last executing test programs: 1.01045124s ago: executing program 4 (id=20421): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000001280)={&(0x7f0000000940)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e21, @multicast2}, 0x1, 0x4, 0x3, 0x4}}, 0x80, 0x0}, 0x48041) 965.194356ms ago: executing program 0 (id=20422): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'cpuacct'}]}, 0x9) 964.366954ms ago: executing program 2 (id=20423): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@fwd={0x3}]}, {0x0, [0x0, 0x0, 0x2e, 0x3e]}}, &(0x7f0000000600)=""/152, 0x2a, 0x98, 0x1}, 0x28) 865.974201ms ago: executing program 0 (id=20426): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000380)=@NCI_OP_CORE_INIT_RSP_V2={0x0, 0x0, 0x2, 0x1, 0x1, {0x1, 0xff, 0x7, 0xffff, 0x60, 0x5, 0x8, 0x3}}, 0x11) 818.860812ms ago: executing program 4 (id=20427): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x18, 0x25, 0x301, 0x270bd24, 0x25dfdbff, {0x1}, [@nested={0x4, 0xae}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) 816.120619ms ago: executing program 2 (id=20428): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000600)={'macvtap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r3, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) 797.290468ms ago: executing program 1 (id=20429): sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, 0x0, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000240)="09000000e70014000000d97bfbf788a8", 0x10, 0x200000c4, &(0x7f00000001c0)={0x11, 0x88a8, r2, 0x1, 0xc, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, 0x14) 739.207787ms ago: executing program 4 (id=20430): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="38003300a0241500ffffffffffff080211000000ffffffffffff4f00020cc6c96e77258c18c802e15f6d621faae17ec3edcb7eb4e908ee53b1dccc9bb20ea4e5363e9447b8"], 0x54}}, 0x0) 702.921028ms ago: executing program 3 (id=20431): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000001040)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a3000000000480000001b0a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a30"], 0xcc}}, 0x0) writev(r1, &(0x7f0000000040), 0x2) 630.327819ms ago: executing program 1 (id=20432): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 572.231606ms ago: executing program 0 (id=20433): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x0, 0x0, 0xfffffffd, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20008084) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x36, &(0x7f0000002e80)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1e}, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0x0) 551.533305ms ago: executing program 3 (id=20434): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendto(r0, &(0x7f0000000040)="7cd1e89831c76aab8f22ae2d647cfc21a5", 0x11, 0x4000090, 0x0, 0x0) 546.604226ms ago: executing program 4 (id=20435): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="38003300a0241500ffffffffffff080211000000ffffffffffff4f00020cc6c96e77258c18c802e15f6d621faae17ec3edcb7eb4e908ee53b1dccc9bb20ea4e5363e9447b8bc6854815651bc4fb328395eac21dd67092b079661967b0000000000000000d28e4113f1c44a"], 0x54}}, 0x0) 509.764841ms ago: executing program 1 (id=20436): ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r1], 0x4) 454.857132ms ago: executing program 2 (id=20437): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x3c}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a4000000003280004800800024000000012080001"], 0xa4}}, 0x0) 437.737811ms ago: executing program 1 (id=20438): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597b9a7e727a3ece8daadf4b04a69b21dfd745934e8870086d4dcd91c1c9a69f5d303d175b4bcc0da016fb4be47336b3557b59b09b0bce1bace8b3eb86e9f3e3b4244a7bd9bad12f2ae80c3f5a6a08634b6f70ef4d694f97312f472beb24c47fbd19e9e7b2b8c851592d64758d2ff1ac341f208c6d28c62c00052de2165ad708bf2af7551a3db18c1315d89e480c2b6c35b5b3cfb67b110c0320acb9ef107cad8d463534bf85c32818e900374ee12822cacd3ab1cce26bd76299bbb1218e2bb99e46314cc40aa7ac7efe2d8a48a9c464e26adb85f0e5c00043cc8917a962fe33a589be315bc0b6b0500000033e40768e4bf8d4bf27013be64c89be276a0410ff80e298c45a5d0105424d94a869372adee93bc25c4cb8e9599860e2bbd60b6142c2c3e65074ee1bc4443db9b4b94217c3d3440713f56ec694f4fb8c9fad50493ffefe7a18795703be88c81b71ddb5124212aaba5f85b9b3635d0eca0fb44e16a529fb039184e63389b9e2c13effd296fb791aaeb37831976cb81d0052503780dc51f4ab13d0f4ea1135ec50682728a9fb26f2b483b1649e855ce7c152e6df39f95952737", 0x1b1}], 0x1, 0x0, 0x0, 0x40054}, 0x4040884) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfc}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044851}, 0x0) 435.25042ms ago: executing program 4 (id=20439): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0xfff3, 0x5}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x0, 0x8, 0x10, 0x16, 0x0, 0x5a, 0x5}}, @TCA_RED_STAB={0x104, 0x2, "cb030890171319da1db2ec01d014fa61d80db9d1aae91311c2fa1fbaa1b121dbc9bcb117c6d06e02899d62bff57c457012e3ede4edd01614d35a2b4811b96355622adb97b2b5d959ad0701bd80bab191266fa9b9c7ca9fa090d8fa9aa9b6d66e507bf362e54e58a05278c77be644c2166e269cfaea59f28d065bd081bae32b1b5bf1275793ff29544807b351a156f03e898356441281edfe501d38fcbc8d970ecd330863d4a6f56f2c0bf2e469dfc9c17d200edc77b7f3318b487c855b4ef49c0dd30fdaea6ac1f97860e2bedd01502759b7df9bf98fd36cd8be5045fc3c5a0aea1c48f7858aaee1d51d4137da7af9c7c68900"}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4048801}, 0x0) 358.714016ms ago: executing program 3 (id=20440): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x9, 0x1, 0x3, 0x8, 0xa}, 0xc) 358.123279ms ago: executing program 0 (id=20441): write(0xffffffffffffffff, &(0x7f0000000280)="6aa6bcf414c89222141ffd6e3e0fee102e9d9772441fc60ce66d7f1c697456e500d6483dc075eac161fd5e4b93f919bd659621ce33b0de8c9d7a9ce08facf651ff0e07e0097110aa0a993e5b4a0c75b2a3ce02d21a7aea6c05b69e7e948f00d7153d42ead4bdb3eb38c7755129f53424a0144d8a5f673849314c166c2fd393595e12e1fef9a3dba456c1a6b36c74f3d520de6a5841d259e0abfd2297735558b0eb001295f78d7dccc703b154b9cb3052e91713a5f0ca9127ed08eba9a24f4605b0c3be3cdc9bdc8430545b465052fc4cbf360ea070455d691af90ded22f98528ddd64bbd70ba7c103abba61dc95714fcedfcdad372288cf27409731a14c9baaefcfbaacffdc50b353b43b79de31f9db9ab378f464f63fbfb4f0cfa3f7b037077f3069f04501dceabd334ff7fa65bc3847e5fc29a2827f950040d91c5c90192e0b9304cf2740f20b6d84593fa50a5a63b06ef078f86f478e3fde6dc98b64138bdbbb0bb3c594c0518579d26f1e694e5f449a2bf2c3fd37fe1814e3b1de331f6866dc951a9b40b1ac58ab951d046a88e4e870024bc375ee1a9dee616504e12a2e4914960632a3db9b6897f7a10f763939ad309392a31aef396da1de95dbbaddb1eb30537a1cf201f48058421d010650ed8042a906293c477a18ae8c412038bf1880f932b25effe8c06a786ec1522211a8fb2962bd92943ee9d684752ed3e5e8e0023f8c40f7cd97a6071f73cc25fe534d41a05e4bbf2e3063567e6b910515bd436", 0x220) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, &(0x7f0000000480)={'lo\x00', @local}) 307.69766ms ago: executing program 2 (id=20442): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)={0x1cc, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x124, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x84, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @mcast1}}}]}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xbc}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x7c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 270.461437ms ago: executing program 4 (id=20443): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x4}, {}, {0x8, 0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="270302", 0x3}], 0x1}, 0x5) 269.879303ms ago: executing program 0 (id=20444): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000bc0)={0x8c, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x70, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 222.038175ms ago: executing program 3 (id=20445): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="38003300a0241500ffffffffffff080211000000ffffffffffff4f00020cc6c96e77258c18c802e15f6d621faae17ec3edcb7eb4e908ee53b1dccc9bb20ea4e5363e9447b8bc68"], 0x54}}, 0x0) 221.733972ms ago: executing program 1 (id=20446): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000540)={0x0, 0x64, &(0x7f0000000140)={&(0x7f0000000080)={0x28, 0x25, 0x1, 0x0, 0x0, {0xf, 0x0, 0x300}, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4) 197.81951ms ago: executing program 2 (id=20447): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="300000001e008d2a00000000000000000a", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00&'], 0x30}, 0x1, 0x0, 0x0, 0x4004}, 0x14048010) 140.292439ms ago: executing program 3 (id=20448): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 67.615188ms ago: executing program 1 (id=20449): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="38003300a0241500ffffffffffff080211000000ffffffffffff4f00020cc6c96e77258c18c802e15f6d621faae17ec3edcb7eb4e908ee53b1dccc9bb20ea4e5363e9447b8bc6854815651bc4fb328395eac21dd67092b079661967b0000000000000000d28e4113f1c44a"], 0x54}}, 0x0) 66.967144ms ago: executing program 0 (id=20450): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xffff, 'syz0\x00', @default, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000100)={0x1, @null, @bpq0, 0xffffffff, 'syz1\x00', @null, 0xfff, 0x3, [@default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) ioctl$sock_netrom_SIOCDELRT(r4, 0x890c, &(0x7f0000000680)={0x1, @null, @bpq0, 0x89, 'syz1\x00', @null, 0x2, 0x8, [@null, @default, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast]}) 66.632427ms ago: executing program 2 (id=20451): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xc, 0xa}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x10, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x2}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 0s ago: executing program 3 (id=20452): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000380)=0x9, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x2004}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0x4c}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10) sendmmsg$inet(r0, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000400)="ea77158eff3b91d035c6837e7602585420822c5c22c32caedcf977a6ddee49523d3febfb9a27d72872434ae74fdc510975e6e488a769937673bdebb27aae5aa5f85b5f4fe4", 0x45}, {&(0x7f0000000880)="9064533a7837407e683a09e451dd472e5f7aeef50aee94ac12f9fb32a0cce1fb5e534ad5d374dc00e818a685571957e1bef09c120c39c2396ef3d7e15f5877581d9e44c9fd79d22cc28ed899e4acffa42b5ce1a83273afc139a4acfbef126c783af5507886f6120404799e82fd9c52f23b9ac4076af50dccfc24f0ce35ed34e194f14cf1823788f09292f3cd0789e2f2d9556d63cdb77a059cd4bcf71980ba7da4440c217345cc49be28e49f9df1735aff9a53436d899ce9dcd18054a2a6995150ffd252d5a93136bd744f5d5b05af436ac730639dd83ab03250ba9b1dfbc54fc14c3575b462627a3ea50ceddabab31ec9a9f82f22b9dae044f75ecd687ccdaea93206958e72b7d8ca0f69bb1731e953639af370fb2b09949073b08abcb99ac0e2ebf8ccb6640894d2a1871ad1a8684b4148a3b28f5a97788586a643297e9a9479a2ad4cc4f2cb71e0f6241a16e953724d370a6c8c8c4931cf7dfc65eec03aaa3ab2fc8e99cefeb08b8e12f38450d51080e3978822b5fee62584c49ba2cf32a332c0824bfecda9ae17734b72a937eafcb123bb003d5ca94c2c68548bd6403f7b26c556efdd5ccb14e340a117872faf52efed1728243d17ce070c6bf611303ea5133097435721ee7d17d7aff64cfb2b38910c8a67dd00639c24b85f8f660995e4a1fe06b72f436ef0236a9431a3cae5bf79a22bd04220308119480c2b4e39a42b3458a834c0f3efa164c36e6025bc9d50db0654cac13c4fb15070ed57056a6e293f5e341a48249d4ddf78c38ddbc62f80a56b93615f2dd8c57f841c357576a0c3ab902dae463eb9c85a5a82a1ae9d6d338fcfc78893044b2c105e9ea039a5c3e4d7a07283a4cd0bb26cd8614d4236ef9a2528a7067c2d7a11a986c0b3c0654b3363cab96afdfeb6e6fecc091bb4f9b0f093ced28f84c10718a1ee55abca218f079bf5ecb8790f886bdb04023938d5e56bd7086e88638c1e05b98f3c9129f3a7e9483f659d1f37411b48a68e689363237940d737023865eeeba207a5e5e381ddc029ddfd0c9e66f1f62f1786661848fb6f3a0f62d46eaa490bc4e062aeb25d478a0385c39f150e69eeaafde7a91dc193a4c5889b16bd5cdccc73e4171007be0eee4fad582973f2730c269fcd495db4aed9f170c2d1f382d4cf9e9913e188a016f0ccdae047c4c2a7176b8b71f6f028956a6ca3c05068211ffdc0b828ea1e7b4c1765966555fb4bdd153c7a19b6d223f9277eca106eaeae629b251c621e06dcf7d1851df55d6b85c14cb231a1925b28b18c7c067d48c594773b6da50f", 0x39b}], 0x2}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000700)='n', 0x1}], 0x1}}], 0x2, 0x119e75c40673edef) kernel console output (not intermixed with test programs): butes in process `syz.4.18293'. [ 1203.489058][T22462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18293'. [ 1203.561827][T22467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1203.837581][T22486] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1203.972592][T22498] netlink: 'syz.1.18302': attribute type 1 has an invalid length. [ 1204.664440][T22533] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1205.107155][T22522] FAULT_INJECTION: forcing a failure. [ 1205.107155][T22522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1205.130378][T22522] CPU: 1 UID: 0 PID: 22522 Comm: syz.2.18310 Not tainted syzkaller #0 PREEMPT(full) [ 1205.130410][T22522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1205.130423][T22522] Call Trace: [ 1205.130432][T22522] [ 1205.130442][T22522] dump_stack_lvl+0xe8/0x150 [ 1205.130475][T22522] should_fail_ex+0x412/0x560 [ 1205.130506][T22522] _copy_to_user+0x31/0xb0 [ 1205.130539][T22522] simple_read_from_buffer+0xe1/0x170 [ 1205.130568][T22522] proc_fail_nth_read+0x1bb/0x230 [ 1205.130601][T22522] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1205.130634][T22522] ? rw_verify_area+0x2a6/0x4d0 [ 1205.130662][T22522] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1205.130692][T22522] vfs_read+0x20c/0xa70 [ 1205.130718][T22522] ? fdget_pos+0x246/0x320 [ 1205.130740][T22522] ? __pfx___mutex_lock+0x10/0x10 [ 1205.130760][T22522] ? __pfx_vfs_read+0x10/0x10 [ 1205.130784][T22522] ? __fget_files+0x2a/0x420 [ 1205.130805][T22522] ? __fget_files+0x3a0/0x420 [ 1205.130826][T22522] ? __fget_files+0x2a/0x420 [ 1205.130858][T22522] ksys_read+0x150/0x270 [ 1205.130890][T22522] ? __pfx_ksys_read+0x10/0x10 [ 1205.130931][T22522] do_syscall_64+0xe2/0xf80 [ 1205.130953][T22522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.130982][T22522] ? trace_irq_disable+0x37/0x100 [ 1205.130999][T22522] ? clear_bhb_loop+0x60/0xb0 [ 1205.131023][T22522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.131042][T22522] RIP: 0033:0x7f700535c84e [ 1205.131061][T22522] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1205.131078][T22522] RSP: 002b:00007f700626bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1205.131100][T22522] RAX: ffffffffffffffda RBX: 00007f700626c6c0 RCX: 00007f700535c84e [ 1205.131115][T22522] RDX: 000000000000000f RSI: 00007f700626c0a0 RDI: 0000000000000004 [ 1205.131128][T22522] RBP: 00007f700626c090 R08: 0000000000000000 R09: 0000000000000000 [ 1205.131141][T22522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1205.131153][T22522] R13: 00007f7005616038 R14: 00007f7005615fa0 R15: 00007fff38925808 [ 1205.131188][T22522] [ 1205.455058][T22525] lec:lec_atm_close: lec0: Shut down! [ 1205.494186][T22550] FAULT_INJECTION: forcing a failure. [ 1205.494186][T22550] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1205.507482][T22550] CPU: 1 UID: 0 PID: 22550 Comm: syz.4.18318 Not tainted syzkaller #0 PREEMPT(full) [ 1205.507510][T22550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1205.507524][T22550] Call Trace: [ 1205.507534][T22550] [ 1205.507542][T22550] dump_stack_lvl+0xe8/0x150 [ 1205.507576][T22550] should_fail_ex+0x412/0x560 [ 1205.507607][T22550] _copy_from_iter+0x1d3/0x1670 [ 1205.507642][T22550] ? __lock_acquire+0x6b5/0x2cf0 [ 1205.507674][T22550] ? __pfx__copy_from_iter+0x10/0x10 [ 1205.507709][T22550] ? __lock_acquire+0x6b5/0x2cf0 [ 1205.507735][T22550] tun_get_user+0x516/0x3dd0 [ 1205.507763][T22550] ? aa_file_perm+0x12d/0x1630 [ 1205.507790][T22550] ? aa_file_perm+0x440/0x1630 [ 1205.507815][T22550] ? __pfx_tun_get_user+0x10/0x10 [ 1205.507839][T22550] ? __lock_acquire+0x6b5/0x2cf0 [ 1205.507869][T22550] ? kstrtoull+0x12f/0x1d0 [ 1205.507902][T22550] ? ref_tracker_alloc+0x363/0x4d0 [ 1205.507931][T22550] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1205.507959][T22550] ? tun_get+0x1c/0x2f0 [ 1205.507995][T22550] ? tun_get+0x1c/0x2f0 [ 1205.508020][T22550] ? tun_get+0x1c/0x2f0 [ 1205.508039][T22550] ? tun_get+0x1c/0x2f0 [ 1205.508064][T22550] tun_chr_write_iter+0x113/0x200 [ 1205.508089][T22550] vfs_write+0x61d/0xb90 [ 1205.508128][T22550] ? __pfx_vfs_write+0x10/0x10 [ 1205.508168][T22550] ? __fget_files+0x2a/0x420 [ 1205.508201][T22550] ksys_write+0x150/0x270 [ 1205.508232][T22550] ? __pfx_ksys_write+0x10/0x10 [ 1205.508273][T22550] do_syscall_64+0xe2/0xf80 [ 1205.508294][T22550] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.508313][T22550] ? trace_irq_disable+0x37/0x100 [ 1205.508333][T22550] ? clear_bhb_loop+0x60/0xb0 [ 1205.508357][T22550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.508376][T22550] RIP: 0033:0x7fa67d39bf79 [ 1205.508396][T22550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1205.508418][T22550] RSP: 002b:00007fa67e221028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1205.508440][T22550] RAX: ffffffffffffffda RBX: 00007fa67d615fa0 RCX: 00007fa67d39bf79 [ 1205.508454][T22550] RDX: 000000000000fdef RSI: 00002000000002c0 RDI: 0000000000000003 [ 