last executing test programs: 2.4299654s ago: executing program 3 (id=9345): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x503, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MTU={0x8, 0x4, 0x61}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000a0}, 0x20000090) 2.240125367s ago: executing program 3 (id=9350): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x34}, 0x28) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdfc6ea55887dfa18d0aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808ab7b3b95e0f60616320b2a9e1f8fac812daac9983639b35184803b7d192ce1f226e97fa23c37df95d067a54a8b412644cad9ecc251fbe418a81aaf00cc8d15758ff0eb885a40630396ba76b8fadc09e62ef70c8a0121e7e8322cb8bc0f50ad33a17143a29c14ecadd1b6244e31b888d8f3fa03208d3e9a4826a98f31995509015ebdc89f2f3106e54d5898d3758b9bfc9e4924e9cedf7f8fd584e7185703cc5f23741ffb480b5a87cd7efcceb409d354bdab211ebd50ab12b13c1b8ce93093a59a0f952153c2efd10e72ec9ee5fa2a00f9637851ddb81d059f9a363c4ada68dd25f19ee9e4841acee7c1b35ad6f9d54cf4939ce78a55a04e655d7746a3989c6f33b02f8497aacb6bfca7456111900000000000000000048d35af24acb66fdd4d1fb150138f0ee6abfc7049c94346868ed76d3a5df7335184386a5c532d425f1a098ff93efd05e5dd8b765121fbdfe5ef44f6472b939c31883f45889142e82086c2448da60d7a40774d71c2da2e7f6d4fe5d36923213cc7b7d71a1c90006e8f8d84953f284b0eb4366beff5df5595827dcd736e8cfab28cfa416e83c06213ca7fd21af56e3de1d80e77060447e20a8b317a4c06e24e99239824d08abf670a685bc46c8168bee4cfc30cc6d0dc030a592925bad3e0f805f0d4b2b600dc3f0c4c6f75bb4e49982f4198ac90ab77c5572c956d415858bad5ee117b3e5f1507bbd0d7a30388865deb11106a93225a81feb08f5"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r0, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000580)="b9ff0300600d698cff9e13f008004de7f9c764360000001100135433f6e31e17128c", 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.626864333s ago: executing program 2 (id=9361): syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "f19f00", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a}]}}}}}}}, 0x0) 1.557760884s ago: executing program 2 (id=9362): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x503, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MTU={0x8, 0x4, 0x61}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000a0}, 0x20000090) 1.228161547s ago: executing program 2 (id=9366): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf250100"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000006040)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000400)=""/217, 0xd9}, {&(0x7f0000000280)=""/106, 0x6a}, {&(0x7f0000000300)=""/150, 0x96}, {&(0x7f00000072c0)=""/4108, 0x100c}, {&(0x7f00000001c0)=""/61, 0x3d}], 0x5}, 0x70004}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x77}, {{0x0, 0x0, 0x0}, 0x7fffffff}, {{0x0, 0x0, 0x0}, 0xb}, {{0x0, 0x0, 0x0}, 0x81}, {{0x0, 0x0, 0x0}, 0x7f}], 0x7, 0x100, 0x0) 1.227891307s ago: executing program 3 (id=9367): bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0x3, 0x4) sendmmsg$inet6(r0, &(0x7f0000001ac0)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x9, @local, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000032000000ff"], 0x28, 0x7ffffff7}}], 0x1, 0x4040) 1.184673685s ago: executing program 1 (id=9369): syz_emit_ethernet(0x32, &(0x7f0000000e40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x8e}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x9}}}}}}}, 0x0) 1.043582065s ago: executing program 1 (id=9371): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x1, 0xfd, 0x0, 0x0, 0xc, 0x0, 0x8}, 0xe) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000940)={{{@in6=@private2, @in6=@ipv4={""/10, ""/2, @local}}}, {{@in=@broadcast}, 0x0, @in6=@loopback}}, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r1, 0xad}, &(0x7f0000000100)=0x8) 1.023221246s ago: executing program 3 (id=9372): syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10002, 0xfffffffe, 0x40030000}}}}}, 0x0) 874.189997ms ago: executing program 3 (id=9375): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 826.815419ms ago: executing program 1 (id=9377): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000600)="1f49717aae46536ec821dcc0400609caa2d3bdcb2791df96f030292b548a118ce278339ec0af973fcf7f66c2c9bb", 0x2e}], 0x1}}], 0x1, 0x8020) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)=ANY=[], 0xa) 710.233613ms ago: executing program 3 (id=9379): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) recvmsg(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/240, 0xf0}, {0x0}], 0x2}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) 668.818316ms ago: executing program 1 (id=9381): syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000e40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x8e}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x9}}}}}}}, 0x0) 593.530404ms ago: executing program 0 (id=9383): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0xffff, @loopback}, 0x4}}, 0x2e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)={0x30, r3, 0x1, 0x70bd25, 0x3, {0x7}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x2400c046) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "ffb00afe4e70"}}}}}}}, 0x0) 562.754893ms ago: executing program 1 (id=9384): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000001040)={0x0, 0x6}, 0x8) 534.957916ms ago: executing program 4 (id=9385): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8}, 0x94) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10002, 0xfffffffe, 0x40030000}}}}}, 0x0) 527.906873ms ago: executing program 0 (id=9386): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0x1, 0x4000000, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="2000000000000000840000000200000004004d00"], 0x20, 0x4048800}, 0x0) 444.159296ms ago: executing program 1 (id=9387): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x534, 0x10}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000280)="d0", 0x1}], 0x1) 442.874672ms ago: executing program 4 (id=9388): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x1, 0xfd, 0x0, 0x0, 0xc, 0x0, 0x8}, 0xe) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000940)={{{@in6=@private2, @in6=@ipv4={""/10, ""/2, @local}}}, {{@in=@broadcast}, 0x0, @in6=@loopback}}, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r1, 0xad}, &(0x7f0000000100)=0x8) 440.762886ms ago: executing program 0 (id=9397): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000001040)={0x0, 0x6}, 0x8) 329.715046ms ago: executing program 0 (id=9389): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 327.28102ms ago: executing program 4 (id=9390): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000340)={r3, r2, 0x16}, 0x14) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000140), 0x3) 239.258864ms ago: executing program 2 (id=9391): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x503, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MTU={0x8, 0x4, 0x61}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000a0}, 0x20000090) 219.918566ms ago: executing program 4 (id=9392): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000600)="1f49717aae46536ec821dcc0400609caa2d3bdcb2791df96f030292b548a118ce278339ec0af973fcf7f66c2c9bb", 0x2e}], 0x1}}], 0x1, 0x8020) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)=ANY=[], 0xa) 138.158453ms ago: executing program 0 (id=9393): bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x70bd2b, 0x0, {0x1a}}, 0x14}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0x3, 0x4) sendmmsg$inet6(r0, &(0x7f0000001ac0)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x9, @local, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000032000000ff"], 0x28, 0x7ffffff7}}], 0x1, 0x4040) 115.211935ms ago: executing program 4 (id=9394): syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000e40)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x8e}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x9}}}}}}}, 0x0) 109.826072ms ago: executing program 2 (id=9395): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r1, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x83}, @TCA_RATE={0x6, 0x5, {0x48, 0x6}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000040}, 0x0) 59.564749ms ago: executing program 0 (id=9396): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0xffff, @loopback}, 0x4}}, 0x2e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)={0x30, r3, 0x1, 0x70bd25, 0x3, {0x7}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x2400c046) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "ffb00afe4e70"}}}}}}}, 0x0) 56.07089ms ago: executing program 4 (id=9398): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0x1, 0x4000000, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="2000000000000000840000000200000004004d00"], 0x20, 0x4048800}, 0x0) 0s ago: executing program 2 (id=9399): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8}, 0x94) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10002, 0xfffffffe, 0x40030000}}}}}, 0x0) kernel console output (not intermixed with test programs): [ 1086.695179][T29970] xt_hashlimit: size too large, truncated to 1048576 [ 1086.893944][T29975] netlink: 'syz.1.7412': attribute type 15 has an invalid length. [ 1086.925357][T29975] netlink: 666 bytes leftover after parsing attributes in process `syz.1.7412'. [ 1087.728379][T30021] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7423'. [ 1087.895022][T30021] 8021q: adding VLAN 0 to HW filter on device bond17 [ 1087.965782][T30024] bond17: (slave geneve5): Enslaving as an active interface with an up link [ 1087.995449][T30028] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7424'. [ 1088.080885][ T1148] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1088.113553][ T1148] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1088.147590][ T1148] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1088.185520][ T1148] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1088.279987][T30033] delete_channel: no stack [ 1088.361882][T30038] xt_hashlimit: size too large, truncated to 1048576 [ 1088.423047][T30037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7427'. [ 1088.450774][T30037] netlink: 'syz.2.7427': attribute type 30 has an invalid length. [ 1088.528317][T30037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7427'. [ 1088.529353][ T1148] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1088.568368][T30037] netlink: 'syz.2.7427': attribute type 30 has an invalid length. [ 1088.608384][ T1148] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1088.637788][ T1148] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1088.708033][ T1148] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1088.742595][T30047] netlink: ct family unspecified [ 1088.756873][T30047] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1088.955205][T30059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7436'. [ 1088.967536][T30053] tipc: Enabled bearer , priority 0 [ 1089.045138][T30059] 8021q: adding VLAN 0 to HW filter on device bond18 [ 1089.081104][T30063] bond18: (slave geneve6): Enslaving as an active interface with an up link [ 1089.112733][T30061] tipc: Resetting bearer [ 1089.131168][T30053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7433'. [ 1089.163538][T30052] tipc: Disabling bearer [ 1089.271195][T30073] netlink: 'syz.1.7439': attribute type 1 has an invalid length. [ 1089.283203][T30074] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7439'. [ 1089.295266][T30073] netlink: 244 bytes leftover after parsing attributes in process `syz.1.7439'. [ 1090.078137][T30109] netlink: 'syz.3.7450': attribute type 3 has an invalid length. [ 1090.367670][T30127] netlink: 'syz.4.7457': attribute type 1 has an invalid length. [ 1090.454396][T30127] bond12: entered promiscuous mode [ 1090.460393][T30127] 8021q: adding VLAN 0 to HW filter on device bond12 [ 1090.731457][T30153] bridge0: port 4(veth0_to_bridge) entered blocking state [ 1090.739579][T30153] bridge0: port 4(veth0_to_bridge) entered disabled state [ 1090.747723][T30153] veth0_to_bridge: entered allmulticast mode [ 1090.756388][T30153] veth0_to_bridge: entered promiscuous mode [ 1090.766521][T30150] tipc: Enabled bearer , priority 0 [ 1090.870145][T30159] tunl0: Caught tx_queue_len zero misconfig [ 1090.893544][T30154] x_tables: duplicate underflow at hook 1 [ 1090.945306][T30154] syzkaller0: entered promiscuous mode [ 1090.962456][T30154] syzkaller0: entered allmulticast mode [ 1091.177686][T30147] tipc: Resetting bearer [ 1091.279039][T30147] tipc: Disabling bearer [ 1091.439219][T11103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1091.461771][T11103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.758788][T30195] tipc: Resetting bearer [ 1091.938910][T30194] lo speed is unknown, defaulting to 1000 [ 1091.995639][T30194] wg1 speed is unknown, defaulting to 1000 [ 1092.081241][T30202] __nla_validate_parse: 6 callbacks suppressed [ 1092.081267][T30202] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7481'. [ 1092.222859][T30207] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.7483'. [ 1092.307548][T30209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7483'. [ 1092.563629][T30221] netlink: 72 bytes leftover after parsing attributes in process `syz.2.7486'. [ 1094.124408][T30286] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7505'. [ 1094.147070][T30287] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7506'. [ 1094.157418][T30262] xt_TCPMSS: Only works on TCP SYN packets [ 1094.191425][T30262] bond13: option tlb_dynamic_lb: invalid value (5) [ 1094.201981][T30262] bond13 (unregistering): Released all slaves [ 1094.214727][T30286] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1094.349255][T30287] 8021q: adding VLAN 0 to HW filter on device bond19 [ 1094.436849][T30294] bond8: up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms [ 1094.448234][T30294] bond8: down delay (4) is not a multiple of miimon (100), value rounded to 0 ms [ 1094.717345][T30304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7511'. [ 1094.953826][T30308] lo speed is unknown, defaulting to 1000 [ 1094.987440][T30308] wg1 speed is unknown, defaulting to 1000 [ 1094.996746][T30306] lo speed is unknown, defaulting to 1000 [ 1095.045788][T30306] wg1 speed is unknown, defaulting to 1000 [ 1095.463343][T30329] netlink: 'syz.0.7518': attribute type 2 has an invalid length. [ 1095.588610][T30330] xt_hashlimit: size too large, truncated to 1048576 [ 1095.673962][T30329] hmac(sha224): entered promiscuous mode [ 1095.854649][T30342] openvswitch: netlink: IP tunnel dst address not specified [ 1095.933975][T30345] netlink: 'syz.4.7520': attribute type 13 has an invalid length. [ 1095.966488][T30345] netlink: 'syz.4.7520': attribute type 17 has an invalid length. [ 1096.257622][T30362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7520'. [ 1096.700895][T30345] gre0: left promiscuous mode [ 1096.711795][T30345] gre0: left allmulticast mode [ 1096.820259][T30345] ip6gretap0: left promiscuous mode [ 1096.832770][T30345] ip6gretap0: left allmulticast mode [ 1096.894350][T30345] 8021q: adding VLAN 0 to HW filter on device .