last executing test programs: 1.935682348s ago: executing program 1 (id=4433): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket(0x1, 0x803, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x8000) 1.877749346s ago: executing program 3 (id=4435): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00"/19, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r3], 0x48}}, 0x0) 1.787520408s ago: executing program 1 (id=4437): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1, 0x8, 0x0, @void, @value}, 0x28) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001ba"], 0x398}}, 0x0) 1.670683513s ago: executing program 3 (id=4439): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, 0x0, 0x40000) 1.65956517s ago: executing program 2 (id=4440): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) 1.562307485s ago: executing program 1 (id=4443): unshare(0x22020400) r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) close(0x3) 1.49155475s ago: executing program 0 (id=4444): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090500000000000000", @ANYRES32=r1, @ANYBLOB="08000100e0000002080002000a01010008000400ac1414aa08000400ffffffff08000a0001000000"], 0x48}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 1.460841345s ago: executing program 2 (id=4445): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x401}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) close(r1) 1.388290833s ago: executing program 3 (id=4446): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000015000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000500)=0x10) 1.376999015s ago: executing program 0 (id=4447): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket(0x1, 0x803, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x8000) 1.228957583s ago: executing program 3 (id=4448): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@cgroup, 0xffffffffffffffff, 0x8, 0x0, 0x0, @void, @value}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c0002800800"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 1.220094594s ago: executing program 2 (id=4449): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00"/19, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r3], 0x48}}, 0x0) 917.807893ms ago: executing program 2 (id=4450): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x1bc, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x9}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0xfffefffe}, @TCA_RATE={0x6, 0x5, {0x0, 0xfd}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x174, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x2}, @TCA_ROUTE4_ACT={0x168, 0x6, [@m_connmark={0x40, 0x1b, 0x0, 0x0, {{0xd}, {0x4}, {0xd, 0x6, "cf2c6fb13fe0f95a8a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_csum={0x124, 0xe, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xa583, 0x6, 0x3, 0x1}, 0xe}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x10000, 0x8000, 0x4, 0x6, 0x8ba}, 0x7f}}]}, {0xbe, 0x6, "5f39a87b76988a4cdd6959e065fb7a8ddde85cc4038229c626f640efeaa38e499df3bc3c8626ac62ee3f488e9b0e241675eddcaf88bbc3e35e796ed43b1196ace224151777aa7a8dc92eaef1f74a4f8bfdda07e41581f1189cf8a234f2c8037b7701be5c48755d9590d2fd18d923e50a920cb73bb5f24ef4ccf417b330a694c6d7040d30fb36ba42d836dea2ff58d13aecc715e962cc5361bdd57f94419978b109e43b8a3e973036006736b113b478898befb0573181140dafe3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}]}}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x600400c5}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 879.563691ms ago: executing program 0 (id=4452): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r2, 0x5, 0xffffffff, 0x8, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x800}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x200480d0) 772.306351ms ago: executing program 4 (id=4454): sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="5400000010000304000000000000000000007400", @ANYRES32=r1, @ANYBLOB="0000000003120100340012800b0001006272696467650000240002800800050001000000060027"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 707.332669ms ago: executing program 0 (id=4455): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) 703.942788ms ago: executing program 2 (id=4456): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x8004ff00, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 648.689974ms ago: executing program 4 (id=4457): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090500000000000000", @ANYRES32=r1, @ANYBLOB="08000100e0000002080002000a01010008000400ac1414aa08000400ffffffff08000a0001000000"], 0x48}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 593.926555ms ago: executing program 1 (id=4458): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000500)=0x10) 558.157763ms ago: executing program 0 (id=4459): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x401}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) close(r1) 507.692019ms ago: executing program 2 (id=4460): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @empty}, 0x10) sendmmsg(r0, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x2c000811) sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)="91", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000e40)='T', 0x1}], 0x1}}], 0x3, 0x4851) close(r0) 503.266103ms ago: executing program 4 (id=4461): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r4 = openat$cgroup_procs(r2, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000000c0), 0x12) pread64(r4, &(0x7f0000001840)=""/4091, 0xffb, 0x1) 416.059294ms ago: executing program 1 (id=4462): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x0, 0xff, 0x1}}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2}, 0x18) sendmsg$inet(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)}, 0x0) sendmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001540)=@newtfilter={0x24, 0x11, 0xd27, 0x10, 0x0, {0x0, 0x0, 0x74, r4, {0xfff3}, {0xffe0, 0xfff2}, {0x2, 0x9}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x20008004) 407.70828ms ago: executing program 0 (id=4463): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) r5 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r5, &(0x7f0000000040)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c000100020000000000000007000000", @ANYRES32=r4, @ANYBLOB="02dd36f20a000200aaaaaaaaaa1c496f4826d1d7b2687896647f2f068448d8741f50f86f63fa42f511672ed36f83ab1061af58f13c05f8125f164304ad3065256bc4be98a6160a1dca9db7afc9d0164851ea018798"], 0x28}, 0x1, 0x0, 0x0, 0x1000c051}, 0x40c0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) 339.581204ms ago: executing program 4 (id=4464): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 278.450066ms ago: executing program 4 (id=4465): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000001c0), r0) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="5dba27bd7000fbdbdf250204"], 0x1c}, 0x1, 0x0, 0x0, 0x20040044}, 0x20000890) 246.357477ms ago: executing program 3 (id=4466): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x22eb, 0x0, 0x0, [0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x200}, 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2000}, 0x4) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000000c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 79.659092ms ago: executing program 4 (id=4467): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028011001294", 0x2e}], 0x1}, 0x0) 32.257574ms ago: executing program 3 (id=4468): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x2000000000000019, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x18) getgid() 0s ago: executing program 1 (id=4469): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) kernel console output (not intermixed with test programs): family 0 port 6081 - 0 [ 236.251871][T11389] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.325968][T11389] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.361427][T11389] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.956491][T11428] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2262'. [ 237.025250][T11426] xt_CT: No such helper "syz0" [ 239.268569][T11517] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.345322][T11523] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2302'. [ 239.389910][T11517] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.500828][T11517] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.537354][T11528] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.2306'. [ 239.596463][T11517] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.738250][T11517] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.827219][T11517] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.862513][T11517] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.913596][T11517] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.445027][T11562] netlink: 'syz.0.2323': attribute type 16 has an invalid length. [ 240.452935][T11562] netlink: 'syz.0.2323': attribute type 17 has an invalid length. [ 240.520712][T11562] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 240.637607][T11573] tipc: Enabling of bearer rejected, already enabled [ 240.664712][T11573] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2328'. [ 240.861653][T11585] 8021q: adding VLAN 0 to HW filter on device bond1 [ 241.252870][T11601] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 241.562195][T11614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2343'. [ 241.585650][T11612] tipc: Enabling of bearer rejected, already enabled [ 241.595333][T11612] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2344'. [ 242.040876][T11636] openvswitch: netlink: IP tunnel dst address not specified [ 243.210755][T11688] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2377'. [ 243.227204][T11688] FAULT_INJECTION: forcing a failure. [ 243.227204][T11688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.268579][T11688] CPU: 1 UID: 0 PID: 11688 Comm: syz.1.2377 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 243.268612][T11688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 243.268625][T11688] Call Trace: [ 243.268633][T11688] [ 243.268641][T11688] dump_stack_lvl+0x241/0x360 [ 243.268673][T11688] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.268696][T11688] ? __pfx__printk+0x10/0x10 [ 243.268724][T11688] ? snprintf+0xda/0x120 [ 243.268747][T11688] should_fail_ex+0x40a/0x550 [ 243.268783][T11688] _copy_to_user+0x31/0xb0 [ 243.268814][T11688] simple_read_from_buffer+0xca/0x150 [ 243.268855][T11688] proc_fail_nth_read+0x1e9/0x250 [ 243.268888][T11688] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.268921][T11688] ? rw_verify_area+0x243/0x630 [ 243.268943][T11688] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.268975][T11688] vfs_read+0x1f8/0xb40 [ 243.268999][T11688] ? fdget_pos+0x254/0x320 [ 243.269030][T11688] ? __pfx___mutex_lock+0x10/0x10 [ 243.269057][T11688] ? __pfx_vfs_read+0x10/0x10 [ 243.269081][T11688] ? __fget_files+0x2a/0x410 [ 243.269107][T11688] ? __fget_files+0x395/0x410 [ 243.269130][T11688] ? __fget_files+0x2a/0x410 [ 243.269162][T11688] ksys_read+0x18f/0x2b0 [ 243.269182][T11688] ? __pfx_ksys_read+0x10/0x10 [ 243.269201][T11688] ? do_syscall_64+0x100/0x230 [ 243.269225][T11688] ? do_syscall_64+0xb6/0x230 [ 243.269248][T11688] do_syscall_64+0xf3/0x230 [ 243.269269][T11688] ? clear_bhb_loop+0x35/0x90 [ 243.269296][T11688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.269318][T11688] RIP: 0033:0x7f8ce978bb7c [ 243.269334][T11688] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 243.269347][T11688] RSP: 002b:00007f8cea668030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 243.269366][T11688] RAX: ffffffffffffffda RBX: 00007f8ce99a5fa0 RCX: 00007f8ce978bb7c [ 243.269378][T11688] RDX: 000000000000000f RSI: 00007f8cea6680a0 RDI: 0000000000000004 [ 243.269389][T11688] RBP: 00007f8cea668090 R08: 0000000000000000 R09: 0000000000000000 [ 243.269399][T11688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.269408][T11688] R13: 0000000000000000 R14: 00007f8ce99a5fa0 R15: 00007ffed9c88cf8 [ 243.269433][T11688] [ 243.842685][T11708] xt_hashlimit: size too large, truncated to 1048576 [ 243.935946][T11710] FAULT_INJECTION: forcing a failure. [ 243.935946][T11710] name failslab, interval 1, probability 0, space 0, times 0 [ 244.003035][T11710] CPU: 1 UID: 0 PID: 11710 Comm: syz.2.2387 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 244.003066][T11710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.003081][T11710] Call Trace: [ 244.003088][T11710] [ 244.003097][T11710] dump_stack_lvl+0x241/0x360 [ 244.003129][T11710] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.003153][T11710] ? __pfx__printk+0x10/0x10 [ 244.003177][T11710] ? __kmalloc_noprof+0xb5/0x4c0 [ 244.003208][T11710] ? __pfx___might_resched+0x10/0x10 [ 244.003240][T11710] should_fail_ex+0x40a/0x550 [ 244.003277][T11710] should_failslab+0xac/0x100 [ 244.003308][T11710] __kmalloc_noprof+0xdd/0x4c0 [ 244.003336][T11710] ? bpf_test_init+0xc3/0x160 [ 244.003370][T11710] bpf_test_init+0xc3/0x160 [ 244.003403][T11710] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 244.003440][T11710] ? __pfx_lock_release+0x10/0x10 [ 244.003483][T11710] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 244.003515][T11710] ? __fget_files+0x2a/0x410 [ 244.003550][T11710] ? __fget_files+0x2a/0x410 [ 244.003585][T11710] ? fput+0x21b/0x290 [ 244.003613][T11710] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 244.003646][T11710] bpf_prog_test_run+0x2e4/0x360 [ 244.003682][T11710] __sys_bpf+0x487/0x820 [ 244.003714][T11710] ? __pfx___sys_bpf+0x10/0x10 [ 244.003763][T11710] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 