1205.508467][T22550] RBP: 00007fa67e221090 R08: 0000000000000000 R09: 0000000000000000 [ 1205.508479][T22550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1205.508491][T22550] R13: 00007fa67d616038 R14: 00007fa67d615fa0 R15: 00007ffd5e364ff8 [ 1205.508524][T22550] [ 1206.190730][T22569] netlink: Conntrack attr has 4 unknown bytes [ 1206.384219][T22582] FAULT_INJECTION: forcing a failure. [ 1206.384219][T22582] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.411542][T22582] CPU: 1 UID: 0 PID: 22582 Comm: syz.1.18332 Not tainted syzkaller #0 PREEMPT(full) [ 1206.411573][T22582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1206.411586][T22582] Call Trace: [ 1206.411594][T22582] [ 1206.411603][T22582] dump_stack_lvl+0xe8/0x150 [ 1206.411636][T22582] should_fail_ex+0x412/0x560 [ 1206.411668][T22582] should_failslab+0xa8/0x100 [ 1206.411694][T22582] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 1206.411723][T22582] ? __alloc_skb+0x193/0x390 [ 1206.411746][T22582] ? __alloc_skb+0x1d7/0x390 [ 1206.411776][T22582] ? __local_bh_enable_ip+0xd0/0x130 [ 1206.411796][T22582] ? __alloc_skb+0x193/0x390 [ 1206.411820][T22582] __alloc_skb+0x1d7/0x390 [ 1206.411849][T22582] alloc_skb_with_frags+0xca/0x890 [ 1206.411873][T22582] ? __might_fault+0xaf/0x130 [ 1206.411915][T22582] sock_alloc_send_pskb+0x878/0x990 [ 1206.411965][T22582] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1206.412005][T22582] ? __lock_acquire+0x6b5/0x2cf0 [ 1206.412035][T22582] ? iov_iter_advance+0x8b/0x1c0 [ 1206.412065][T22582] tun_get_user+0x92d/0x3dd0 [ 1206.412101][T22582] ? aa_file_perm+0x12d/0x1630 [ 1206.412132][T22582] ? aa_file_perm+0x440/0x1630 [ 1206.412157][T22582] ? __pfx_tun_get_user+0x10/0x10 [ 1206.412181][T22582] ? __lock_acquire+0x6b5/0x2cf0 [ 1206.412211][T22582] ? kstrtoull+0x12f/0x1d0 [ 1206.412244][T22582] ? ref_tracker_alloc+0x363/0x4d0 [ 1206.412272][T22582] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1206.412300][T22582] ? tun_get+0x1c/0x2f0 [ 1206.412320][T22582] ? tun_get+0x1c/0x2f0 [ 1206.412347][T22582] ? tun_get+0x1c/0x2f0 [ 1206.412366][T22582] ? tun_get+0x1c/0x2f0 [ 1206.412391][T22582] tun_chr_write_iter+0x113/0x200 [ 1206.412416][T22582] vfs_write+0x61d/0xb90 [ 1206.412453][T22582] ? __pfx_vfs_write+0x10/0x10 [ 1206.412492][T22582] ? __fget_files+0x2a/0x420 [ 1206.412523][T22582] ksys_write+0x150/0x270 [ 1206.412554][T22582] ? __pfx_ksys_write+0x10/0x10 [ 1206.412595][T22582] do_syscall_64+0xe2/0xf80 [ 1206.412617][T22582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.412636][T22582] ? trace_irq_disable+0x37/0x100 [ 1206.412655][T22582] ? clear_bhb_loop+0x60/0xb0 [ 1206.412680][T22582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.412699][T22582] RIP: 0033:0x7f805459bf79 [ 1206.412718][T22582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1206.412745][T22582] RSP: 002b:00007f80527f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1206.412776][T22582] RAX: ffffffffffffffda RBX: 00007f8054815fa0 RCX: 00007f805459bf79 [ 1206.412791][T22582] RDX: 000000000000fdef RSI: 00002000000002c0 RDI: 0000000000000003 [ 1206.412804][T22582] RBP: 00007f80527f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1206.412817][T22582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.412828][T22582] R13: 00007f8054816038 R14: 00007f8054815fa0 R15: 00007ffdf3d544b8 [ 1206.412863][T22582] [ 1207.153885][T22608] Cannot find del_set index 49151 as target [ 1207.285084][T22620] siw: device registration error -23 [ 1207.753951][T22648] __nla_validate_parse: 55 callbacks suppressed [ 1207.753975][T22648] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18356'. [ 1207.887447][T22662] IPVS: Unknown mcast interface: vcan0 [ 1208.006273][T22666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.18362'. [ 1208.073015][T22671] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18363'. [ 1208.082423][T22671] netlink: 'syz.4.18363': attribute type 6 has an invalid length. [ 1208.090804][T22671] netlink: 4 bytes leftover after parsing attributes in process `syz.4.18363'. [ 1208.230171][T22674] netlink: 'syz.0.18364': attribute type 1 has an invalid length. [ 1208.379528][T22687] netlink: 'syz.1.18367': attribute type 33 has an invalid length. [ 1208.387496][T22687] netlink: 152 bytes leftover after parsing attributes in process `syz.1.18367'. [ 1208.575741][T22695] pim6reg: left allmulticast mode [ 1208.657205][T22655] lec:lec_atm_close: lec0: Shut down! [ 1208.676198][T22697] netlink: 'syz.0.18369': attribute type 20 has an invalid length. [ 1208.708644][T22697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18369'. [ 1208.717943][T22697] netlink: 'syz.0.18369': attribute type 20 has an invalid length. [ 1208.759959][T22697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18369'. [ 1208.868262][T22705] netlink: 'syz.4.18373': attribute type 1 has an invalid length. [ 1208.876447][T22705] netlink: 216 bytes leftover after parsing attributes in process `syz.4.18373'. [ 1208.915703][T22709] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1209.105910][T22721] netlink: 132 bytes leftover after parsing attributes in process `syz.2.18376'. [ 1209.246052][T22729] netlink: 52 bytes leftover after parsing attributes in process `syz.0.18382'. [ 1209.297684][T22725] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1209.504990][T22746] netlink: 'syz.3.18388': attribute type 4 has an invalid length. [ 1209.651894][T22757] IPVS: Unknown mcast interface: vcan0 [ 1209.695966][T22756] 8021q: adding VLAN 0 to HW filter on device bond21 [ 1209.933109][T22773] netlink: 'syz.4.18395': attribute type 39 has an invalid length. [ 1210.154741][T22782] syzkaller1: entered promiscuous mode [ 1210.168151][T22782] syzkaller1: entered allmulticast mode [ 1210.222396][T22789] xt_TCPMSS: Only works on TCP SYN packets [ 1210.507290][T22807] openvswitch: netlink: IP tunnel dst address not specified [ 1210.896629][T22827] erspan0: entered promiscuous mode [ 1210.950146][T22833] syzkaller1: entered promiscuous mode [ 1210.955679][T22833] syzkaller1: entered allmulticast mode [ 1211.217822][T22855] netlink: 'syz.3.18425': attribute type 10 has an invalid length. [ 1211.562446][T22875] lo: Caught tx_queue_len zero misconfig [ 1211.862900][T22890] netlink: 'syz.2.18436': attribute type 29 has an invalid length. [ 1211.977204][T22899] netlink: 'syz.2.18440': attribute type 2 has an invalid length. [ 1211.996172][T22901] lo: Caught tx_queue_len zero misconfig [ 1212.923139][T22958] FAULT_INJECTION: forcing a failure. [ 1212.923139][T22958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1212.924533][T22957] netlink: 'syz.1.18463': attribute type 1 has an invalid length. [ 1212.942995][T22958] CPU: 1 UID: 0 PID: 22958 Comm: syz.4.18462 Not tainted syzkaller #0 PREEMPT(full) [ 1212.943022][T22958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1212.943033][T22958] Call Trace: [ 1212.943041][T22958] [ 1212.943048][T22958] dump_stack_lvl+0xe8/0x150 [ 1212.943078][T22958] should_fail_ex+0x412/0x560 [ 1212.943105][T22958] _copy_from_iter+0x1d3/0x1670 [ 1212.943141][T22958] ? __pfx__copy_from_iter+0x10/0x10 [ 1212.943161][T22958] ? sock_alloc_send_pskb+0x896/0x990 [ 1212.943191][T22958] ? __pfx__copy_from_iter+0x10/0x10 [ 1212.943217][T22958] ? page_copy_sane+0x16a/0x270 [ 1212.943241][T22958] copy_page_from_iter+0xdd/0x170 [ 1212.943269][T22958] skb_copy_datagram_from_iter+0x306/0x710 [ 1212.943306][T22958] tun_get_user+0xc38/0x3dd0 [ 1212.943338][T22958] ? aa_file_perm+0x12d/0x1630 [ 1212.943365][T22958] ? aa_file_perm+0x440/0x1630 [ 1212.943386][T22958] ? __pfx_tun_get_user+0x10/0x10 [ 1212.943407][T22958] ? __lock_acquire+0x6b5/0x2cf0 [ 1212.943433][T22958] ? kstrtoull+0x12f/0x1d0 [ 1212.943461][T22958] ? ref_tracker_alloc+0x363/0x4d0 [ 1212.943486][T22958] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1212.943510][T22958] ? tun_get+0x1c/0x2f0 [ 1212.943528][T22958] ? tun_get+0x1c/0x2f0 [ 1212.943551][T22958] ? tun_get+0x1c/0x2f0 [ 1212.943568][T22958] ? tun_get+0x1c/0x2f0 [ 1212.943590][T22958] tun_chr_write_iter+0x113/0x200 [ 1212.943611][T22958] vfs_write+0x61d/0xb90 [ 1212.943644][T22958] ? __pfx_vfs_write+0x10/0x10 [ 1212.943686][T22958] ? __fget_files+0x2a/0x420 [ 1212.943715][T22958] ksys_write+0x150/0x270 [ 1212.943741][T22958] ? __pfx_ksys_write+0x10/0x10 [ 1212.943776][T22958] do_syscall_64+0xe2/0xf80 [ 1212.943795][T22958] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.943811][T22958] ? trace_irq_disable+0x37/0x100 [ 1212.943828][T22958] ? clear_bhb_loop+0x60/0xb0 [ 1212.943849][T22958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.943865][T22958] RIP: 0033:0x7fa67d39bf79 [ 1212.943883][T22958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1212.943899][T22958] RSP: 002b:00007fa67e221028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1212.943919][T22958] RAX: ffffffffffffffda RBX: 00007fa67d615fa0 RCX: 00007fa67d39bf79 [ 1212.943932][T22958] RDX: 000000000000fdef RSI: 00002000000002c0 RDI: 0000000000000003 [ 1212.943943][T22958] RBP: 00007fa67e221090 R08: 0000000000000000 R09: 0000000000000000 [ 1212.943955][T22958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1212.943966][T22958] R13: 00007fa67d616038 R14: 00007fa67d615fa0 R15: 00007ffd5e364ff8 [ 1212.943996][T22958] [ 1213.272440][T22961] bond21 (unregistering): Released all slaves [ 1213.273579][T22965] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1213.362869][T22949] netlink: 'syz.2.18457': attribute type 29 has an invalid length. [ 1213.409986][T22963] bond21: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1213.460593][T22963] bond21 (unregistering): Released all slaves [ 1213.557339][T22957] 8021q: adding VLAN 0 to HW filter on device bond21 [ 1213.565035][T22951] netlink: 'syz.2.18457': attribute type 29 has an invalid length. [ 1213.685857][T22983] __nla_validate_parse: 12 callbacks suppressed [ 1213.685881][T22983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18469'. [ 1213.802594][T22989] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1213.809890][T22989] IPv6: NLM_F_CREATE should be set when creating new route [ 1213.822850][T22990] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1213.998618][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5350 ms [ 1214.006719][ C1] lec:lec_tx_timeout: lec0 [ 1214.018568][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 1214.102971][T23003] Cannot find del_set index 49151 as target [ 1214.277316][T23012] FAULT_INJECTION: forcing a failure. [ 1214.277316][T23012] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1214.346649][T23012] CPU: 1 UID: 0 PID: 23012 Comm: syz.4.18479 Not tainted syzkaller #0 PREEMPT(full) [ 1214.346689][T23012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1214.346702][T23012] Call Trace: [ 1214.346711][T23012] [ 1214.346720][T23012] dump_stack_lvl+0xe8/0x150 [ 1214.346751][T23012] should_fail_ex+0x412/0x560 [ 1214.346781][T23012] _copy_from_iter+0x1d3/0x1670 [ 1214.346815][T23012] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 1214.346849][T23012] ? __pfx__copy_from_iter+0x10/0x10 [ 1214.346876][T23012] ? __build_skb_around+0x22d/0x3c0 [ 1214.346903][T23012] ? __alloc_skb+0x193/0x390 [ 1214.346926][T23012] ? netlink_sendmsg+0x650/0xb40 [ 1214.346945][T23012] ? skb_put+0x11b/0x210 [ 1214.346973][T23012] netlink_sendmsg+0x6c0/0xb40 [ 1214.347004][T23012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1214.347029][T23012] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1214.347056][T23012] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1214.347079][T23012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1214.347100][T23012] ____sys_sendmsg+0xa68/0xad0 [ 1214.347126][T23012] ? __might_fault+0xaf/0x130 [ 1214.347161][T23012] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1214.347198][T23012] ? import_iovec+0x73/0xa0 [ 1214.347230][T23012] ___sys_sendmsg+0x2a5/0x360 [ 1214.347255][T23012] ? __lock_acquire+0x6b5/0x2cf0 [ 1214.347288][T23012] ? __pfx____sys_sendmsg+0x10/0x10 [ 1214.347354][T23012] ? __fget_files+0x2a/0x420 [ 1214.347375][T23012] ? __fget_files+0x3a0/0x420 [ 1214.347409][T23012] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1214.347437][T23012] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1214.347473][T23012] ? __pfx_ksys_write+0x10/0x10 [ 1214.347514][T23012] do_syscall_64+0xe2/0xf80 [ 1214.347536][T23012] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1214.347555][T23012] ? trace_irq_disable+0x37/0x100 [ 1214.347573][T23012] ? clear_bhb_loop+0x60/0xb0 [ 1214.347597][T23012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1214.347617][T23012] RIP: 0033:0x7fa67d39bf79 [ 1214.347636][T23012] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1214.347653][T23012] RSP: 002b:00007fa67e221028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1214.347683][T23012] RAX: ffffffffffffffda RBX: 00007fa67d615fa0 RCX: 00007fa67d39bf79 [ 1214.347697][T23012] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 1214.347710][T23012] RBP: 00007fa67e221090 R08: 0000000000000000 R09: 0000000000000000 [ 1214.347723][T23012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1214.347735][T23012] R13: 00007fa67d616038 R14: 00007fa67d615fa0 R15: 00007ffd5e364ff8 [ 1214.347768][T23012] [ 1214.661493][T23022] sctp: [Deprecated]: syz.2.18486 (pid 23022) Use of int in maxseg socket option. [ 1214.661493][T23022] Use struct sctp_assoc_value instead [ 1214.804252][T23033] tipc: Failed to remove unknown binding: 66,0,0/2886997007:607654266/607654267 [ 1214.814322][T23033] tipc: Failed to remove unknown binding: 66,0,0/2886997007:607654266/607654267 [ 1214.835395][T23031] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.18488'. [ 1214.879388][T23040] Cannot find del_set index 49151 as target [ 1214.888266][T23031] netlink: 'syz.1.18488': attribute type 1 has an invalid length. [ 1214.938095][T23031] netlink: 'syz.1.18488': attribute type 1 has an invalid length. [ 1214.991922][T23034] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18488'. [ 1215.001438][T23034] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18488'. [ 1215.082171][T23052] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 1215.282633][T23063] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18499'. [ 1215.323716][T23063] netlink: 'syz.1.18499': attribute type 1 has an invalid length. [ 1215.332866][T23063] netlink: 228 bytes leftover after parsing attributes in process `syz.1.18499'. [ 1215.334370][T23067] syzkaller0: entered promiscuous mode [ 1215.345533][T23063] openvswitch: netlink: Duplicate key (type 32). [ 1215.350273][T23067] syzkaller0: entered allmulticast mode [ 1215.381555][T23069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18502'. [ 1215.391268][T23069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18502'. [ 1215.445309][T23067] netlink: 'syz.4.18501': attribute type 13 has an invalid length. [ 1215.468210][T23067] tipc: Resetting bearer [ 1215.560091][T23082] tipc: Enabled bearer , priority 0 [ 1215.568396][T23083] netlink: 'syz.0.18507': attribute type 11 has an invalid length. [ 1215.573999][T23086] syzkaller1: entered promiscuous mode [ 1215.584660][T23086] syzkaller1: entered allmulticast mode [ 1215.595764][T23083] netlink: 224 bytes leftover after parsing attributes in process `syz.0.18507'. [ 1215.653582][T23062] tipc: Resetting bearer [ 1215.709439][T23062] tipc: Disabling bearer [ 1215.793359][T23092] vlan0: entered promiscuous mode [ 1215.800171][T23092] geneve1: entered promiscuous mode [ 1215.805682][T23092] vlan0: entered allmulticast mode [ 1215.811282][T23092] geneve1: entered allmulticast mode [ 1216.109103][T23115] netlink: 40 bytes leftover after parsing attributes in process `syz.2.18518'. [ 1216.402970][T23128] netlink: Conntrack attr has 4 unknown bytes [ 1216.617727][T23140] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1216.958106][T23163] Cannot find del_set index 49151 as target [ 1217.096405][T23169] Cannot find add_set index 65532 as target [ 1217.177127][T23171] xt_TCPMSS: Only works on TCP SYN packets [ 1217.277482][T23176] syzkaller0: entered promiscuous mode [ 1217.283156][T23176] syzkaller0: entered allmulticast mode [ 1217.347380][T23177] ref_ctr_offset mismatch. inode: 0x28 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8 [ 1217.366959][T23180] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1217.657211][T23195] Cannot find del_set index 49151 as target [ 1218.380547][T23217] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1218.560209][T23240] ip6tnl0: Caught tx_queue_len zero misconfig [ 1218.784105][T23248] __nla_validate_parse: 4 callbacks suppressed [ 1218.784129][T23248] netlink: 40 bytes leftover after parsing attributes in process `syz.4.18560'. [ 1218.831334][T23251] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.18561'. [ 1218.858544][T23251] openvswitch: netlink: Missing key (keys=40, expected=100) [ 1218.867750][T23253] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1218.879698][T23251] netlink: 40 bytes leftover after parsing attributes in process `syz.2.18561'. [ 1219.028495][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 1219.036625][ C1] lec:lec_tx_timeout: lec0 [ 1219.245394][T23271] syzkaller1: entered promiscuous mode [ 1219.245832][T23276] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.18568'. [ 1219.251638][T23271] syzkaller1: entered allmulticast mode [ 1219.282278][T23276] netlink: Conntrack attr has 4 unknown bytes [ 1219.424212][T23286] netlink: 20 bytes leftover after parsing attributes in process `syz.4.18572'. [ 1219.475334][T23289] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18574'. [ 1219.476389][T23290] netlink: 32 bytes leftover after parsing attributes in process `syz.0.18573'. [ 1219.613279][T23297] syzkaller0: entered promiscuous mode [ 1219.624805][T23297] syzkaller0: entered allmulticast mode [ 1219.640907][T23297] 0: reclassify loop, rule prio 0, protocol 800 [ 1219.762721][T23306] xt_TCPMSS: Only works on TCP SYN packets [ 1219.841478][T23312] netlink: 20 bytes leftover after parsing attributes in process `syz.1.18583'. [ 1219.920702][T23316] netlink: 20 bytes leftover after parsing attributes in process `syz.1.18585'. [ 1220.745825][T23345] netlink: 12 bytes leftover after parsing attributes in process `syz.4.18598'. [ 1220.819916][T23347] IPVS: Unknown mcast interface: vcan0 [ 1220.965521][T23349] syzkaller0: entered promiscuous mode [ 1220.979243][T23349] syzkaller0: entered allmulticast mode [ 1223.008370][T23359] workqueue: Failed to create a rescuer kthread for wq "bond22": -EINTR [ 1223.801242][T23416] syzkaller0: entered promiscuous mode [ 1223.823645][T23416] syzkaller0: entered allmulticast mode [ 1223.844399][T23426] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1225.855505][T23447] geneve4: entered promiscuous mode [ 1225.891020][T14229] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 42434 - 0 [ 1225.929112][T14229] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 42434 - 0 [ 1225.937637][T14229] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 42434 - 0 [ 1225.989394][T14229] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 42434 - 0 [ 1226.029779][T23451] __nla_validate_parse: 2 callbacks suppressed [ 1226.029804][T23451] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18633'. [ 1226.086324][T23458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18633'. [ 1226.229931][T23464] tipc: Enabled bearer , priority 11 [ 1226.250798][T23464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18638'. [ 1226.645668][T23492] netlink: 64985 bytes leftover after parsing attributes in process `syz.4.18650'. [ 1226.672831][T23492] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1226.784294][T23498] syzkaller1: entered promiscuous mode [ 1226.792354][T23500] netlink: 'syz.3.18653': attribute type 10 has an invalid length. [ 1226.808559][T23498] syzkaller1: entered allmulticast mode [ 1226.814675][T23500] netlink: 224 bytes leftover after parsing attributes in process `syz.3.18653'. [ 1227.024678][T23519] xt_TCPMSS: Only works on TCP SYN packets [ 1227.048699][T23511] syzkaller0: entered promiscuous mode [ 1227.054331][T23511] syzkaller0: entered allmulticast mode [ 1227.063120][T23518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18660'. [ 1227.095759][T23522] netlink: 212328 bytes leftover after parsing attributes in process `syz.1.18662'. [ 1227.107179][T23522] netlink: Conntrack attr has 4 unknown bytes [ 1227.241299][T23529] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18665'. [ 1227.301282][T23532] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18665'. [ 1227.452890][T23538] netlink: 'syz.3.18668': attribute type 9 has an invalid length. [ 1227.463295][T23538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.18668'. [ 1227.653625][T23549] xt_TCPMSS: Only works on TCP SYN packets [ 1227.712471][T23551] netlink: Conntrack attr has 4 unknown bytes [ 1230.029381][T23597] syzkaller1: entered promiscuous mode [ 1230.040931][T23597] syzkaller1: entered allmulticast mode [ 1230.461850][T23628] delete_channel: no stack [ 1230.602799][T23631] syzkaller1: entered promiscuous mode [ 1230.606441][T23633] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1230.623853][T23631] syzkaller1: entered allmulticast mode [ 1230.768587][T23633] bond14: (slave vcan0): Releasing backup interface [ 1230.776421][T23633] bond14: Destroying bond [ 1230.810549][T23633] bond14 (unregistering): Released all slaves [ 1230.880347][T23642] IPVS: Unknown mcast interface: vcan0 [ 1231.030250][T23653] mac80211_hwsim hwsim52 wlan0: entered promiscuous mode [ 1231.465916][T23682] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1231.519495][T23688] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 1231.553053][T23682] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1231.663940][T23682] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1231.746134][T23682] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1231.763949][T23703] __nla_validate_parse: 6 callbacks suppressed [ 1231.763969][T23703] netlink: 64 bytes leftover after parsing attributes in process `syz.4.18726'. [ 1231.812577][T23705] netlink: 'syz.3.18729': attribute type 4 has an invalid length. [ 1231.848696][T23705] netlink: 120 bytes leftover after parsing attributes in process `syz.3.18729'. [ 1232.319928][T23732] sock: sock_timestamping_bind_phc: sock not bind to device [ 1232.785097][T14222] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 42434 - 0 [ 1232.832565][T14229] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 42434 - 0 [ 1232.874871][T14229] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 42434 - 0 [ 1232.945513][T14222] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 42434 - 0 [ 1232.970635][T23749] sctp: [Deprecated]: syz.1.18745 (pid 23749) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1232.970635][T23749] Use struct sctp_sack_info instead [ 1233.009776][T23749] netlink: 1 bytes leftover after parsing attributes in process `syz.1.18745'. [ 1233.039246][T23754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18747'. [ 1233.099749][T23756] openvswitch: netlink: Message has 4 unknown bytes. [ 1233.113963][T23756] lo: Caught tx_queue_len zero misconfig [ 1233.194061][T23756] netlink: 40 bytes leftover after parsing attributes in process `syz.4.18749'. [ 1233.280091][T23768] netlink: 'syz.3.18754': attribute type 9 has an invalid length. [ 1233.391065][T23772] netlink: 'syz.0.18756': attribute type 21 has an invalid length. [ 1233.409588][T23772] netlink: 132 bytes leftover after parsing attributes in process `syz.0.18756'. [ 1233.462890][T23778] netlink: 212328 bytes leftover after parsing attributes in process `syz.3.18758'. [ 1233.480276][T23778] netlink: Conntrack attr has 4 unknown bytes [ 1233.489567][T23780] Cannot find del_set index 65531 as target [ 1233.620730][T23787] tunl0: entered promiscuous mode [ 1233.642245][T23787] netlink: 'syz.0.18761': attribute type 3 has an invalid length. [ 1233.681873][T23787] netlink: 9 bytes leftover after parsing attributes in process `syz.0.18761'. [ 1233.705507][T23791] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18764'. [ 1233.861269][T23805] netlink: 'syz.3.18768': attribute type 4 has an invalid length. [ 1233.869446][T23805] netlink: 17 bytes leftover after parsing attributes in process `syz.3.18768'. [ 1233.921794][T12398] page_pool_release_retry() stalled pool shutdown: id 89, 1 inflight 727 sec [ 1234.014076][T23810] netlink: 'syz.1.18770': attribute type 9 has an invalid length. [ 1234.026631][T23810] netlink: 'syz.1.18770': attribute type 6 has an invalid length. [ 1234.050570][T23813] bond14: option resend_igmp: invalid value (32767) [ 1234.057367][T23813] bond14: option resend_igmp: allowed values 0 - 255 [ 1234.072445][T23813] bond14 (unregistering): Released all slaves [ 1234.157926][T23821] gtp1: entered promiscuous mode [ 1234.163908][T23821] gtp1: entered allmulticast mode [ 1234.209094][T23821] gtp2: entered promiscuous mode [ 1234.217896][T23821] gtp2: entered allmulticast mode [ 1234.484779][T23850] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 1235.051374][T23885] ip6tnl0: Caught tx_queue_len zero misconfig [ 1235.079185][T23886] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1236.126643][T23961] syzkaller0: left promiscuous mode [ 1236.140542][T23961] syzkaller0: left allmulticast mode [ 1236.155130][T23965] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1236.215418][T23968] netlink: 'syz.4.18826': attribute type 4 has an invalid length. [ 1236.291856][T23970] netlink: Conntrack attr has 4 unknown bytes [ 1236.365456][T23976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1236.652216][T23999] netlink: 'syz.2.18837': attribute type 11 has an invalid length. [ 1237.049252][T24013] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1237.103367][T24015] __nla_validate_parse: 5 callbacks suppressed [ 1237.103390][T24015] netlink: 36 bytes leftover after parsing attributes in process `syz.3.18841'. [ 1237.144568][T23998] lec:lec_atm_close: lec0: Shut down! [ 1237.331151][T24026] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1237.512444][T24038] netlink: 220 bytes leftover after parsing attributes in process `syz.1.18850'. [ 1237.531069][T24038] netlink: 220 bytes leftover after parsing attributes in process `syz.1.18850'. [ 1237.630035][T24046] xt_TCPMSS: Only works on TCP SYN packets [ 1237.760046][T24053] netlink: 'syz.2.18856': attribute type 1 has an invalid length. [ 1237.770186][T24053] netlink: 'syz.2.18856': attribute type 2 has an invalid length. [ 1237.939705][T24059] tipc: Enabling of bearer rejected, already enabled [ 1237.999417][T24063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18860'. [ 1238.061684][T24067] netlink: 180 bytes leftover after parsing attributes in process `syz.1.18861'. [ 1238.131967][T24071] FAULT_INJECTION: forcing a failure. [ 1238.131967][T24071] name failslab, interval 1, probability 0, space 0, times 0 [ 1238.149809][T24071] CPU: 1 UID: 0 PID: 24071 Comm: syz.0.18862 Not tainted syzkaller #0 PREEMPT(full) [ 1238.149839][T24071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1238.149851][T24071] Call Trace: [ 1238.149860][T24071] [ 1238.149869][T24071] dump_stack_lvl+0xe8/0x150 [ 1238.149901][T24071] should_fail_ex+0x412/0x560 [ 1238.149932][T24071] should_failslab+0xa8/0x100 [ 1238.149955][T24071] __kmalloc_noprof+0xde/0x7e0 [ 1238.149975][T24071] ? tomoyo_encode+0x28b/0x550 [ 1238.150009][T24071] tomoyo_encode+0x28b/0x550 [ 1238.150041][T24071] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1238.150068][T24071] ? tomoyo_domain+0xd7/0x130 [ 1238.150098][T24071] ? tomoyo_path_number_perm+0x219/0x630 [ 1238.150118][T24071] tomoyo_path_number_perm+0x246/0x630 [ 1238.150142][T24071] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1238.150162][T24071] ? __lock_acquire+0x6b5/0x2cf0 [ 1238.150206][T24071] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1238.150253][T24071] ? __fget_files+0x2a/0x420 [ 1238.150279][T24071] ? __fget_files+0x2a/0x420 [ 1238.150299][T24071] ? __fget_files+0x3a0/0x420 [ 1238.150319][T24071] ? __fget_files+0x2a/0x420 [ 1238.150345][T24071] security_file_ioctl+0xc3/0x2a0 [ 1238.150368][T24071] __se_sys_ioctl+0x47/0x170 [ 1238.150397][T24071] do_syscall_64+0xe2/0xf80 [ 1238.150418][T24071] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1238.150437][T24071] ? trace_irq_disable+0x37/0x100 [ 1238.150456][T24071] ? clear_bhb_loop+0x60/0xb0 [ 1238.150481][T24071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1238.150509][T24071] RIP: 0033:0x7f879bf9bf79 [ 1238.150529][T24071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1238.150547][T24071] RSP: 002b:00007f879cde0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1238.150569][T24071] RAX: ffffffffffffffda RBX: 00007f879c215fa0 RCX: 00007f879bf9bf79 [ 1238.150583][T24071] RDX: 0000200000000000 RSI: 00000000000089a2 RDI: 0000000000000004 [ 1238.150597][T24071] RBP: 00007f879cde0090 R08: 0000000000000000 R09: 0000000000000000 [ 1238.150611][T24071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1238.150623][T24071] R13: 00007f879c216038 R14: 00007f879c215fa0 R15: 00007ffc38498fc8 [ 1238.150657][T24071] [ 1238.150716][T24071] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1239.002598][T24110] FAULT_INJECTION: forcing a failure. [ 1239.002598][T24110] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1239.016684][T24110] CPU: 0 UID: 0 PID: 24110 Comm: syz.0.18879 Not tainted syzkaller #0 PREEMPT(full) [ 1239.016714][T24110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1239.016727][T24110] Call Trace: [ 1239.016736][T24110] [ 1239.016745][T24110] dump_stack_lvl+0xe8/0x150 [ 1239.016779][T24110] should_fail_ex+0x412/0x560 [ 1239.016810][T24110] _copy_from_user+0x2d/0xb0 [ 1239.016853][T24110] get_user_ifreq+0x6b/0x180 [ 1239.016886][T24110] br_ioctl_stub+0x172/0xd60 [ 1239.016914][T24110] ? do_vfs_ioctl+0x1166/0x1530 [ 1239.016943][T24110] ? __pfx_br_ioctl_stub+0x10/0x10 [ 1239.016965][T24110] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1239.016995][T24110] ? sock_ioctl+0x4fa/0x7f0 [ 1239.017034][T24110] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1239.017076][T24110] ? __pfx_br_ioctl_stub+0x10/0x10 [ 1239.017095][T24110] sock_ioctl+0x523/0x7f0 [ 1239.017128][T24110] ? __pfx_sock_ioctl+0x10/0x10 [ 1239.017157][T24110] ? __fget_files+0x2a/0x420 [ 1239.017179][T24110] ? __fget_files+0x3a0/0x420 [ 1239.017199][T24110] ? __fget_files+0x2a/0x420 [ 1239.017226][T24110] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1239.017250][T24110] ? __pfx_sock_ioctl+0x10/0x10 [ 1239.017280][T24110] __se_sys_ioctl+0xfc/0x170 [ 1239.017341][T24110] do_syscall_64+0xe2/0xf80 [ 1239.017363][T24110] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.017382][T24110] ? trace_irq_disable+0x37/0x100 [ 1239.017412][T24110] ? clear_bhb_loop+0x60/0xb0 [ 1239.017437][T24110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.017456][T24110] RIP: 0033:0x7f879bf9bf79 [ 1239.017476][T24110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1239.017494][T24110] RSP: 002b:00007f879cde0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1239.017517][T24110] RAX: ffffffffffffffda RBX: 00007f879c215fa0 RCX: 00007f879bf9bf79 [ 1239.017532][T24110] RDX: 0000200000000000 RSI: 00000000000089a2 RDI: 0000000000000004 [ 1239.017546][T24110] RBP: 00007f879cde0090 R08: 0000000000000000 R09: 0000000000000000 [ 1239.017558][T24110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1239.017570][T24110] R13: 00007f879c216038 R14: 00007f879c215fa0 R15: 00007ffc38498fc8 [ 1239.017606][T24110] [ 1239.364639][T24112] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1239.501081][T24123] netlink: 332 bytes leftover after parsing attributes in process `syz.1.18884'. [ 1239.585009][T24129] IPVS: Unknown mcast interface: vcan0 [ 1239.687065][T24133] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 1239.687268][T24134] netlink: 28 bytes leftover after parsing attributes in process `syz.2.18888'. [ 1239.823122][T24141] netlink: 'syz.1.18891': attribute type 5 has an invalid length. [ 1239.831167][T24141] netlink: 140 bytes leftover after parsing attributes in process `syz.1.18891'. [ 1239.863418][T24143] bond0: (slave gre0): Error: Device type is different from other slaves [ 1239.908374][T24143] netlink: 32 bytes leftover after parsing attributes in process `syz.2.18893'. [ 1239.984542][T24154] netlink: 'syz.4.18896': attribute type 23 has an invalid length. [ 1240.172535][T24165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18901'. [ 1240.273632][T24168] IPVS: Unknown mcast interface: vcan0 [ 1240.293134][T24171] xt_TCPMSS: Only works on TCP SYN packets [ 1240.984587][T24222] syzkaller1: entered promiscuous mode [ 1240.993178][T24222] syzkaller1: entered allmulticast mode [ 1241.393756][T24246] FAULT_INJECTION: forcing a failure. [ 1241.393756][T24246] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.407378][T24246] CPU: 1 UID: 0 PID: 24246 Comm: syz.0.18936 Not tainted syzkaller #0 PREEMPT(full) [ 1241.407406][T24246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1241.407418][T24246] Call Trace: [ 1241.407427][T24246] [ 1241.407436][T24246] dump_stack_lvl+0xe8/0x150 [ 1241.407468][T24246] should_fail_ex+0x412/0x560 [ 1241.407508][T24246] should_failslab+0xa8/0x100 [ 1241.407533][T24246] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1241.407562][T24246] ? __netlink_lookup+0xc6/0x8b0 [ 1241.407585][T24246] ? skb_clone+0x212/0x3a0 [ 1241.407617][T24246] skb_clone+0x212/0x3a0 [ 1241.407647][T24246] __netlink_deliver_tap+0x404/0x850 [ 1241.407680][T24246] ? netlink_deliver_tap+0x2e/0x1b0 [ 1241.407703][T24246] netlink_deliver_tap+0x19c/0x1b0 [ 1241.407725][T24246] netlink_unicast+0x7e3/0x9b0 [ 1241.407758][T24246] ? __pfx_netlink_unicast+0x10/0x10 [ 1241.407787][T24246] ? __alloc_skb+0x193/0x390 [ 1241.407811][T24246] ? netlink_sendmsg+0x650/0xb40 [ 1241.407831][T24246] ? skb_put+0x11b/0x210 [ 1241.407859][T24246] netlink_sendmsg+0x813/0xb40 [ 1241.407893][T24246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1241.407919][T24246] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1241.407947][T24246] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1241.407971][T24246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1241.407992][T24246] ____sys_sendmsg+0xa68/0xad0 [ 1241.408019][T24246] ? __might_fault+0xaf/0x130 [ 1241.408055][T24246] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1241.408093][T24246] ? import_iovec+0x73/0xa0 [ 1241.408128][T24246] ___sys_sendmsg+0x2a5/0x360 [ 1241.408152][T24246] ? __lock_acquire+0x6b5/0x2cf0 [ 1241.408185][T24246] ? __pfx____sys_sendmsg+0x10/0x10 [ 1241.408254][T24246] ? __fget_files+0x2a/0x420 [ 1241.408280][T24246] ? __fget_files+0x3a0/0x420 [ 1241.408315][T24246] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1241.408345][T24246] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1241.408384][T24246] ? __pfx_ksys_write+0x10/0x10 [ 1241.408424][T24246] do_syscall_64+0xe2/0xf80 [ 1241.408446][T24246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.408465][T24246] ? trace_irq_disable+0x37/0x100 [ 1241.408519][T24246] ? clear_bhb_loop+0x60/0xb0 [ 1241.408542][T24246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.408559][T24246] RIP: 0033:0x7f879bf9bf79 [ 1241.408577][T24246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1241.408592][T24246] RSP: 002b:00007f879cde0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1241.408614][T24246] RAX: ffffffffffffffda RBX: 00007f879c215fa0 RCX: 00007f879bf9bf79 [ 1241.408628][T24246] RDX: 0000000000000050 RSI: 0000200000003dc0 RDI: 0000000000000003 [ 1241.408641][T24246] RBP: 00007f879cde0090 R08: 0000000000000000 R09: 0000000000000000 [ 1241.408652][T24246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1241.408663][T24246] R13: 00007f879c216038 R14: 00007f879c215fa0 R15: 00007ffc38498fc8 [ 1241.408696][T24246] [ 1241.774441][T24252] netlink: 'syz.2.18938': attribute type 16 has an invalid length. [ 1241.802574][T24252] netlink: 'syz.2.18938': attribute type 17 has an invalid length. [ 1241.859011][T24252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1242.084390][T24267] syzkaller1: entered promiscuous mode [ 1242.100483][T24267] syzkaller1: entered allmulticast mode [ 1242.148471][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 1242.156587][ C1] lec:lec_tx_timeout: lec0 [ 1242.161970][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 1242.222841][T24275] syzkaller0: entered promiscuous mode [ 1242.228366][T24275] syzkaller0: entered allmulticast mode [ 1242.280534][T24275] netlink: 'syz.4.18944': attribute type 13 has an invalid length. [ 1242.327285][T24288] __nla_validate_parse: 11 callbacks suppressed [ 1242.327306][T24288] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18949'. [ 1242.366386][T24275] tipc: Resetting bearer [ 1242.458108][T24289] tipc: Enabled bearer , priority 0 [ 1242.552702][T24272] tipc: Resetting bearer [ 1242.560454][T24307] netlink: 'syz.0.18952': attribute type 10 has an invalid length. [ 1242.586939][T24272] tipc: Disabling bearer [ 1242.858590][T24322] xt_TCPMSS: Only works on TCP SYN packets [ 1242.867701][T24323] netlink: 16 bytes leftover after parsing attributes in process `syz.4.18956'. [ 1242.887196][T24325] veth1_vlan: Caught tx_queue_len zero misconfig [ 1242.894875][T24325] netlink: 'syz.2.18959': attribute type 5 has an invalid length. [ 1242.905737][T24323] netlink: 'syz.4.18956': attribute type 16 has an invalid length. [ 1242.912760][T24327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18960'. [ 1242.935553][T24323] netlink: 'syz.4.18956': attribute type 17 has an invalid length. [ 1242.978745][T24323] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1243.130863][T24342] netlink: 32 bytes leftover after parsing attributes in process `syz.3.18963'. [ 1243.231608][T24347] FAULT_INJECTION: forcing a failure. [ 1243.231608][T24347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1243.255228][T24347] CPU: 1 UID: 0 PID: 24347 Comm: syz.0.18965 Not tainted syzkaller #0 PREEMPT(full) [ 1243.255259][T24347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1243.255271][T24347] Call Trace: [ 1243.255280][T24347] [ 1243.255290][T24347] dump_stack_lvl+0xe8/0x150 [ 1243.255324][T24347] should_fail_ex+0x412/0x560 [ 1243.255356][T24347] _copy_from_iter+0x1d3/0x1670 [ 1243.255390][T24347] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 1243.255432][T24347] ? __pfx__copy_from_iter+0x10/0x10 [ 1243.255460][T24347] ? __build_skb_around+0x22d/0x3c0 [ 1243.255488][T24347] ? __alloc_skb+0x193/0x390 [ 1243.255511][T24347] ? netlink_sendmsg+0x650/0xb40 [ 1243.255531][T24347] ? skb_put+0x11b/0x210 [ 1243.255559][T24347] netlink_sendmsg+0x6c0/0xb40 [ 1243.255592][T24347] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1243.255618][T24347] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1243.255645][T24347] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1243.255669][T24347] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1243.255688][T24347] ____sys_sendmsg+0xa68/0xad0 [ 1243.255714][T24347] ? __might_fault+0xaf/0x130 [ 1243.255748][T24347] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1243.255782][T24347] ? import_iovec+0x73/0xa0 [ 1243.255816][T24347] ___sys_sendmsg+0x2a5/0x360 [ 1243.255842][T24347] ? __lock_acquire+0x6b5/0x2cf0 [ 1243.255874][T24347] ? __pfx____sys_sendmsg+0x10/0x10 [ 1243.255940][T24347] ? __fget_files+0x2a/0x420 [ 1243.255962][T24347] ? __fget_files+0x3a0/0x420 [ 1243.255997][T24347] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1243.256027][T24347] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1243.256065][T24347] ? __pfx_ksys_write+0x10/0x10 [ 1243.256106][T24347] do_syscall_64+0xe2/0xf80 [ 1243.256128][T24347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.256147][T24347] ? trace_irq_disable+0x37/0x100 [ 1243.256167][T24347] ? clear_bhb_loop+0x60/0xb0 [ 1243.256192][T24347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.256211][T24347] RIP: 0033:0x7f879bf9bf79 [ 1243.256231][T24347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1243.256248][T24347] RSP: 002b:00007f879cde0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1243.256271][T24347] RAX: ffffffffffffffda RBX: 00007f879c215fa0 RCX: 00007f879bf9bf79 [ 1243.256286][T24347] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1243.256300][T24347] RBP: 00007f879cde0090 R08: 0000000000000000 R09: 0000000000000000 [ 1243.256313][T24347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.256324][T24347] R13: 00007f879c216038 R14: 00007f879c215fa0 R15: 00007ffc38498fc8 [ 1243.256357][T24347] [ 1243.765585][T24359] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1243.805992][T24364] wireguard0: entered promiscuous mode [ 1243.814455][T24364] wireguard0: entered allmulticast mode [ 1243.834585][T24364] team0: Device wireguard0 is of different type [ 1243.906819][T24324] lec:lec_atm_close: lec0: Shut down! [ 1243.944935][T24369] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18972'. [ 1243.978589][T24369] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18972'. [ 1244.184421][T24382] netlink: 192 bytes leftover after parsing attributes in process `syz.3.18977'. [ 1244.269357][T24389] FAULT_INJECTION: forcing a failure. [ 1244.269357][T24389] name failslab, interval 1, probability 0, space 0, times 0 [ 1244.295093][T24389] CPU: 0 UID: 0 PID: 24389 Comm: syz.3.18979 Not tainted syzkaller #0 PREEMPT(full) [ 1244.295124][T24389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1244.295137][T24389] Call Trace: [ 1244.295146][T24389] [ 1244.295155][T24389] dump_stack_lvl+0xe8/0x150 [ 1244.295188][T24389] should_fail_ex+0x412/0x560 [ 1244.295219][T24389] should_failslab+0xa8/0x100 [ 1244.295245][T24389] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1244.295273][T24389] ? __netlink_lookup+0xc6/0x8b0 [ 1244.295297][T24389] ? skb_clone+0x212/0x3a0 [ 1244.295330][T24389] skb_clone+0x212/0x3a0 [ 1244.295362][T24389] __netlink_deliver_tap+0x404/0x850 [ 1244.295413][T24389] ? netlink_deliver_tap+0x2e/0x1b0 [ 1244.295436][T24389] netlink_deliver_tap+0x19c/0x1b0 [ 1244.295460][T24389] netlink_unicast+0x7e3/0x9b0 [ 1244.295499][T24389] ? __pfx_netlink_unicast+0x10/0x10 [ 1244.295527][T24389] ? __alloc_skb+0x193/0x390 [ 1244.295551][T24389] ? netlink_sendmsg+0x650/0xb40 [ 1244.295569][T24389] ? skb_put+0x11b/0x210 [ 1244.295598][T24389] netlink_sendmsg+0x813/0xb40 [ 1244.295630][T24389] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1244.295655][T24389] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1244.295683][T24389] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1244.295707][T24389] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1244.295733][T24389] ____sys_sendmsg+0xa68/0xad0 [ 1244.295760][T24389] ? __might_fault+0xaf/0x130 [ 1244.295796][T24389] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1244.295834][T24389] ? import_iovec+0x73/0xa0 [ 1244.295866][T24389] ___sys_sendmsg+0x2a5/0x360 [ 1244.295889][T24389] ? __lock_acquire+0x6b5/0x2cf0 [ 1244.295917][T24389] ? __pfx____sys_sendmsg+0x10/0x10 [ 1244.295975][T24389] ? __fget_files+0x2a/0x420 [ 1244.295993][T24389] ? __fget_files+0x3a0/0x420 [ 1244.296021][T24389] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1244.296045][T24389] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1244.296076][T24389] ? __pfx_ksys_write+0x10/0x10 [ 1244.296111][T24389] do_syscall_64+0xe2/0xf80 [ 1244.296129][T24389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.296144][T24389] ? trace_irq_disable+0x37/0x100 [ 1244.296159][T24389] ? clear_bhb_loop+0x60/0xb0 [ 1244.296180][T24389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.296195][T24389] RIP: 0033:0x7f762879bf79 [ 1244.296212][T24389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1244.296225][T24389] RSP: 002b:00007f7629617028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1244.296244][T24389] RAX: ffffffffffffffda RBX: 00007f7628a15fa0 RCX: 00007f762879bf79 [ 1244.296256][T24389] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1244.296267][T24389] RBP: 00007f7629617090 R08: 0000000000000000 R09: 0000000000000000 [ 1244.296277][T24389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1244.296286][T24389] R13: 00007f7628a16038 R14: 00007f7628a15fa0 R15: 00007ffeafe2d8e8 [ 1244.296316][T24389] [ 1244.305635][T24391] sctp: [Deprecated]: syz.1.18980 (pid 24391) Use of int in max_burst socket option. [ 1244.305635][T24391] Use struct sctp_assoc_value instead [ 1244.662166][T24399] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1244.833285][T24405] xt_TCPMSS: Only works on TCP SYN packets [ 1245.027259][T24420] tipc: Enabling of bearer rejected, already enabled [ 1245.059463][T24420] tipc: Resetting bearer [ 1245.078848][T24420] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 1245.132564][T24426] FAULT_INJECTION: forcing a failure. [ 1245.132564][T24426] name failslab, interval 1, probability 0, space 0, times 0 [ 1245.161717][T24426] CPU: 1 UID: 0 PID: 24426 Comm: syz.3.18994 Not tainted syzkaller #0 PREEMPT(full) [ 1245.161747][T24426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1245.161758][T24426] Call Trace: [ 1245.161766][T24426] [ 1245.161774][T24426] dump_stack_lvl+0xe8/0x150 [ 1245.161805][T24426] should_fail_ex+0x412/0x560 [ 1245.161835][T24426] should_failslab+0xa8/0x100 [ 1245.161860][T24426] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1245.161887][T24426] ? __netlink_lookup+0xc6/0x8b0 [ 1245.161909][T24426] ? skb_clone+0x212/0x3a0 [ 1245.161940][T24426] skb_clone+0x212/0x3a0 [ 1245.161972][T24426] __netlink_deliver_tap+0x404/0x850 [ 1245.162006][T24426] ? netlink_deliver_tap+0x2e/0x1b0 [ 1245.162027][T24426] netlink_deliver_tap+0x19c/0x1b0 [ 1245.162048][T24426] netlink_unicast+0x7e3/0x9b0 [ 1245.162083][T24426] ? __pfx_netlink_unicast+0x10/0x10 [ 1245.162110][T24426] ? __alloc_skb+0x193/0x390 [ 1245.162132][T24426] ? netlink_sendmsg+0x650/0xb40 [ 1245.162151][T24426] ? skb_put+0x11b/0x210 [ 1245.162177][T24426] netlink_sendmsg+0x813/0xb40 [ 1245.162209][T24426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1245.162234][T24426] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1245.162259][T24426] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1245.162282][T24426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1245.162302][T24426] ____sys_sendmsg+0xa68/0xad0 [ 1245.162328][T24426] ? __might_fault+0xaf/0x130 [ 1245.162361][T24426] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1245.162395][T24426] ? import_iovec+0x73/0xa0 [ 1245.162425][T24426] ___sys_sendmsg+0x2a5/0x360 [ 1245.162449][T24426] ? __lock_acquire+0x6b5/0x2cf0 [ 1245.162480][T24426] ? __pfx____sys_sendmsg+0x10/0x10 [ 1245.162547][T24426] ? __fget_files+0x2a/0x420 [ 1245.162567][T24426] ? __fget_files+0x3a0/0x420 [ 1245.162600][T24426] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1245.162629][T24426] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1245.162675][T24426] ? __pfx_ksys_write+0x10/0x10 [ 1245.162714][T24426] do_syscall_64+0xe2/0xf80 [ 1245.162735][T24426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1245.162753][T24426] ? trace_irq_disable+0x37/0x100 [ 1245.162771][T24426] ? clear_bhb_loop+0x60/0xb0 [ 1245.162795][T24426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1245.162814][T24426] RIP: 0033:0x7f762879bf79 [ 1245.162832][T24426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1245.162849][T24426] RSP: 002b:00007f7629617028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1245.162872][T24426] RAX: ffffffffffffffda RBX: 00007f7628a15fa0 RCX: 00007f762879bf79 [ 1245.162886][T24426] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1245.162899][T24426] RBP: 00007f7629617090 R08: 0000000000000000 R09: 0000000000000000 [ 1245.162911][T24426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1245.162924][T24426] R13: 00007f7628a16038 R14: 00007f7628a15fa0 R15: 00007ffeafe2d8e8 [ 1245.162958][T24426] [ 1245.467890][T24430] netlink: 16 bytes leftover after parsing attributes in process `syz.0.18995'. [ 1245.489783][T24427] tipc: Resetting bearer [ 1245.496671][T24430] netlink: 'syz.0.18995': attribute type 16 has an invalid length. [ 1245.507055][T24430] netlink: 'syz.0.18995': attribute type 17 has an invalid length. [ 1245.520963][T24430] tunl0: left promiscuous mode [ 1245.551091][T24430] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1245.672958][T24443] netlink: 44 bytes leftover after parsing attributes in process `syz.0.19002'. [ 1245.690769][T24443] netlink: 43 bytes leftover after parsing attributes in process `syz.0.19002'. [ 1245.701697][T24443] netlink: 'syz.0.19002': attribute type 6 has an invalid length. [ 1245.709909][T24443] netlink: 'syz.0.19002': attribute type 5 has an invalid length. [ 1246.450978][T24488] tipc: Resetting bearer [ 1246.519864][T24493] veth0_to_bond: entered allmulticast mode [ 1247.014219][T24526] netlink: 'syz.4.19030': attribute type 16 has an invalid length. [ 1247.050195][T24526] netlink: 'syz.4.19030': attribute type 17 has an invalid length. [ 1247.101487][T24526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1247.689690][T24561] sctp: [Deprecated]: syz.3.19044 (pid 24561) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1247.689690][T24561] Use struct sctp_sack_info instead [ 1247.751047][T24566] syzkaller0: entered promiscuous mode [ 1247.764313][T24561] __nla_validate_parse: 14 callbacks suppressed [ 1247.764336][T24561] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.19044'. [ 1247.769586][T24566] syzkaller0: entered allmulticast mode [ 1247.891528][T24574] netlink: 16 bytes leftover after parsing attributes in process `syz.2.19048'. [ 1247.922546][T24574] netlink: 'syz.2.19048': attribute type 16 has an invalid length. [ 1247.951205][T24574] netlink: 'syz.2.19048': attribute type 17 has an invalid length. [ 1247.990101][T24574] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1248.047843][T24577] netlink: 'syz.0.19049': attribute type 7 has an invalid length. [ 1248.421127][T24605] netlink: 68 bytes leftover after parsing attributes in process `syz.0.19059'. [ 1248.512162][T24610] netlink: 24 bytes leftover after parsing attributes in process `syz.0.19059'. [ 1248.568220][T24615] netlink: 20 bytes leftover after parsing attributes in process `syz.4.19062'. [ 1248.579575][T24611] sch_tbf: peakrate 8 is lower than or equals to rate 53312071900657953 ! [ 1248.690611][T24620] xt_TCPMSS: Only works on TCP SYN packets [ 1248.717604][T24618] syzkaller0: entered promiscuous mode [ 1248.745580][T24618] syzkaller0: entered allmulticast mode [ 1248.865454][T24618] netlink: 'syz.0.19063': attribute type 13 has an invalid length. [ 1248.958530][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5060 ms [ 1248.966738][ C1] lec:lec_tx_timeout: lec0 [ 1249.025330][T24631] tipc: Enabling of bearer rejected, already enabled [ 1249.293956][T24655] syzkaller0: Caught tx_queue_len zero misconfig [ 1249.411905][T24669] netlink: 44 bytes leftover after parsing attributes in process `syz.0.19072'. [ 1249.651640][T24683] netlink: 'syz.1.19084': attribute type 3 has an invalid length. [ 1249.663184][T24683] netlink: 224 bytes leftover after parsing attributes in process `syz.1.19084'. [ 1249.731187][T24685] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1250.025162][T24715] netlink: 'syz.3.19094': attribute type 9 