` [ 1096.932877][T30345] 8021q: adding VLAN 0 to HW filter on device team0 [ 1096.962408][T30345] –: left promiscuous mode [ 1096.994748][T30345] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1097.012841][T27521] wg1 speed is unknown, defaulting to 1000 [ 1097.012866][ T1148] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.030378][T27521] syz0: Port: 1 Link DOWN [ 1097.042504][ T1148] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.061467][ T1148] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.086030][ T1148] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.170143][T30379] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.190415][T30379] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1097.252570][ T1148] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.269601][ T1148] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.351910][ T1148] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.383406][ T1148] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.427201][T30379] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.440866][T30379] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1097.542918][T30379] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.574127][T30379] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1097.613340][T30383] lo speed is unknown, defaulting to 1000 [ 1097.674780][T30383] wg1 speed is unknown, defaulting to 1000 [ 1097.689737][T30379] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1097.715251][T30379] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1097.759142][T30392] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7531'. [ 1097.761876][T30389] lo speed is unknown, defaulting to 1000 [ 1097.829297][T30389] wg1 speed is unknown, defaulting to 1000 [ 1097.944728][T11103] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1097.956022][T11103] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 1098.084190][ T13] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1098.104024][ T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 1098.281858][ T1093] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1098.299565][ T1093] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 1098.314438][ T1093] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1098.323364][ T1093] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 1099.124319][T30429] lo speed is unknown, defaulting to 1000 [ 1099.201259][T30429] wg1 speed is unknown, defaulting to 1000 [ 1099.402049][T30441] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7547'. [ 1100.111634][T30475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7557'. [ 1100.156682][T30475] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7557'. [ 1100.198300][T30475] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7557'. [ 1100.524039][T30497] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 1100.525596][T30497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7564'. [ 1100.563571][T30497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7564'. [ 1100.823662][T30522] openvswitch: netlink: Actions may not be safe on all matching packets [ 1101.069607][T30527] lo: Caught tx_queue_len zero misconfig [ 1101.075675][T30527] netlink: 64 bytes leftover after parsing attributes in process `syz.1.7573'. [ 1101.184148][T30531] netlink: 'syz.2.7575': attribute type 1 has an invalid length. [ 1101.212346][T30531] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1101.462514][T30542] lo speed is unknown, defaulting to 1000 [ 1101.473046][T30542] wg1 speed is unknown, defaulting to 1000 [ 1101.768719][T30550] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7580'. [ 1101.988365][T30557] netlink: 240 bytes leftover after parsing attributes in process `syz.0.7582'. [ 1102.292461][T30569] netlink: 'syz.0.7586': attribute type 1 has an invalid length. [ 1102.410393][T30568] syzkaller0: entered promiscuous mode [ 1102.419880][T30568] syzkaller0: entered allmulticast mode [ 1102.469110][T30569] 8021q: adding VLAN 0 to HW filter on device bond20 [ 1105.440904][T30570] lo speed is unknown, defaulting to 1000 [ 1105.469015][T30570] wg1 speed is unknown, defaulting to 1000 [ 1105.804140][T30604] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7592'. [ 1105.913756][T30606] netlink: 120 bytes leftover after parsing attributes in process `syz.1.7596'. [ 1106.009761][T30610] netlink: 'syz.2.7597': attribute type 1 has an invalid length. [ 1106.131522][T30610] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1106.769376][T30643] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7610'. [ 1106.790530][T30643] netlink: 'syz.0.7610': attribute type 1 has an invalid length. [ 1106.805613][T30639] lo speed is unknown, defaulting to 1000 [ 1106.885371][T30643] bond21: entered promiscuous mode [ 1106.908769][T30651] netlink: 'syz.4.7612': attribute type 1 has an invalid length. [ 1106.918013][T30643] 8021q: adding VLAN 0 to HW filter on device bond21 [ 1106.951032][T30645] bond21: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1106.986017][T30645] bond21: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 1106.997451][T30645] bond21: (slave ipvlan3): Setting fail_over_mac to active for active-backup mode [ 1107.102609][T30651] 8021q: adding VLAN 0 to HW filter on device bond13 [ 1107.131120][T30639] wg1 speed is unknown, defaulting to 1000 [ 1107.231383][T30664] IPVS: set_ctl: invalid protocol: 92 224.0.0.1:20003 [ 1107.293487][T30666] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7615'. [ 1107.334393][T30655] lo speed is unknown, defaulting to 1000 [ 1107.376647][T30655] wg1 speed is unknown, defaulting to 1000 [ 1108.097744][T30684] syzkaller1: entered promiscuous mode [ 1108.133202][T30684] syzkaller1: entered allmulticast mode [ 1108.355789][T30690] bond22: entered promiscuous mode [ 1108.367911][T30690] 8021q: adding VLAN 0 to HW filter on device bond22 [ 1108.780702][T30699] lo speed is unknown, defaulting to 1000 [ 1108.815480][T30699] wg1 speed is unknown, defaulting to 1000 [ 1108.925708][T30714] netlink: 'syz.1.7630': attribute type 27 has an invalid length. [ 1109.145759][T30719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1109.162461][T30719] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1109.181213][T11104] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.209263][T11104] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.239513][T11104] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.321517][T11104] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.481408][T30729] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7634'. [ 1109.493846][T30726] lo speed is unknown, defaulting to 1000 [ 1109.537967][T30733] lo speed is unknown, defaulting to 1000 [ 1109.547797][T30726] wg1 speed is unknown, defaulting to 1000 [ 1109.620034][T30733] wg1 speed is unknown, defaulting to 1000 [ 1109.648919][T30739] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7636'. [ 1110.325210][T30741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1110.440495][T30761] lo speed is unknown, defaulting to 1000 [ 1110.493134][T30761] wg1 speed is unknown, defaulting to 1000 [ 1110.743862][T30784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7650'. [ 1110.753654][T30784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7650'. [ 1110.767844][T30784] netlink: 'syz.2.7650': attribute type 14 has an invalid length. [ 1110.803278][T30785] netlink: zone id is out of range [ 1110.816629][T30785] netlink: zone id is out of range [ 1110.833531][T30785] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7649'. [ 1110.877289][T30785] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7649'. [ 1111.487520][T30800] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7654'. [ 1111.608498][T30818] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1112.057243][T30841] sock: sock_set_timeout: `syz.3.7663' (pid 30841) tries to set negative timeout [ 1112.104054][T30838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7661'. [ 1112.302483][T30851] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7665'. [ 1112.510468][T30860] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1112.623937][T30862] team0: Port device syz_tun added [ 1112.641289][T30862] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7671'. [ 1112.675040][T30867] netlink: 'syz.3.7673': attribute type 83 has an invalid length. [ 1112.774323][T30877] sctp: [Deprecated]: syz.0.7677 (pid 30877) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1112.774323][T30877] Use struct sctp_sack_info instead [ 1112.883428][T30884] netlink: 92 bytes leftover after parsing attributes in process `syz.3.7678'. [ 1112.957430][T30884] gtp2: entered promiscuous mode [ 1112.987950][T30884] gtp2: entered allmulticast mode [ 1113.083955][T30884] ip6tnl0: Caught tx_queue_len zero misconfig [ 1113.196815][T30899] Bluetooth: MGMT ver 1.23 [ 1113.261496][T30904] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1113.562097][T30921] netlink: 11 bytes leftover after parsing attributes in process `syz.2.7687'. [ 1113.577345][T30923] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7689'. [ 1113.610242][T30925] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7690'. [ 1113.696966][T30909] bond11: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1113.749238][T30909] bond11: (slave lo): Enslaving as an active interface with an up link [ 1113.769493][T30909] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1113.824638][T30930] bond18: Unable to set up delay as MII monitoring is disabled [ 1113.850528][T30930] bond18 (unregistering): Released all slaves [ 1114.203447][T30957] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1114.846477][T31002] netlink: 'syz.3.7713': attribute type 4 has an invalid length. [ 1114.868438][T31002] netlink: 'syz.3.7713': attribute type 4 has an invalid length. [ 1114.885779][T31002] netlink: 'syz.3.7713': attribute type 4 has an invalid length. [ 1115.614984][T31034] vxcan0: entered allmulticast mode [ 1115.801911][T31041] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1115.944463][T31047] team0: Port device syz_tun removed [ 1115.982437][T31047] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1116.139766][T31052] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 1116.184975][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1116.383805][T31059] __nla_validate_parse: 13 callbacks suppressed [ 1116.383829][T31059] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.7735'. [ 1116.417747][T31059] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1116.542347][T31075] xt_hashlimit: size too large, truncated to 1048576 [ 1116.551837][T31073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7738'. [ 1116.628624][T31073] veth21: entered promiscuous mode [ 1116.639488][T31078] netlink: 612 bytes leftover after parsing attributes in process `syz.3.7738'. [ 1116.902365][T31087] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1117.142578][T31098] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7745'. [ 1117.223178][T31103] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7747'. [ 1117.258028][T31107] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7745'. [ 1117.306658][T31111] openvswitch: netlink: Missing key (keys=40, expected=80) [ 1117.375702][T31106] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1117.485714][T31106] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7748'. [ 1117.544004][T31119] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7752'. [ 1117.700879][T31119] 8021q: adding VLAN 0 to HW filter on device bond18 [ 1117.870379][T31134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7755'. [ 1118.650512][T31164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7762'. [ 1118.699751][T31166] xt_limit: Overflow, try lower: 268435456/134217728 [ 1118.965315][T31164] ip6tnl0: Caught tx_queue_len zero misconfig [ 1119.183786][T31185] tipc: Resetting bearer [ 1119.370007][T31189] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1119.398807][T31190] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1119.475444][T31196] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 1119.709116][T31211] xt_hashlimit: size too large, truncated to 1048576 [ 1120.119349][T31222] tipc: Resetting bearer [ 1120.333571][T17336] wg1 speed is unknown, defaulting to 1000 [ 1120.713260][T31235] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1120.783468][T31239] bond12: (slave geneve4): Releasing active interface [ 1120.797145][T31239] team0: Port device bond13 removed [ 1120.813466][T31239] bond14: (slave veth21): Releasing active interface [ 1120.837120][T31239] bond14: (slave veth21): the permanent HWaddr of slave - 12:fd:6b:19:0d:26 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1120.871521][T31239] bond14: (slave batadv0): Releasing active interface [ 1120.886670][T31239] batadv0: left promiscuous mode [ 1120.911937][T31239] bond17: (slave geneve5): Releasing backup interface [ 1120.946146][T31239] bond18: (slave geneve6): Releasing backup interface [ 1121.039060][T31241] tipc: Resetting bearer [ 1121.216291][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5030 ms [ 1121.224447][ C0] lec:lec_tx_timeout: lec0 [ 1121.229461][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 1121.397893][T31267] __nla_validate_parse: 5 callbacks suppressed [ 1121.397916][T31267] netlink: 840 bytes leftover after parsing attributes in process `syz.1.7787'. [ 1121.524087][T31268] lo speed is unknown, defaulting to 1000 [ 1121.579413][T31268] wg1 speed is unknown, defaulting to 1000 [ 1121.702661][T31278] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7790'. [ 1121.712997][T31273] syzkaller0: entered promiscuous mode [ 1121.719046][T31273] syzkaller0: entered allmulticast mode [ 1122.091355][T31297] syzkaller0: entered promiscuous mode [ 1122.097413][T31297] syzkaller0: entered allmulticast mode [ 1122.112596][T31297] tcf_pedit_act: 7 callbacks suppressed [ 1122.112620][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.127518][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.134457][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.141488][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.148347][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.155426][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.162619][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.169594][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.176455][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.183267][T31297] tc action pedit offset must be on 32 bit boundaries [ 1122.190148][T31297] 0: reclassify loop, rule prio 0, protocol 800 [ 1122.203420][T31295] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 1122.657054][T31318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7802'. [ 1122.706738][T31318] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7802'. [ 1123.197414][T31352] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7812'. [ 1123.439623][T31364] syzkaller0: entered promiscuous mode [ 1123.457263][T31364] syzkaller0: entered allmulticast mode [ 1123.498686][T31364] 0: reclassify loop, rule prio 0, protocol 800 [ 1123.687931][T31369] lo speed is unknown, defaulting to 1000 [ 1123.710222][T31369] wg1 speed is unknown, defaulting to 1000 [ 1123.958658][T31386] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7822'. [ 1123.984784][T31386] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7822'. [ 1124.235233][T31398] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1124.739415][T31420] team0: Port device syz_tun removed [ 1124.748317][T31420] bond5: (slave ip6gretap0): Releasing backup interface [ 1124.769535][T31420] bridge0: port 1(bridge_slave_0) entered disabled state [ 1124.806279][T31420] bridge_slave_1: left allmulticast mode [ 1124.828504][T31420] bridge_slave_1: left promiscuous mode [ 1124.836437][T31420] bridge0: port 2(bridge_slave_1) entered disabled state [ 1124.853045][T31420] team0: Port device team_slave_1 removed [ 1124.865003][T31420] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1124.923649][T31420] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7833'. [ 1124.961986][T31425] syzkaller0: entered promiscuous mode [ 1124.979983][T31425] syzkaller0: entered allmulticast mode [ 1125.139245][T31432] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7836'. [ 1125.507043][T31452] syzkaller0: entered promiscuous mode [ 1125.512742][T31452] syzkaller0: entered allmulticast mode [ 1125.664836][T31458] netlink: 'syz.4.7846': attribute type 1 has an invalid length. [ 1125.696852][T31458] 8021q: adding VLAN 0 to HW filter on device bond14 [ 1126.117189][T31482] IPVS: Unknown mcast interface: macsec0 [ 1126.235850][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 1126.244081][ C0] lec:lec_tx_timeout: lec0 [ 1126.949559][T31538] syzkaller0: left promiscuous mode [ 1126.962666][T31538] syzkaller0: left allmulticast mode [ 1127.024539][T31545] netlink: 'syz.4.7877': attribute type 1 has an invalid length. [ 1127.138138][T31545] 8021q: adding VLAN 0 to HW filter on device bond15 [ 1127.219067][T31554] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7879'. [ 1127.447653][T31563] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1127.519764][T31570] syzkaller0: entered promiscuous mode [ 1127.525534][T31570] syzkaller0: entered allmulticast mode [ 1127.612816][T31575] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7881'. [ 1127.663010][T31571] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 1127.730981][T31578] FAULT_INJECTION: forcing a failure. [ 1127.730981][T31578] name failslab, interval 1, probability 0, space 0, times 0 [ 1127.786016][T31578] CPU: 0 UID: 0 PID: 31578 Comm: syz.2.7886 Not tainted syzkaller #0 PREEMPT(full) [ 1127.786047][T31578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1127.786061][T31578] Call Trace: [ 1127.786071][T31578] [ 1127.786081][T31578] dump_stack_lvl+0xe8/0x150 [ 1127.786120][T31578] should_fail_ex+0x412/0x560 [ 1127.786158][T31578] should_failslab+0xa8/0x100 [ 1127.786185][T31578] __kmalloc_noprof+0xe8/0x760 [ 1127.786218][T31578] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1127.786259][T31578] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1127.786293][T31578] ? tomoyo_domain+0xd7/0x130 [ 1127.786332][T31578] ? tomoyo_path_number_perm+0x219/0x630 [ 1127.786360][T31578] tomoyo_path_number_perm+0x246/0x630 [ 1127.786391][T31578] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1127.786425][T31578] ? __lock_acquire+0x6b5/0x2cf0 [ 1127.786470][T31578] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1127.786528][T31578] ? __fget_files+0x2a/0x420 [ 1127.786559][T31578] ? __fget_files+0x2a/0x420 [ 1127.786586][T31578] ? __fget_files+0x3a0/0x420 [ 1127.786613][T31578] ? __fget_files+0x2a/0x420 [ 1127.786645][T31578] security_file_ioctl+0xc3/0x2a0 [ 1127.786673][T31578] __se_sys_ioctl+0x47/0x170 [ 1127.786695][T31578] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.786720][T31578] do_syscall_64+0x15f/0xf80 [ 1127.786746][T31578] ? trace_irq_disable+0x3b/0x140 [ 1127.786771][T31578] ? clear_bhb_loop+0x40/0x90 [ 1127.786798][T31578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.786821][T31578] RIP: 0033:0x7f3b49b9c819 [ 1127.786843][T31578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1127.786863][T31578] RSP: 002b:00007f3b4a9e4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1127.786888][T31578] RAX: ffffffffffffffda RBX: 00007f3b49e15fa0 RCX: 00007f3b49b9c819 [ 1127.786905][T31578] RDX: 00002000000002c0 RSI: 000000008010743f RDI: 0000000000000004 [ 1127.786920][T31578] RBP: 00007f3b4a9e4090 R08: 0000000000000000 R09: 0000000000000000 [ 1127.786935][T31578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1127.786948][T31578] R13: 00007f3b49e16038 R14: 00007f3b49e15fa0 R15: 00007ffe9fe33948 [ 1127.786985][T31578] [ 1127.791752][T31578] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1128.247020][T31598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7892'. [ 1128.248406][T31592] syzkaller0: entered promiscuous mode [ 1128.280499][T31599] netlink: 'syz.2.7893': attribute type 1 has an invalid length. [ 1128.294059][T31592] syzkaller0: entered allmulticast mode [ 1128.345027][T31598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7892'. [ 1128.362328][T31599] 8021q: adding VLAN 0 to HW filter on device bond13 [ 1128.402547][T31598] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7892'. [ 1128.427403][T31588] lo speed is unknown, defaulting to 1000 [ 1128.472979][T31601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7894'. [ 1128.495582][T31588] wg1 speed is unknown, defaulting to 1000 [ 1128.651164][T31613] FAULT_INJECTION: forcing a failure. [ 1128.651164][T31613] name failslab, interval 1, probability 0, space 0, times 0 [ 1128.698671][T31613] CPU: 0 UID: 0 PID: 31613 Comm: syz.3.7897 Not tainted syzkaller #0 PREEMPT(full) [ 1128.698700][T31613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1128.698715][T31613] Call Trace: [ 1128.698724][T31613] [ 1128.698735][T31613] dump_stack_lvl+0xe8/0x150 [ 1128.698772][T31613] should_fail_ex+0x412/0x560 [ 1128.698832][T31613] should_failslab+0xa8/0x100 [ 1128.698857][T31613] __kmalloc_noprof+0xe8/0x760 [ 1128.698892][T31613] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1128.698930][T31613] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1128.698966][T31613] ? tomoyo_domain+0xd7/0x130 [ 1128.699004][T31613] ? tomoyo_path_number_perm+0x219/0x630 [ 1128.699032][T31613] tomoyo_path_number_perm+0x246/0x630 [ 1128.699064][T31613] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1128.699090][T31613] ? __lock_acquire+0x6b5/0x2cf0 [ 1128.699139][T31613] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1128.699194][T31613] ? __fget_files+0x2a/0x420 [ 1128.699226][T31613] ? __fget_files+0x2a/0x420 [ 1128.699253][T31613] ? __fget_files+0x3a0/0x420 [ 1128.699281][T31613] ? __fget_files+0x2a/0x420 [ 1128.699315][T31613] security_file_ioctl+0xc3/0x2a0 [ 1128.699351][T31613] __se_sys_ioctl+0x47/0x170 [ 1128.699374][T31613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.699399][T31613] do_syscall_64+0x15f/0xf80 [ 1128.699426][T31613] ? trace_irq_disable+0x3b/0x140 [ 1128.699452][T31613] ? clear_bhb_loop+0x40/0x90 [ 1128.699480][T31613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.699503][T31613] RIP: 0033:0x7f167e39c819 [ 1128.699524][T31613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1128.699544][T31613] RSP: 002b:00007f167f1c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1128.699570][T31613] RAX: ffffffffffffffda RBX: 00007f167e615fa0 RCX: 00007f167e39c819 [ 1128.699588][T31613] RDX: 0000200000000140 RSI: 0000000000008b06 RDI: 0000000000000003 [ 1128.699604][T31613] RBP: 00007f167f1c4090 R08: 0000000000000000 R09: 0000000000000000 [ 1128.699619][T31613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1128.699633][T31613] R13: 00007f167e616038 R14: 00007f167e615fa0 R15: 00007ffd9bcf7b88 [ 1128.699694][T31613] [ 1128.702119][T31613] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1128.989164][T31617] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1129.134810][T31623] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7899'. [ 1129.440100][T31625] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7902'. [ 1129.606167][T31643] netlink: 'syz.3.7905': attribute type 1 has an invalid length. [ 1129.732071][T31625] syzkaller0: entered promiscuous mode [ 1129.752503][T31625] syzkaller0: entered allmulticast mode [ 1129.827553][T31643] 8021q: adding VLAN 0 to HW filter on device bond19 [ 1133.308699][T31655] syzkaller0: entered promiscuous mode [ 1133.314310][T31655] syzkaller0: entered allmulticast mode [ 1133.323582][T31677] tipc: Resetting bearer [ 1133.995163][T31714] netlink: 'syz.0.7920': attribute type 1 has an invalid length. [ 1136.663420][T27514] wg1 speed is unknown, defaulting to 1000 [ 1136.718494][T31714] workqueue: Failed to create a rescuer kthread for wq "bond23": -EINTR [ 1137.126712][T31735] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7927'. [ 1137.152705][T31735] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7927'. [ 1137.168602][T31735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7927'. [ 1137.383805][T31741] syzkaller0: entered promiscuous mode [ 1137.391621][T31741] syzkaller0: entered allmulticast mode [ 1137.404359][T31750] nr0: tun_chr_ioctl cmd 1074025677 [ 1137.413440][T31750] nr0: linktype set to 774 [ 1137.435015][T31755] tipc: Resetting bearer [ 1141.020216][T31762] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7935'. [ 1141.070780][T31761] lo speed is unknown, defaulting to 1000 [ 1141.095272][T31761] wg1 speed is unknown, defaulting to 1000 [ 1141.147924][T31785] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1141.186237][T31787] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1141.368870][T31799] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7945'. [ 1141.418642][T31801] xt_hashlimit: size too large, truncated to 1048576 [ 1141.683681][T31811] netlink: 'syz.0.7947': attribute type 15 has an invalid length. [ 1141.970765][T31820] lo speed is unknown, defaulting to 1000 [ 1142.008205][T31820] wg1 speed is unknown, defaulting to 1000 [ 1142.186369][T31834] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1142.312969][T31841] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.7955'. [ 1142.695092][T31852] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1142.729958][T31859] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7960'. [ 1143.056868][T31875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7965'. [ 1143.120266][T31875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7965'. [ 1144.426868][T31930] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7983'. [ 1144.613230][T31939] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1144.712789][T31943] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7986'. [ 1145.089388][T31964] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7995'. [ 1145.108721][T31964] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7995'. [ 1145.129457][T31964] netlink: 492 bytes leftover after parsing attributes in process `syz.3.7995'. [ 1145.372298][T31977] xt_hashlimit: size too large, truncated to 1048576 [ 1145.701735][T31994] netlink: 'syz.0.8009': attribute type 11 has an invalid length. [ 1145.759328][T31996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8010'. [ 1145.849177][T31999] netlink: 'syz.4.8011': attribute type 28 has an invalid length. [ 1145.947297][T32005] syzkaller0: left promiscuous mode [ 1145.977112][T32005] syzkaller0: left allmulticast mode [ 1146.142262][T32012] bond19: (slave bond_slave_1): Device is not bonding slave [ 1146.149733][T32012] bond19: option active_slave: invalid value (bond_slave_1) [ 1146.169830][T32012] bond19 (unregistering): Released all slaves [ 1146.673586][T32039] xt_hashlimit: size too large, truncated to 1048576 [ 1146.883670][T32043] netlink: 'syz.0.8025': attribute type 13 has an invalid length. [ 1146.908558][T32043] netlink: 'syz.0.8025': attribute type 17 has an invalid length. [ 1147.123819][T32043] 8021q: adding VLAN 0 to HW filter on device team0 [ 1147.133447][T32043] –: left promiscuous mode [ 1147.148505][T32043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1147.168507][T17336] lo speed is unknown, defaulting to 1000 [ 1147.190878][T17336] syz2: Port: 1 Link ACTIVE [ 1147.271644][T32056] syzkaller1: entered promiscuous mode [ 1147.282194][T32056] syzkaller1: entered allmulticast mode [ 1147.536275][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1147.547691][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1147.581417][T32065] __nla_validate_parse: 2 callbacks suppressed [ 1147.581441][T32065] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8034'. [ 1147.758360][T32074] xt_hashlimit: size too large, truncated to 1048576 [ 1148.005680][T32085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8042'. [ 1148.054700][T32091] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8044'. [ 1148.064748][T32091] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8044'. [ 1148.439125][T27538] lo speed is unknown, defaulting to 1000 [ 1148.664002][T32113] tipc: Resetting bearer [ 1148.803531][T32120] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8055'. [ 1148.819590][T32120] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8055'. [ 1148.848468][T32125] xt_hashlimit: size too large, truncated to 1048576 [ 1148.976164][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1148.985275][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1149.080943][T32130] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 1149.458447][T32156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8068'. [ 1149.474199][T32156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8068'. [ 1149.558017][T32154] netlink: 'syz.4.8065': attribute type 3 has an invalid length. [ 1149.593323][T32154] netlink: 'syz.4.8065': attribute type 3 has an invalid length. [ 1149.623851][T32154] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8065'. [ 1149.692582][T32169] syzkaller1: entered promiscuous mode [ 1149.698940][T32169] syzkaller1: entered allmulticast mode [ 1149.856168][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1149.865089][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1150.145137][T32189] lo speed is unknown, defaulting to 1000 [ 1150.192920][T32189] wg1 speed is unknown, defaulting to 1000 [ 1150.442656][T32205] IPVS: set_ctl: invalid protocol: 135 172.30.0.2:20001 [ 1150.736032][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1150.746388][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1150.884231][T32210] syzkaller1: entered promiscuous mode [ 1150.894945][T32210] syzkaller1: entered allmulticast mode [ 1150.945044][T32217] lo speed is unknown, defaulting to 1000 [ 1151.088548][T32217] wg1 speed is unknown, defaulting to 1000 [ 1151.089217][T32220] lo speed is unknown, defaulting to 1000 [ 1151.144819][T32220] wg1 speed is unknown, defaulting to 1000 [ 1151.535429][T32244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8094'. [ 1152.052244][T32251] 8021q: adding VLAN 0 to HW filter on device bond19 [ 1152.475371][T32271] syzkaller1: entered promiscuous mode [ 1152.489879][T32271] syzkaller1: entered allmulticast mode [ 1152.520089][T32276] 5nč‹Ņ: entered promiscuous mode [ 1152.815233][T32285] openvswitch: netlink: IPv4 tun info is not correct [ 1152.997253][T32266] lec:lec_atm_close: lec0: Shut down! [ 1153.202536][T32298] netlink: 'syz.4.8113': attribute type 1 has an invalid length. [ 1153.422715][T32305] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1153.447068][T27538] lo speed is unknown, defaulting to 1000 [ 1153.454948][T27538] syz2: Port: 1 Link DOWN [ 1153.585087][T32309] __nla_validate_parse: 3 callbacks suppressed [ 1153.585110][T32309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8118'. [ 1153.663833][T32315] openvswitch: netlink: IPv4 tun info is not correct [ 1153.753939][T32313] netlink: 400 bytes leftover after parsing attributes in process `syz.4.8120'. [ 1153.767251][T32313] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8120'. [ 1153.894373][T32323] bond11: (slave lo): Releasing backup interface [ 1153.924207][T32323] bond11: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 1153.982327][T32323] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1154.073301][T32323] netlink: 68 bytes leftover after parsing attributes in process `syz.2.8124'. [ 1154.118225][T32323] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 1154.222979][T32337] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8128'. [ 1154.380966][T32345] syzkaller0: entered promiscuous mode [ 1154.395254][T32345] syzkaller0: entered allmulticast mode [ 1154.555646][T32349] openvswitch: netlink: IPv4 tun info is not correct [ 1154.677397][T32355] macsec2: entered promiscuous mode [ 1154.682817][T32355] vlan4: entered promiscuous mode [ 1154.688979][T32355] syz_tun: entered promiscuous mode [ 1154.697402][T32355] vlan4: left promiscuous mode [ 1154.702341][T32355] syz_tun: left promiscuous mode [ 1154.801050][T32360] syzkaller1: entered promiscuous mode [ 1154.816930][T32360] syzkaller1: entered allmulticast mode [ 1154.971483][T32364] lo speed is unknown, defaulting to 1000 [ 1154.982933][T32364] wg1 speed is unknown, defaulting to 1000 [ 1154.999200][T32367] netlink: 44 bytes leftover after parsing attributes in process `syz.3.8139'. [ 1155.552171][T32384] openvswitch: netlink: IPv4 tun info is not correct [ 1155.565148][T32382] ip6gre4: entered promiscuous mode [ 1155.589937][T32382] ip6gre4: entered allmulticast mode [ 1155.942105][T32402] vlan2: left promiscuous mode [ 1155.949155][T32405] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8152'. [ 1155.958159][T32402] bridge_slave_0: left promiscuous mode [ 1156.055122][T32405] lo speed is unknown, defaulting to 1000 [ 1156.073205][T32405] wg1 speed is unknown, defaulting to 1000 [ 1156.367704][T32417] openvswitch: netlink: IPv4 tun info is not correct [ 1156.593208][T32426] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8160'. [ 1156.611219][T32426] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8160'. [ 1156.756959][T32434] netlink: 'syz.1.8159': attribute type 1 has an invalid length. [ 1156.767353][T32433] syzkaller0: entered promiscuous mode [ 1156.773631][T32433] syzkaller0: entered allmulticast mode [ 1156.845938][T32438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8162'. [ 1156.855205][T32438] netlink: 'syz.0.8162': attribute type 20 has an invalid length. [ 1156.889847][T32434] bond20: entered promiscuous mode [ 1156.895544][T32434] 8021q: adding VLAN 0 to HW filter on device bond20 [ 1158.195970][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5190 ms [ 1158.204323][ C0] lec:lec_tx_timeout: lec0 [ 1160.238731][T32442] 8021q: adding VLAN 0 to HW filter on device bond20 [ 1160.255279][T32442] bond20: (slave gre2): The slave device specified does not support setting the MAC address [ 1160.286010][T32442] bond20: (slave gre2): Setting fail_over_mac to active for active-backup mode [ 1160.307005][T32442] bond20: (slave gre2): making interface the new active one [ 1160.314730][T32442] gre2: entered promiscuous mode [ 1160.322808][T32442] bond20: (slave gre2): Enslaving as an active interface with an up link [ 1160.568335][T32466] openvswitch: netlink: IPv4 tun info is not correct [ 1160.962506][T32485] FAULT_INJECTION: forcing a failure. [ 1160.962506][T32485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1161.017293][T32485] CPU: 1 UID: 0 PID: 32485 Comm: syz.0.8176 Not tainted syzkaller #0 PREEMPT(full) [ 1161.017324][T32485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1161.017340][T32485] Call Trace: [ 1161.017349][T32485] [ 1161.017359][T32485] dump_stack_lvl+0xe8/0x150 [ 1161.017399][T32485] should_fail_ex+0x412/0x560 [ 1161.017437][T32485] _copy_to_user+0x31/0xb0 [ 1161.017464][T32485] simple_read_from_buffer+0xe1/0x170 [ 1161.017500][T32485] proc_fail_nth_read+0x1bb/0x230 [ 1161.017535][T32485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1161.017564][T32485] ? rw_verify_area+0x2a6/0x4d0 [ 1161.017591][T32485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1161.017618][T32485] vfs_read+0x20c/0xa70 [ 1161.017649][T32485] ? __pfx___mutex_lock+0x10/0x10 [ 1161.017675][T32485] ? __pfx_vfs_read+0x10/0x10 [ 1161.017703][T32485] ? __fget_files+0x2a/0x420 [ 1161.017733][T32485] ? __fget_files+0x3a0/0x420 [ 1161.017755][T32485] ? __fget_files+0x2a/0x420 [ 1161.017785][T32485] ksys_read+0x150/0x270 [ 1161.017815][T32485] ? __pfx_ksys_read+0x10/0x10 [ 1161.017849][T32485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.017870][T32485] do_syscall_64+0x15f/0xf80 [ 1161.017892][T32485] ? trace_irq_disable+0x3b/0x140 [ 1161.017914][T32485] ? clear_bhb_loop+0x40/0x90 [ 1161.017936][T32485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.017954][T32485] RIP: 0033:0x7f2a17b5d04e [ 1161.017971][T32485] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1161.017987][T32485] RSP: 