244.003798][T11710] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.003832][T11710] ? do_syscall_64+0x100/0x230 [ 244.003865][T11710] __x64_sys_bpf+0x7c/0x90 [ 244.003892][T11710] do_syscall_64+0xf3/0x230 [ 244.003919][T11710] ? clear_bhb_loop+0x35/0x90 [ 244.003952][T11710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.003980][T11710] RIP: 0033:0x7f5ba038d169 [ 244.003998][T11710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.004016][T11710] RSP: 002b:00007f5b9e1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 244.004039][T11710] RAX: ffffffffffffffda RBX: 00007f5ba05a6080 RCX: 00007f5ba038d169 [ 244.004055][T11710] RDX: 0000000000000048 RSI: 0000400000000600 RDI: 000000000000000a [ 244.004072][T11710] RBP: 00007f5b9e1d5090 R08: 0000000000000000 R09: 0000000000000000 [ 244.004085][T11710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.004097][T11710] R13: 0000000000000000 R14: 00007f5ba05a6080 R15: 00007ffc50d27058 [ 244.004127][T11710] [ 244.555147][T11730] FAULT_INJECTION: forcing a failure. [ 244.555147][T11730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.590673][T11730] CPU: 0 UID: 0 PID: 11730 Comm: syz.3.2398 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 244.590703][T11730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.590716][T11730] Call Trace: [ 244.590723][T11730] [ 244.590732][T11730] dump_stack_lvl+0x241/0x360 [ 244.590762][T11730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.590785][T11730] ? __pfx__printk+0x10/0x10 [ 244.590809][T11730] ? __pfx_lock_release+0x10/0x10 [ 244.590850][T11730] should_fail_ex+0x40a/0x550 [ 244.590886][T11730] _copy_from_user+0x2d/0xb0 [ 244.590916][T11730] copy_msghdr_from_user+0xae/0x680 [ 244.590953][T11730] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 244.590989][T11730] ? __fget_files+0x2a/0x410 [ 244.591022][T11730] ? __fget_files+0x2a/0x410 [ 244.591060][T11730] __sys_sendmsg+0x209/0x350 [ 244.591088][T11730] ? __pfx___sys_sendmsg+0x10/0x10 [ 244.591125][T11730] ? do_sys_openat2+0x17a/0x1d0 [ 244.591183][T11730] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.591217][T11730] ? do_syscall_64+0x100/0x230 [ 244.591248][T11730] ? do_syscall_64+0xb6/0x230 [ 244.591278][T11730] do_syscall_64+0xf3/0x230 [ 244.591305][T11730] ? clear_bhb_loop+0x35/0x90 [ 244.591337][T11730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.591365][T11730] RIP: 0033:0x7fbc1a58d169 [ 244.591383][T11730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.591400][T11730] RSP: 002b:00007fbc1b434038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.591423][T11730] RAX: ffffffffffffffda RBX: 00007fbc1a7a5fa0 RCX: 00007fbc1a58d169 [ 244.591438][T11730] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003 [ 244.591451][T11730] RBP: 00007fbc1b434090 R08: 0000000000000000 R09: 0000000000000000 [ 244.591465][T11730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.591477][T11730] R13: 0000000000000000 R14: 00007fbc1a7a5fa0 R15: 00007fff9a8cb038 [ 244.591507][T11730] [ 244.975086][T11739] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2400'. [ 245.054617][T11738] xt_CT: No such helper "syz0" [ 245.358175][T11761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2409'. [ 245.368776][T11761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2409'. [ 245.502917][T11761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2409'. [ 245.763417][T11781] : entered promiscuous mode [ 245.845870][T11786] FAULT_INJECTION: forcing a failure. [ 245.845870][T11786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.857434][T11789] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 245.867661][T11789] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 245.879662][T11786] CPU: 1 UID: 0 PID: 11786 Comm: syz.1.2419 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 245.879692][T11786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 245.879703][T11786] Call Trace: [ 245.879711][T11786] [ 245.879719][T11786] dump_stack_lvl+0x241/0x360 [ 245.879752][T11786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.879776][T11786] ? __pfx__printk+0x10/0x10 [ 245.879801][T11786] ? __pfx_lock_release+0x10/0x10 [ 245.879831][T11786] ? __lock_acquire+0x1397/0x2100 [ 245.879879][T11786] should_fail_ex+0x40a/0x550 [ 245.879918][T11786] _copy_from_user+0x2d/0xb0 [ 245.879947][T11786] kstrtouint_from_user+0xc6/0x190 [ 245.879973][T11786] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 245.880000][T11786] ? __pfx_lock_acquire+0x10/0x10 [ 245.880040][T11786] proc_fail_nth_write+0xaa/0x2d0 [ 245.880071][T11786] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 245.880100][T11786] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 245.880137][T11786] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 245.880170][T11786] vfs_write+0x29f/0xd10 [ 245.880196][T11786] ? fdget_pos+0x254/0x320 [ 245.880226][T11786] ? __mutex_unlock_slowpath+0x227/0x800 [ 245.880256][T11786] ? __pfx_vfs_write+0x10/0x10 [ 245.880277][T11786] ? do_sys_openat2+0x17a/0x1d0 [ 245.880312][T11786] ? __fget_files+0x2a/0x410 [ 245.880345][T11786] ? __fget_files+0x395/0x410 [ 245.880376][T11786] ? __fget_files+0x2a/0x410 [ 245.880415][T11786] ksys_write+0x18f/0x2b0 [ 245.880441][T11786] ? __pfx_ksys_write+0x10/0x10 [ 245.880466][T11786] ? do_syscall_64+0x100/0x230 [ 245.880498][T11786] ? do_syscall_64+0xb6/0x230 [ 245.880529][T11786] do_syscall_64+0xf3/0x230 [ 245.880557][T11786] ? clear_bhb_loop+0x35/0x90 [ 245.880589][T11786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.880617][T11786] RIP: 0033:0x7f8ce978bc1f [ 245.880635][T11786] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 245.880652][T11786] RSP: 002b:00007f8cea668030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 245.880674][T11786] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8ce978bc1f [ 245.880688][T11786] RDX: 0000000000000001 RSI: 00007f8cea6680a0 RDI: 0000000000000009 [ 245.880701][T11786] RBP: 00007f8cea668090 R08: 0000000000000000 R09: 0000000000000000 [ 245.880713][T11786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 245.880726][T11786] R13: 0000000000000000 R14: 00007f8ce99a5fa0 R15: 00007ffed9c88cf8 [ 245.880759][T11786] [ 246.304092][T11794] netlink: 'syz.4.2424': attribute type 2 has an invalid length. [ 246.356117][T11797] netlink: 'syz.4.2424': attribute type 2 has an invalid length. [ 246.381792][T11794] fþ: entered promiscuous mode [ 247.536808][T11851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 248.156266][T11889] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.232691][T11889] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.304195][T11889] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.325310][T11898] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.2466'. [ 248.348038][T11897] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.381819][T11889] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.439966][T11897] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.541293][T11889] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.568994][T11897] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.622609][T11889] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.655067][T11889] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.679816][T11897] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.732357][T11889] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.827923][T11897] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.853365][T11897] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.927824][T11897] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.962100][T11897] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.267612][T11935] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.2479'. [ 249.604273][T11951] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.682758][T11951] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.711609][T11956] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2487'. [ 249.722719][T11913] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 249.775505][T11951] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.906509][T11951] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.948830][T11967] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2492'. [ 249.971125][T11967] ksmbd: Unknown IPC event: 12, ignore. [ 250.053038][T11972] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2492'. [ 250.085893][T11972] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2492'. [ 250.122712][T11951] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.140618][T11951] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.157868][T11951] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.173758][T11951] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.318747][T11981] gretap0: entered promiscuous mode [ 250.344289][T11981] vlan0: entered promiscuous mode [ 250.644541][ T5839] Bluetooth: hci1: command 0x0401 tx timeout [ 250.753026][T12002] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.859142][T12002] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.930326][T12002] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.056295][T12002] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.426726][T12033] netlink: 'syz.4.2521': attribute type 3 has an invalid length. [ 251.436501][T12033] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2521'. [ 251.457018][T12035] netlink: 66 bytes leftover after parsing attributes in process `syz.2.2522'. [ 251.466160][T12035] openvswitch: netlink: Flow key attr not present in new flow. [ 251.529221][T12037] FAULT_INJECTION: forcing a failure. [ 251.529221][T12037] name failslab, interval 1, probability 0, space 0, times 0 [ 251.544780][T12037] CPU: 1 UID: 0 PID: 12037 Comm: syz.2.2522 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 251.544811][T12037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 251.544824][T12037] Call Trace: [ 251.544832][T12037] [ 251.544840][T12037] dump_stack_lvl+0x241/0x360 [ 251.544872][T12037] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.544895][T12037] ? __pfx__printk+0x10/0x10 [ 251.544919][T12037] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 251.544951][T12037] ? __pfx___might_resched+0x10/0x10 [ 251.544983][T12037] should_fail_ex+0x40a/0x550 [ 251.545020][T12037] should_failslab+0xac/0x100 [ 251.545050][T12037] kmem_cache_alloc_node_noprof+0x77/0x380 [ 251.545080][T12037] ? __alloc_skb+0x1c3/0x440 [ 251.545100][T12037] ? kfree+0x196/0x430 [ 251.545130][T12037] __alloc_skb+0x1c3/0x440 [ 251.545157][T12037] ? __pfx___alloc_skb+0x10/0x10 [ 251.545182][T12037] ? mark_lock+0x9a/0x360 [ 251.545205][T12037] alloc_skb_with_frags+0xc3/0x820 [ 251.545243][T12037] sock_alloc_send_pskb+0x91a/0xa60 [ 251.545284][T12037] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 251.545324][T12037] ? __pfx___scm_send+0x10/0x10 [ 251.545363][T12037] unix_dgram_sendmsg+0x5e8/0x1df0 [ 251.545411][T12037] ? aa_sk_perm+0x96d/0xab0 [ 251.545447][T12037] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 251.545485][T12037] ? aa_sock_msg_perm+0x91/0x160 [ 251.545524][T12037] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 251.545552][T12037] __sock_sendmsg+0x221/0x270 [ 251.545587][T12037] ____sys_sendmsg+0x53a/0x860 [ 251.545620][T12037] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.545643][T12037] ? __fget_files+0x2a/0x410 [ 251.545677][T12037] ? __fget_files+0x2a/0x410 [ 251.545717][T12037] __sys_sendmsg+0x269/0x350 [ 251.545746][T12037] ? __pfx___sys_sendmsg+0x10/0x10 [ 251.545785][T12037] ? do_sys_openat2+0x17a/0x1d0 [ 251.545842][T12037] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 251.545877][T12037] ? do_syscall_64+0x100/0x230 [ 251.545908][T12037] ? do_syscall_64+0xb6/0x230 [ 251.545937][T12037] do_syscall_64+0xf3/0x230 [ 251.545965][T12037] ? clear_bhb_loop+0x35/0x90 [ 251.545998][T12037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.546027][T12037] RIP: 0033:0x7f5ba038d169 [ 251.546046][T12037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.546063][T12037] RSP: 002b:00007f5b9e1d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.546086][T12037] RAX: ffffffffffffffda RBX: 00007f5ba05a6080 RCX: 00007f5ba038d169 [ 251.546101][T12037] RDX: 0000000004000080 RSI: 0000400000000840 RDI: 000000000000000a [ 251.546115][T12037] RBP: 00007f5b9e1d5090 R08: 0000000000000000 R09: 0000000000000000 [ 251.546128][T12037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.546140][T12037] R13: 0000000000000000 R14: 00007f5ba05a6080 R15: 00007ffc50d27058 [ 251.546169][T12037] [ 251.604047][T12040] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2519'. [ 252.596016][T12076] netlink: 66 bytes leftover after parsing attributes in process `syz.1.2540'. [ 252.624803][T12076] openvswitch: netlink: Flow key attr not present in new flow. [ 253.033855][T12095] xt_CT: No such helper "syz0" [ 254.191702][T12134] __nla_validate_parse: 2 callbacks suppressed [ 254.191722][T12134] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.2563'. [ 254.210796][T12002] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.247798][T12108] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 254.271423][T12002] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.296977][T12139] sch_fq: defrate 2048 ignored. [ 254.356083][T12002] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.388467][T12002] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.551853][T12147] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.656223][T12147] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.676387][T12150] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2568'. [ 254.676982][T12156] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2569'. [ 