has an invalid length. [ 1250.125410][T24721] tipc: Enabling of bearer rejected, already enabled [ 1250.185415][T24721] tipc: Resetting bearer [ 1250.297259][T24725] syzkaller0: entered promiscuous mode [ 1250.307110][T24725] syzkaller0: entered allmulticast mode [ 1250.333449][T24725] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19096'. [ 1250.343379][T24725] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19096'. [ 1250.356415][T24725] 0: reclassify loop, rule prio 0, protocol 800 [ 1250.379481][T24729] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 9 [ 1250.382902][T24731] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19102'. [ 1250.483154][ T5147] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1250.493708][ T5147] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1250.513507][ T5147] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1250.521672][ T5147] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1250.531102][ T5147] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1250.597651][T24736] Cannot find del_set index 65531 as target [ 1250.679795][ T5856] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1250.691307][ T5856] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1250.701335][ T5856] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1250.735586][ T5856] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1250.744937][ T5856] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1251.177543][T24732] dummy0 speed is unknown, defaulting to 1000 [ 1251.289507][T24732] chnl_net:caif_netlink_parms(): no params data found [ 1251.358811][T24732] bridge0: port 1(bridge_slave_0) entered blocking state [ 1251.366072][T24732] bridge0: port 1(bridge_slave_0) entered disabled state [ 1251.373861][T24732] bridge_slave_0: entered allmulticast mode [ 1251.381434][T24732] bridge_slave_0: entered promiscuous mode [ 1251.392200][T24732] bridge0: port 2(bridge_slave_1) entered blocking state [ 1251.399572][T24732] bridge0: port 2(bridge_slave_1) entered disabled state [ 1251.406790][T24732] bridge_slave_1: entered allmulticast mode [ 1251.414587][T24732] bridge_slave_1: entered promiscuous mode [ 1251.444386][T24732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1251.456384][T24732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1251.486279][T24732] team0: Port device team_slave_0 added [ 1251.494273][T24732] team0: Port device team_slave_1 added [ 1251.519912][T24732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1251.526882][T24732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1251.553447][T24732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1251.565860][T24732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1251.573039][T24732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1251.599702][T24732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.641167][T24732] hsr_slave_0: entered promiscuous mode [ 1251.647670][T24732] hsr_slave_1: entered promiscuous mode [ 1251.654172][T24732] debugfs: 'hsr0' already exists in 'hsr' [ 1251.660324][T24732] Cannot create hsr debugfs directory [ 1252.004263][T24732] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1252.015670][T24732] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1252.027011][T24732] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1252.037688][T24732] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1252.066273][T24732] bridge0: port 2(bridge_slave_1) entered blocking state [ 1252.073471][T24732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1252.080957][T24732] bridge0: port 1(bridge_slave_0) entered blocking state [ 1252.088079][T24732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1252.149674][T24732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1252.204691][T12327] bridge0: port 1(bridge_slave_0) entered disabled state [ 1252.250957][T12327] bridge0: port 2(bridge_slave_1) entered disabled state [ 1252.372554][T24732] 8021q: adding VLAN 0 to HW filter on device team0 [ 1252.424933][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state [ 1252.432169][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1252.482964][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state [ 1252.490200][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1252.506500][T24788] xt_TCPMSS: Only works on TCP SYN packets [ 1252.711228][T24799] IPVS: Unknown mcast interface: vcan0 [ 1252.802542][ T5856] Bluetooth: hci5: command tx timeout [ 1253.033580][T24811] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1253.225731][T24732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1253.371541][T24732] veth0_vlan: entered promiscuous mode [ 1253.433316][T24732] veth1_vlan: entered promiscuous mode [ 1253.512353][T24732] veth0_macvtap: entered promiscuous mode [ 1253.599627][T24732] veth1_macvtap: entered promiscuous mode [ 1253.661034][T24732] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1253.703152][T24732] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1253.706442][T24841] __nla_validate_parse: 3 callbacks suppressed [ 1253.706461][T24841] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19136'. [ 1253.736955][T14223] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1253.774391][T24841] netlink: 'syz.3.19136': attribute type 16 has an invalid length. [ 1253.793727][T24841] netlink: 'syz.3.19136': attribute type 17 has an invalid length. [ 1253.795896][T14223] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1253.886479][T24841] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1253.909777][T14223] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1253.940313][T24855] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 1253.959371][T14223] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1253.979988][T24853] syzkaller0: entered promiscuous mode [ 1253.985704][T24853] syzkaller0: entered allmulticast mode [ 1254.096215][T12321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1254.105065][T12321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1254.183378][T14231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1254.206351][T14231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1254.281090][T24868] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19145'. [ 1254.600188][T24875] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1254.752790][T24881] FAULT_INJECTION: forcing a failure. [ 1254.752790][T24881] name failslab, interval 1, probability 0, space 0, times 0 [ 1254.798778][T24881] CPU: 0 UID: 0 PID: 24881 Comm: syz.2.19152 Not tainted syzkaller #0 PREEMPT(full) [ 1254.798809][T24881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1254.798820][T24881] Call Trace: [ 1254.798829][T24881] [ 1254.798838][T24881] dump_stack_lvl+0xe8/0x150 [ 1254.798870][T24881] should_fail_ex+0x412/0x560 [ 1254.798901][T24881] should_failslab+0xa8/0x100 [ 1254.798925][T24881] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1254.798953][T24881] ? __netlink_lookup+0xc6/0x8b0 [ 1254.798976][T24881] ? skb_clone+0x212/0x3a0 [ 1254.799008][T24881] skb_clone+0x212/0x3a0 [ 1254.799038][T24881] __netlink_deliver_tap+0x404/0x850 [ 1254.799073][T24881] ? netlink_deliver_tap+0x2e/0x1b0 [ 1254.799096][T24881] netlink_deliver_tap+0x19c/0x1b0 [ 1254.799118][T24881] netlink_unicast+0x7e3/0x9b0 [ 1254.799158][T24881] ? __pfx_netlink_unicast+0x10/0x10 [ 1254.799186][T24881] ? __alloc_skb+0x193/0x390 [ 1254.799209][T24881] ? netlink_sendmsg+0x650/0xb40 [ 1254.799229][T24881] ? skb_put+0x11b/0x210 [ 1254.799258][T24881] netlink_sendmsg+0x813/0xb40 [ 1254.799289][T24881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1254.799313][T24881] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1254.799339][T24881] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1254.799362][T24881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1254.799383][T24881] ____sys_sendmsg+0xa68/0xad0 [ 1254.799409][T24881] ? __might_fault+0xaf/0x130 [ 1254.799444][T24881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1254.799478][T24881] ? import_iovec+0x73/0xa0 [ 1254.799511][T24881] ___sys_sendmsg+0x2a5/0x360 [ 1254.799533][T24881] ? __lock_acquire+0x6b5/0x2cf0 [ 1254.799594][T24881] ? __pfx____sys_sendmsg+0x10/0x10 [ 1254.799659][T24881] ? __fget_files+0x2a/0x420 [ 1254.799680][T24881] ? __fget_files+0x3a0/0x420 [ 1254.799715][T24881] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1254.799746][T24881] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1254.799782][T24881] ? __pfx_ksys_write+0x10/0x10 [ 1254.799827][T24881] do_syscall_64+0xe2/0xf80 [ 1254.799849][T24881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1254.799868][T24881] ? trace_irq_disable+0x37/0x100 [ 1254.799886][T24881] ? clear_bhb_loop+0x60/0xb0 [ 1254.799910][T24881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1254.799929][T24881] RIP: 0033:0x7f700539bf79 [ 1254.799949][T24881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1254.799967][T24881] RSP: 002b:00007f700626c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1254.799989][T24881] RAX: ffffffffffffffda RBX: 00007f7005615fa0 RCX: 00007f700539bf79 [ 1254.800004][T24881] RDX: 0000000000000050 RSI: 0000200000003dc0 RDI: 0000000000000003 [ 1254.800017][T24881] RBP: 00007f700626c090 R08: 0000000000000000 R09: 0000000000000000 [ 1254.800030][T24881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1254.800042][T24881] R13: 00007f7005616038 R14: 00007f7005615fa0 R15: 00007fff38925808 [ 1254.800078][T24881] [ 1255.148868][ T5856] Bluetooth: hci5: command tx timeout [ 1255.271275][T24889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19154'. [ 1255.282540][ T5147] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1255.293698][ T5147] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1255.303404][ T5147] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1255.312340][ T5147] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1255.320575][ T5147] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1255.577263][T24897] netlink: 'syz.2.19156': attribute type 39 has an invalid length. [ 1255.830408][T24909] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1255.924750][T24915] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1256.028775][T24919] netlink: 112 bytes leftover after parsing attributes in process `syz.4.19166'. [ 1256.087596][T24924] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19169'. [ 1256.117992][T24924] netlink: 'syz.3.19169': attribute type 16 has an invalid length. [ 1256.130756][T24924] netlink: 'syz.3.19169': attribute type 17 has an invalid length. [ 1256.176914][T24884] dummy0 speed is unknown, defaulting to 1000 [ 1256.184415][T24924] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1256.552684][T24948] xt_l2tp: v2 tid > 0xffff: 1114244 [ 1256.602306][T24884] chnl_net:caif_netlink_parms(): no params data found [ 1256.769073][T24884] bridge0: port 1(bridge_slave_0) entered blocking state [ 1256.777947][T24884] bridge0: port 1(bridge_slave_0) entered disabled state [ 1256.791145][T24884] bridge_slave_0: entered allmulticast mode [ 1256.803278][T24884] bridge_slave_0: entered promiscuous mode [ 1256.827981][T24959] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19180'. [ 1256.836097][T24884] bridge0: port 2(bridge_slave_1) entered blocking state [ 1256.857428][T24884] bridge0: port 2(bridge_slave_1) entered disabled state [ 1256.904653][T24884] bridge_slave_1: entered allmulticast mode [ 1256.933644][T24884] bridge_slave_1: entered promiscuous mode [ 1256.940607][T24966] FAULT_INJECTION: forcing a failure. [ 1256.940607][T24966] name failslab, interval 1, probability 0, space 0, times 0 [ 1256.954421][T24966] CPU: 1 UID: 0 PID: 24966 Comm: syz.2.19182 Not tainted syzkaller #0 PREEMPT(full) [ 1256.954450][T24966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1256.954462][T24966] Call Trace: [ 1256.954471][T24966] [ 1256.954479][T24966] dump_stack_lvl+0xe8/0x150 [ 1256.954510][T24966] should_fail_ex+0x412/0x560 [ 1256.954544][T24966] should_failslab+0xa8/0x100 [ 1256.954570][T24966] __kmalloc_noprof+0xde/0x7e0 [ 1256.954585][T24966] ? bpf_test_init+0x9f/0x150 [ 1256.954606][T24966] bpf_test_init+0x9f/0x150 [ 1256.954628][T24966] bpf_prog_test_run_skb+0x375/0x1d50 [ 1256.954656][T24966] ? __fget_files+0x2a/0x420 [ 1256.954681][T24966] ? __fget_files+0x2a/0x420 [ 1256.954701][T24966] ? __fget_files+0x3a0/0x420 [ 1256.954720][T24966] ? __fget_files+0x2a/0x420 [ 1256.954747][T24966] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1256.954768][T24966] bpf_prog_test_run+0x2c7/0x340 [ 1256.954795][T24966] __sys_bpf+0x5cb/0x920 [ 1256.954818][T24966] ? __pfx___sys_bpf+0x10/0x10 [ 1256.954855][T24966] ? ksys_write+0x242/0x270 [ 1256.954885][T24966] ? __pfx_ksys_write+0x10/0x10 [ 1256.954921][T24966] __x64_sys_bpf+0x7c/0x90 [ 1256.954950][T24966] do_syscall_64+0xe2/0xf80 [ 1256.954968][T24966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.954984][T24966] ? trace_irq_disable+0x37/0x100 [ 1256.955000][T24966] ? clear_bhb_loop+0x60/0xb0 [ 1256.955023][T24966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.955041][T24966] RIP: 0033:0x7f700539bf79 [ 1256.955059][T24966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1256.955075][T24966] RSP: 002b:00007f700626c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1256.955096][T24966] RAX: ffffffffffffffda RBX: 00007f7005615fa0 RCX: 00007f700539bf79 [ 1256.955108][T24966] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 1256.955120][T24966] RBP: 00007f700626c090 R08: 0000000000000000 R09: 0000000000000000 [ 1256.955133][T24966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1256.955143][T24966] R13: 00007f7005616038 R14: 00007f7005615fa0 R15: 00007fff38925808 [ 1256.955176][T24966] [ 1257.208122][T24970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19184'. [ 1257.225235][ T5147] Bluetooth: hci5: command tx timeout [ 1257.273702][T24884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1257.327502][T24884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1257.358803][ T5147] Bluetooth: hci1: command tx timeout [ 1257.417159][T24974] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap4 [ 1257.444648][T24974] gretap4: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1257.458849][T24974] gretap4: entered promiscuous mode [ 1257.464451][T24974] gretap4: entered allmulticast mode [ 1257.487481][T24980] bond8: option mode: unable to set because the bond device has slaves [ 1257.540141][T24980] rdma_rxe: rxe_newlink: failed to add bond0 [ 1257.544538][T24884] team0: Port device team_slave_0 added [ 1257.565248][T24884] team0: Port device team_slave_1 added [ 1257.645929][T24988] Cannot find del_set index 65531 as target [ 1257.680078][T24884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1257.698687][T24884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1257.758201][T24992] netlink: 52 bytes leftover after parsing attributes in process `syz.4.19194'. [ 1257.762462][T24884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1257.791841][T24884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1257.802974][T24884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1257.830405][T24884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1257.986175][T25000] FAULT_INJECTION: forcing a failure. [ 1257.986175][T25000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.001986][T25000] CPU: 1 UID: 0 PID: 25000 Comm: syz.4.19198 Not tainted syzkaller #0 PREEMPT(full) [ 1258.002015][T25000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1258.002027][T25000] Call Trace: [ 1258.002036][T25000] [ 1258.002045][T25000] dump_stack_lvl+0xe8/0x150 [ 1258.002076][T25000] should_fail_ex+0x412/0x560 [ 1258.002107][T25000] _copy_from_user+0x2d/0xb0 [ 1258.002137][T25000] bpf_test_init+0xd8/0x150 [ 1258.002163][T25000] bpf_prog_test_run_skb+0x375/0x1d50 [ 1258.002191][T25000] ? __fget_files+0x2a/0x420 [ 1258.002218][T25000] ? __fget_files+0x2a/0x420 [ 1258.002238][T25000] ? __fget_files+0x3a0/0x420 [ 1258.002269][T25000] ? __fget_files+0x2a/0x420 [ 1258.002296][T25000] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1258.002318][T25000] bpf_prog_test_run+0x2c7/0x340 [ 1258.002344][T25000] __sys_bpf+0x5cb/0x920 [ 1258.002368][T25000] ? __pfx___sys_bpf+0x10/0x10 [ 1258.002405][T25000] ? ksys_write+0x242/0x270 [ 1258.002437][T25000] ? __pfx_ksys_write+0x10/0x10 [ 1258.002474][T25000] __x64_sys_bpf+0x7c/0x90 [ 1258.002503][T25000] do_syscall_64+0xe2/0xf80 [ 1258.002526][T25000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.002545][T25000] ? trace_irq_disable+0x37/0x100 [ 1258.002563][T25000] ? clear_bhb_loop+0x60/0xb0 [ 1258.002587][T25000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.002611][T25000] RIP: 0033:0x7fa67d39bf79 [ 1258.002631][T25000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.002648][T25000] RSP: 002b:00007fa67e221028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1258.002670][T25000] RAX: ffffffffffffffda RBX: 00007fa67d615fa0 RCX: 00007fa67d39bf79 [ 1258.002686][T25000] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 1258.002699][T25000] RBP: 00007fa67e221090 R08: 0000000000000000 R09: 0000000000000000 [ 