genl_connect+0x10/0x10 [ 450.382610][T18606] netlink_rcv_skb+0x208/0x470 [ 450.382634][T18606] ? __lock_acquire+0xab9/0xd20 [ 450.382647][T18606] ? __pfx_genl_rcv_msg+0x10/0x10 [ 450.382663][T18606] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 450.382688][T18606] ? down_read+0x1ad/0x2e0 [ 450.382707][T18606] genl_rcv+0x28/0x40 [ 450.382722][T18606] netlink_unicast+0x82f/0x9e0 [ 450.382743][T18606] ? __pfx_netlink_unicast+0x10/0x10 [ 450.382762][T18606] ? netlink_sendmsg+0x642/0xb30 [ 450.382773][T18606] ? skb_put+0x11b/0x210 [ 450.382787][T18606] netlink_sendmsg+0x805/0xb30 [ 450.382803][T18606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 450.382816][T18606] ? aa_sock_msg_perm+0xf1/0x1d0 [ 450.382836][T18606] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 450.382850][T18606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 450.382862][T18606] __sock_sendmsg+0x21c/0x270 [ 450.382881][T18606] ____sys_sendmsg+0x505/0x830 [ 450.382897][T18606] ? __pfx_____sys_sendmsg+0x10/0x10 [ 450.382913][T18606] ? import_iovec+0x74/0xa0 [ 450.382930][T18606] ___sys_sendmsg+0x21f/0x2a0 [ 450.382944][T18606] ? __pfx____sys_sendmsg+0x10/0x10 [ 450.382968][T18606] ? __fget_files+0x2a/0x420 [ 450.382980][T18606] ? __fget_files+0x3a0/0x420 [ 450.382996][T18606] __x64_sys_sendmsg+0x19b/0x260 [ 450.383010][T18606] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 450.383029][T18606] ? do_syscall_64+0xbe/0xfa0 [ 450.383047][T18606] do_syscall_64+0xfa/0xfa0 [ 450.383064][T18606] ? lockdep_hardirqs_on+0x9c/0x150 [ 450.383081][T18606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.383095][T18606] ? clear_bhb_loop+0x60/0xb0 [ 450.383110][T18606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.383126][T18606] RIP: 0033:0x7f869858efc9 [ 450.383140][T18606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.383153][T18606] RSP: 002b:00007f8699407038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 450.383168][T18606] RAX: ffffffffffffffda RBX: 00007f86987e5fa0 RCX: 00007f869858efc9 [ 450.383179][T18606] RDX: 0000000020008090 RSI: 0000200000001ac0 RDI: 0000000000000004 [ 450.383189][T18606] RBP: 00007f8698611f91 R08: 0000000000000000 R09: 0000000000000000 [ 450.383198][T18606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.383206][T18606] R13: 00007f86987e6038 R14: 00007f86987e5fa0 R15: 00007ffce7eea468 [ 450.383221][T18606] [ 450.932714][ T5834] block nbd3: Receive control failed (result -32) [ 450.932714][ T5844] block nbd3: Receive control failed (result -32) [ 450.966603][T18606] nbd3: detected capacity change from 0 to 127