002b:00007f2a18a8ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1161.018008][T32485] RAX: ffffffffffffffda RBX: 00007f2a18a906c0 RCX: 00007f2a17b5d04e [ 1161.018021][T32485] RDX: 000000000000000f RSI: 00007f2a18a900a0 RDI: 0000000000000004 [ 1161.018033][T32485] RBP: 00007f2a18a90090 R08: 0000000000000000 R09: 0000000000000000 [ 1161.018044][T32485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1161.018056][T32485] R13: 00007f2a17e16038 R14: 00007f2a17e15fa0 R15: 00007ffd8db55588 [ 1161.018084][T32485] [ 1161.512279][T32500] syzkaller0: entered promiscuous mode [ 1161.527305][T32500] syzkaller0: entered allmulticast mode [ 1161.537421][T32502] syzkaller0: entered promiscuous mode [ 1161.548097][T32502] syzkaller0: entered allmulticast mode [ 1161.579847][T32502] FAULT_INJECTION: forcing a failure. [ 1161.579847][T32502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1161.621911][T32502] CPU: 0 UID: 0 PID: 32502 Comm: syz.4.8184 Not tainted syzkaller #0 PREEMPT(full) [ 1161.621942][T32502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1161.621957][T32502] Call Trace: [ 1161.621966][T32502] [ 1161.621977][T32502] dump_stack_lvl+0xe8/0x150 [ 1161.622014][T32502] should_fail_ex+0x412/0x560 [ 1161.622052][T32502] _copy_from_user+0x2d/0xb0 [ 1161.622076][T32502] ___sys_sendmsg+0x1c6/0x360 [ 1161.622109][T32502] ? __lock_acquire+0x6b5/0x2cf0 [ 1161.622144][T32502] ? __pfx____sys_sendmsg+0x10/0x10 [ 1161.622215][T32502] ? __fget_files+0x2a/0x420 [ 1161.622243][T32502] ? __fget_files+0x3a0/0x420 [ 1161.622282][T32502] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1161.622320][T32502] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1161.622365][T32502] ? __pfx_ksys_write+0x10/0x10 [ 1161.622409][T32502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.622434][T32502] do_syscall_64+0x15f/0xf80 [ 1161.622461][T32502] ? trace_irq_disable+0x3b/0x140 [ 1161.622486][T32502] ? clear_bhb_loop+0x40/0x90 [ 1161.622514][T32502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.622536][T32502] RIP: 0033:0x7f2b75b9c819 [ 1161.622558][T32502] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1161.622578][T32502] RSP: 002b:00007f2b76b27028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1161.622608][T32502] RAX: ffffffffffffffda RBX: 00007f2b75e15fa0 RCX: 00007f2b75b9c819 [ 1161.622626][T32502] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000007 [ 1161.622641][T32502] RBP: 00007f2b76b27090 R08: 0000000000000000 R09: 0000000000000000 [ 1161.622655][T32502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1161.622670][T32502] R13: 00007f2b75e16038 R14: 00007f2b75e15fa0 R15: 00007ffded04d238 [ 1161.622705][T32502] [ 1161.969329][T32506] lo speed is unknown, defaulting to 1000 [ 1161.982789][T32515] syzkaller0: entered promiscuous mode [ 1161.988502][T32515] syzkaller0: entered allmulticast mode [ 1161.996731][T32506] wg1 speed is unknown, defaulting to 1000 [ 1162.152973][T32515] pimreg: entered allmulticast mode [ 1162.314538][T32533] __nla_validate_parse: 2 callbacks suppressed [ 1162.314577][T32533] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.8194'. [ 1162.367392][T32515] pimreg: left allmulticast mode [ 1162.425014][T32536] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8195'. [ 1162.690541][T32546] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8198'. [ 1162.720047][T32548] netlink: 'syz.1.8199': attribute type 15 has an invalid length. [ 1162.742583][T32549] netlink: 'syz.1.8199': attribute type 15 has an invalid length. [ 1162.759803][T32548] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8199'. [ 1162.790523][ T29] audit: type=1804 audit(1776900397.312:11): pid=32548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8199" name="/newroot/1674/cgroup.controllers" dev="tmpfs" ino=8519 res=1 errno=0 [ 1162.870851][ T29] audit: type=1800 audit(1776900397.322:12): pid=32548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.8199" name="cgroup.controllers" dev="tmpfs" ino=8519 res=0 errno=0 [ 1163.025127][T32557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8202'. [ 1163.122468][T32569] syzkaller0: entered promiscuous mode [ 1163.128928][T32569] syzkaller0: entered allmulticast mode [ 1163.140959][T32569] TC_ACT_REPEAT abuse ? [ 1163.528492][T32576] netlink: 210256 bytes leftover after parsing attributes in process `syz.2.8207'. [ 1163.568526][T32576] netlink: 'syz.2.8207': attribute type 10 has an invalid length. [ 1163.691914][T32585] sctp: [Deprecated]: syz.0.8210 (pid 32585) Use of int in max_burst socket option. [ 1163.691914][T32585] Use struct sctp_assoc_value instead [ 1164.436765][T32616] xt_TCPMSS: Only works on TCP SYN packets [ 1164.568833][T32616] lo speed is unknown, defaulting to 1000 [ 1164.581093][T32616] wg1 speed is unknown, defaulting to 1000 [ 1164.687643][T32628] tipc: Resetting bearer [ 1165.067185][T32635] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8227'. [ 1165.125011][T32638] lo speed is unknown, defaulting to 1000 [ 1165.160586][T32638] wg1 speed is unknown, defaulting to 1000 [ 1165.348795][T32648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8231'. [ 1165.372275][T32651] netlink: 'syz.0.8232': attribute type 1 has an invalid length. [ 1165.406412][T32653] netlink: 11 bytes leftover after parsing attributes in process `syz.4.8231'. [ 1165.547828][T32656] netlink: 'syz.3.8233': attribute type 4 has an invalid length. [ 1165.597739][T32656] netlink: 17 bytes leftover after parsing attributes in process `syz.3.8233'. [ 1165.681428][T32659] syzkaller0: entered promiscuous mode [ 1165.703484][T32659] syzkaller0: entered allmulticast mode [ 1165.953329][T32673] xt_TCPMSS: Only works on TCP SYN packets [ 1166.034305][T32673] lo speed is unknown, defaulting to 1000 [ 1166.441166][T32673] wg1 speed is unknown, defaulting to 1000 [ 1166.471925][T32688] geneve5: entered promiscuous mode [ 1166.504343][T30357] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 1166.606163][T30357] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 1166.616633][T30357] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 1166.658602][T30357] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 1167.034281][T32710] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1167.486751][T32729] __nla_validate_parse: 2 callbacks suppressed [ 1167.486774][T32729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8252'. [ 1167.636961][T32740] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1167.650240][T32740] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8256'. [ 1167.702999][T32724] syzkaller0: entered promiscuous mode [ 1167.712806][T32724] syzkaller0: entered allmulticast mode [ 1167.782580][T32754] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8258'. [ 1167.795139][T32729] 8021q: adding VLAN 0 to HW filter on device bond14 [ 1168.022339][T32764] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8261'. [ 1170.970447][T32759] lo speed is unknown, defaulting to 1000 [ 1171.001424][T32759] wg1 speed is unknown, defaulting to 1000 [ 1171.594945][ T333] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8268'. [ 1171.804763][ T347] netlink: 'syz.2.8272': attribute type 13 has an invalid length. [ 1171.819253][ T347] netlink: 'syz.2.8272': attribute type 17 has an invalid length. [ 1171.869355][T27538] lo speed is unknown, defaulting to 1000 [ 1172.125072][ T343] tipc: Resetting bearer [ 1172.966906][ T343] veth1_vlan: left allmulticast mode [ 1174.038962][ T347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1174.048051][ T347] 8021q: adding VLAN 0 to HW filter on device team0 [ 1174.059667][ T347] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1174.115015][ T364] syzkaller0: entered promiscuous mode [ 1174.135612][ T364] syzkaller0: entered allmulticast mode [ 1174.156756][ T1110] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.170550][ T1110] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1174.634857][ T380] netlink: 128 bytes leftover after parsing attributes in process `syz.3.8279'. [ 1175.785473][ T349] Set syz1 is full, maxelem 65536 reached [ 1177.628537][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1178.062857][ T1110] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1178.072187][ T1110] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1178.213998][ T400] syzkaller0: entered promiscuous mode [ 1178.224824][ T400] syzkaller0: entered allmulticast mode [ 1178.241340][ T400] tcf_pedit_act: 24 callbacks suppressed [ 1178.241362][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.256109][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.263075][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.270041][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.277256][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.284173][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.291218][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.298128][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.304940][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.312002][ T400] tc action pedit offset must be on 32 bit boundaries [ 1178.318892][ T400] 0: reclassify loop, rule prio 0, protocol 800 [ 1178.427151][ T411] openvswitch: netlink: IPv4 tun info is not correct [ 1178.458378][ T408] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8285'. [ 1178.650813][ T418] bond16: option active_slave: mode dependency failed, not supported in mode balance-xor(2) [ 1178.668138][ T418] bond16 (unregistering): Released all slaves [ 1178.754033][ T421] tipc: Enabling of bearer rejected, failed to enable media [ 1179.210955][ T451] openvswitch: netlink: IPv4 tun info is not correct [ 1179.258229][ T453] syzkaller0: entered promiscuous mode [ 1179.276199][ T453] syzkaller0: entered allmulticast mode [ 1179.297864][ T453] 0: reclassify loop, rule prio 0, protocol 800 [ 1179.670115][ T476] xt_TCPMSS: Only works on TCP SYN packets [ 1179.695138][ T480] xt_TCPMSS: Only works on TCP SYN packets [ 1179.808734][ T483] Bluetooth: MGMT ver 1.23 [ 1179.889221][ T476] lo speed is unknown, defaulting to 1000 [ 1179.904772][ T480] lo speed is unknown, defaulting to 1000 [ 1179.912260][ T486] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8304'. [ 1179.926680][ T476] wg1 speed is unknown, defaulting to 1000 [ 1179.975136][ T480] wg1 speed is unknown, defaulting to 1000 [ 1180.219474][ T501] x_tables: duplicate underflow at hook 3 [ 1180.425330][ T509] openvswitch: netlink: IPv4 tun info is not correct [ 1180.465384][ T507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8311'. [ 1180.543734][ T512] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8313'. [ 1180.569090][ T514] netlink: 72 bytes leftover after parsing attributes in process `syz.4.8314'. [ 1180.670690][ T512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8313'. [ 1180.921978][ T521] bond16: entered promiscuous mode [ 1180.942454][ T521] 8021q: adding VLAN 0 to HW filter on device bond16 [ 1181.169200][ T525] syzkaller0: entered promiscuous mode [ 1181.175050][ T525] syzkaller0: entered allmulticast mode [ 1181.548484][ T547] xt_hashlimit: size too large, truncated to 1048576 [ 1181.607900][ T549] openvswitch: netlink: IPv4 tun info is not correct [ 1181.804542][ T554] xt_TCPMSS: Only works on TCP SYN packets [ 1183.225845][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5590 ms [ 1183.233981][ C0] lec:lec_tx_timeout: lec0 [ 1183.239023][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 1185.207616][ T533] lo speed is unknown, defaulting to 1000 [ 1185.329733][ T533] wg1 speed is unknown, defaulting to 1000 [ 1185.445305][ T586] openvswitch: netlink: IPv4 tun info is not correct [ 1185.841521][ T596] lo speed is unknown, defaulting to 1000 [ 1185.893785][ T596] wg1 speed is unknown, defaulting to 1000 [ 1186.237209][ T606] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8343'. [ 1186.423347][ T606] 8021q: adding VLAN 0 to HW filter on device bond22 [ 1186.812006][ T639] netlink: 'syz.3.8346': attribute type 5 has an invalid length. [ 1186.871423][ T619] syzkaller0: entered promiscuous mode [ 1186.893179][ T619] syzkaller0: entered allmulticast mode [ 1187.049239][ T650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8352'. [ 1187.099053][ T652] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8351'. [ 1187.100012][ T643] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8349'. [ 1187.411570][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.419870][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.428400][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.436802][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.444813][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.453681][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.463137][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.484097][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1187.526275][ T659] netlink: 'syz.4.8355': attribute type 4 has an invalid length. [ 1188.090109][ T675] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1188.235818][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 1188.243948][ C0] lec:lec_tx_timeout: lec0 [ 1188.427386][ T675] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1188.643253][ T675] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1190.313317][ T647] ip6erspan1: entered allmulticast mode [ 1190.374789][ T682] sock: sock_set_timeout: `syz.2.8359' (pid 682) tries to set negative timeout [ 1190.719055][ T697] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8364'. [ 1190.746321][ T697] netem: change failed [ 1190.835908][ T701] lo speed is unknown, defaulting to 1000 [ 1190.862511][ T706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8368'. [ 1190.884435][ T707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8368'. [ 1190.918429][ T706] ip6tnl4: entered allmulticast mode [ 1190.970240][ T701] wg1 speed is unknown, defaulting to 1000 [ 1191.215244][ T712] syzkaller0: entered promiscuous mode [ 1191.233207][ T712] syzkaller0: entered allmulticast mode [ 1191.292579][ T712] tcf_pedit_act: 24 callbacks suppressed [ 1191.294019][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.308236][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.315230][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.322441][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.329487][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.336357][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.343285][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.350155][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.357150][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.363960][ T712] tc action pedit offset must be on 32 bit boundaries [ 1191.371021][ T712] 0: reclassify loop, rule prio 0, protocol 800 [ 1191.729836][ T718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8371'. [ 1191.751065][ T722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8373'. [ 1191.811417][ T718] 8021q: adding VLAN 0 to HW filter on device bond17 [ 1191.828859][ T701] validate_nla: 57 callbacks suppressed [ 1191.828878][ T701] netlink: 'syz.3.8366': attribute type 4 has an invalid length. [ 1191.844708][ T701] netlink: 'syz.3.8366': attribute type 4 has an invalid length. [ 1192.106710][ T730] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8375'. [ 1192.298289][T27521] lo speed is unknown, defaulting to 1000 [ 1192.384331][ T747] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8381'. [ 1192.468449][ T747] lo speed is unknown, defaulting to 1000 [ 1192.523096][ T739] lo speed is unknown, defaulting to 1000 [ 1192.533626][ T747] wg1 speed is unknown, defaulting to 1000 [ 1192.559862][ T739] wg1 speed is unknown, defaulting to 1000 [ 1192.851418][ T756] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8383'. [ 1193.090431][ T761] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1193.628489][ T781] xt_hashlimit: size too large, truncated to 1048576 [ 1194.468550][ T802] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1194.492037][ T809] batadv_slave_0: entered promiscuous mode [ 1194.511587][ T809] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8398'. [ 1194.607521][ T800] syzkaller0: entered promiscuous mode [ 1194.623991][ T800] syzkaller0: entered allmulticast mode [ 1197.957977][ T807] batadv_slave_0: left promiscuous mode [ 1198.060607][ T819] lo speed is unknown, defaulting to 1000 [ 1198.086314][ T819] wg1 speed is unknown, defaulting to 1000 [ 1198.177757][ T836] netlink: 'syz.4.8404': attribute type 1 has an invalid length. [ 1198.195166][ T836] netlink: 228 bytes leftover after parsing attributes in process `syz.4.8404'. [ 1198.223831][ T834] dvmrp1: entered allmulticast mode [ 1198.249967][ T841] netlink: 'syz.4.8404': attribute type 1 has an invalid length. [ 1198.270562][ T841] netlink: 228 bytes leftover after parsing attributes in process `syz.4.8404'. [ 1198.280247][ T840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8405'. [ 1198.483423][ T855] bond0: option miimon: invalid value (18446744073676128286) [ 1198.502410][ T855] bond0: option miimon: allowed values 0 - 