254.735525][T12158] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2573'. [ 254.943698][T12147] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.051408][T12147] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.246778][T12147] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.281128][T12147] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.331390][T12147] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.371066][ T5839] Bluetooth: hci1: command 0x0401 tx timeout [ 255.383952][T12147] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.927213][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.933771][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.935320][T12197] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2586'. [ 256.133392][T12203] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2592'. [ 256.153999][T12203] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2592'. [ 256.158392][T12207] FAULT_INJECTION: forcing a failure. [ 256.158392][T12207] name failslab, interval 1, probability 0, space 0, times 0 [ 256.176298][T12203] netlink: 124 bytes leftover after parsing attributes in process `syz.3.2592'. [ 256.219680][T12207] CPU: 0 UID: 0 PID: 12207 Comm: syz.4.2594 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 256.219712][T12207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.219726][T12207] Call Trace: [ 256.219733][T12207] [ 256.219741][T12207] dump_stack_lvl+0x241/0x360 [ 256.219772][T12207] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.219796][T12207] ? __pfx__printk+0x10/0x10 [ 256.219820][T12207] ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0 [ 256.219854][T12207] ? __pfx___might_resched+0x10/0x10 [ 256.219886][T12207] should_fail_ex+0x40a/0x550 [ 256.219931][T12207] should_failslab+0xac/0x100 [ 256.219962][T12207] __kmalloc_node_track_caller_noprof+0xdc/0x4c0 [ 256.219993][T12207] ? __feat_register_sp+0x3c3/0x640 [ 256.220028][T12207] kmemdup_noprof+0x2b/0x70 [ 256.220061][T12207] __feat_register_sp+0x3c3/0x640 [ 256.220096][T12207] dccp_setsockopt+0xe6e/0x1140 [ 256.220126][T12207] ? __pfx_dccp_setsockopt+0x10/0x10 [ 256.220151][T12207] ? __pfx_lock_acquire+0x10/0x10 [ 256.220180][T12207] ? aa_sock_opt_perm+0x79/0x120 [ 256.220210][T12207] ? sock_common_setsockopt+0x37/0xc0 [ 256.220245][T12207] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 256.220276][T12207] do_sock_setsockopt+0x3af/0x720 [ 256.220307][T12207] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 256.220336][T12207] ? __fget_files+0x395/0x410 [ 256.220366][T12207] ? __fget_files+0x2a/0x410 [ 256.220405][T12207] __x64_sys_setsockopt+0x1ee/0x280 [ 256.220436][T12207] do_syscall_64+0xf3/0x230 [ 256.220463][T12207] ? clear_bhb_loop+0x35/0x90 [ 256.220496][T12207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.220522][T12207] RIP: 0033:0x7fc99ed8d169 [ 256.220540][T12207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.220558][T12207] RSP: 002b:00007fc99fcac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 256.220582][T12207] RAX: ffffffffffffffda RBX: 00007fc99efa5fa0 RCX: 00007fc99ed8d169 [ 256.220597][T12207] RDX: 000000000000000a RSI: 000000000000010d RDI: 000000000000000b [ 256.220610][T12207] RBP: 00007fc99fcac090 R08: 0000000000000004 R09: 0000000000000000 [ 256.220623][T12207] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.220636][T12207] R13: 0000000000000000 R14: 00007fc99efa5fa0 R15: 00007ffca2ba0348 [ 256.220668][T12207] [ 256.823885][T12228] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2603'. [ 257.041735][T12241] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.122026][T12241] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.193271][T12241] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.252301][T12241] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.738731][T12278] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2624'. [ 258.748389][T12315] netlink: 'syz.2.2644': attribute type 1 has an invalid length. [ 258.757085][T12241] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.783266][T12241] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.821639][T12315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.835585][T12241] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.851542][T12241] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.921299][T12317] xt_CT: No such helper "syz0" [ 259.174596][T12338] ksmbd: Unknown IPC event: 12, ignore. [ 259.207063][T12340] FAULT_INJECTION: forcing a failure. [ 259.207063][T12340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.240578][T12340] CPU: 0 UID: 0 PID: 12340 Comm: syz.1.2650 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 259.240610][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 259.240623][T12340] Call Trace: [ 259.240643][T12340] [ 259.240652][T12340] dump_stack_lvl+0x241/0x360 [ 259.240681][T12340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.240701][T12340] ? __pfx__printk+0x10/0x10 [ 259.240722][T12340] ? __pfx_lock_release+0x10/0x10 [ 259.240748][T12340] ? __lock_acquire+0x1397/0x2100 [ 259.240781][T12340] should_fail_ex+0x40a/0x550 [ 259.240813][T12340] _copy_from_user+0x2d/0xb0 [ 259.240838][T12340] kstrtouint_from_user+0xc6/0x190 [ 259.240863][T12340] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 259.240888][T12340] ? __pfx_lock_acquire+0x10/0x10 [ 259.240921][T12340] proc_fail_nth_write+0xaa/0x2d0 [ 259.240946][T12340] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 259.240968][T12340] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 259.240996][T12340] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 259.241022][T12340] vfs_write+0x29f/0xd10 [ 259.241044][T12340] ? fdget_pos+0x254/0x320 [ 259.241070][T12340] ? __mutex_unlock_slowpath+0x227/0x800 [ 259.241097][T12340] ? __pfx_vfs_write+0x10/0x10 [ 259.241121][T12340] ? __fget_files+0x2a/0x410 [ 259.241149][T12340] ? __fget_files+0x395/0x410 [ 259.241177][T12340] ? __fget_files+0x2a/0x410 [ 259.241215][T12340] ksys_write+0x18f/0x2b0 [ 259.241236][T12340] ? __pfx_ksys_write+0x10/0x10 [ 259.241259][T12340] ? do_syscall_64+0x100/0x230 [ 259.241285][T12340] ? do_syscall_64+0xb6/0x230 [ 259.241314][T12340] do_syscall_64+0xf3/0x230 [ 259.241338][T12340] ? clear_bhb_loop+0x35/0x90 [ 259.241369][T12340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.241395][T12340] RIP: 0033:0x7f8ce978bc1f [ 259.241413][T12340] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 259.241431][T12340] RSP: 002b:00007f8cea668030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 259.241451][T12340] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8ce978bc1f [ 259.241464][T12340] RDX: 0000000000000001 RSI: 00007f8cea6680a0 RDI: 0000000000000005 [ 259.241475][T12340] RBP: 00007f8cea668090 R08: 0000000000000000 R09: 0000000000000000 [ 259.241486][T12340] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 259.241497][T12340] R13: 0000000000000000 R14: 00007f8ce99a5fa0 R15: 00007ffed9c88cf8 [ 259.241525][T12340] [ 259.487282][ T5932] IPVS: starting estimator thread 0... [ 259.595116][T12343] IPVS: using max 18 ests per chain, 43200 per kthread [ 259.783377][T12354] __nla_validate_parse: 4 callbacks suppressed [ 259.783408][T12354] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.2657'. [ 260.000812][T12368] netlink: 'syz.1.2661': attribute type 1 has an invalid length. [ 260.008985][T12368] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2661'. [ 260.024495][T12368] netlink: 'syz.1.2661': attribute type 1 has an invalid length. [ 260.686242][T12401] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2675'. [ 260.711557][T12401] ksmbd: Unknown IPC event: 12, ignore. [ 260.827527][ T5883] IPVS: starting estimator thread 0... [ 260.944831][T12408] IPVS: using max 19 ests per chain, 45600 per kthread [ 261.328507][T12431] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2689'. [ 261.948127][T12452] openvswitch: netlink: IP tunnel dst address not specified [ 262.151003][T12456] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2701'. [ 262.566510][T12472] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.2709'. [ 262.822447][T12483] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2714'. [ 262.852557][T12452] netlink: 'syz.3.2699': attribute type 2 has an invalid length. [ 262.874844][T12452] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2699'. [ 263.750989][T12524] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2728'. [ 264.280947][T12536] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.360354][T12536] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.418839][T12536] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.489755][T12536] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.603848][T12536] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.646062][T12536] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.696425][T12536] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.727633][T12536] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.811801][T12556] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2744'. [ 265.007467][T12565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2748'. [ 265.142190][T12570] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2750'. [ 265.192037][T12574] netlink: 'syz.0.2752': attribute type 72 has an invalid length. [ 266.685383][T12637] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2781'. [ 266.718349][T12637] tipc: Enabling of bearer rejected, failed to enable media [ 266.743682][T12637] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2781'. [ 266.839363][T12642] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2783'. [ 266.926618][T12646] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2786'. [ 266.995531][T12649] xt_TCPMSS: Only works on TCP SYN packets [ 267.295904][T12662] netlink: 'syz.4.2793': attribute type 1 has an invalid length. [ 267.304663][T12623] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 267.380909][T12662] 8021q: adding VLAN 0 to HW filter on device bond1 [ 267.574141][T12672] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.2797'. [ 267.706805][T12677] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.2799'. [ 267.860973][T12684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2801'. [ 267.901381][T12689] FAULT_INJECTION: forcing a failure. [ 267.901381][T12689] name failslab, interval 1, probability 0, space 0, times 0 [ 267.925464][T12689] CPU: 1 UID: 0 PID: 12689 Comm: syz.4.2803 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 267.925498][T12689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 267.925512][T12689] Call Trace: [ 267.925520][T12689] [ 267.925529][T12689] dump_stack_lvl+0x241/0x360 [ 267.925569][T12689] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.925605][T12689] ? __pfx__printk+0x10/0x10 [ 267.925629][T12689] ? fs_reclaim_acquire+0x93/0x130 [ 267.925653][T12689] ? __pfx___might_resched+0x10/0x10 [ 267.925680][T12689] ? dynamic_dname+0x144/0x1b0 [ 267.925706][T12689] should_fail_ex+0x40a/0x550 [ 267.925744][T12689] should_failslab+0xac/0x100 [ 267.925774][T12689] __kmalloc_noprof+0xdd/0x4c0 [ 267.925802][T12689] ? tomoyo_encode+0x26f/0x540 [ 267.925828][T12689] tomoyo_encode+0x26f/0x540 [ 267.925851][T12689] ? __pfx_sockfs_dname+0x10/0x10 [ 267.925883][T12689] tomoyo_realpath_from_path+0x59e/0x5e0 [ 267.925918][T12689] tomoyo_path_number_perm+0x239/0x770 [ 267.925948][T12689] ? __lock_acquire+0x1397/0x2100 [ 267.925982][T12689] ? tomoyo_path_number_perm+0x209/0x770 [ 267.926014][T12689] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 267.926087][T12689] ? __fget_files+0x2a/0x410 [ 267.926122][T12689] ? __fget_files+0x2a/0x410 [ 267.926159][T12689] security_file_ioctl+0xc6/0x2a0 [ 267.926190][T12689] __se_sys_ioctl+0x46/0x170 [ 267.926216][T12689] do_syscall_64+0xf3/0x230 [ 267.926244][T12689] ? clear_bhb_loop+0x35/0x90 [ 267.926277][T12689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.926304][T12689] RIP: 0033:0x7fc99ed8d169 [ 267.926323][T12689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.926342][T12689] RSP: 002b:00007fc99fcac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 267.926365][T12689] RAX: ffffffffffffffda RBX: 00007fc99efa5fa0 RCX: 00007fc99ed8d169 [ 267.926381][T12689] RDX: 0000000000000000 RSI: 0000000080487436 RDI: 0000000000000003 [ 267.926394][T12689] RBP: 00007fc99fcac090 R08: 0000000000000000 R09: 0000000000000000 [ 267.926407][T12689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.926419][T12689] R13: 0000000000000000 R14: 00007fc99efa5fa0 R15: 00007ffca2ba0348 [ 267.926451][T12689] [ 267.926562][T12689] ERROR: Out of memory at tomoyo_realpath_from_path. [ 268.512971][ T5839] Bluetooth: hci1: command 0x0401 tx timeout [ 268.526042][T12698] Bluetooth: hci1: Opcode 0x0401 failed: -110 [ 268.664609][T12711] openvswitch: netlink: Message has 8 unknown bytes. [ 269.094010][T12729] netlink: 'syz.4.2819': attribute type 1 has an invalid length. [ 269.140086][T12729] 8021q: adding VLAN 0 to HW filter on device bond2 [ 269.219743][T12735] tipc: Enabling of bearer rejected, already enabled [ 269.674872][T12755] gretap0: entered promiscuous mode [ 269.690473][T12755] gretap0: left promiscuous mode [ 269.842018][T12759] __nla_validate_parse: 3 callbacks suppressed [ 269.842039][T12759] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2831'. [ 269.983281][T12764] tipc: Enabling of bearer rejected, already enabled [ 270.001238][T12764] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2833'. [ 270.337810][T12783] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.424876][T12789] vlan2: entered promiscuous mode [ 