1258.002711][T25000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.002722][T25000] R13: 00007fa67d616038 R14: 00007fa67d615fa0 R15: 00007ffd5e364ff8 [ 1258.002757][T25000] [ 1258.228255][T24884] hsr_slave_0: entered promiscuous mode [ 1258.230757][T25003] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19199'. [ 1258.235555][T24884] hsr_slave_1: entered promiscuous mode [ 1258.244246][T25003] FAULT_INJECTION: forcing a failure. [ 1258.244246][T25003] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.250812][T24884] debugfs: 'hsr0' already exists in 'hsr' [ 1258.261854][T25003] CPU: 1 UID: 0 PID: 25003 Comm: syz.3.19199 Not tainted syzkaller #0 PREEMPT(full) [ 1258.261882][T25003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1258.261893][T25003] Call Trace: [ 1258.261903][T25003] [ 1258.261913][T25003] dump_stack_lvl+0xe8/0x150 [ 1258.261941][T25003] should_fail_ex+0x412/0x560 [ 1258.261969][T25003] should_failslab+0xa8/0x100 [ 1258.261992][T25003] kmem_cache_alloc_noprof+0x87/0x6e0 [ 1258.262018][T25003] ? skb_clone+0x212/0x3a0 [ 1258.262046][T25003] skb_clone+0x212/0x3a0 [ 1258.262074][T25003] __netlink_deliver_tap+0x404/0x850 [ 1258.262107][T25003] ? netlink_deliver_tap+0x2e/0x1b0 [ 1258.262127][T25003] netlink_deliver_tap+0x19c/0x1b0 [ 1258.262147][T25003] netlink_sendskb+0x68/0x140 [ 1258.262174][T25003] netlink_unicast+0x3a3/0x9b0 [ 1258.262209][T25003] ? __pfx_netlink_unicast+0x10/0x10 [ 1258.262244][T25003] netlink_rcv_skb+0x2b6/0x4b0 [ 1258.262264][T25003] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1258.262288][T25003] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1258.262313][T25003] ? genl_rcv+0x19/0x40 [ 1258.262352][T25003] ? down_read+0x272/0x2e0 [ 1258.262370][T25003] ? genl_rcv+0xd/0x40 [ 1258.262393][T25003] genl_rcv+0x28/0x40 [ 1258.262414][T25003] netlink_unicast+0x80f/0x9b0 [ 1258.262448][T25003] ? __pfx_netlink_unicast+0x10/0x10 [ 1258.262472][T25003] ? __alloc_skb+0x193/0x390 [ 1258.262492][T25003] ? netlink_sendmsg+0x650/0xb40 [ 1258.262508][T25003] ? skb_put+0x11b/0x210 [ 1258.262533][T25003] netlink_sendmsg+0x813/0xb40 [ 1258.262562][T25003] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1258.262584][T25003] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1258.262608][T25003] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1258.262629][T25003] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1258.262646][T25003] ____sys_sendmsg+0xa68/0xad0 [ 1258.262670][T25003] ? __might_fault+0xaf/0x130 [ 1258.262701][T25003] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1258.262734][T25003] ? import_iovec+0x73/0xa0 [ 1258.262763][T25003] ___sys_sendmsg+0x2a5/0x360 [ 1258.262784][T25003] ? __lock_acquire+0x6b5/0x2cf0 [ 1258.262813][T25003] ? __pfx____sys_sendmsg+0x10/0x10 [ 1258.262874][T25003] ? __fget_files+0x2a/0x420 [ 1258.262893][T25003] ? __fget_files+0x3a0/0x420 [ 1258.262922][T25003] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1258.262948][T25003] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1258.262981][T25003] ? __pfx_ksys_write+0x10/0x10 [ 1258.263019][T25003] do_syscall_64+0xe2/0xf80 [ 1258.263038][T25003] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.263054][T25003] ? trace_irq_disable+0x37/0x100 [ 1258.263071][T25003] ? clear_bhb_loop+0x60/0xb0 [ 1258.263092][T25003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.263110][T25003] RIP: 0033:0x7f762879bf79 [ 1258.263128][T25003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.263144][T25003] RSP: 002b:00007f7629617028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1258.263164][T25003] RAX: ffffffffffffffda RBX: 00007f7628a15fa0 RCX: 00007f762879bf79 [ 1258.263177][T25003] RDX: 000000000000c010 RSI: 0000200000000040 RDI: 0000000000000003 [ 1258.263189][T25003] RBP: 00007f7629617090 R08: 0000000000000000 R09: 0000000000000000 [ 1258.263199][T25003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1258.263210][T25003] R13: 00007f7628a16038 R14: 00007f7628a15fa0 R15: 00007ffeafe2d8e8 [ 1258.263242][T25003] [ 1258.677274][T24884] Cannot create hsr debugfs directory [ 1258.846155][T25022] FAULT_INJECTION: forcing a failure. [ 1258.846155][T25022] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.851347][T25021] tap0: tun_chr_ioctl cmd 1074025672 [ 1258.865355][T25021] tap0: ignored: set checksum disabled [ 1258.870551][T25022] CPU: 0 UID: 0 PID: 25022 Comm: syz.4.19205 Not tainted syzkaller #0 PREEMPT(full) [ 1258.870584][T25022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1258.870595][T25022] Call Trace: [ 1258.870603][T25022] [ 1258.870611][T25022] dump_stack_lvl+0xe8/0x150 [ 1258.870640][T25022] should_fail_ex+0x412/0x560 [ 1258.870667][T25022] should_failslab+0xa8/0x100 [ 1258.870689][T25022] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 1258.870714][T25022] ? __alloc_skb+0x193/0x390 [ 1258.870735][T25022] ? __alloc_skb+0x1d7/0x390 [ 1258.870752][T25022] ? __local_bh_enable_ip+0xd0/0x130 [ 1258.870770][T25022] ? __alloc_skb+0x193/0x390 [ 1258.870791][T25022] __alloc_skb+0x1d7/0x390 [ 1258.870815][T25022] netlink_sendmsg+0x5d4/0xb40 [ 1258.870844][T25022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1258.870866][T25022] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1258.870891][T25022] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1258.870914][T25022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1258.870933][T25022] ____sys_sendmsg+0xa68/0xad0 [ 1258.870958][T25022] ? __might_fault+0xaf/0x130 [ 1258.870993][T25022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1258.871028][T25022] ? import_iovec+0x73/0xa0 [ 1258.871061][T25022] ___sys_sendmsg+0x2a5/0x360 [ 1258.871085][T25022] ? __lock_acquire+0x6b5/0x2cf0 [ 1258.871116][T25022] ? __pfx____sys_sendmsg+0x10/0x10 [ 1258.871180][T25022] ? __fget_files+0x2a/0x420 [ 1258.871201][T25022] ? __fget_files+0x3a0/0x420 [ 1258.871233][T25022] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1258.871260][T25022] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1258.871297][T25022] ? __pfx_ksys_write+0x10/0x10 [ 1258.871335][T25022] do_syscall_64+0xe2/0xf80 [ 1258.871355][T25022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.871371][T25022] ? trace_irq_disable+0x37/0x100 [ 1258.871388][T25022] ? clear_bhb_loop+0x60/0xb0 [ 1258.871409][T25022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1258.871426][T25022] RIP: 0033:0x7fa67d39bf79 [ 1258.871443][T25022] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.871459][T25022] RSP: 002b:00007fa67e221028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1258.871478][T25022] RAX: ffffffffffffffda RBX: 00007fa67d615fa0 RCX: 00007fa67d39bf79 [ 1258.871492][T25022] RDX: 0000000000000050 RSI: 0000200000003dc0 RDI: 0000000000000003 [ 1258.871504][T25022] RBP: 00007fa67e221090 R08: 0000000000000000 R09: 0000000000000000 [ 1258.871515][T25022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.871526][T25022] R13: 00007fa67d616038 R14: 00007fa67d615fa0 R15: 00007ffd5e364ff8 [ 1258.871556][T25022] [ 1258.914893][T25026] sctp: [Deprecated]: syz.1.19207 (pid 25026) Use of int in max_burst socket option. [ 1258.914893][T25026] Use struct sctp_assoc_value instead [ 1259.287861][ T5147] Bluetooth: hci5: command tx timeout [ 1259.381291][T25047] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19212'. [ 1259.446790][ T5147] Bluetooth: hci1: command tx timeout [ 1259.492512][T25047] hsr_slave_0: left promiscuous mode [ 1259.504958][T25047] hsr_slave_1: left promiscuous mode [ 1259.549680][T25057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19212'. [ 1259.604321][T24884] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1259.629592][T25050] syzkaller1: entered promiscuous mode [ 1259.635102][T25050] syzkaller1: entered allmulticast mode [ 1259.695329][T24884] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1259.743721][T24884] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1259.802498][T24884] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 42434 - 0 [ 1259.917729][T24884] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1259.940034][T24884] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1259.950307][T24884] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1259.962926][T24884] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1260.040266][T24884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1260.061271][T24884] 8021q: adding VLAN 0 to HW filter on device team0 [ 1260.075922][T12321] bridge0: port 1(bridge_slave_0) entered blocking state [ 1260.083140][T12321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1260.099394][T14222] bridge0: port 2(bridge_slave_1) entered blocking state [ 1260.106693][T14222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1260.295003][T24884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1260.352114][T24884] veth0_vlan: entered promiscuous mode [ 1260.364588][T24884] veth1_vlan: entered promiscuous mode [ 1260.397568][T24884] veth0_macvtap: entered promiscuous mode [ 1260.407361][T24884] veth1_macvtap: entered promiscuous mode [ 1260.426231][T24884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1260.441821][T24884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1260.456455][T12321] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.466114][T12321] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.478134][T12321] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.492774][T12321] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.577783][T12321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1260.600488][T12321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1260.628882][T12327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1260.639670][T12327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1261.519067][ T5147] Bluetooth: hci1: command tx timeout [ 1263.599061][ T5147] Bluetooth: hci1: command tx timeout [ 1264.497023][T12321] veth0_to_bridge: left allmulticast mode [ 1264.502886][T12321] veth0_to_bridge: left promiscuous mode [ 1264.509264][T12321] bridge0: port 1(veth0_to_bridge) entered disabled state [ 1264.540450][T12321] tipc: Resetting bearer [ 1264.788382][T12321] bond5 (unregistering): (slave vti0): Releasing backup interface [ 1264.797151][T12321] vti0 (unregistering): left promiscuous mode [ 1264.899796][T12321] bond4 (unregistering): (slave gretap3): Releasing active interface [ 1264.923895][T12321] bond8 (unregistering): (slave gretap4): Releasing active interface [ 1265.037426][T12321] dvmrp6 (unregistering): left allmulticast mode [ 1265.491118][T12321] bond7 (unregistering): (slave bridge0): Releasing backup interface [ 1265.613290][T12321] bond9 (unregistering): (slave bridge10): Releasing active interface [ 1265.621941][T12321] bridge10 (unregistering): left promiscuous mode [ 1265.628953][T12321] bridge10 (unregistering): left allmulticast mode [ 1265.921262][T12321] bond18 (unregistering): (slave bridge16): Releasing active interface [ 1266.021815][T12321] tipc: Disabling bearer [ 1266.179698][T12321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1266.190767][T12321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1266.201036][T12321] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1266.210627][T12321] bond0 (unregistering): Released all slaves [ 1266.221556][T12321] bond1 (unregistering): Released all slaves [ 1266.351922][T12321] bond2 (unregistering): Released all slaves [ 1266.489373][T12321] bond3 (unregistering): Released all slaves [ 1266.502240][T12321] bond4 (unregistering): Released all slaves [ 1266.626318][T12321] bond5 (unregistering): Released all slaves [ 1266.752073][T12321] bond6 (unregistering): Released all slaves [ 1266.874487][T12321] bond7 (unregistering): Released all slaves [ 1266.887754][T12321] bond8 (unregistering): Released all slaves [ 1267.034381][T12321] bond9 (unregistering): Released all slaves [ 1267.160658][T12321] bond10 (unregistering): Released all slaves [ 1267.173988][T12321] bond11 (unregistering): Released all slaves [ 1267.302444][T12321] bond12 (unregistering): Released all slaves [ 1267.423110][T12321] bond13 (unregistering): Released all slaves [ 1267.436105][T12321] bond14 (unregistering): Released all slaves [ 1267.450420][T12321] bond15 (unregistering): Released all slaves [ 1267.465823][T12321] bond16 (unregistering): Released all slaves [ 1267.482074][T12321] bond17 (unregistering): Released all slaves [ 1267.497420][T12321] bond18 (unregistering): Released all slaves [ 1267.631467][T12321] bond19 (unregistering): Released all slaves [ 1267.644438][T12321] bond20 (unregistering): Released all slaves [ 1267.774660][T12321] bond21 (unregistering): Released all slaves [ 1268.009814][T12321] : left promiscuous mode [ 1268.142780][T12321] tipc: Disabling bearer [ 1268.157205][T12321] tipc: Disabling bearer [ 1268.164103][T12321] tipc: Left network mode [ 1269.210635][T12321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1269.347514][T12321] pim6reg (unregistering): left allmulticast mode [ 1270.104284][T12321] team0 (unregistering): Port device team_slave_1 removed [ 1270.152144][T12321] team0 (unregistering): Port device team_slave_0 removed [ 1272.406237][T12321] IPVS: stop unused estimator thread 0... [ 1274.986487][T27457] lec:lec_start_xmit: lec0:No lecd attached [ 1279.998497][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 1280.006990][ C1] lec:lec_tx_timeout: lec0 [ 1294.799052][ T5855] page_pool_release_retry() stalled pool shutdown: id 89, 1 inflight 787 sec [ 1300.322812][ T1300] lec:lec_start_xmit: lec0:No lecd attached [ 1305.998484][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5670 ms [ 1306.006526][ C1] lec:lec_tx_timeout: lec0 [ 1320.390757][T25150] syzkaller0: entered promiscuous mode [ 1320.396398][T25150] syzkaller0: entered allmulticast mode [ 1320.676233][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1320.689115][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1320.698356][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1320.707800][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1320.717547][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1321.237866][T25164] dummy0 speed is unknown, defaulting to 1000 [ 1321.293151][T25187] netlink: 'syz.4.19233': attribute type 1 has an invalid length. [ 1321.590570][T25164] chnl_net:caif_netlink_parms(): no params data found [ 1321.782232][T25212] netlink: 'syz.0.19242': attribute type 1 has an invalid length. [ 1321.797490][T25164] bridge0: port 1(bridge_slave_0) entered blocking state [ 1321.806890][T25164] bridge0: port 1(bridge_slave_0) entered disabled state [ 1321.823760][T25164] bridge_slave_0: entered allmulticast mode [ 1321.832118][T25164] bridge_slave_0: entered promiscuous mode [ 1321.878272][T25212] bond1: entered promiscuous mode [ 1321.884897][T25212] bond1: entered allmulticast mode [ 1321.892604][T25212] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1321.902819][T25217] veth1: entered promiscuous mode [ 1321.912484][T25217] veth1: entered allmulticast mode [ 1321.929070][T25164] bridge0: port 2(bridge_slave_1) entered blocking state [ 1321.948660][T25164] bridge0: port 2(bridge_slave_1) entered disabled state [ 1321.956108][T25164] bridge_slave_1: entered allmulticast mode [ 1321.964934][T25164] bridge_slave_1: entered promiscuous mode [ 1322.063313][T25164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1322.100690][T25164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1322.166060][T25164] team0: Port device team_slave_0 added [ 1322.186376][T25164] team0: Port device team_slave_1 added [ 1322.276346][T25164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1322.293206][T25164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1322.341398][T25164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1322.357074][T25164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1322.364641][T25164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1322.392462][T25164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1322.484125][T25242] netlink: 'syz.0.19256': attribute type 1 has an invalid length. [ 1322.522290][T25164] hsr_slave_0: entered promiscuous mode [ 1322.530132][T25164] hsr_slave_1: entered promiscuous mode [ 1322.547122][T25164] debugfs: 'hsr0' already exists in 'hsr' [ 1322.558319][T25164] Cannot create hsr debugfs directory [ 1322.591866][T25242] bond2: entered promiscuous mode [ 1322.597040][T25242] bond2: entered allmulticast mode [ 1322.606697][T25242] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1322.799197][ T5856] Bluetooth: hci0: command tx timeout [ 1322.925361][T25164] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1323.104648][T25164] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1323.171750][T25164] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1323.259910][T25164] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1323.624911][T25164] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1323.657931][T25164] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1323.676458][T25164] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1323.705844][T25164] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1323.773915][T25300] veth1: entered promiscuous mode [ 1323.785758][T25300] veth1: entered allmulticast mode [ 1323.927910][T25164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1323.990646][T25164] 8021q: adding VLAN 0 to HW filter on device team0 [ 1324.027834][T12327] bridge0: port 1(bridge_slave_0) entered blocking state [ 1324.035172][T12327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1324.074855][T12327] bridge0: port 2(bridge_slave_1) entered blocking state [ 1324.082092][T12327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1324.508260][T25164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1324.636171][T25164] veth0_vlan: entered promiscuous mode [ 1324.686467][T25164] veth1_vlan: entered promiscuous mode [ 1324.760788][T25164] veth0_macvtap: entered promiscuous mode [ 1324.782490][T25164] veth1_macvtap: entered promiscuous mode [ 1324.848021][T25164] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1324.879510][ T5856] Bluetooth: hci0: command tx timeout [ 1324.891497][T25164] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1324.941351][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1324.955064][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1324.973926][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1324.993970][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1325.188301][T14223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1325.218690][T14223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1325.296918][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1325.315180][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1325.555795][T25376] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1325.920535][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1325.936033][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1325.946341][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1325.960140][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1325.968122][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1326.194303][T25370] dummy0 speed is unknown, defaulting to 1000 [ 1326.636200][T25384] dummy0 speed is unknown, defaulting to 1000 [ 1326.959372][ T5147] Bluetooth: hci0: command tx timeout [ 1327.359564][T25429] netlink: 96 bytes leftover after parsing attributes in process `syz.2.19335'. [ 1327.605096][T25384] chnl_net:caif_netlink_parms(): no params data found [ 1327.896629][T25384] bridge0: port 1(bridge_slave_0) entered blocking state [ 1327.917013][T25384] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.939302][T25384] bridge_slave_0: entered allmulticast mode [ 1327.961498][T25384] bridge_slave_0: entered promiscuous mode [ 1327.978251][T25467] netlink: 40 bytes leftover after parsing attributes in process `syz.4.19346'. [ 1327.983287][T25384] bridge0: port 2(bridge_slave_1) entered blocking state [ 1327.999482][ T5147] Bluetooth: hci2: command tx timeout [ 1328.006990][T25384] bridge0: port 2(bridge_slave_1) entered disabled state [ 1328.015148][T25384] bridge_slave_1: entered allmulticast mode [ 1328.024442][T25384] bridge_slave_1: entered promiscuous mode [ 1328.095798][T25384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1328.110707][T25384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1328.189546][T25384] team0: Port device team_slave_0 added [ 1328.205607][T25384] team0: Port device team_slave_1 added [ 1328.283109][T25384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1328.301404][T25384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1328.328643][T25384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1328.342634][T25384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1328.353771][T25384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1328.391700][T25384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1328.441883][T25485] bond17: entered promiscuous mode [ 1328.561268][T25384] hsr_slave_0: entered promiscuous mode [ 1328.590321][T25384] hsr_slave_1: entered promiscuous mode [ 1328.597618][T25384] debugfs: 'hsr0' already exists in 'hsr' [ 1328.618017][T25384] Cannot create hsr debugfs directory [ 1329.038552][ T5147] Bluetooth: hci0: command tx timeout [ 1329.334345][T25384] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1329.345433][T25384] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1329.355792][T25384] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1329.368615][T25384] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1329.497415][T25384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1329.534005][T25384] 8021q: adding VLAN 0 to HW filter on device team0 [ 1329.553277][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state [ 1329.560528][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1329.590264][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 1329.597527][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1330.080547][ T5147] Bluetooth: hci2: command tx timeout [ 1330.175815][T25384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1330.217003][T25560] netlink: 'syz.4.19388': attribute type 1 has an invalid length. [ 1330.270727][T25560] veth1: entered promiscuous mode [ 1330.300291][T25560] veth1: entered allmulticast mode [ 1330.350980][T25384] veth0_vlan: entered promiscuous mode [ 1330.380471][T25384] veth1_vlan: entered promiscuous mode [ 1330.485508][T25384] veth0_macvtap: entered promiscuous mode [ 1330.505749][T25384] veth1_macvtap: entered promiscuous mode [ 1330.579657][T25384] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1330.600421][T25384] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1330.623605][ T3561] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1330.651108][ T3561] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1330.696042][ T3561] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1330.725525][ T3561] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1330.955085][T14231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1330.986756][T14231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1331.068276][ T3561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1331.091131][ T3561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1331.603440][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1331.619584][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1331.632082][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1331.641637][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1331.650137][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1332.099777][T25627] netlink: 144 bytes leftover after parsing attributes in process `syz.1.19416'. [ 1332.171729][ T5147] Bluetooth: hci2: command tx timeout [ 1332.379174][T25616] dummy0 speed is unknown, defaulting to 1000 [ 1332.539832][T25641] syzkaller0: entered promiscuous mode [ 1332.552134][T25641] syzkaller0: entered allmulticast mode [ 1332.626319][T25649] netlink: 'syz.0.19427': attribute type 4 has an invalid length. [ 1332.865816][T25616] chnl_net:caif_netlink_parms(): no params data found [ 1333.022784][T25616] bridge0: port 1(bridge_slave_0) entered blocking state [ 1333.030569][T25616] bridge0: port 1(bridge_slave_0) entered disabled state [ 1333.037937][T25616] bridge_slave_0: entered allmulticast mode [ 1333.046796][T25616] bridge_slave_0: entered promiscuous mode [ 1333.058992][T25616] bridge0: port 2(bridge_slave_1) entered blocking state [ 1333.066412][T25616] bridge0: port 2(bridge_slave_1) entered disabled state [ 1333.074204][T25616] bridge_slave_1: entered allmulticast mode [ 1333.088312][T25616] bridge_slave_1: entered promiscuous mode [ 1333.137136][T25616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1333.151638][T25616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1333.236107][T25616] team0: Port device team_slave_0 added [ 1333.264354][T25616] team0: Port device team_slave_1 added [ 1333.370204][T25616] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1333.397325][T25616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1333.463757][T25616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1333.499308][T25616] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1333.506308][T25616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1333.572422][T25616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1333.759285][ T5147] Bluetooth: hci4: command tx timeout [ 1333.775856][T25699] bond1: entered promiscuous mode [ 1333.802709][T25616] hsr_slave_0: entered promiscuous mode [ 1333.821212][T25616] hsr_slave_1: entered promiscuous mode [ 1333.827831][T25616] debugfs: 'hsr0' already exists in 'hsr' [ 1333.836667][T25616] Cannot create hsr debugfs directory [ 1334.230359][T25722] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1334.239595][ T5147] Bluetooth: hci2: command tx timeout [ 1334.386476][T25616] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1334.436768][T25616] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1334.456942][T25731] netlink: 'syz.3.19465': attribute type 1 has an invalid length. [ 1334.474274][T25616] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1334.631373][T25616] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1334.669083][T25616] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1334.683095][T25616] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1334.752979][T25747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19472'. [ 1334.816379][T25616] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1334.830775][T25616] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1334.860461][T25616] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1334.883809][T25753] veth1: entered promiscuous mode [ 1334.889257][T25753] veth1: entered allmulticast mode [ 1334.926803][T25616] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1334.938224][T25616] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1334.972131][T25616] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1335.295362][T25616] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1335.313207][T25616] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1335.341727][T25616] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1335.373426][T25616] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1335.664973][T25616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1335.727824][T25616] 8021q: adding VLAN 0 to HW filter on device team0 [ 1335.772295][T14222] bridge0: port 1(bridge_slave_0) entered blocking state [ 1335.779506][T14222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1335.817374][T14223] bridge0: port 2(bridge_slave_1) entered blocking state [ 1335.824601][T14223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1335.840076][ T5147] Bluetooth: hci4: command tx timeout [ 1336.332263][T25616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1336.575887][T25834] syzkaller0: entered promiscuous mode [ 1336.589601][T25834] syzkaller0: entered allmulticast mode [ 1336.884186][T25616] veth0_vlan: entered promiscuous mode [ 1336.921839][T25616] veth1_vlan: entered promiscuous mode [ 1337.015464][T25616] veth0_macvtap: entered promiscuous mode [ 1337.033722][T25616] veth1_macvtap: entered promiscuous mode [ 1337.096233][T25616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1337.123744][T25616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1337.186450][ T3561] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.200270][ T3561] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.241996][ T3561] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.267795][ T3561] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.310300][T25865] syzkaller0: entered promiscuous mode [ 1337.317694][T25865] syzkaller0: entered allmulticast mode [ 1337.560286][T12327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1337.579409][T12327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1337.656176][T14231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1337.666737][T14231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1337.919041][ T5147] Bluetooth: hci4: command tx timeout [ 1338.191051][T25899] syzkaller0: entered promiscuous mode [ 1338.200028][T25899] syzkaller0: entered allmulticast mode [ 1338.742157][T27457] lec:lec_start_xmit: lec0:No lecd attached [ 1339.310174][T25948] bridge0: port 2(bridge_slave_1) entered disabled state [ 1339.318082][T25948] bridge0: port 1(bridge_slave_0) entered disabled state [ 1339.674447][T25948] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1339.696592][T25948] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1339.713731][T25980] netlink: 'syz.4.19568': attribute type 9 has an invalid length. [ 1339.999062][ T5147] Bluetooth: hci4: command tx timeout [ 1340.154969][T12321] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.173918][T12321] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.190111][T12321] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.211249][T12321] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1340.749891][T26028] syzkaller0: entered promiscuous mode [ 1340.763123][T26028] syzkaller0: entered allmulticast mode [ 1340.809853][T26034] erspan1: entered allmulticast mode [ 1341.286235][T26056] veth1: entered promiscuous mode [ 1341.292012][T26056] veth1: entered allmulticast mode [ 1341.413561][T26053] syzkaller0: entered promiscuous mode [ 1341.429885][T26053] syzkaller0: entered allmulticast mode [ 1343.873577][T26079] bridge0: port 2(bridge_slave_1) entered disabled state [ 1343.881448][T26079] bridge0: port 1(bridge_slave_0) entered disabled state [ 1343.998648][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5250 ms [ 1344.006744][ C1] lec:lec_tx_timeout: lec0 [ 1344.120494][T26079] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1344.145069][T26079] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1344.290960][T26113] netlink: 28 bytes leftover after parsing attributes in process `syz.2.19629'. [ 1344.360769][T12321] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1344.389657][T12321] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1344.402869][T12321] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1344.428755][T12321] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1344.542555][T26122] netlink: 20 bytes leftover after parsing attributes in process `syz.4.19633'. [ 1344.897203][T26140] bridge0: port 2(bridge_slave_1) entered disabled state [ 1344.905221][T26140] bridge0: port 1(bridge_slave_0) entered disabled state [ 1344.921317][T26147] netlink: 64 bytes leftover after parsing attributes in process `syz.0.19644'. [ 1345.112261][T26140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1345.143934][T26140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1345.445537][T26167] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19652'. [ 1345.517061][T12321] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.539127][T12321] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.559608][T12321] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.585857][T12321] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1345.630393][T26170] erspan1: entered allmulticast mode [ 1345.690375][T26181] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1346.253815][T26211] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19674'. [ 1346.285639][T26211] erspan1: entered allmulticast mode [ 1346.315586][T26214] syzkaller0: entered promiscuous mode [ 1346.322747][T26214] syzkaller0: entered allmulticast mode [ 1348.490493][T26316] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19723'. [ 1348.516409][T26316] erspan1: entered allmulticast mode [ 1348.896947][T26339] pim6reg1: entered promiscuous mode [ 1348.905344][T26339] pim6reg1: entered allmulticast mode [ 1350.573223][T26445] syzkaller1: entered promiscuous mode [ 1350.579590][T26445] syzkaller1: entered allmulticast mode [ 1351.120868][T26468] syzkaller1: entered promiscuous mode [ 1351.127160][T26468] syzkaller1: entered allmulticast mode [ 1351.180578][T26473] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19797'. [ 1351.247939][T26481] erspan1: entered allmulticast mode [ 1351.499328][T26498] netlink: 'syz.1.19807': attribute type 21 has an invalid length. [ 1351.738789][T26514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19815'. [ 1351.978216][T26523] syzkaller0: entered promiscuous mode [ 1351.984328][T26523] syzkaller0: entered allmulticast mode [ 1354.250200][T26552] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1354.272346][T26555] erspan1: entered allmulticast mode [ 1354.826118][T26591] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.833910][T26591] bridge0: port 1(bridge_slave_0) entered disabled state [ 1355.010756][T26591] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1355.034042][T26591] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1355.120662][ T7338] page_pool_release_retry() stalled pool shutdown: id 89, 1 inflight 848 sec [ 1355.277042][T14223] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1355.317203][T14223] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1355.337754][T14223] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1355.399925][T14223] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1355.602745][T26621] vlan0: entered allmulticast mode [ 1355.619279][T26621] veth0_vlan: entered allmulticast mode [ 1355.811575][T26604] dummy0 speed is unknown, defaulting to 1000 [ 1356.077665][T26638] Bluetooth: MGMT ver 1.23 [ 1356.575674][T26655] bond1: entered promiscuous mode [ 1356.585236][T26655] bond1: entered allmulticast mode [ 1356.592877][T26655] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1356.657279][T26661] erspan1: entered allmulticast mode [ 1356.672000][T26661] erspan1: entered promiscuous mode [ 1356.678011][T26661] bond1: (slave erspan1): Enslaving as an active interface with an up link [ 1356.692802][T26662] ªªªªªª5gæ¹Q[Ô: renamed from lo [ 1356.827612][T26669] syzkaller1: entered promiscuous mode [ 1356.839468][T26669] syzkaller1: entered allmulticast mode [ 1356.934417][T26679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19887'. [ 1356.958279][T26673] syzkaller1: entered promiscuous mode [ 1356.966778][T26673] syzkaller1: entered allmulticast mode [ 1357.275294][T26692] bond1: entered promiscuous mode [ 1357.322577][T26697] bond2: entered promiscuous mode [ 1357.333274][T26697] bond2: entered allmulticast mode [ 1357.357323][T26697] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1357.405064][T26703] erspan1: entered allmulticast mode [ 1357.414914][T26703] erspan1: entered promiscuous mode [ 1357.424839][T26703] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 1357.448318][T26707] syzkaller1: entered promiscuous mode [ 1357.468988][T26707] syzkaller1: entered allmulticast mode [ 1357.602000][T26715] syzkaller1: entered promiscuous mode [ 1357.607597][T26715] syzkaller1: entered allmulticast mode [ 1358.524882][T26777] netlink: 'syz.2.19930': attribute type 1 has an invalid length. [ 1358.560223][T26777] bond3: entered promiscuous mode [ 1358.565493][T26777] bond3: entered allmulticast mode [ 1358.571159][T26777] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1358.987894][T26804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19944'. [ 1359.009234][T26806] netlink: 'syz.2.19943': attribute type 1 has an invalid length. [ 1359.079673][T26806] bond4: entered promiscuous mode [ 1359.093360][T26806] bond4: entered allmulticast mode [ 1359.099390][T26806] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1361.205852][T26913] netlink: 'syz.0.19991': attribute type 1 has an invalid length. [ 1361.243362][T26913] bond3: entered promiscuous mode [ 1361.248791][T26913] bond3: entered allmulticast mode [ 1361.254492][T26913] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1361.295232][T26915] erspan1: entered allmulticast mode [ 1361.352628][T26915] erspan1: entered promiscuous mode [ 1361.369920][T26915] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 1361.704748][T26926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19996'. [ 1361.771208][ T1300] lec:lec_start_xmit: lec0:No lecd attached [ 1362.766831][T26977] netlink: 'syz.0.20020': attribute type 49 has an invalid length. [ 1363.151911][T27001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20030'. [ 1363.764850][T27025] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20041'. [ 1364.204119][T27048] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20051'. [ 1364.577888][T27068] syzkaller0: entered promiscuous mode [ 1364.584133][T27068] syzkaller0: entered allmulticast mode [ 1366.959454][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5190 ms [ 1366.967742][ C1] lec:lec_tx_timeout: lec0 [ 1367.645383][T27143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20092'. [ 1367.926271][T27155] syzkaller0: entered promiscuous mode [ 1367.933997][T27155] syzkaller0: entered allmulticast mode [ 1368.290623][T27177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20109'. [ 1370.217316][T27202] ªªªªªª: renamed from lo [ 1370.566033][T27221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20128'. [ 1370.735108][T27225] syzkaller0: entered promiscuous mode [ 1370.743238][T27225] syzkaller0: entered allmulticast mode [ 1371.383224][T27250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20139'. [ 1371.757780][T27253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20140'. [ 1373.177747][T27259] bridge0: port 2(bridge_slave_1) entered disabled state [ 1373.185753][T27259] bridge0: port 1(bridge_slave_0) entered disabled state [ 1373.203434][T27275] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20151'. [ 1373.299835][T27259] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1373.314298][T27259] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1373.432714][T12327] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.466019][T12327] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.492914][T12327] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.512606][T12327] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.525032][T27280] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20152'. [ 1373.571155][T27280] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20152'. [ 1373.719638][T27287] syzkaller0: entered promiscuous mode [ 1373.728722][T27287] syzkaller0: entered allmulticast mode [ 1373.978837][T27305] netlink: 28 bytes leftover after parsing attributes in process `syz.4.20163'. [ 1374.081138][T27254] Bluetooth: hci5: command 0x0406 tx timeout [ 1375.848767][T27312] tipc: Enabling of bearer rejected, failed to enable media [ 1376.787309][T27375] xt_hashlimit: size too large, truncated to 1048576 [ 1376.804490][T27378] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20199'. [ 1377.067062][T27387] netlink: 620 bytes leftover after parsing attributes in process `syz.1.20202'. [ 1377.446869][T27403] netlink: 56 bytes leftover after parsing attributes in process `syz.1.20210'. [ 1377.531514][T27407] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20212'. [ 1377.585966][T27411] netlink: 620 bytes leftover after parsing attributes in process `syz.4.20214'. [ 1377.968298][T27429] netlink: 104 bytes leftover after parsing attributes in process `syz.2.20223'. [ 1378.220319][T27441] netlink: 620 bytes leftover after parsing attributes in process `syz.2.20228'. [ 1378.416853][T27448] bond5: entered promiscuous mode [ 1378.735255][T27473] __nla_validate_parse: 1 callbacks suppressed [ 1378.735278][T27473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20242'. [ 1378.781607][T27477] netlink: 56 bytes leftover after parsing attributes in process `syz.4.20245'. [ 1378.841538][T27479] bond6: entered promiscuous mode [ 1379.128934][T27499] xt_hashlimit: size too large, truncated to 1048576 [ 1379.198582][T24734] Bluetooth: hci1: command 0x0406 tx timeout [ 1379.357083][T27511] bond2: entered promiscuous mode [ 1379.690429][T27532] netlink: 'syz.3.20268': attribute type 12 has an invalid length. [ 1379.708443][T27534] netlink: 620 bytes leftover after parsing attributes in process `syz.0.20270'. [ 1379.856543][T27541] bond1: entered promiscuous mode [ 1379.976724][T27549] netlink: 'syz.0.20277': attribute type 10 has an invalid length. [ 1380.401378][ T5856] Bluetooth: hci0: command 0x0c1a tx timeout [ 1380.407559][T27254] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1380.538255][T27575] netlink: 'syz.1.20286': attribute type 1 has an invalid length. [ 1380.603969][T27575] bond2: entered promiscuous mode [ 1380.610041][T27575] bond2: entered allmulticast mode [ 1380.615738][T27575] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1380.881978][T27600] netlink: 620 bytes leftover after parsing attributes in process `syz.0.20295'. [ 1381.053221][T27610] netlink: 7 bytes leftover after parsing attributes in process `syz.0.20300'. [ 1381.384765][T27626] netlink: 620 bytes leftover after parsing attributes in process `syz.4.20307'. [ 1381.561237][T27637] netlink: 96 bytes leftover after parsing attributes in process `syz.4.20312'. [ 1381.579094][T27637] netlink: 24 bytes leftover after parsing attributes in process `syz.4.20312'. [ 1381.618730][T27642] netlink: 96 bytes leftover after parsing attributes in process `syz.4.20312'. [ 1381.668508][T27642] netlink: 24 bytes leftover after parsing attributes in process `syz.4.20312'. [ 1382.812483][T27693] dummy0 speed is unknown, defaulting to 1000 [ 1382.856651][T27711] mac80211_hwsim hwsim96 wlan1: entered promiscuous mode [ 1385.252248][T27730] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 1385.859074][T27762] __nla_validate_parse: 1 callbacks suppressed [ 1385.859099][T27762] netlink: 72 bytes leftover after parsing attributes in process `syz.0.20362'. [ 1385.945058][T27764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20363'. [ 1386.164574][T27777] netlink: 620 bytes leftover after parsing attributes in process `syz.4.20368'. [ 1386.464963][T27796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20380'. [ 1386.492427][T27799] netlink: 'syz.0.20379': attribute type 16 has an invalid length. [ 1386.565577][T27796] bond7: entered promiscuous mode [ 1386.580173][T27796] bond7: entered allmulticast mode [ 1386.587324][T27806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20381'. [ 1386.597852][T27796] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1386.598619][T27797] delete_channel: no stack [ 1386.606936][T27807] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 1386.781538][T27813] netlink: 16 bytes leftover after parsing attributes in process `syz.0.20385'. [ 1386.995031][T27827] netlink: 'syz.0.20392': attribute type 10 has an invalid length. [ 1387.009178][T27830] netlink: 'syz.2.20394': attribute type 13 has an invalid length. [ 1387.017860][T27830] netlink: 144 bytes leftover after parsing attributes in process `syz.2.20394'. [ 1387.029265][T27831] netlink: 'syz.4.20393': attribute type 29 has an invalid length. [ 1387.039631][T27831] netlink: 'syz.4.20393': attribute type 29 has an invalid length. [ 1387.048729][T27830] syz_tun: refused to change device tx_queue_len [ 1387.061887][T27827] team0: Port device syz_tun added [ 1387.177749][T27835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.20397'. [ 1387.230234][T27835] bond2: entered promiscuous mode [ 1387.235463][T27835] bond2: entered allmulticast mode [ 1387.241412][T27835] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1388.069238][T27895] ªªªªªª5gæ¹Q[Ô: renamed from lo [ 1388.199913][T27910] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20431'. [ 1388.267688][T27912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20432'. [ 1388.716412][T27939] syzkaller0: entered promiscuous mode [ 1388.744214][T27939] syzkaller0: entered allmulticast mode [ 1388.902452][T27956] [ 1388.904846][T27956] ====================================================== [ 1388.911887][T27956] WARNING: possible circular locking dependency detected [ 1388.918930][T27956] syzkaller #0 Not tainted [ 1388.923361][T27956] ------------------------------------------------------ [ 1388.930381][T27956] syz.0.20450/27956 is trying to acquire lock: [ 1388.936809][T27956] ffffffff8fb28518 (nr_neigh_list_lock){+...}-{3:3}, at: nr_del_node+0x57d/0xbb0 [ 1388.946007][T27956] [ 1388.946007][T27956] but task is already holding lock: [ 1388.953391][T27956] ffff8880a2e7d870 (&nr_node->node_lock){+...}-{3:3}, at: nr_del_node+0x2a9/0xbb0 [ 1388.962638][T27956] [ 1388.962638][T27956] which lock already depends on the new lock. [ 1388.962638][T27956] [ 1388.973134][T27956] [ 1388.973134][T27956] the existing dependency chain (in reverse order) is: [ 1388.982189][T27956] [ 1388.982189][T27956] -> #2 (&nr_node->node_lock){+...}-{3:3}: [ 1388.990199][T27956] _raw_spin_lock_bh+0x36/0x50 [ 1388.995509][T27956] nr_rt_device_down+0x153/0x860 [ 1389.001068][T27956] nr_device_event+0x137/0x150 [ 1389.006374][T27956] notifier_call_chain+0x19d/0x3a0 [ 1389.012034][T27956] __dev_notify_flags+0x16d/0x310 [ 1389.017680][T27956] netif_change_flags+0xe8/0x1a0 [ 1389.023152][T27956] dev_change_flags+0x130/0x260 [ 1389.028538][T27956] dev_ioctl+0x7b4/0x1150 [ 1389.033422][T27956] sock_do_ioctl+0x23e/0x320 [ 1389.038545][T27956] sock_ioctl+0x5c6/0x7f0 [ 1389.043437][T27956] __se_sys_ioctl+0xfc/0x170 [ 1389.048568][T27956] do_syscall_64+0xe2/0xf80 [ 1389.053610][T27956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.060211][T27956] [ 1389.060211][T27956] -> #1 (nr_node_list_lock){+...}-{3:3}: [ 1389.068071][T27956] _raw_spin_lock_bh+0x36/0x50 [ 1389.073490][T27956] nr_rt_device_down+0xbe/0x860 [ 1389.078913][T27956] nr_device_event+0x137/0x150 [ 1389.084244][T27956] notifier_call_chain+0x19d/0x3a0 [ 1389.089888][T27956] __dev_notify_flags+0x16d/0x310 [ 1389.095472][T27956] netif_change_flags+0xe8/0x1a0 [ 1389.101041][T27956] dev_change_flags+0x130/0x260 [ 1389.106519][T27956] dev_ioctl+0x7b4/0x1150 [ 1389.111429][T27956] sock_do_ioctl+0x23e/0x320 [ 1389.116544][T27956] sock_ioctl+0x5c6/0x7f0 [ 1389.121400][T27956] __se_sys_ioctl+0xfc/0x170 [ 1389.126528][T27956] do_syscall_64+0xe2/0xf80 [ 1389.131566][T27956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.138076][T27956] [ 1389.138076][T27956] -> #0 (nr_neigh_list_lock){+...}-{3:3}: [ 1389.145989][T27956] __lock_acquire+0x15a5/0x2cf0 [ 1389.151367][T27956] lock_acquire+0x106/0x330 [ 1389.156396][T27956] _raw_spin_lock_bh+0x36/0x50 [ 1389.161854][T27956] nr_del_node+0x57d/0xbb0 [ 1389.166811][T27956] nr_rt_ioctl+0xb34/0xf90 [ 1389.171746][T27956] sock_do_ioctl+0x101/0x320 [ 1389.176852][T27956] sock_ioctl+0x5c6/0x7f0 [ 1389.181788][T27956] __se_sys_ioctl+0xfc/0x170 [ 1389.186899][T27956] do_syscall_64+0xe2/0xf80 [ 1389.191924][T27956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.198443][T27956] [ 1389.198443][T27956] other info that might help us debug this: [ 1389.198443][T27956] [ 1389.208697][T27956] Chain exists of: [ 1389.208697][T27956] nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock [ 1389.208697][T27956] [ 1389.222626][T27956] Possible unsafe locking scenario: [ 1389.222626][T27956] [ 1389.230073][T27956] CPU0 CPU1 [ 1389.235438][T27956] ---- ---- [ 1389.240799][T27956] lock(&nr_node->node_lock); [ 1389.245600][T27956] lock(nr_node_list_lock); [ 1389.252709][T27956] lock(&nr_node->node_lock); [ 1389.259999][T27956] lock(nr_neigh_list_lock); [ 1389.264671][T27956] [ 1389.264671][T27956] *** DEADLOCK *** [ 1389.264671][T27956] [ 1389.272803][T27956] 2 locks held by syz.0.20450/27956: [ 1389.278074][T27956] #0: ffffffff8fb28578 (nr_node_list_lock){+...}-{3:3}, at: nr_del_node+0x253/0xbb0 [ 1389.287559][T27956] #1: ffff8880a2e7d870 (&nr_node->node_lock){+...}-{3:3}, at: nr_del_node+0x2a9/0xbb0 [ 1389.297430][T27956] [ 1389.297430][T27956] stack backtrace: [ 1389.303316][T27956] CPU: 1 UID: 0 PID: 27956 Comm: syz.0.20450 Not tainted syzkaller #0 PREEMPT(full) [ 1389.303333][T27956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1389.303341][T27956] Call Trace: [ 1389.303348][T27956] [ 1389.303354][T27956] dump_stack_lvl+0xe8/0x150 [ 1389.303373][T27956] print_circular_bug+0x2e1/0x300 [ 1389.303389][T27956] check_noncircular+0x12e/0x150 [ 1389.303404][T27956] __lock_acquire+0x15a5/0x2cf0 [ 1389.303435][T27956] ? nr_del_node+0x57d/0xbb0 [ 1389.303452][T27956] lock_acquire+0x106/0x330 [ 1389.303468][T27956] ? nr_del_node+0x57d/0xbb0 [ 1389.303485][T27956] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1389.303499][T27956] ? nr_del_node+0x57d/0xbb0 [ 1389.303514][T27956] _raw_spin_lock_bh+0x36/0x50 [ 1389.303526][T27956] ? nr_del_node+0x57d/0xbb0 [ 1389.303541][T27956] nr_del_node+0x57d/0xbb0 [ 1389.303559][T27956] nr_rt_ioctl+0xb34/0xf90 [ 1389.303578][T27956] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 1389.303598][T27956] ? apparmor_capable+0x137/0x1a0 [ 1389.303618][T27956] ? capable+0x88/0xe0 [ 1389.303628][T27956] ? nr_ioctl+0x1b1/0x3b0 [ 1389.303642][T27956] sock_do_ioctl+0x101/0x320 [ 1389.303655][T27956] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1389.303665][T27956] ? do_futex+0x333/0x420 [ 1389.303684][T27956] sock_ioctl+0x5c6/0x7f0 [ 1389.303701][T27956] ? __pfx_sock_ioctl+0x10/0x10 [ 1389.303718][T27956] ? __fget_files+0x2a/0x420 [ 1389.303730][T27956] ? __fget_files+0x3a0/0x420 [ 1389.303742][T27956] ? __fget_files+0x2a/0x420 [ 1389.303755][T27956] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1389.303769][T27956] ? __pfx_sock_ioctl+0x10/0x10 [ 1389.303785][T27956] __se_sys_ioctl+0xfc/0x170 [ 1389.303802][T27956] do_syscall_64+0xe2/0xf80 [ 1389.303814][T27956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.303826][T27956] ? trace_irq_disable+0x37/0x100 [ 1389.303837][T27956] ? clear_bhb_loop+0x60/0xb0 [ 1389.303850][T27956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.303861][T27956] RIP: 0033:0x7ff90bb9bf79 [ 1389.303873][T27956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1389.303884][T27956] RSP: 002b:00007ff90caad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1389.303898][T27956] RAX: ffffffffffffffda RBX: 00007ff90be16090 RCX: 00007ff90bb9bf79 [ 1389.303907][T27956] RDX: 0000200000000680 RSI: 000000000000890c RDI: 0000000000000009 [ 1389.303914][T27956] RBP: 00007ff90bc327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.303922][T27956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1389.303929][T27956] R13: 00007ff90be16128 R14: 00007ff90be16090 R15: 00007ffec11634d8 [ 1389.303942][T27956]