2147483647 [ 1198.609261][ T857] syzkaller0: entered promiscuous mode [ 1198.615966][ T857] syzkaller0: entered allmulticast mode [ 1198.644816][ T861] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1201.654955][ T870] lo speed is unknown, defaulting to 1000 [ 1201.667909][ T870] wg1 speed is unknown, defaulting to 1000 [ 1201.877462][ T886] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.8417'. [ 1201.904957][ T886] openvswitch: netlink: Key type 769 is out of range max 32 [ 1201.997410][ T889] IPVS: set_ctl: invalid protocol: 46 224.0.0.1:20003 [ 1202.187977][ T897] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1202.285470][ T900] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8416'. [ 1202.497744][ T905] bond20: option fail_over_mac: invalid value (127) [ 1202.547888][ T905] bond20 (unregistering): Released all slaves [ 1203.149942][ T956] vlan5: entered promiscuous mode [ 1203.193741][ T956] geneve1: entered promiscuous mode [ 1203.221464][ T956] vlan5: entered allmulticast mode [ 1203.249342][ T956] geneve1: entered allmulticast mode [ 1203.648420][ T970] lo speed is unknown, defaulting to 1000 [ 1203.686893][ T970] wg1 speed is unknown, defaulting to 1000 [ 1203.749482][ T974] Bluetooth: hci2: Opcode 0x0401 failed: -22 [ 1203.959055][ T977] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1204.821495][ T1013] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8446'. [ 1204.931806][ T1020] syzkaller0: entered promiscuous mode [ 1204.940016][ T1020] syzkaller0: entered allmulticast mode [ 1204.974383][ T1018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8447'. [ 1205.402085][ T1037] syzkaller0: entered promiscuous mode [ 1205.418656][ T1037] syzkaller0: entered allmulticast mode [ 1206.083320][ T1075] netlink: 4188 bytes leftover after parsing attributes in process `syz.1.8464'. [ 1206.099554][ T1079] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1206.154930][ T1075] netlink: 220 bytes leftover after parsing attributes in process `syz.1.8464'. [ 1206.188576][ T1075] netlink: 128 bytes leftover after parsing attributes in process `syz.1.8464'. [ 1206.235037][ T1081] xt_hashlimit: size too large, truncated to 1048576 [ 1206.499001][ T1092] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1206.532985][ T1092] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1206.572727][ T1092] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1206.609143][ T1092] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1206.707726][ T1092] netlink: 1072 bytes leftover after parsing attributes in process `syz.3.8466'. [ 1206.720688][ T1096] syzkaller0: entered promiscuous mode [ 1206.738109][ T1096] syzkaller0: entered allmulticast mode [ 1206.767401][ T1096] tcf_pedit_act: 7 callbacks suppressed [ 1206.767423][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.782303][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.789434][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.796377][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.803186][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.810375][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.817700][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.824685][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.831575][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.838517][ T1096] tc action pedit offset must be on 32 bit boundaries [ 1206.845398][ T1096] 0: reclassify loop, rule prio 0, protocol 800 [ 1206.951444][ T1100] FAULT_INJECTION: forcing a failure. [ 1206.951444][ T1100] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.972776][ T1100] CPU: 0 UID: 0 PID: 1100 Comm: syz.0.8471 Not tainted syzkaller #0 PREEMPT(full) [ 1206.972810][ T1100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1206.972825][ T1100] Call Trace: [ 1206.972835][ T1100] [ 1206.972845][ T1100] dump_stack_lvl+0xe8/0x150 [ 1206.972886][ T1100] should_fail_ex+0x412/0x560 [ 1206.972925][ T1100] should_failslab+0xa8/0x100 [ 1206.972948][ T1100] ? dst_alloc+0x105/0x170 [ 1206.972972][ T1100] kmem_cache_alloc_noprof+0x87/0x650 [ 1206.973012][ T1100] ? __pfx_find_exception+0x10/0x10 [ 1206.973059][ T1100] dst_alloc+0x105/0x170 [ 1206.973088][ T1100] ip_route_output_key_hash_rcu+0x14d0/0x25d0 [ 1206.973123][ T1100] ? ip_route_output_key_hash+0xd8/0x2a0 [ 1206.973148][ T1100] ip_route_output_key_hash+0x18d/0x2a0 [ 1206.973174][ T1100] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1206.973202][ T1100] ? snprintf+0xe8/0x140 [ 1206.973248][ T1100] tcp_v4_connect+0x74e/0x19b0 [ 1206.973284][ T1100] ? tomoyo_find_next_domain+0x990/0x1aa0 [ 1206.973325][ T1100] ? __pfx_tcp_v4_connect+0x10/0x10 [ 1206.973364][ T1100] __inet_stream_connect+0x25a/0xdd0 [ 1206.973395][ T1100] ? do_raw_spin_lock+0x12b/0x2f0 [ 1206.973417][ T1100] ? lock_sock_nested+0x6a/0x100 [ 1206.973447][ T1100] ? __pfx___inet_stream_connect+0x10/0x10 [ 1206.973487][ T1100] ? inet_stream_connect+0x51/0xa0 [ 1206.973512][ T1100] ? __local_bh_enable_ip+0xd0/0x130 [ 1206.973549][ T1100] inet_stream_connect+0x66/0xa0 [ 1206.973576][ T1100] __sys_connect+0x312/0x450 [ 1206.973611][ T1100] ? __pfx___sys_connect+0x10/0x10 [ 1206.973656][ T1100] ? __pfx_ksys_write+0x10/0x10 [ 1206.973696][ T1100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.973722][ T1100] __x64_sys_connect+0x7a/0x90 [ 1206.973756][ T1100] do_syscall_64+0x15f/0xf80 [ 1206.973783][ T1100] ? trace_irq_disable+0x3b/0x140 [ 1206.973808][ T1100] ? clear_bhb_loop+0x40/0x90 [ 1206.973837][ T1100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.973860][ T1100] RIP: 0033:0x7f2a17b9c819 [ 1206.973882][ T1100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1206.973903][ T1100] RSP: 002b:00007f2a18a90028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1206.973930][ T1100] RAX: ffffffffffffffda RBX: 00007f2a17e15fa0 RCX: 00007f2a17b9c819 [ 1206.973947][ T1100] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 1206.973963][ T1100] RBP: 00007f2a18a90090 R08: 0000000000000000 R09: 0000000000000000 [ 1206.973977][ T1100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.973991][ T1100] R13: 00007f2a17e16038 R14: 00007f2a17e15fa0 R15: 00007ffd8db55588 [ 1206.974035][ T1100] [ 1207.959462][ T1115] syzkaller0: entered promiscuous mode [ 1207.973314][ T1123] FAULT_INJECTION: forcing a failure. [ 1207.973314][ T1123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1207.986708][ T1115] syzkaller0: entered allmulticast mode [ 1208.009920][ T1123] CPU: 0 UID: 0 PID: 1123 Comm: syz.1.8480 Not tainted syzkaller #0 PREEMPT(full) [ 1208.009959][ T1123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1208.009975][ T1123] Call Trace: [ 1208.009984][ T1123] [ 1208.009995][ T1123] dump_stack_lvl+0xe8/0x150 [ 1208.010033][ T1123] should_fail_ex+0x412/0x560 [ 1208.010072][ T1123] _copy_to_user+0x31/0xb0 [ 1208.010099][ T1123] simple_read_from_buffer+0xe1/0x170 [ 1208.010135][ T1123] proc_fail_nth_read+0x1bb/0x230 [ 1208.010170][ T1123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1208.010205][ T1123] ? rw_verify_area+0x2a6/0x4d0 [ 1208.010237][ T1123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1208.010270][ T1123] vfs_read+0x20c/0xa70 [ 1208.010310][ T1123] ? __pfx___mutex_lock+0x10/0x10 [ 1208.010341][ T1123] ? __pfx_vfs_read+0x10/0x10 [ 1208.010376][ T1123] ? __fget_files+0x2a/0x420 [ 1208.010410][ T1123] ? __fget_files+0x3a0/0x420 [ 1208.010437][ T1123] ? __fget_files+0x2a/0x420 [ 1208.010476][ T1123] ksys_read+0x150/0x270 [ 1208.010512][ T1123] ? __pfx_ksys_read+0x10/0x10 [ 1208.010542][ T1123] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.010577][ T1123] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.010602][ T1123] do_syscall_64+0x15f/0xf80 [ 1208.010628][ T1123] ? trace_irq_disable+0x3b/0x140 [ 1208.010652][ T1123] ? clear_bhb_loop+0x40/0x90 [ 1208.010680][ T1123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.010700][ T1123] RIP: 0033:0x7f8c5295d04e [ 1208.010718][ T1123] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1208.010734][ T1123] RSP: 002b:00007f8c5381ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1208.010756][ T1123] RAX: ffffffffffffffda RBX: 00007f8c538206c0 RCX: 00007f8c5295d04e [ 1208.010773][ T1123] RDX: 000000000000000f RSI: 00007f8c538200a0 RDI: 0000000000000005 [ 1208.010788][ T1123] RBP: 00007f8c53820090 R08: 0000000000000000 R09: 0000000000000000 [ 1208.010802][ T1123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1208.010816][ T1123] R13: 00007f8c52c16038 R14: 00007f8c52c15fa0 R15: 00007fff95b2b3c8 [ 1208.010854][ T1123] [ 1210.440397][ T1157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1210.473939][ T1157] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1210.497835][ T1157] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1210.540336][ T1157] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1210.567121][ T1157] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1210.595650][ T5145] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1210.619159][ T5145] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1210.658029][ T5145] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1210.673434][ T5145] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1210.699896][ T5145] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1212.756458][ T5145] Bluetooth: hci5: command tx timeout [ 1213.026802][ T1169] __nla_validate_parse: 2 callbacks suppressed [ 1213.026824][ T1169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8492'. [ 1213.048511][ T1166] batadv_slave_1: entered promiscuous mode [ 1213.076728][ T1165] batadv_slave_1: left promiscuous mode [ 1213.088049][ T1169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8492'. [ 1213.120524][ T1156] lo speed is unknown, defaulting to 1000 [ 1213.140406][ T1156] wg1 speed is unknown, defaulting to 1000 [ 1213.281756][ T1178] netlink: 'syz.2.8497': attribute type 1 has an invalid length. [ 1213.306286][ T1178] netlink: 1820 bytes leftover after parsing attributes in process `syz.2.8497'. [ 1213.352540][ T1178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8497'. [ 1213.491634][ T1156] chnl_net:caif_netlink_parms(): no params data found [ 1213.583714][ T1187] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8498'. [ 1213.847831][ T1193] syzkaller0: entered promiscuous mode [ 1213.854323][ T1193] syzkaller0: entered allmulticast mode [ 1213.903777][ T1194] syzkaller0: entered promiscuous mode [ 1213.909677][ T1194] syzkaller0: entered allmulticast mode [ 1213.935426][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 1213.943405][ T1156] bridge0: port 1(bridge_slave_0) entered disabled state [ 1213.951389][ T1156] bridge_slave_0: entered allmulticast mode [ 1213.960377][ T1156] bridge_slave_0: entered promiscuous mode [ 1213.972716][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state [ 1213.984809][ T1156] bridge0: port 2(bridge_slave_1) entered disabled state [ 1213.999935][ T1156] bridge_slave_1: entered allmulticast mode [ 1214.014831][ T1156] bridge_slave_1: entered promiscuous mode [ 1214.826486][ T5145] Bluetooth: hci5: command tx timeout [ 1216.916121][ T5145] Bluetooth: hci5: command tx timeout [ 1217.514864][ T1156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1217.529889][ T1156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1217.611916][ T1218] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8506'. [ 1217.661589][ T1156] team0: Port device team_slave_0 added [ 1217.679988][ T1156] team0: Port device team_slave_1 added [ 1217.746377][ T1156] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1217.767521][ T1156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1217.833608][ T1156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1217.872059][ T1156] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1217.887818][ T1156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1217.928258][ T1235] atomic_op ffff88801be9d198 conn xmit_atomic 0000000000000000 [ 1217.945897][ T1156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1217.974394][ T1234] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8511'. [ 1218.082816][ T1156] hsr_slave_0: entered promiscuous mode [ 1218.090256][ T1156] hsr_slave_1: entered promiscuous mode [ 1218.108436][ T1156] debugfs: 'hsr0' already exists in 'hsr' [ 1218.120871][ T1156] Cannot create hsr debugfs directory [ 1218.487637][ T1156] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1218.499950][ T1156] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1218.512745][ T1156] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1218.692190][ T1247] syzkaller0: entered promiscuous mode [ 1218.700437][ T1247] syzkaller0: entered allmulticast mode [ 1218.731999][ T1156] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1218.750874][ T1156] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1218.761541][ T1156] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1218.977169][ T5145] Bluetooth: hci5: command tx timeout [ 1220.517786][ T1281] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8521'. [ 1220.531997][ T1281] netlink: 'syz.0.8521': attribute type 1 has an invalid length. [ 1220.540918][ T1281] netlink: 276 bytes leftover after parsing attributes in process `syz.0.8521'. [ 1220.659360][ T1279] xt_TCPMSS: Only works on TCP SYN packets [ 1222.490666][ T1156] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.501265][ T1156] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1222.514040][ T1156] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1222.628648][ T1156] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.641448][ T1156] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 1222.652416][ T1156] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1222.703007][ T1288] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8524'. [ 1222.722645][ T1288] netlink: 196 bytes leftover after parsing attributes in process `syz.4.8524'. [ 1222.735280][ T1288] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8524'. [ 1222.744905][ T1288] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8524'. [ 1222.935664][ T1299] syzkaller0: entered promiscuous mode [ 1222.954959][ T1299] syzkaller0: entered allmulticast mode [ 1222.969621][ T1305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8525'. [ 1223.140913][ T1296] lo speed is unknown, defaulting to 1000 [ 1223.151345][ T1296] wg1 speed is unknown, defaulting to 1000 [ 1223.308651][ T1311] syzkaller0: entered promiscuous mode [ 1223.314491][ T1311] syzkaller0: entered allmulticast mode [ 1223.810463][ T1337] xt_hashlimit: size too large, truncated to 1048576 [ 1223.857615][ T1334] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1223.926826][ T1156] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1224.031159][ T1156] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1224.073428][ T1338] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1224.132265][ T1339] ip6gretap0: entered promiscuous mode [ 1224.143456][ T1339] ip6gretap0: entered allmulticast mode [ 1224.154631][ T1350] xt_TCPMSS: Only works on TCP SYN packets [ 1224.155199][ T1156] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1224.204981][ T1156] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1224.237641][ T1156] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1224.275125][ T1156] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1224.356035][ T1156] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1224.391231][ T1156] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1224.486919][ T1354] lo speed is unknown, defaulting to 1000 [ 1224.536919][ T1354] wg1 speed is unknown, defaulting to 1000 [ 1224.736600][ T1368] syzkaller0: entered promiscuous mode [ 1224.746539][ T1368] syzkaller0: entered allmulticast mode [ 1228.140703][ T1156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1228.195326][ T1156] 8021q: adding VLAN 0 to HW filter on device team0 [ 1228.235326][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 1228.242730][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1228.292392][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 1228.299850][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1228.375589][ T1409] openvswitch: netlink: Duplicate or invalid key (type 0). [ 1228.392708][ T1409] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1232.365541][ T1456] tipc: Resetting bearer [ 1232.382369][ T1456] ž’: mtu greater than device maximum [ 1232.389810][ T1456] team0: Device 76ž’ failed to change mtu [ 1232.438839][ T1156] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1232.591898][ T1156] veth0_vlan: entered promiscuous mode [ 1232.642081][ T1156] veth1_vlan: entered promiscuous mode [ 1232.697985][ T1156] veth0_macvtap: entered promiscuous mode [ 1232.726766][ T1156] veth1_macvtap: entered promiscuous mode [ 1232.784941][ T1156] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1232.829649][ T1156] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1232.863389][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1232.875251][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1232.922924][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1232.932518][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1233.157074][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1233.190318][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1233.281326][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1233.299231][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1233.803409][ T1510] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1233.840097][ T1157] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1233.853635][ T1157] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1233.863293][ T1157] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1233.871625][ T1157] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1233.879990][ T1157] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1234.031644][ T1509] lo speed is unknown, defaulting to 1000 [ 1234.042222][ T1509] wg1 speed is unknown, defaulting to 1000 [ 1234.207364][ T1519] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8591'. [ 1234.239967][ T1519] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8591'. [ 1234.585258][ T1534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8597'. [ 1234.627168][ T1534] gretap0: default FDB implementation only supports local addresses [ 1234.676701][ T1539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8598'. [ 1234.693612][ T1539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8598'. [ 1234.739474][ T1509] chnl_net:caif_netlink_parms(): no params data found [ 1235.141332][ T1561] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8607'. [ 1235.224871][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 1235.266984][ T1509] bridge0: port 1(bridge_slave_0) entered disabled state [ 1235.298881][ T1509] bridge_slave_0: entered allmulticast mode [ 1235.336643][ T1509] bridge_slave_0: entered promiscuous mode [ 1235.450524][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 1235.469167][ T1509] bridge0: port 2(bridge_slave_1) entered disabled state [ 1235.484660][ T1509] bridge_slave_1: entered allmulticast mode [ 1235.495181][ T1509] bridge_slave_1: entered promiscuous mode [ 1235.584378][ T1509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1235.628991][ T1509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1235.673817][ T1509] team0: Port device team_slave_0 added [ 1235.683703][ T1509] team0: Port device team_slave_1 added [ 1235.761469][ T1509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1235.769441][ T1509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1235.796919][ T1509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1235.826686][ T1509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1235.859518][ T1509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1235.906035][ T1509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1235.937096][ T1157] Bluetooth: hci4: command tx timeout [ 1236.151397][ T1509] hsr_slave_0: entered promiscuous mode [ 1236.172157][ T1509] hsr_slave_1: entered promiscuous mode [ 1236.191173][ T1509] debugfs: 'hsr0' already exists in 'hsr' [ 1236.209588][ T1509] Cannot create hsr debugfs directory [ 1236.722567][ T1607] tipc: Resetting bearer [ 1236.777022][ T1607] gretap1: left promiscuous mode [ 1236.782549][ T1607] sit4: left promiscuous mode [ 1236.788727][ T1607] geneve2: left promiscuous mode [ 1236.794570][ T1607] macvlan2: left promiscuous mode [ 1236.800970][ T1607] ip6gre1: left promiscuous mode [ 1236.807397][ T1607] macvtap1: left promiscuous mode [ 1236.812858][ T1607] vxcan3: left promiscuous mode [ 1236.819880][ T1607] hsr1: left promiscuous mode [ 1236.825320][ T1607] ip6gre3: left promiscuous mode [ 1236.832008][ T1607] ip6gretap0: left promiscuous mode [ 1237.175822][ T1633] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8639'. [ 1237.492551][ T1649] set match dimension is over the limit! [ 1237.598693][ T1653] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 1237.712562][ T1658] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8651'. [ 1237.750190][ T1662] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8652'. [ 1237.771719][ T1663] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8653'. [ 1237.815144][ T1658] veth1 (unregistering): left promiscuous mode [ 1238.027866][ T1157] Bluetooth: hci4: command tx timeout [ 1238.238674][ T1509] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1238.276433][ T1509] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1238.288118][ T1509] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1238.325107][ T1509] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1238.338517][ T1509] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1238.353183][ T1509] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1238.371872][ T1509] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1238.392038][ T1509] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1238.695038][ T1509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1238.753649][ T1509] 8021q: adding VLAN 0 to HW filter on device team0 [ 1238.803709][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.811205][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1238.858050][T11104] bridge0: port 2(bridge_slave_1) entered blocking state [ 1238.865389][T11104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1239.066822][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1239.627666][ T1509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1240.096475][ T1157] Bluetooth: hci4: command tx timeout [ 1242.186210][ T1157] Bluetooth: hci4: command tx timeout [ 1243.828620][ T1780] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1244.187679][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5120 ms [ 1244.195832][ C0] lec:lec_tx_timeout: lec0 [ 1244.201375][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 1244.472494][ T1788] vlan0: entered promiscuous mode [ 1244.493548][ T1793] 8021q: VLANs not supported on gre0 [ 1244.778311][ T1509] veth0_vlan: entered promiscuous mode [ 1244.824624][ T1805] tc action pedit 'at' offset 6 out of bounds [ 1244.839216][ T1509] veth1_vlan: entered promiscuous mode [ 1244.977651][ T1509] veth0_macvtap: entered promiscuous mode [ 1245.023691][ T1509] veth1_macvtap: entered promiscuous mode [ 1245.103891][ T1509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1245.117790][ T1819] __nla_validate_parse: 3 callbacks suppressed [ 1245.117815][ T1819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8710'. [ 1245.148516][ T1509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1245.216441][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1245.259238][ T1110] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1245.285237][ T1110] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1245.317660][ T1110] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1245.411047][ T1827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8713'. [ 1245.480514][ T1830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8716'. [ 1245.673126][T30357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1245.705616][T30357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1245.881756][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1245.900293][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1246.535672][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1246.551686][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1246.560986][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1246.577876][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1246.588991][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1246.706192][ T1863] lo speed is unknown, defaulting to 1000 [ 1246.753335][ T1863] wg1 speed is unknown, defaulting to 1000 [ 1247.452101][ T1895] netlink: 'syz.3.8738': attribute type 5 has an invalid length. [ 1247.540604][ T1863] chnl_net:caif_netlink_parms(): no params data found [ 1247.594515][ T1891] lo speed is unknown, defaulting to 1000 [ 1247.646004][ T1891] wg1 speed is unknown, defaulting to 1000 [ 1247.909219][ T1863] bridge0: port 1(bridge_slave_0) entered blocking state [ 1247.928784][ T1863] bridge0: port 1(bridge_slave_0) entered disabled state [ 1247.943387][ T1863] bridge_slave_0: entered allmulticast mode [ 1247.962641][ T1863] bridge_slave_0: entered promiscuous mode [ 1247.994096][ T1863] bridge0: port 2(bridge_slave_1) entered blocking state [ 1248.005389][ T1863] bridge0: port 2(bridge_slave_1) entered disabled state [ 1248.013509][ T1863] bridge_slave_1: entered allmulticast mode [ 1248.030466][ T1863] bridge_slave_1: entered promiscuous mode [ 1248.114481][ T1922] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 1248.168988][ T1863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1248.195082][ T1922] netlink: 'syz.2.8750': attribute type 10 has an invalid length. [ 1248.375036][ T1863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1248.545070][ T1863] team0: Port device team_slave_0 added [ 1248.569027][ T1863] team0: Port device team_slave_1 added [ 1248.655987][ T1157] Bluetooth: hci0: command tx timeout [ 1248.734533][ T1863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1248.744522][ T1863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1248.772019][ T1863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1248.788474][ T1863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1248.797354][ T1863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1248.835032][ T1863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1249.010035][ T1863] hsr_slave_0: entered promiscuous mode [ 1249.017738][ T1863] hsr_slave_1: entered promiscuous mode [ 1249.025170][ T1863] debugfs: 'hsr0' already exists in 'hsr' [ 1249.032185][ T1863] Cannot create hsr debugfs directory [ 1249.215846][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 1249.224457][ C0] lec:lec_tx_timeout: lec0 [ 1249.522813][ T1960] tun0: tun_chr_ioctl cmd 1074025677 [ 1249.534096][ T1960] tun0: linktype set to 270 [ 1250.737567][ T1157] Bluetooth: hci0: command tx timeout [ 1251.002720][ T1863] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1251.025116][ T1863] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1251.048503][ T1863] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1251.076410][ T1863] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1251.187525][ T1863] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1251.203755][ T1863] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1251.227431][ T1863] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1251.253503][ T1863] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1252.815918][ T1157] Bluetooth: hci0: command tx timeout [ 1254.906513][ T1157] Bluetooth: hci0: command tx timeout [ 1255.512116][ T1863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1255.574579][ T1863] 8021q: adding VLAN 0 to HW filter on device team0 [ 1255.618735][T11103] bridge0: port 1(bridge_slave_0) entered blocking state [ 1255.626081][T11103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1255.708739][T11103] bridge0: port 2(bridge_slave_1) entered blocking state [ 1255.716002][T11103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1256.593342][ T1863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1256.746482][ T1863] veth0_vlan: entered promiscuous mode [ 1256.771194][ T2133] netlink: 'syz.2.8843': attribute type 44 has an invalid length. [ 1256.793921][ T1863] veth1_vlan: entered promiscuous mode [ 1256.802239][ T2133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8843'. [ 1257.146713][ T1863] veth0_macvtap: entered promiscuous mode [ 1257.197935][ T1863] veth1_macvtap: entered promiscuous mode [ 1257.283363][ T1863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1257.352318][ T1863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1257.399925][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1257.430050][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1257.475952][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1257.506574][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1257.900071][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1257.945300][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1258.095616][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1258.140706][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1258.480426][ T2176] netlink: 'syz.0.8727': attribute type 9 has an invalid length. [ 1258.505996][ T2176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8727'. [ 1258.617339][ T2176] netlink: 'syz.0.8727': attribute type 9 has an invalid length. [ 1258.642127][ T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1258.650861][ T2176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8727'. [ 1258.704691][ T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1258.743775][ T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1258.772191][ T2187] netlink: 'syz.3.8857': attribute type 3 has an invalid length. [ 1258.812760][ T2187] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8857'. [ 1258.837289][ T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1259.223279][ T5145] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1259.241371][ T5145] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1259.254415][ T5145] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1259.266226][ T5145] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1259.278028][ T5145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1259.465334][ T2207] netlink: 'syz.2.8861': attribute type 8 has an invalid length. [ 1259.485603][ T2194] lo speed is unknown, defaulting to 1000 [ 1259.517484][ T2207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8861'. [ 1259.532062][ T2194] wg1 speed is unknown, defaulting to 1000 [ 1259.620508][ T2207] bond0: entered promiscuous mode [ 1259.645971][ T2207] bond_slave_0: entered promiscuous mode [ 1259.664218][ T2207] gretap0: entered promiscuous mode [ 1259.692257][ T2207] hsr2: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 1259.722412][ T2207] hsr2: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 1259.740711][ T2207] hsr2: entered promiscuous mode [ 1260.895519][ T2258] geneve2: entered promiscuous mode [ 1260.901711][ T2258] geneve2: entered allmulticast mode [ 1261.384100][ T1157] Bluetooth: hci3: command tx timeout [ 1261.399061][ T2246] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1261.837148][ T2278] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8879'. [ 1263.456157][ T1157] Bluetooth: hci3: command tx timeout [ 1264.940725][ T2194] chnl_net:caif_netlink_parms(): no params data found [ 1265.331916][T11104] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.389879][ T2311] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1265.480276][ T2319] Bluetooth: MGMT ver 1.23 [ 1265.538962][ T1157] Bluetooth: hci3: command tx timeout [ 1265.586280][ T2326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8888'. [ 1265.812488][ T1110] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.832861][ T1110] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.861080][ T2194] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.882988][ T2194] bridge0: port 1(bridge_slave_0) entered disabled state [ 1265.904681][ T2194] bridge_slave_0: entered allmulticast mode [ 1265.922122][ T2194] bridge_slave_0: entered promiscuous mode [ 1265.988470][ T1110] netdevsim netdevsim1 eth4: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.024978][ T2194] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.046202][ T2194] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.058750][ T2194] bridge_slave_1: entered allmulticast mode [ 1266.071295][ T2194] bridge_slave_1: entered promiscuous mode [ 1266.233393][ T1148] dvmrp1: left allmulticast mode [ 1266.249701][ T1148] bond4: left allmulticast mode [ 1266.775048][ T2368] netlink: 'syz.2.8900': attribute type 44 has an invalid length. [ 1266.790196][ T2368] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8900'. [ 1267.072851][ T1148] bond20 (unregistering): (slave gre2): Releasing backup interface [ 1267.081578][ T1148] gre2 (unregistering): left promiscuous mode [ 1267.464367][ T1148] bond0 (unregistering): Released all slaves [ 1267.478051][ T1148] bond1 (unregistering): Released all slaves [ 1267.496071][ T1148] bond2 (unregistering): Released all slaves [ 1267.516500][ T1148] bond3 (unregistering): Released all slaves [ 1267.550710][ T1148] bond4 (unregistering): Released all slaves [ 1267.568938][ T1148] bond5 (unregistering): Released all slaves [ 1267.587160][ T1148] bond6 (unregistering): Released all slaves [ 1267.603590][ T1148] bond7 (unregistering): Released all slaves [ 1267.615950][ T1157] Bluetooth: hci3: command tx timeout [ 1267.630189][ T1148] bond8 (unregistering): Released all slaves [ 1267.661961][ T1148] bond9 (unregistering): Released all slaves [ 1267.678125][ T1148] bond10 (unregistering): Released all slaves [ 1267.696572][ T1148] bond11 (unregistering): Released all slaves [ 1267.713755][ T1148] bond12 (unregistering): Released all slaves [ 1267.730781][ T1148] bond13 (unregistering): Released