270.431059][T12789] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 270.451460][T12783] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.550536][T12783] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.565502][ T5839] Bluetooth: hci1: command 0x0401 tx timeout [ 270.571724][T12767] Bluetooth: hci1: Opcode 0x0401 failed: -110 [ 270.654723][T12783] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.752180][T12783] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.767446][T12783] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.784299][T12783] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.800382][T12783] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.225438][T12809] FAULT_INJECTION: forcing a failure. [ 271.225438][T12809] name failslab, interval 1, probability 0, space 0, times 0 [ 271.261761][T12809] CPU: 0 UID: 0 PID: 12809 Comm: syz.4.2851 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 271.261793][T12809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 271.261806][T12809] Call Trace: [ 271.261812][T12809] [ 271.261821][T12809] dump_stack_lvl+0x241/0x360 [ 271.261852][T12809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.261876][T12809] ? __pfx__printk+0x10/0x10 [ 271.261910][T12809] should_fail_ex+0x40a/0x550 [ 271.261947][T12809] should_failslab+0xac/0x100 [ 271.261976][T12809] ? skb_clone+0x20c/0x390 [ 271.262000][T12809] kmem_cache_alloc_noprof+0x70/0x380 [ 271.262036][T12809] skb_clone+0x20c/0x390 [ 271.262064][T12809] __netlink_deliver_tap+0x3c4/0x7f0 [ 271.262106][T12809] ? netlink_deliver_tap+0x2e/0x1b0 [ 271.262136][T12809] netlink_deliver_tap+0x19d/0x1b0 [ 271.262170][T12809] netlink_unicast+0x7c4/0x990 [ 271.262206][T12809] ? __pfx_netlink_unicast+0x10/0x10 [ 271.262232][T12809] ? __virt_addr_valid+0x45f/0x530 [ 271.262253][T12809] ? __phys_addr_symbol+0x2f/0x70 [ 271.262273][T12809] ? __check_object_size+0x47a/0x730 [ 271.262307][T12809] netlink_sendmsg+0x8de/0xcb0 [ 271.262361][T12809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.262398][T12809] ? aa_sock_msg_perm+0x91/0x160 [ 271.262438][T12809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.262467][T12809] __sock_sendmsg+0x221/0x270 [ 271.262501][T12809] ____sys_sendmsg+0x53a/0x860 [ 271.262535][T12809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 271.262558][T12809] ? __fget_files+0x2a/0x410 [ 271.262591][T12809] ? __fget_files+0x2a/0x410 [ 271.262631][T12809] __sys_sendmsg+0x269/0x350 [ 271.262661][T12809] ? __pfx___sys_sendmsg+0x10/0x10 [ 271.262700][T12809] ? do_sys_openat2+0x17a/0x1d0 [ 271.262760][T12809] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 271.262794][T12809] ? do_syscall_64+0x100/0x230 [ 271.262826][T12809] ? do_syscall_64+0xb6/0x230 [ 271.262855][T12809] do_syscall_64+0xf3/0x230 [ 271.262882][T12809] ? clear_bhb_loop+0x35/0x90 [ 271.262915][T12809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.262944][T12809] RIP: 0033:0x7fc99ed8d169 [ 271.262963][T12809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.262980][T12809] RSP: 002b:00007fc99fcac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 271.263003][T12809] RAX: ffffffffffffffda RBX: 00007fc99efa5fa0 RCX: 00007fc99ed8d169 [ 271.263019][T12809] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000004 [ 271.263032][T12809] RBP: 00007fc99fcac090 R08: 0000000000000000 R09: 0000000000000000 [ 271.263045][T12809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.263057][T12809] R13: 0000000000000000 R14: 00007fc99efa5fa0 R15: 00007ffca2ba0348 [ 271.263088][T12809] [ 271.263143][T12809] netlink: 'syz.4.2851': attribute type 16 has an invalid length. [ 271.431367][T12821] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2856'. [ 271.516963][T12809] netlink: 'syz.4.2851': attribute type 17 has an invalid length. [ 271.750092][T12809] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 271.765437][T12828] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2859'. [ 272.361476][T12843] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2862'. [ 272.438724][T12841] xt_CT: No such helper "syz0" [ 272.645204][ T5839] Bluetooth: hci1: command 0x0401 tx timeout [ 272.677767][T12854] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2868'. [ 272.685538][T12856] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2869'. [ 272.926264][T12864] netlink: 'syz.1.2873': attribute type 4 has an invalid length. [ 272.975194][T12868] netlink: 'syz.0.2875': attribute type 29 has an invalid length. [ 272.991926][T12868] FAULT_INJECTION: forcing a failure. [ 272.991926][T12868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.013908][T12868] CPU: 1 UID: 0 PID: 12868 Comm: syz.0.2875 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 273.013936][T12868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 273.013948][T12868] Call Trace: [ 273.013955][T12868] [ 273.013962][T12868] dump_stack_lvl+0x241/0x360 [ 273.013990][T12868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.014011][T12868] ? __pfx__printk+0x10/0x10 [ 273.014031][T12868] ? __pfx_lock_release+0x10/0x10 [ 273.014065][T12868] should_fail_ex+0x40a/0x550 [ 273.014095][T12868] _copy_from_user+0x2d/0xb0 [ 273.014120][T12868] copy_msghdr_from_user+0xae/0x680 [ 273.014151][T12868] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 273.014175][T12868] ? __fget_files+0x2a/0x410 [ 273.014204][T12868] ? __fget_files+0x2a/0x410 [ 273.014253][T12868] __sys_sendmsg+0x209/0x350 [ 273.014282][T12868] ? __pfx___sys_sendmsg+0x10/0x10 [ 273.014319][T12868] ? do_sys_openat2+0x17a/0x1d0 [ 273.014378][T12868] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 273.014412][T12868] ? do_syscall_64+0x100/0x230 [ 273.014442][T12868] ? do_syscall_64+0xb6/0x230 [ 273.014471][T12868] do_syscall_64+0xf3/0x230 [ 273.014498][T12868] ? clear_bhb_loop+0x35/0x90 [ 273.014530][T12868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.014558][T12868] RIP: 0033:0x7f7da358d169 [ 273.014576][T12868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.014594][T12868] RSP: 002b:00007f7da441c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.014615][T12868] RAX: ffffffffffffffda RBX: 00007f7da37a5fa0 RCX: 00007f7da358d169 [ 273.014630][T12868] RDX: 0000000000000000 RSI: 0000400000000140 RDI: 0000000000000007 [ 273.014644][T12868] RBP: 00007f7da441c090 R08: 0000000000000000 R09: 0000000000000000 [ 273.014657][T12868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.014669][T12868] R13: 0000000000000000 R14: 00007f7da37a5fa0 R15: 00007ffd9f08eae8 [ 273.014699][T12868] [ 273.293373][T12875] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2878'. [ 273.685781][T12888] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.2883'. [ 273.776061][T12894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2884'. [ 273.997532][T12905] xt_hashlimit: size too large, truncated to 1048576 [ 274.070435][T12910] FAULT_INJECTION: forcing a failure. [ 274.070435][T12910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.087129][T12906] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.158366][T12910] CPU: 0 UID: 0 PID: 12910 Comm: syz.3.2891 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 274.158397][T12910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 274.158411][T12910] Call Trace: [ 274.158418][T12910] [ 274.158426][T12910] dump_stack_lvl+0x241/0x360 [ 274.158458][T12910] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.158482][T12910] ? __pfx__printk+0x10/0x10 [ 274.158505][T12910] ? __pfx_lock_release+0x10/0x10 [ 274.158545][T12910] should_fail_ex+0x40a/0x550 [ 274.158582][T12910] _copy_from_user+0x2d/0xb0 [ 274.158612][T12910] bpf_test_init+0xfc/0x160 [ 274.158645][T12910] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 274.158683][T12910] ? __pfx_lock_release+0x10/0x10 [ 274.158724][T12910] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 274.158756][T12910] ? __fget_files+0x2a/0x410 [ 274.158790][T12910] ? __fget_files+0x2a/0x410 [ 274.158825][T12910] ? fput+0x21b/0x290 [ 274.158853][T12910] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 274.158886][T12910] bpf_prog_test_run+0x2e4/0x360 [ 274.158921][T12910] __sys_bpf+0x487/0x820 [ 274.158953][T12910] ? __pfx___sys_bpf+0x10/0x10 [ 274.158995][T12910] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 274.159029][T12910] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 274.159062][T12910] ? do_syscall_64+0x100/0x230 [ 274.159103][T12910] __x64_sys_bpf+0x7c/0x90 [ 274.159131][T12910] do_syscall_64+0xf3/0x230 [ 274.159158][T12910] ? clear_bhb_loop+0x35/0x90 [ 274.159190][T12910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.159219][T12910] RIP: 0033:0x7fbc1a58d169 [ 274.159237][T12910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.159255][T12910] RSP: 002b:00007fbc1b413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 274.159277][T12910] RAX: ffffffffffffffda RBX: 00007fbc1a7a6080 RCX: 00007fbc1a58d169 [ 274.159292][T12910] RDX: 0000000000000048 RSI: 0000400000000600 RDI: 000000000000000a [ 274.159306][T12910] RBP: 00007fbc1b413090 R08: 0000000000000000 R09: 0000000000000000 [ 274.159319][T12910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.159331][T12910] R13: 0000000000000000 R14: 00007fbc1a7a6080 R15: 00007fff9a8cb038 [ 274.159362][T12910] [ 274.406301][T12918] xt_hashlimit: size too large, truncated to 1048576 [ 274.429867][T12906] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.462228][T12921] xt_hashlimit: size too large, truncated to 1048576 [ 274.510183][T12906] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.678286][T12906] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.825723][T12906] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.877395][T12906] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.919348][T12906] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.943687][T12906] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.976156][T12933] __nla_validate_parse: 2 callbacks suppressed [ 274.976178][T12933] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2900'. [ 275.073745][T12937] netlink: 'syz.3.2902': attribute type 1 has an invalid length. [ 275.484234][T12954] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2910'. [ 275.710189][T12968] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2917'. [ 275.724773][T12970] netlink: 'syz.2.2916': attribute type 1 has an invalid length. [ 275.786941][T12970] 8021q: adding VLAN 0 to HW filter on device bond1 [ 278.168707][T13052] FAULT_INJECTION: forcing a failure. [ 278.168707][T13052] name failslab, interval 1, probability 0, space 0, times 0 [ 278.182522][T13052] CPU: 1 UID: 0 PID: 13052 Comm: syz.0.2950 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 278.182552][T13052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 278.182566][T13052] Call Trace: [ 278.182573][T13052] [ 278.182581][T13052] dump_stack_lvl+0x241/0x360 [ 278.182613][T13052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.182637][T13052] ? __pfx__printk+0x10/0x10 [ 278.182660][T13052] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 278.182693][T13052] ? __pfx___might_resched+0x10/0x10 [ 278.182725][T13052] should_fail_ex+0x40a/0x550 [ 278.182761][T13052] should_failslab+0xac/0x100 [ 278.182789][T13052] __kmalloc_node_noprof+0xe1/0x4d0 [ 278.182818][T13052] ? vmemdup_user+0x42/0x1c0 [ 278.182843][T13052] vmemdup_user+0x42/0x1c0 [ 278.182863][T13052] map_get_next_key+0x1c4/0x5e0 [ 278.182901][T13052] __sys_bpf+0x732/0x820 [ 278.182940][T13052] ? __pfx___sys_bpf+0x10/0x10 [ 278.182968][T13052] ? fd_install+0x35c/0x5d0 [ 278.183010][T13052] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 278.183047][T13052] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 278.183080][T13052] ? do_syscall_64+0x100/0x230 [ 278.183112][T13052] __x64_sys_bpf+0x7c/0x90 [ 278.183140][T13052] do_syscall_64+0xf3/0x230 [ 278.183167][T13052] ? clear_bhb_loop+0x35/0x90 [ 278.183200][T13052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.183228][T13052] RIP: 0033:0x7f7da358d169 [ 278.183247][T13052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.183265][T13052] RSP: 002b:00007f7da441c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 278.183289][T13052] RAX: ffffffffffffffda RBX: 00007f7da37a5fa0 RCX: 00007f7da358d169 [ 278.183304][T13052] RDX: 0000000000000020 RSI: 0000400000000340 RDI: 0000000000000004 [ 278.183318][T13052] RBP: 00007f7da441c090 R08: 0000000000000000 R09: 0000000000000000 [ 278.183331][T13052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.183343][T13052] R13: 0000000000000000 R14: 00007f7da37a5fa0 R15: 00007ffd9f08eae8 [ 278.183374][T13052] [ 278.519765][T13056] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.2952'. [ 279.416564][T13103] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2972'. [ 279.441459][T13103] ksmbd: Unknown IPC event: 12, ignore. [ 279.557590][ T5965] IPVS: starting estimator thread 0... [ 279.636568][T13121] vlan2: entered promiscuous mode [ 279.644469][T13116] IPVS: using max 19 ests per chain, 45600 per kthread [ 279.671300][T13121] netlink: 'syz.1.2976': attribute type 10 has an invalid length. [ 279.742402][T13121] bridge0: entered promiscuous mode [ 279.777800][T13121] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 280.068875][T13144] netlink: 'syz.1.2982': attribute type 1 has an invalid length. [ 280.153536][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2984'. [ 280.204118][T13154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2984'. [ 280.467599][T13164] Illegal XDP return value 4294967274 on prog (id 292) dev N/A, expect packet loss! [ 281.057745][T13180] delete_channel: no stack [ 281.241685][T13182] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.2997'. [ 281.591158][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 281.603343][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 281.621091][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 281.634827][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 281.653862][ T5844] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 281.662733][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 281.675283][T13192] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.3003'. [ 281.766751][T13197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3002'. [ 281.978402][T13189] chnl_net:caif_netlink_parms(): no params data found [ 282.034146][T13189] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.041442][T13189] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.048974][T13189] bridge_slave_0: entered allmulticast mode [ 282.056864][T13189] bridge_slave_0: entered promiscuous mode [ 282.065812][T13189] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.072969][T13189] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.080290][T13189] bridge_slave_1: entered allmulticast mode [ 282.087752][T13189] bridge_slave_1: entered promiscuous mode [ 282.113813][T13189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.125782][T13189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.157565][T13189] team0: Port device team_slave_0 added [ 282.167097][T13189] team0: Port device team_slave_1 added [ 282.190337][T13189] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.197524][T13189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.223916][T13189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.236579][T13189] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.243644][T13189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.269661][T13189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.309841][T13189] hsr_slave_0: entered promiscuous mode [ 282.316993][T13189] hsr_slave_1: entered promiscuous mode [ 282.323213][T13189] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.331153][T13189] Cannot create hsr debugfs directory [ 282.676145][T13189] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 282.685768][T13189] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 282.695352][T13189] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 282.704555][T13189] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 282.727438][T13189] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.734599][T13189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.741944][T13189] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.749139][T13189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.797818][T13189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.814059][ T81] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.823982][ T81] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.841623][T13189] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.859095][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.866226][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.880765][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.887915][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.932543][T13189] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 283.066705][T13189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.107930][T13189] veth0_vlan: entered promiscuous mode [ 283.119768][T13189] veth1_vlan: entered promiscuous mode [ 283.148661][T13189] veth0_macvtap: entered promiscuous mode [ 283.159329][T13189] veth1_macvtap: entered promiscuous mode [ 283.173975][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.186183][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.196914][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.207436][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.217405][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 283.228714][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.239792][T13189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.256649][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.267676][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.277846][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.289909][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.300104][T13189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 283.310828][T13189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 283.321921][T13189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.335680][T13189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.344724][T13189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.353451][T13189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.362307][T13189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.427531][ T2938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.440358][ T2938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.463880][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.472344][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.774961][ T5844] Bluetooth: hci5: command tx timeout [ 285.845618][ T5844] Bluetooth: hci5: command tx timeout [ 287.926141][ T5844] Bluetooth: hci5: command tx timeout [ 290.004646][ T5844] Bluetooth: hci5: command tx timeout [ 297.336864][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 297.353476][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 297.362810][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 297.372066][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 297.379882][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 297.388339][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 297.407974][T13237] netlink: 'syz.3.3014': attribute type 72 has an invalid length. [ 297.455147][T13239] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3013'. [ 297.483131][T13234] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.670191][T13234] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.846275][T13234] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.912187][ T1319] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.967457][T13234] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.030260][ T1319] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.208047][ T1319] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.348921][T13268] netlink: 'syz.0.3023': attribute type 16 has an invalid length. [ 298.357910][T13268] netlink: 'syz.0.3023': attribute type 17 has an invalid length. [ 298.365933][T13268] netlink: 'syz.0.3023': attribute type 27 has an invalid length. [ 298.406491][T13238] chnl_net:caif_netlink_parms(): no params data found [ 298.459360][T13275] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3024'. [ 298.507971][T13270] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.525426][T13270] batadv_slave_0: entered promiscuous mode [ 298.625669][T13234] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.651121][ T1319] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.693493][T13285] FAULT_INJECTION: forcing a failure. [ 298.693493][T13285] name failslab, interval 1, probability 0, space 0, times 0 [ 298.707716][T13285] CPU: 0 UID: 0 PID: 13285 Comm: syz.3.3028 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 298.707747][T13285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 298.707760][T13285] Call Trace: [ 298.707767][T13285] [ 298.707776][T13285] dump_stack_lvl+0x241/0x360 [ 298.707815][T13285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.707839][T13285] ? __pfx__printk+0x10/0x10 [ 298.707863][T13285] ? __kmalloc_cache_noprof+0x48/0x390 [ 298.707897][T13285] ? __pfx___might_resched+0x10/0x10 [ 298.707930][T13285] should_fail_ex+0x40a/0x550 [ 298.707969][T13285] should_failslab+0xac/0x100 [ 298.708000][T13285] __kmalloc_cache_noprof+0x70/0x390 [ 298.708029][T13285] ? dccp_feat_entry_new+0x173/0x3a0 [ 298.708058][T13285] ? trace_kmalloc+0x1f/0xd0 [ 298.708091][T13285] dccp_feat_entry_new+0x173/0x3a0 [ 298.708127][T13285] __feat_register_sp+0x3f4/0x640 [ 298.708162][T13285] dccp_setsockopt+0xe6e/0x1140 [ 298.708191][T13285] ? __pfx_dccp_setsockopt+0x10/0x10 [ 298.708214][T13285] ? __pfx_lock_acquire+0x10/0x10 [ 298.708244][T13285] ? aa_sock_opt_perm+0x79/0x120 [ 298.708277][T13285] ? sock_common_setsockopt+0x37/0xc0 [ 298.708312][T13285] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 298.708343][T13285] do_sock_setsockopt+0x3af/0x720 [ 298.708372][T13285] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 298.708400][T13285] ? __fget_files+0x395/0x410 [ 298.708430][T13285] ? __fget_files+0x2a/0x410 [ 298.708470][T13285] __x64_sys_setsockopt+0x1ee/0x280 [ 298.708500][T13285] do_syscall_64+0xf3/0x230 [ 298.708528][T13285] ? clear_bhb_loop+0x35/0x90 [ 298.708562][T13285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.708590][T13285] RIP: 0033:0x7fbc1a58d169 [ 298.708609][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.708626][T13285] RSP: 002b:00007fbc1b434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 298.708648][T13285] RAX: ffffffffffffffda RBX: 00007fbc1a7a5fa0 RCX: 00007fbc1a58d169 [ 298.708664][T13285] RDX: 000000000000000a RSI: 000000000000010d RDI: 000000000000000b [ 298.708677][T13285] RBP: 00007fbc1b434090 R08: 0000000000000004 R09: 0000000000000000 [ 298.708690][T13285] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.708703][T13285] R13: 0000000000000000 R14: 00007fbc1a7a5fa0 R15: 00007fff9a8cb038 [ 298.708735][T13285] [ 298.717626][T13234] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.767935][T13287] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3029'. [ 298.779920][T13234] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.014285][T13234] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.036170][T13289] netlink: 'syz.3.3030': attribute type 72 has an invalid length. [ 299.117693][T13238] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.127601][T13238] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.134898][T13238] bridge_slave_0: entered allmulticast mode [ 299.142026][T13238] bridge_slave_0: entered promiscuous mode [ 299.194642][T13238] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.201831][T13238] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.244091][T13238] bridge_slave_1: entered allmulticast mode [ 299.252978][T13238] bridge_slave_1: entered promiscuous mode [ 299.418276][ T1319] bridge_slave_1: left allmulticast mode [ 299.432082][ T1319] bridge_slave_1: left promiscuous mode [ 299.444624][ T5844] Bluetooth: hci3: command tx timeout [ 299.450573][ T1319] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.495833][ T1319] bridge_slave_0: left allmulticast mode [ 299.501541][ T1319] bridge_slave_0: left promiscuous mode [ 299.516361][ T1319] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.590284][T13317] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3036'. [ 299.909113][T13320] netlink: 124 bytes leftover after parsing attributes in process `syz.0.3040'. [ 300.266111][ T1319] bond0 (unregistering): Released all slaves [ 300.385853][ T1319] bond1 (unregistering): Released all slaves [ 300.400615][T13238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.420374][T13306] bond0: entered promiscuous mode [ 300.425787][T13306] bond_slave_1: entered promiscuous mode [ 300.527132][T13319] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.583296][T13238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.610235][ T1319] tipc: Disabling bearer [ 300.669942][ T1319] tipc: Left network mode [ 300.753804][T13319] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.818573][ T1319] mac80211_hwsim hwsim9 wlan1: left promiscuous mode [ 300.892643][T13319] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.928048][T13238] team0: Port device team_slave_0 added [ 300.972681][T13319] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.032632][T13238] team0: Port device team_slave_1 added [ 301.221566][ T1319] hsr_slave_0: left promiscuous mode [ 301.239821][ T1319] hsr_slave_1: left promiscuous mode [ 301.285119][ T1319] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 301.294789][ T1319] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 301.497638][ T1319] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 301.507949][T13345] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3049'. [ 301.519617][ T1319] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.524540][ T5844] Bluetooth: hci3: command tx timeout [ 301.646433][ T1319] veth1_macvtap: left promiscuous mode [ 301.668646][ T1319] veth0_macvtap: left promiscuous mode [ 301.708824][ T1319] veth1_vlan: left promiscuous mode [ 301.726722][ T1319] veth0_vlan: left promiscuous mode [ 301.919981][T13357] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3054'. [ 302.271280][ T1319] team0 (unregistering): Port device team_slave_1 removed [ 302.312789][ T1319] team0 (unregistering): Port device team_slave_0 removed [ 302.723931][T13238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 302.739982][T13238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.766479][T13238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 302.789975][T13354] tipc: Enabling of bearer rejected, already enabled [ 302.876084][T13319] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.895792][T13238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.923294][T13238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.959653][T13238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.989984][T13319] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.142378][T13368] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3059'. [ 303.151667][T13368] netlink: 'syz.4.3059': attribute type 1 