all slaves [ 1267.775366][ T1148] bond14 (unregistering): Released all slaves [ 1267.796996][ T1148] bond15 (unregistering): Released all slaves [ 1267.821313][ T1148] bond16 (unregistering): Released all slaves [ 1267.841915][ T1148] bond17 (unregistering): Released all slaves [ 1267.860610][ T1148] bond18 (unregistering): Released all slaves [ 1267.889484][ T1148] bond19 (unregistering): Released all slaves [ 1267.907019][ T1148] bond20 (unregistering): Released all slaves [ 1267.923351][ T1148] bond21 (unregistering): Released all slaves [ 1267.949450][ T1148] bond22 (unregistering): Released all slaves [ 1268.023357][ T2194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1268.065023][ T2194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1268.278888][ T2194] team0: Port device team_slave_0 added [ 1268.291239][ T2194] team0: Port device team_slave_1 added [ 1268.437549][ T2194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1268.460259][ T2194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1268.575381][ T2194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1268.637894][ T2194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1268.669374][ T2194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1268.785592][ T2194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1269.007403][ T1148] hmac(sha224: left promiscuous mode [ 1269.906880][ T2194] hsr_slave_0: entered promiscuous mode [ 1269.924483][ T2194] hsr_slave_1: entered promiscuous mode [ 1269.993129][ T2194] debugfs: 'hsr0' already exists in 'hsr' [ 1270.002025][ T2194] Cannot create hsr debugfs directory [ 1270.128728][ T1148] 5nč‹Ņ: left promiscuous mode [ 1270.361162][ T1148] tipc: Disabling bearer [ 1270.387573][ T1148] tipc: Left network mode [ 1271.116756][ T2194] netdevsim netdevsim1 eth4 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1271.336777][ T2465] netlink: 'syz.0.8927': attribute type 5 has an invalid length. [ 1271.472884][ T2194] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1271.685108][ T2194] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1271.897898][ T2487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8932'. [ 1271.963865][ T2194] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1272.510306][ T2507] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1273.398726][ T2194] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1273.418354][ T2194] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1273.441012][ T2194] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1273.511643][ T2194] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1273.574888][ T2194] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1273.631953][ T2194] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1273.703252][ T2194] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1273.736147][ T2194] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1275.391083][ T1148] pim6reg99999991 (unregistering): left allmulticast mode [ 1275.718306][ T2194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1275.776972][ T2194] 8021q: adding VLAN 0 to HW filter on device team0 [ 1275.821045][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 1275.828517][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1275.910509][T30357] bridge0: port 2(bridge_slave_1) entered blocking state [ 1275.917861][T30357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1276.072516][ T2194] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1276.539886][ T2194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1276.652961][ T2194] veth0_vlan: entered promiscuous mode [ 1276.684405][ T2630] netlink: 1024 bytes leftover after parsing attributes in process `syz.0.8968'. [ 1276.723132][ T2194] veth1_vlan: entered promiscuous mode [ 1276.816541][ T2194] veth0_macvtap: entered promiscuous mode [ 1276.858543][ T2194] veth1_macvtap: entered promiscuous mode [ 1276.959108][ T2194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1276.993993][ T2194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1277.037069][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1277.051136][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1277.069743][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1277.087081][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1277.153810][ T2649] netlink: 'syz.2.8973': attribute type 4 has an invalid length. [ 1277.167060][ T2649] netlink: 152 bytes leftover after parsing attributes in process `syz.2.8973'. [ 1277.325011][ T2649] .`¹: renamed from bond0 [ 1277.424732][ T1148] IPVS: stop unused estimator thread 0... [ 1277.599980][T11104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1277.641892][T11104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1277.733128][ T2675] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8978'. [ 1278.304112][ T2659] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1278.405549][T11103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1278.434776][T11103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1278.603212][ T2689] netlink: 'syz.1.8856': attribute type 2 has an invalid length. [ 1278.642980][ T2689] netlink: 'syz.1.8856': attribute type 2 has an invalid length. [ 1279.051782][ T5145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1279.074484][ T5145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1279.084044][ T5145] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1279.096858][ T5145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1279.109635][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1279.164393][ T2706] lo speed is unknown, defaulting to 1000 [ 1279.178379][ T2706] wg1 speed is unknown, defaulting to 1000 [ 1279.642140][ T2706] chnl_net:caif_netlink_parms(): no params data found [ 1279.898103][ T2632] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1280.182665][ T2706] bridge0: port 1(bridge_slave_0) entered blocking state [ 1280.225002][ T2706] bridge0: port 1(bridge_slave_0) entered disabled state [ 1280.249758][ T2706] bridge_slave_0: entered allmulticast mode [ 1280.272302][ T2706] bridge_slave_0: entered promiscuous mode [ 1280.292382][ T2706] bridge0: port 2(bridge_slave_1) entered blocking state [ 1280.319422][ T2706] bridge0: port 2(bridge_slave_1) entered disabled state [ 1280.337215][ T2706] bridge_slave_1: entered allmulticast mode [ 1280.372382][ T2706] bridge_slave_1: entered promiscuous mode [ 1280.535343][T11145] IPVS: starting estimator thread 0... [ 1280.550399][ T2740] lo speed is unknown, defaulting to 1000 [ 1280.562212][ T2706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1280.613059][ T2706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1280.651619][ T2740] wg1 speed is unknown, defaulting to 1000 [ 1280.668486][ T2748] IPVS: using max 27 ests per chain, 64800 per kthread [ 1280.824699][ T2706] team0: Port device team_slave_0 added [ 1280.858676][ T2706] team0: Port device team_slave_1 added [ 1281.032949][ T2706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1281.055235][ T2706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1281.100355][ T2706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1281.114751][ T2706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1281.121855][ T2706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1281.148057][ T2706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1281.215935][ T1157] Bluetooth: hci1: command tx timeout [ 1281.490286][ T2706] hsr_slave_0: entered promiscuous mode [ 1281.515292][ T2706] hsr_slave_1: entered promiscuous mode [ 1281.539896][ T2706] debugfs: 'hsr0' already exists in 'hsr' [ 1281.563719][ T2706] Cannot create hsr debugfs directory [ 1281.720333][ T2779] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1281.827489][ T2770] syzkaller0: entered promiscuous mode [ 1281.841456][ T2770] syzkaller0: entered allmulticast mode [ 1283.298556][ T1157] Bluetooth: hci1: command tx timeout [ 1285.382456][ T1157] Bluetooth: hci1: command tx timeout [ 1286.166852][ T57] veth0_to_bridge: left allmulticast mode [ 1286.179860][ T57] veth0_to_bridge: left promiscuous mode [ 1286.201770][ T57] bridge0: port 4(veth0_to_bridge) entered disabled state [ 1286.246143][ T57] vlan0: left allmulticast mode [ 1286.268002][ T57] team_slave_1: left allmulticast mode [ 1286.286084][ T57] vlan0: left promiscuous mode [ 1286.309909][ T57] team_slave_1: left promiscuous mode [ 1286.332260][ T57] bridge0: port 3(vlan0) entered disabled state [ 1286.390584][ T57] bridge_slave_1: left allmulticast mode [ 1286.421972][ T57] bridge_slave_1: left promiscuous mode [ 1286.454690][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 1286.516002][ T57] bridge_slave_0: left allmulticast mode [ 1286.534815][ T57] bridge_slave_0: left promiscuous mode [ 1286.561318][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 1286.856335][ T57] pimreg1: left allmulticast mode [ 1287.162370][ T57] bond11 (unregistering): (slave ip6erspan2): Releasing active interface [ 1287.456250][ T1157] Bluetooth: hci1: command tx timeout [ 1287.781852][ T57] bond2 (unregistering): (slave geneve4): Releasing active interface [ 1287.795087][ T1110] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x22 [ 1288.460995][ T57] bond3 (unregistering): (slave bridge9): Releasing backup interface [ 1288.470635][ T57] bridge9 (unregistering): left promiscuous mode [ 1288.663126][ T57] bond6 (unregistering): (slave bridge13): Releasing active interface [ 1288.879364][ T57] bond0 (unregistering): (slave 45’): Releasing backup interface [ 1288.891569][ T57] ’: left promiscuous mode [ 1288.898994][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1288.909050][ T57] bond_slave_1: left promiscuous mode [ 1288.915215][ T57] bond0 (unregistering): Released all slaves [ 1288.929575][ T57] bond1 (unregistering): Released all slaves [ 1288.946415][ T57] bond2 (unregistering): Released all slaves [ 1288.963169][ T57] bond3 (unregistering): Released all slaves [ 1288.985997][ T57] bond4 (unregistering): Released all slaves [ 1289.009295][ T57] bond5 (unregistering): Released all slaves [ 1289.038696][ T57] bond6 (unregistering): Released all slaves [ 1289.059199][ T57] bond7 (unregistering): (slave veth13): Releasing active interface [ 1289.068566][ T57] bond7 (unregistering): Released all slaves [ 1289.090445][ T57] bond8 (unregistering): Released all slaves [ 1289.107202][ T57] bond9 (unregistering): Released all slaves [ 1289.124283][ T57] team0: Port device bond10 removed [ 1289.142906][ T57] bond10 (unregistering): Released all slaves [ 1289.160793][ T57] bond11 (unregistering): Released all slaves [ 1289.179887][ T57] bond12 (unregistering): Released all slaves [ 1289.208039][ T57] bond13 (unregistering): Released all slaves [ 1289.226807][ T57] bond14 (unregistering): Released all slaves [ 1289.255656][ T57] bond15 (unregistering): Released all slaves [ 1289.275105][ T57] bond16 (unregistering): Released all slaves [ 1289.294875][ T57] bond17 (unregistering): Released all slaves [ 1289.316691][ T57] bond18 (unregistering): Released all slaves [ 1289.334695][ T57] bond19 (unregistering): Released all slaves [ 1289.361702][ T57] bond20 (unregistering): Released all slaves [ 1289.380581][ T57] bond21 (unregistering): Released all slaves [ 1289.402146][ T57] bond22 (unregistering): Released all slaves [ 1289.925689][ T57] : left promiscuous mode [ 1290.038666][ T57] hmac(sha224): left promiscuous mode [ 1290.194059][ T57] tipc: Left network mode [ 1291.047938][ T57] IPVS: stopping backup sync thread 13253 ... [ 1291.607792][ T2962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9044'. [ 1291.912948][ T2962] bridge_slave_1: left allmulticast mode [ 1291.919509][ T2962] bridge_slave_1: left promiscuous mode [ 1291.925650][ T2962] bridge0: port 2(bridge_slave_1) entered disabled state [ 1291.937361][ T2962] bridge_slave_0: left allmulticast mode [ 1291.943839][ T2962] bridge_slave_0: left promiscuous mode [ 1291.951958][ T2962] bridge0: port 1(bridge_slave_0) entered disabled state [ 1292.046310][ T2966] syzkaller0: entered promiscuous mode [ 1292.052128][ T2966] syzkaller0: entered allmulticast mode [ 1295.778856][ T2706] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1295.830318][ T2988] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1295.831322][ T2706] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1295.894029][ T2706] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1295.960627][ T2706] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1295.982070][ T2706] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1296.721116][ T2706] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1296.785279][ T2706] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1296.835593][ T2706] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1297.145856][ T57] veth1_to_team: left promiscuous mode [ 1297.871646][ T57] team0 (unregistering): Port device team_slave_1 removed [ 1297.894914][ T57] team0 (unregistering): Port device C removed [ 1298.410621][ T3053] netlink: 'syz.1.9069': attribute type 2 has an invalid length. [ 1298.459463][ T3053] netlink: 'syz.1.9069': attribute type 2 has an invalid length. [ 1298.601349][ T2706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1298.660965][ T2706] 8021q: adding VLAN 0 to HW filter on device team0 [ 1298.708510][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 1298.715832][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1298.768111][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 1298.775354][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1299.144182][ T57] IPVS: stop unused estimator thread 0... [ 1299.992127][ T3111] syzkaller0: entered promiscuous mode [ 1300.028952][ T3111] syzkaller0: entered allmulticast mode [ 1300.208300][ T2706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1300.382873][ T2706] veth0_vlan: entered promiscuous mode [ 1300.424659][ T2706] veth1_vlan: entered promiscuous mode [ 1300.516698][ T1302] lec:lec_start_xmit: lec0:No lecd attached [ 1300.584930][ T2706] veth0_macvtap: entered promiscuous mode [ 1300.625503][ T2706] veth1_macvtap: entered promiscuous mode [ 1300.752583][ T2706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1300.792986][ T2706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1300.851534][ T47] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.885074][ T47] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.935559][ T47] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.951248][ T47] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1301.228301][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1301.236881][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1304.052045][ T3153] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1304.230730][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1304.245996][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1304.473035][ T3264] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 1304.698327][ T3277] bridge0: port 2(bridge_slave_1) entered disabled state [ 1304.709072][ T3277] bridge0: port 1(bridge_slave_0) entered disabled state [ 1304.740157][ T3279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9125'. [ 1305.571517][ T3298] dvmrp0: entered allmulticast mode [ 1306.176006][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5660 ms [ 1306.184146][ C0] lec:lec_tx_timeout: lec0 [ 1306.211829][ T3332] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5 [ 1307.034512][ T3345] netlink: 'syz.4.9149': attribute type 10 has an invalid length. [ 1307.071093][ T3345] veth0_vlan: left promiscuous mode [ 1307.080053][ T3345] veth0_vlan: entered promiscuous mode [ 1307.092955][ T3345] team0: Device veth0_vlan failed to register rx_handler [ 1307.577318][T13070] lec:lec_start_xmit: lec0:No lecd attached [ 1308.293154][ T3370] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 1308.731347][ T3307] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1311.321239][ T3509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9210'. [ 1313.215792][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5640 ms [ 1313.223934][ C0] lec:lec_tx_timeout: lec0 [ 1314.899789][T11163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1314.909931][ T3602] bridge0: port 2(bridge_slave_1) entered disabled state [ 1314.914555][ T3602] bridge0: port 1(bridge_slave_0) entered disabled state [ 1314.976115][T11145] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1315.868425][T11163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1315.966185][ T3628] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1315.977238][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1316.024281][ T3602] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1316.034261][T27525] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1316.063326][ T3602] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1316.449388][ T1110] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.520482][ T1110] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.562620][ T1110] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.598202][ T1110] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1317.056199][T27523] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1317.138697][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1317.803933][T11163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1318.096502][T27523] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1319.548191][ T3693] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9292'. [ 1319.734734][ T3641] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1319.794810][ T3641] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1320.176737][T27522] net_ratelimit: 14 callbacks suppressed [ 1320.176759][T27522] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1320.412886][ T1110] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.446122][ T1110] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.482424][ T1110] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.509700][ T1110] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.817224][T27515] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1321.300324][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9313'. [ 1321.987904][ T3741] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1322.027168][ T3741] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1322.253881][ T1110] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1322.277499][ T1110] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1322.287379][ T1110] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1322.296793][ T1110] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1322.307577][ T1110] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1322.317507][ T1110] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1322.328155][ T1110] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1322.338618][ T1110] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1324.956023][ T3863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9366'. [ 1326.097945][ C0] ================================================================== [ 1326.106191][ C0] BUG: KASAN: slab-use-after-free in rose_t0timer_expiry+0x1aa/0x560 [ 1326.114682][ C0] Read of size 8 at addr ffff888079b66020 by task syz-executor/2706 [ 1326.122747][ C0] [ 1326.125500][ C0] CPU: 0 UID: 0 PID: 2706 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1326.125526][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1326.125539][ C0] Call Trace: [ 1326.125548][ C0] [ 1326.125557][ C0] dump_stack_lvl+0xe8/0x150 [ 1326.125590][ C0] print_report+0xba/0x230 [ 1326.125614][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1326.125638][ C0] kasan_report+0x117/0x150 [ 1326.125659][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1326.125686][ C0] rose_t0timer_expiry+0x1aa/0x560 [ 1326.125709][ C0] call_timer_fn+0x192/0x5e0 [ 1326.125739][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 1326.125760][ C0] ? call_timer_fn+0xd4/0x5e0 [ 1326.125784][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1326.125813][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1326.125832][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 1326.125855][ C0] __run_timer_base+0x652/0x8b0 [ 1326.125876][ C0] ? ktime_get+0x45/0x220 [ 1326.125901][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1326.125930][ C0] run_timer_softirq+0xb7/0x170 [ 1326.125952][ C0] handle_softirqs+0x22a/0x840 [ 1326.125978][ C0] ? __irq_exit_rcu+0xca/0x220 [ 1326.126006][ C0] __irq_exit_rcu+0xca/0x220 [ 1326.126045][ C0] irq_exit_rcu+0x9/0x30 [ 1326.126067][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1326.126092][ C0] [ 1326.126100][ C0] [ 1326.126108][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1326.126132][ C0] RIP: 0010:lock_acquire+0xc0/0x350 [ 1326.126157][ C0] Code: 9c 11 85 c0 0f 85 bf 00 00 00 65 48 8b 05 e0 39 9c 11 83 b8 8c 0b 00 00 00 0f 85 aa 00 00 00 4c 89 74 24 10 4d 89 fe 9c 41 5f 48 c7 c7 0f f6 fc 8d e8 23 bb 11 0a 65 ff 05 5c 7f 9c 11 45 31 [ 1326.126173][ C0] RSP: 0018:ffffc9000d0071d0 EFLAGS: 00000246 [ 1326.126192][ C0] RAX: ffff88802eda0000 RBX: 0000000000000000 RCX: 0000000080000004 [ 1326.126206][ C0] RDX: 0000000000000000 RSI: ffffffff823d7966 RDI: 1ffffffff1d2ba1c [ 1326.126218][ C0] RBP: ffffffff823d794a R08: 0000000000000000 R09: 0000000000000000 [ 1326.126230][ C0] R10: dffffc0000000000 R11: fffff94000ae96f1 R12: 0000000000000002 [ 1326.126243][ C0] R13: ffffffff8e95d0e0 R14: 0000000000000000 R15: 0000000000000246 [ 1326.126257][ C0] ? pfn_valid+0xba/0x480 [ 1326.126285][ C0] ? pfn_valid+0xd6/0x480 [ 1326.126314][ C0] ? lock_acquire+0x106/0x350 [ 1326.126339][ C0] ? pfn_valid+0xba/0x480 [ 1326.126366][ C0] pfn_valid+0xd6/0x480 [ 1326.126390][ C0] ? pfn_valid+0xba/0x480 [ 1326.126417][ C0] page_table_check_set+0x25/0x610 [ 1326.126449][ C0] copy_pmd_range+0x4f5a/0x8050 [ 1326.126475][ C0] ? arch_stack_walk+0xfb/0x150 [ 1326.126507][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 1326.126530][ C0] ? kernel_clone+0x284/0x8f0 [ 1326.126558][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1326.126585][ C0] ? mas_wr_store_type+0xcc2/0x19d0 [ 1326.126609][ C0] copy_page_range+0xbe8/0x11f0 [ 1326.126636][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 1326.126658][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 1326.126679][ C0] dup_mmap+0xf40/0x1d90 [ 1326.126728][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 1326.126758][ C0] ? copy_mm+0x130/0x4a0 [ 1326.126782][ C0] ? copy_mm+0x130/0x4a0 [ 1326.126811][ C0] copy_mm+0x13b/0x4a0 [ 1326.126835][ C0] copy_process+0x1f1c/0x4450 [ 1326.126866][ C0] ? copy_process+0xd87/0x4450 [ 1326.126894][ C0] ? __pfx_copy_process+0x10/0x10 [ 1326.126923][ C0] kernel_clone+0x284/0x8f0 [ 1326.126947][ C0] ? cgroup1_freezing+0x20/0x350 [ 1326.126981][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 1326.127016][ C0] __x64_sys_clone+0x1b6/0x230 [ 1326.127051][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 1326.127091][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.127109][ C0] do_syscall_64+0x15f/0xf80 [ 1326.127131][ C0] ? trace_irq_disable+0x3b/0x140 [ 1326.127150][ C0] ? clear_bhb_loop+0x40/0x90 [ 1326.127171][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.127188][ C0] RIP: 0033:0x7f9b3dbc5292 [ 1326.127211][ C0] Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 1326.127226][ C0] RSP: 002b:00007ffd2b982ee0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1326.127245][ C0] RAX: ffffffffffffffda RBX: 00007ffd2b982ee0 RCX: 00007f9b3dbc5292 [ 1326.127258][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1326.127269][ C0] RBP: 00007ffd2b98306c R08: 0000000000000000 R09: 0000000000000001 [ 1326.127280][ C0] R10: 00005555746db7d0 R11: 0000000000000246 R12: 0000000000000001 [ 1326.127291][ C0] R13: 00000000000927c0 R14: 0000000000143ba1 R15: 00007ffd2b9830c0 [ 1326.127311][ C0] [ 1326.127317][ C0] [ 1326.591344][ C0] Allocated by task 31805: [ 1326.595805][ C0] kasan_save_track+0x3e/0x80 [ 1326.600759][ C0] __kasan_kmalloc+0x93/0xb0 [ 1326.605519][ C0] __kmalloc_cache_noprof+0x31c/0x660 [ 1326.610939][ C0] rose_add_node+0x23c/0xf00 [ 1326.615563][ C0] rose_rt_ioctl+0xd35/0x12a0 [ 1326.620307][ C0] rose_ioctl+0x3fb/0x8f0 [ 1326.624825][ C0] sock_do_ioctl+0x101/0x320 [ 1326.629532][ C0] sock_ioctl+0x5c6/0x7f0 [ 1326.633992][ C0] __se_sys_ioctl+0xfc/0x170 [ 1326.638738][ C0] do_syscall_64+0x15f/0xf80 [ 1326.643456][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.649400][ C0] [ 1326.651748][ C0] Freed by task 47: [ 1326.655603][ C0] kasan_save_track+0x3e/0x80 [ 1326.660319][ C0] kasan_save_free_info+0x46/0x50 [ 1326.665375][ C0] __kasan_slab_free+0x5c/0x80 [ 1326.670234][ C0] kfree+0x1c1/0x620 [ 1326.674520][ C0] rose_timer_expiry+0x4cb/0x600 [ 1326.679573][ C0] call_timer_fn+0x192/0x5e0 [ 1326.684390][ C0] __run_timer_base+0x652/0x8b0 [ 1326.689530][ C0] run_timer_softirq+0xb7/0x170 [ 1326.694671][ C0] handle_softirqs+0x22a/0x840 [ 1326.699572][ C0] __irq_exit_rcu+0xca/0x220 [ 1326.704325][ C0] irq_exit_rcu+0x9/0x30 [ 1326.708722][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1326.714485][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1326.720587][ C0] [ 1326.723028][ C0] The buggy address belongs to the object at ffff888079b66000 [ 1326.723028][ C0] which belongs to the cache kmalloc-512 of size 512 [ 1326.737209][ C0] The buggy address is located 32 bytes inside of [ 1326.737209][ C0] freed 512-byte region [ffff888079b66000, ffff888079b66200) [ 1326.751300][ C0] [ 1326.754972][ C0] The buggy address belongs to the physical page: [ 1326.762071][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888079b67800 pfn:0x79b64 [ 1326.772295][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1326.781014][ C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1326.789819][ C0] page_type: f5(slab) [ 1326.793842][ C0] raw: 00fff00000000240 ffff88813fe2cc80 ffffea000139c410 ffffea0001a84010 [ 1326.802740][ C0] raw: ffff888079b67800 000000080010000d 00000000f5000000 0000000000000000 [ 1326.812023][ C0] head: 00fff00000000240 ffff88813fe2cc80 ffffea000139c410 ffffea0001a84010 [ 1326.820752][ C0] head: ffff888079b67800 000000080010000d 00000000f5000000 0000000000000000 [ 1326.829760][ C0] head: 00fff00000000002 ffffea0001e6d901 00000000ffffffff 00000000ffffffff [ 1326.838479][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1326.847882][ C0] page dumped because: kasan: bad access detected [ 1326.854605][ C0] page_owner tracks the page as allocated [ 1326.860520][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 27203, tgid 27201 (syz.4.6597), ts 941558194638, free_ts 935546857956 [ 1326.882613][ C0] post_alloc_hook+0x231/0x280 [ 1326.887622][ C0] get_page_from_freelist+0x24dc/0x2580 [ 1326.893323][ C0] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1326.899229][ C0] allocate_slab+0x77/0x660 [ 1326.904119][ C0] refill_objects+0x331/0x3c0 [ 1326.909291][ C0] __pcs_replace_empty_main+0x2e6/0x730 [ 1326.914990][ C0] __kmalloc_node_track_caller_noprof+0x572/0x7b0 [ 1326.921468][ C0] kmemdup_noprof+0x2b/0x70 [ 1326.926010][ C0] setup_mq_sysctls+0x57/0x4b0 [ 1326.930892][ C0] copy_ipcs+0x483/0x6c0 [ 1326.935678][ C0] create_new_namespaces+0x210/0x6a0 [ 1326.941354][ C0] unshare_nsproxy_namespaces+0x149/0x190 [ 1326.947311][ C0] ksys_unshare+0x54e/0x970 [ 1326.951876][ C0] __x64_sys_unshare+0x38/0x50 [ 1326.956784][ C0] do_syscall_64+0x15f/0xf80 [ 1326.961404][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.967419][ C0] page last free pid 1093 tgid 1093 stack trace: [ 1326.973967][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 1326.979258][ C0] __slab_free+0x263/0x2b0 [ 1326.983806][ C0] qlist_free_all+0x97/0x100 [ 1326.988516][ C0] kasan_quarantine_reduce+0x148/0x160 [ 1326.994025][ C0] __kasan_slab_alloc+0x22/0x80 [ 1326.999011][ C0] kmem_cache_alloc_lru_noprof+0x2b8/0x640 [ 1327.004960][ C0] sock_alloc_inode+0x2c/0x190 [ 1327.009845][ C0] alloc_inode+0x6a/0x1b0 [ 1327.014202][ C0] __sock_create+0x12d/0x9d0 [ 1327.019167][ C0] rds_tcp_conn_path_connect+0x2d7/0x930 [ 1327.024926][ C0] rds_connect_worker+0x1d8/0x290 [ 1327.030071][ C0] process_scheduled_works+0xb5d/0x1860 [ 1327.036820][ C0] worker_thread+0xa53/0xfc0 [ 1327.041470][ C0] kthread+0x388/0x470 [ 1327.045801][ C0] ret_from_fork+0x514/0xb70 [ 1327.050448][ C0] ret_from_fork_asm+0x1a/0x30 [ 1327.055314][ C0] [ 1327.057984][ C0] Memory state around the buggy address: [ 1327.063753][ C0] ffff888079b65f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1327.071965][ C0] ffff888079b65f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1327.080252][ C0] >ffff888079b66000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1327.088344][ C0] ^ [ 1327.093563][ C0] ffff888079b66080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1327.101674][ C0] ffff888079b66100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1327.109931][ C0] ================================================================== [ 1327.118335][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1327.125778][ C0] CPU: 0 UID: 0 PID: 2706 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1327.135571][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1327.145861][ C0] Call Trace: [ 1327.149196][ C0] [ 1327.152085][ C0] vpanic+0x56c/0xa60 [ 1327.156222][ C0] ? __pfx_vpanic+0x10/0x10 [ 1327.160889][ C0] ? irqentry_exit+0x218/0x730 [ 1327.165812][ C0] panic+0xc5/0xd0 [ 1327.169612][ C0] ? __pfx_panic+0x10/0x10 [ 1327.174497][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1327.179851][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1327.185311][ C0] check_panic_on_warn+0x89/0xb0 [ 1327.190601][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1327.196123][ C0] end_report+0x73/0x170 [ 1327.200421][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1327.206119][ C0] kasan_report+0x128/0x150 [ 1327.210831][ C0] ? rose_t0timer_expiry+0x1aa/0x560 [ 1327.216277][ C0] rose_t0timer_expiry+0x1aa/0x560 [ 1327.221456][ C0] call_timer_fn+0x192/0x5e0 [ 1327.226202][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 1327.231892][ C0] ? call_timer_fn+0xd4/0x5e0 [ 1327.236892][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1327.242351][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1327.247655][ C0] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 1327.253348][ C0] __run_timer_base+0x652/0x8b0 [ 1327.258263][ C0] ? ktime_get+0x45/0x220 [ 1327.263443][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1327.268970][ C0] run_timer_softirq+0xb7/0x170 [ 1327.273889][ C0] handle_softirqs+0x22a/0x840 [ 1327.278807][ C0] ? __irq_exit_rcu+0xca/0x220 [ 1327.283722][ C0] __irq_exit_rcu+0xca/0x220 [ 1327.288379][ C0] irq_exit_rcu+0x9/0x30 [ 1327.292747][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1327.298592][ C0] [ 1327.301645][ C0] [ 1327.304616][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1327.310637][ C0] RIP: 0010:lock_acquire+0xc0/0x350 [ 1327.316250][ C0] Code: 9c 11 85 c0 0f 85 bf 00 00 00 65 48 8b 05 e0 39 9c 11 83 b8 8c 0b 00 00 00 0f 85 aa 00 00 00 4c 89 74 24 10 4d 89 fe 9c 41 5f 48 c7 c7 0f f6 fc 8d e8 23 bb 11 0a 65 ff 05 5c 7f 9c 11 45 31 [ 1327.336432][ C0] RSP: 0018:ffffc9000d0071d0 EFLAGS: 00000246 [ 1327.342583][ C0] RAX: ffff88802eda0000 RBX: 0000000000000000 RCX: 0000000080000004 [ 1327.351031][ C0] RDX: 0000000000000000 RSI: ffffffff823d7966 RDI: 1ffffffff1d2ba1c [ 1327.359389][ C0] RBP: ffffffff823d794a R08: 0000000000000000 R09: 0000000000000000 [ 1327.367475][ C0] R10: dffffc0000000000 R11: fffff94000ae96f1 R12: 0000000000000002 [ 1327.375682][ C0] R13: ffffffff8e95d0e0 R14: 0000000000000000 R15: 0000000000000246 [ 1327.384042][ C0] ? pfn_valid+0xba/0x480 [ 1327.388516][ C0] ? pfn_valid+0xd6/0x480 [ 1327.393150][ C0] ? lock_acquire+0x106/0x350 [ 1327.397951][ C0] ? pfn_valid+0xba/0x480 [ 1327.402319][ C0] pfn_valid+0xd6/0x480 [ 1327.406623][ C0] ? pfn_valid+0xba/0x480 [ 1327.411777][ C0] page_table_check_set+0x25/0x610 [ 1327.416968][ C0] copy_pmd_range+0x4f5a/0x8050 [ 1327.421864][ C0] ? arch_stack_walk+0xfb/0x150 [ 1327.426863][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 1327.432204][ C0] ? kernel_clone+0x284/0x8f0 [ 1327.437193][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1327.442374][ C0] ? mas_wr_store_type+0xcc2/0x19d0 [ 1327.447626][ C0] copy_page_range+0xbe8/0x11f0 [ 1327.452635][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 1327.458207][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 1327.465235][ C0] dup_mmap+0xf40/0x1d90 [ 1327.469625][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 1327.474695][ C0] ? copy_mm+0x130/0x4a0 [ 1327.478992][ C0] ? copy_mm+0x130/0x4a0 [ 1327.483285][ C0] copy_mm+0x13b/0x4a0 [ 1327.487491][ C0] copy_process+0x1f1c/0x4450 [ 1327.492557][ C0] ? copy_process+0xd87/0x4450 [ 1327.497353][ C0] ? __pfx_copy_process+0x10/0x10 [ 1327.502501][ C0] kernel_clone+0x284/0x8f0 [ 1327.507072][ C0] ? cgroup1_freezing+0x20/0x350 [ 1327.512043][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 1327.517129][ C0] __x64_sys_clone+0x1b6/0x230 [ 1327.522133][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 1327.527737][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1327.533928][ C0] do_syscall_64+0x15f/0xf80 [ 1327.538553][ C0] ? trace_irq_disable+0x3b/0x140 [ 1327.543625][ C0] ? clear_bhb_loop+0x40/0x90 [ 1327.548503][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1327.554422][ C0] RIP: 0033:0x7f9b3dbc5292 [ 1327.558954][ C0] Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 1327.578848][ C0] RSP: 002b:00007ffd2b982ee0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1327.587470][ C0] RAX: ffffffffffffffda RBX: 00007ffd2b982ee0 RCX: 00007f9b3dbc5292 [ 1327.595823][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1327.604039][ C0] RBP: 00007ffd2b98306c R08: 0000000000000000 R09: 0000000000000001 [ 1327.612131][ C0] R10: 00005555746db7d0 R11: 0000000000000246 R12: 0000000000000001 [ 1327.620309][ C0] R13: 00000000000927c0 R14: 0000000000143ba1 R15: 00007ffd2b9830c0 [ 1327.628948][ C0] [ 1327.632613][ C0] Kernel Offset: disabled [ 1327.637129][ C0] Rebooting in 86400 seconds..