has an invalid length. [ 303.181384][T13319] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.208946][T13238] hsr_slave_0: entered promiscuous mode [ 303.221340][T13238] hsr_slave_1: entered promiscuous mode [ 303.249724][T13238] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 303.275609][T13238] Cannot create hsr debugfs directory [ 303.296034][T13319] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.605230][ T5844] Bluetooth: hci3: command tx timeout [ 303.671364][ T1319] IPVS: stop unused estimator thread 0... [ 304.017351][T13384] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3067'. [ 304.191506][T13391] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.3070'. [ 304.463848][T13238] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 304.508693][T13238] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 304.564013][T13238] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 304.602564][T13238] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 304.616024][T13411] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3077'. [ 304.777035][T13418] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3079'. [ 305.040928][T13238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.059091][T13426] openvswitch: netlink: Duplicate or invalid key (type 0). [ 305.084890][T13238] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.085661][T13428] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.3083'. [ 305.098588][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.101127][T13426] openvswitch: netlink: Actions may not be safe on all matching packets [ 305.107798][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.163762][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.170956][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.196933][T13238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 305.309095][T13431] tipc: Enabling of bearer rejected, already enabled [ 305.347923][T13431] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3086'. [ 305.673751][T13238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.676773][T13447] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3092'. [ 305.690392][ T5844] Bluetooth: hci3: command tx timeout [ 305.736871][T13452] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.794271][T13238] veth0_vlan: entered promiscuous mode [ 305.809351][T13238] veth1_vlan: entered promiscuous mode [ 305.830626][T13455] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3094'. [ 305.847046][T13238] veth0_macvtap: entered promiscuous mode [ 305.898843][T13452] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.941659][T13238] veth1_macvtap: entered promiscuous mode [ 305.977150][T13238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 305.988500][T13238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.999389][T13238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.035751][T13238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.056250][T13238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 306.078362][T13461] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3098'. [ 306.094070][T13452] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.157249][T13238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.187933][T13238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.202641][T13238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.213581][T13238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.223877][T13238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 306.234561][T13238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.255822][T13238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 306.269457][T13452] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.312550][T13238] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.322068][T13238] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.362360][T13238] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.391288][T13238] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.544594][ T2938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.567056][ T2938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.615201][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.623078][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.955701][T13452] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.005945][T13452] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.056658][T13452] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.092252][T13452] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.758762][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 307.768895][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 307.779924][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 307.796600][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 307.805628][ T5839] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 307.814209][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 307.901326][ T2938] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.031993][ T2938] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.129871][ T2938] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.217056][ T2938] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.266836][T13530] __nla_validate_parse: 8 callbacks suppressed [ 308.266859][T13530] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3127'. [ 309.929077][ T5844] Bluetooth: hci1: command tx timeout [ 310.366451][T13506] chnl_net:caif_netlink_parms(): no params data found [ 311.905731][ T2938] bond0 (unregistering): Released all slaves [ 311.932030][T13562] batadv_slave_0: left promiscuous mode [ 312.016781][ T5844] Bluetooth: hci1: command tx timeout [ 312.144508][ T2938] tipc: Disabling bearer [ 312.154833][ T2938] tipc: Left network mode [ 312.159392][T13506] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.204756][T13506] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.212063][T13506] bridge_slave_0: entered allmulticast mode [ 312.255370][T13506] bridge_slave_0: entered promiscuous mode [ 312.273386][T13506] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.304774][T13506] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.312190][T13506] bridge_slave_1: entered allmulticast mode [ 312.346568][T13506] bridge_slave_1: entered promiscuous mode [ 312.524258][T13506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.562700][T13506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.868349][ T2938] hsr_slave_0: left promiscuous mode [ 312.880172][ T2938] hsr_slave_1: left promiscuous mode [ 312.950243][ T2938] veth1_macvtap: left promiscuous mode [ 312.964286][ T2938] veth0_macvtap: left promiscuous mode [ 312.972994][ T2938] veth1_vlan: left promiscuous mode [ 312.979842][ T2938] veth0_vlan: left promiscuous mode [ 313.224567][ T2938] pimreg (unregistering): left allmulticast mode [ 314.084748][ T5844] Bluetooth: hci1: command tx timeout [ 314.538848][T13506] team0: Port device team_slave_0 added [ 314.567175][T13506] team0: Port device team_slave_1 added [ 314.746411][T13658] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3175'. [ 314.757782][T13506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.773031][T13506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.815563][T13506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.828969][T13506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.836978][T13506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.882492][T13506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.903523][T13662] netlink: 'syz.1.3178': attribute type 10 has an invalid length. [ 314.911505][T13662] netlink: 140 bytes leftover after parsing attributes in process `syz.1.3178'. [ 315.232164][T13506] hsr_slave_0: entered promiscuous mode [ 315.294584][T13506] hsr_slave_1: entered promiscuous mode [ 315.300828][T13506] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 315.336395][T13506] Cannot create hsr debugfs directory [ 315.702986][ T2938] IPVS: stop unused estimator thread 0... [ 316.164929][ T5844] Bluetooth: hci1: command tx timeout [ 316.300631][T13712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3202'. [ 316.370554][T13506] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 316.401867][T13506] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 316.432297][T13506] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 316.448505][T13717] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3205'. [ 316.466807][T13506] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 316.759755][T13506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.371157][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.382551][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.096702][T13758] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3223'. [ 319.107824][T13758] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.130954][T13506] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.196370][ T2938] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.203511][ T2938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.253033][ T2938] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.260268][ T2938] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.341285][T13768] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3226'. [ 319.372423][T13506] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 319.406740][T13506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 319.699048][T13784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3234'. [ 319.711602][T13784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3234'. [ 319.834270][T13506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 319.950742][T13506] veth0_vlan: entered promiscuous mode [ 320.002978][T13506] veth1_vlan: entered promiscuous mode [ 320.076745][T13506] veth0_macvtap: entered promiscuous mode [ 320.111065][T13506] veth1_macvtap: entered promiscuous mode [ 320.175964][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.216664][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.236896][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.273230][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.304540][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.324439][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.341348][T13506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.362789][T13805] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 320.413350][T13810] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3245'. [ 320.432979][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.463336][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.522671][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.541457][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.563112][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.589289][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.610998][T13506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.633042][T13506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.660851][T13506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.716842][T13506] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.728172][T13506] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.752094][T13506] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.769678][T13506] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.976893][ T2938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.009298][ T2938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.069771][ T2938] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.082686][T13824] tipc: New replicast peer: 255.255.255.0 [ 321.093008][ T2938] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.102679][T13824] tipc: Enabled bearer , priority 10 [ 321.439952][T13818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3249'. [ 321.454877][T13818] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 321.501241][T13818] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 321.528569][T13818] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 321.544636][T13818] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.776802][ T81] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 322.167108][T13855] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3264'. [ 322.193519][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 322.204881][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 322.216530][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 322.228946][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 322.237773][ T5839] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 322.247453][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 322.609944][ T36] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.670276][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3272'. [ 322.686403][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3272'. [ 322.737886][ T36] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.915569][ T36] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.998114][T13882] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 323.010679][T13885] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.024543][T13882] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 323.060910][ T36] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.110458][T13885] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.117721][T13885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 323.167382][T13856] chnl_net:caif_netlink_parms(): no params data found [ 323.369432][T13856] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.394260][T13856] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.419920][T13856] bridge_slave_0: entered allmulticast mode [ 323.442241][T13856] bridge_slave_0: entered promiscuous mode [ 323.470793][T13856] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.486933][T13856] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.503376][T13856] bridge_slave_1: entered allmulticast mode [ 323.526187][T13856] bridge_slave_1: entered promiscuous mode [ 323.639887][T13856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.697232][T13856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.706983][ T36] bridge_slave_1: left allmulticast mode [ 323.712676][ T36] bridge_slave_1: left promiscuous mode [ 323.720027][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.731873][ T36] bridge_slave_0: left allmulticast mode [ 323.751697][ T36] bridge_slave_0: left promiscuous mode [ 323.769619][T13916] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3291'. [ 323.774760][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.324913][ T5839] Bluetooth: hci2: command tx timeout [ 324.928748][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 324.938326][ T36] bond_slave_1: left promiscuous mode [ 324.947763][ T36] bond0 (unregistering): Released all slaves [ 325.075141][ T36] bond1 (unregistering): Released all slaves [ 325.200327][ T36] bond2 (unregistering): Released all slaves [ 325.379506][T13856] team0: Port device team_slave_0 added [ 325.404515][ T36] : left promiscuous mode [ 325.476408][T13856] team0: Port device team_slave_1 added [ 325.496788][ T36] fþ: left promiscuous mode [ 325.592594][T13856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.624521][T13856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.683987][T13856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.708946][ T36] tipc: Disabling bearer [ 325.716356][ T36] tipc: Disabling bearer [ 325.729457][ T36] tipc: Left network mode [ 325.734774][T13856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.779114][T13856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.835034][T13856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.039561][T13968] geneve2: entered promiscuous mode [ 326.054757][T13968] geneve2: entered allmulticast mode [ 326.162846][T13856] hsr_slave_0: entered promiscuous mode [ 326.187750][T13856] hsr_slave_1: entered promiscuous mode [ 326.205434][T13856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 326.213054][T13856] Cannot create hsr debugfs directory [ 326.363744][ T36] hsr_slave_0: left promiscuous mode [ 326.374903][ T36] hsr_slave_1: left promiscuous mode [ 326.395202][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.404914][ T5839] Bluetooth: hci2: command tx timeout [ 326.451563][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 326.484887][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.492393][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 326.584754][ T36] veth1_macvtap: left promiscuous mode [ 326.597346][ T36] veth0_macvtap: left promiscuous mode [ 326.615022][ T36] veth1_vlan: left promiscuous mode [ 326.812065][T13990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3319'. [ 327.237660][ T5882] IPVS: starting estimator thread 0... [ 327.356348][T14006] IPVS: using max 22 ests per chain, 52800 per kthread [ 327.678757][ T36] team0 (unregistering): Port device team_slave_1 removed [ 327.769046][ T36] team0 (unregistering): Port device team_slave_0 removed [ 328.485035][ T5839] Bluetooth: hci2: command tx timeout [ 328.977491][T14051] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 329.013352][T14052] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 329.129117][T14056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3350'. [ 329.150789][ T36] IPVS: stop unused estimator thread 0... [ 329.428824][T13856] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 329.443283][T13856] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 329.454188][T13856] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 329.467081][T13856] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 329.586981][T13856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.610166][T13856] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.631850][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.639018][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.664222][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.671458][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.960350][T13856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.401196][T13856] veth0_vlan: entered promiscuous mode [ 330.450122][T13856] veth1_vlan: entered promiscuous mode [ 330.516483][T14108] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3369'. [ 330.531061][T13856] veth0_macvtap: entered promiscuous mode [ 330.564950][ T5839] Bluetooth: hci2: command tx timeout [ 330.567463][T13856] veth1_macvtap: entered promiscuous mode [ 330.656704][T13856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.675405][T13856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.690182][T13856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.720094][T13856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.731820][T13856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.770406][T13856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.787368][T13856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.800563][T13856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.820317][T13856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.833475][T13856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.850313][T13856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.861840][T13856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.879350][T13856] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.889153][T13856] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.909032][T13856] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.929604][T13856] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.143255][ T2938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.145427][T14127] rdma_op ffff88805ce821f0 conn xmit_rdma 0000000000000000 [ 331.171602][ T2938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.244159][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.262023][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.311948][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 332.321546][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 332.354734][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 332.382442][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 332.406347][ T5844] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 332.413900][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 334.008634][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 334.333623][T14175] sch_tbf: burst 7164 is lower than device lo mtu (65550) ! [ 334.486066][ T5839] Bluetooth: hci0: command tx timeout [ 334.621858][ T53] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.813424][ T53] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.042087][ T53] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.193049][ T53] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.360184][T14210] vlan2: entered allmulticast mode [ 335.370929][T14210] macsec0: entered allmulticast mode [ 335.379928][T14210] veth1_macvtap: entered allmulticast mode [ 335.394932][T14163] chnl_net:caif_netlink_parms(): no params data found [ 335.607130][ T53] bridge_slave_1: left allmulticast mode [ 335.612848][ T53] bridge_slave_1: left promiscuous mode [ 335.633978][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.646807][ T53] bridge_slave_0: left allmulticast mode [ 335.652597][ T53] bridge_slave_0: left promiscuous mode [ 335.666418][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.469103][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 336.488813][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 336.502185][ T53] bond0 (unregistering): Released all slaves [ 336.522465][T14163] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.535041][T14163] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.542399][T14163] bridge_slave_0: entered allmulticast mode [ 336.550823][T14163] bridge_slave_0: entered promiscuous mode [ 336.565273][ T5839] Bluetooth: hci0: command tx timeout [ 336.573888][T14163] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.583997][T14163] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.591479][T14163] bridge_slave_1: entered allmulticast mode [ 336.601519][T14163] bridge_slave_1: entered promiscuous mode [ 336.687867][ T53] tipc: Disabling bearer [ 336.693424][ T53] tipc: Disabling bearer [ 336.710466][ T53] tipc: Left network mode [ 336.826332][T14163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.850578][T14163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 336.890044][ T53] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 337.060156][T14163] team0: Port device team_slave_0 added [ 337.103806][T14163] team0: Port device team_slave_1 added [ 337.215872][T14163] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.230931][T14163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.272704][T14163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 337.301167][T14163] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 337.308702][T14163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.335787][T14163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.378366][ T53] hsr_slave_0: left promiscuous mode [ 337.388905][ T53] hsr_slave_1: left promiscuous mode [ 337.397288][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.421198][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.431072][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.483516][ T53] veth1_macvtap: left promiscuous mode [ 337.492223][ T53] veth0_macvtap: left promiscuous mode [ 337.532557][ T53] veth1_vlan: left promiscuous mode [ 337.546022][ T53] veth0_vlan: left promiscuous mode [ 338.648885][ T5839] Bluetooth: hci0: command tx timeout [ 338.689019][ T53] team0 (unregistering): Port device team_slave_1 removed [ 338.738667][ T53] team0 (unregistering): Port device team_slave_0 removed [ 339.405913][T14163] hsr_slave_0: entered promiscuous mode [ 339.435430][T14163] hsr_slave_1: entered promiscuous mode [ 340.071021][ T53] IPVS: stop unused estimator thread 0... [ 340.203015][T14365] netlink: 116 bytes leftover after parsing attributes in process `syz.2.3482'. [ 340.415744][T14374] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 340.475492][T14378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3487'. [ 340.493662][T14163] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 340.582964][T14163] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 340.617593][T14163] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 340.675691][T14163] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 340.724897][ T5839] Bluetooth: hci0: command tx timeout [ 340.895134][T14393] netlink: 116 bytes leftover after parsing attributes in process `syz.3.3494'. [ 340.921611][T14163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.981531][T14163] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.013337][ T2938] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.020535][ T2938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.071569][T14316] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.078794][T14316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.179267][T14163] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 341.530964][T14163] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 341.539058][T14425] netlink: 116 bytes leftover after parsing attributes in process `syz.3.3509'. [ 341.640863][T14163] veth0_vlan: entered promiscuous mode [ 341.673421][T14163] veth1_vlan: entered promiscuous mode [ 341.745892][T14163] veth0_macvtap: entered promiscuous mode [ 341.759232][T14163] veth1_macvtap: entered promiscuous mode [ 341.790112][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.801168][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.811658][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.822687][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.843960][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.874552][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.892228][T14163] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.917484][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.932863][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.951771][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.962521][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.982006][T14163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.993076][T14163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.013225][T14163] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 342.024129][T14163] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.033294][T14163] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.042102][T14163] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.051426][T14163] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.233524][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.251607][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.277700][T14449] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3521'. [ 342.312438][ T3469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.328004][ T3469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.469058][T14455] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (7) [ 343.122573][T14488] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3536'. [ 344.112808][T14533] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 344.132186][T14533] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 344.151149][T14533] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 344.262037][T14540] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3561'. [ 345.283065][T14591] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3586'. [ 345.305584][T14591] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.384820][T14591] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.477209][T14591] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.549626][T14591] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.581530][T14604] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3593'. [ 345.668799][T14591] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.698474][T14591] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.723868][T14591] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.742559][T14591] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.116312][T14621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3601'. [ 346.238753][T14629] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3605'. [ 346.593474][T14645] netlink: 'syz.0.3613': attribute type 30 has an invalid length. [ 346.852901][T14658] pim6reg1: entered promiscuous mode [ 346.858807][T14658] pim6reg1: entered allmulticast mode [ 347.227553][T14675] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3628'. [ 347.726811][T14696] lo speed is unknown, defaulting to 1000 [ 347.740186][T14696] lo speed is unknown, defaulting to 1000 [ 347.767382][T14696] lo speed is unknown, defaulting to 1000 [ 347.818650][T14696] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 347.858288][T14696] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 347.948758][T14696] lo speed is unknown, defaulting to 1000 [ 347.982006][T14696] lo speed is unknown, defaulting to 1000 [ 347.999859][T14696] lo speed is unknown, defaulting to 1000 [ 348.016810][T14696] lo speed is unknown, defaulting to 1000 [ 348.050957][T14696] lo speed is unknown, defaulting to 1000 [ 348.093860][T14696] lo speed is unknown, defaulting to 1000 [ 348.632897][T14743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3657'. [ 348.885663][T14757] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3664'. [ 348.943714][T14757] bridge0: port 3(batadv1) entered blocking state [ 348.974909][T14757] bridge0: port 3(batadv1) entered disabled state [ 349.003230][T14757] batadv1: entered allmulticast mode [ 349.029330][T14757] batadv1: entered promiscuous mode [ 349.308948][T14774] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3668'. [ 349.446762][ T36] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 349.457111][ T36] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 349.478428][T14779] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3669'. [ 350.174536][T14820] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 352.291255][T14812] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.491102][T14812] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.499789][T14812] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.508309][T14812] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.516843][T14812] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.566713][T14836] vlan2: entered allmulticast mode [ 352.572480][T14836] macsec0: entered allmulticast mode [ 352.579968][T14836] veth1_macvtap: entered allmulticast mode [ 352.589170][T14836] bridge0: port 4(vlan2) entered blocking state [ 352.596444][T14836] bridge0: port 4(vlan2) entered disabled state [ 352.604514][T14836] vlan2: entered promiscuous mode [ 352.609823][T14836] macsec0: entered promiscuous mode [ 352.626031][T14836] bridge0: port 4(vlan2) entered blocking state [ 352.632843][T14836] bridge0: port 4(vlan2) entered forwarding state [ 353.048216][T14874] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3697'. [ 353.274946][T14888] vlan2: entered allmulticast mode [ 353.280119][T14888] macsec0: entered allmulticast mode [ 353.294737][T14888] veth1_macvtap: entered allmulticast mode [ 353.305856][T14888] bridge0: port 3(vlan2) entered blocking state [ 353.315226][T14888] bridge0: port 3(vlan2) entered disabled state [ 353.322635][T14888] vlan2: entered promiscuous mode [ 353.334064][T14888] macsec0: entered promiscuous mode [ 353.342589][T14888] bridge0: port 3(vlan2) entered blocking state [ 353.349028][T14888] bridge0: port 3(vlan2) entered forwarding state [ 353.754180][T14905] macvlan1: entered promiscuous mode [ 353.763037][T14905] ipvlan0: entered promiscuous mode [ 353.770140][T14905] ipvlan0: left promiscuous mode [ 353.792824][T14905] macvlan1: left promiscuous mode [ 354.037813][T14913] netlink: 368 bytes leftover after parsing attributes in process `syz.2.3714'. [ 354.756586][T14948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.769072][T14948] team0: Port device bond0 added [ 354.784078][T14948] bridge0: port 4(team0) entered blocking state [ 354.807625][T14948] bridge0: port 4(team0) entered disabled state [ 354.814142][T14948] team0: entered allmulticast mode [ 354.829989][T14948] team_slave_0: entered allmulticast mode [ 354.836839][T14948] team_slave_1: entered allmulticast mode [ 354.843015][T14948] bond0: entered allmulticast mode [ 354.848419][T14948] bond_slave_0: entered allmulticast mode [ 354.854201][T14948] bond_slave_1: entered allmulticast mode [ 354.860898][T14952] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3733'. [ 354.872494][T14948] team0: entered promiscuous mode [ 354.879309][T14948] team_slave_0: entered promiscuous mode [ 354.885595][T14948] team_slave_1: entered promiscuous mode [ 354.891597][T14948] bond0: entered promiscuous mode [ 354.896807][T14948] bond_slave_0: entered promiscuous mode [ 354.902631][T14948] bond_slave_1: entered promiscuous mode [ 354.912862][T14948] bridge0: port 4(team0) entered blocking state [ 354.919546][T14948] bridge0: port 4(team0) entered forwarding state [ 355.311329][T14968] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3741'. [ 355.401107][T14970] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3742'. [ 355.443004][T14970] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 355.500281][T14975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3744'. [ 356.714362][T15035] team_slave_0: entered promiscuous mode [ 356.720459][T15035] team_slave_1: entered promiscuous mode [ 356.744743][T15035] macsec1: entered promiscuous mode [ 356.752370][T15035] team0: entered promiscuous mode [ 356.770953][T15035] macsec1: entered allmulticast mode [ 356.789775][T15035] team0: entered allmulticast mode [ 356.798357][T15035] team_slave_0: entered allmulticast mode [ 356.805180][T15035] team_slave_1: entered allmulticast mode [ 356.813124][T15035] team0: Device macsec1 is already an upper device of the team interface [ 356.824643][T15035] team0: left allmulticast mode [ 356.829550][T15035] team_slave_0: left allmulticast mode [ 356.837851][T15035] team_slave_1: left allmulticast mode [ 356.844254][T15035] team0: left promiscuous mode [ 356.849842][T15035] team_slave_0: left promiscuous mode [ 356.856468][T15035] team_slave_1: left promiscuous mode [ 356.950529][T15042] lo speed is unknown, defaulting to 1000 [ 357.088563][T15048] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3778'. [ 357.172266][T15048] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 357.188233][T15051] vlan2: entered allmulticast mode [ 358.297053][T15099] IPv6: sit1: Disabled Multicast RS [ 358.302948][T15099] sit1: entered allmulticast mode [ 358.452055][T15109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3806'. [ 358.489418][T15109] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 359.010095][T15133] netlink: 'syz.3.3819': attribute type 1 has an invalid length. [ 359.032041][T15133] netlink: 'syz.3.3819': attribute type 2 has an invalid length. [ 359.071484][T15139] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3821'. [ 359.751434][T15176] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3836'. [ 359.957821][T15184] netlink: 'syz.0.3843': attribute type 2 has an invalid length. [ 359.983892][T15184] netlink: 119 bytes leftover after parsing attributes in process `syz.0.3843'. [ 360.415599][T15208] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3855'. [ 360.888510][T15232] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3868'. [ 361.084968][T15243] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3871'. [ 361.871166][T15284] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.021948][T15292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3893'. [ 362.233035][T15296] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 362.416110][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3902'. [ 362.850803][T15326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3911'. [ 363.190641][T15345] pim6reg: entered allmulticast mode [ 363.224529][T15345] pim6reg: left allmulticast mode [ 363.624088][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3930'. [ 363.957500][T15378] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3936'. [ 364.256471][T15384] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3939'. [ 365.755758][T15461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3973'. [ 366.406375][T15491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3988'. [ 366.446012][T15491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3988'. [ 366.947365][T15521] lo speed is unknown, defaulting to 1000 [ 368.113419][T15578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4027'. [ 368.130263][T15578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4027'. [ 368.191538][T15580] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4028'. [ 368.390577][T15586] team_slave_0: entered promiscuous mode [ 368.396358][T15586] team_slave_1: entered promiscuous mode [ 368.413358][T15586] macsec1: entered promiscuous mode [ 368.418969][T15586] team0: entered promiscuous mode [ 368.431626][T15586] macsec1: entered allmulticast mode [ 368.440546][T15586] team0: entered allmulticast mode [ 368.446378][T15586] team_slave_0: entered allmulticast mode [ 368.452368][T15586] team_slave_1: entered allmulticast mode [ 368.461570][T15586] team0: Device macsec1 is already an upper device of the team interface [ 368.476944][T15586] team0: left allmulticast mode [ 368.482570][T15586] team_slave_0: left allmulticast mode [ 368.496911][T15586] team_slave_1: left allmulticast mode [ 368.502620][T15586] team0: left promiscuous mode [ 368.508161][T15586] team_slave_0: left promiscuous mode [ 368.513658][T15586] team_slave_1: left promiscuous mode [ 369.537824][T15626] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.545455][T15626] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.782699][T15626] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.833930][T15626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.047460][T15626] veth1_macvtap: left allmulticast mode [ 370.062764][T15626] macsec0: left allmulticast mode [ 370.075504][T15626] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.094568][T15626] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.103702][T15626] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.113116][T15626] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.159494][T15626] vlan2: left allmulticast mode [ 370.177387][T15646] pim6reg: entered allmulticast mode [ 370.183052][T15649] pim6reg: left allmulticast mode [ 370.203611][T15651] netlink: 'syz.2.4061': attribute type 12 has an invalid length. [ 370.584939][T15667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4068'. [ 370.999837][T15691] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4080'. [ 371.921996][T15723] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4093'. [ 372.150666][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4097'. [ 372.489892][T15752] lo speed is unknown, defaulting to 1000 [ 372.536521][T15755] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4108'. [ 372.833744][T15768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4113'. [ 373.313001][T15788] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4122'. [ 373.976926][T15819] lo speed is unknown, defaulting to 1000 [ 374.150664][T15828] netlink: 1 bytes leftover after parsing attributes in process `syz.1.4140'. [ 374.823696][T15846] bridge0: port 4(team0) entered disabled state [ 374.830541][T15846] bridge0: port 3(vlan2) entered disabled state [ 374.837026][T15846] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.844537][T15846] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.103207][T15846] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 375.119220][T15846] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 375.193132][T15846] veth1_macvtap: left allmulticast mode [ 375.212539][T15846] macsec0: left allmulticast mode [ 375.218583][T15846] macsec0: left promiscuous mode [ 375.231537][T15846] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.241303][T15846] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.251228][T15846] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.262137][T15846] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.740816][T15890] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4158'. [ 376.029634][T15905] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4165'. [ 376.210314][T15913] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4170'. [ 376.367655][T15909] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.375269][T15909] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.623778][T15909] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 376.643502][T15909] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.770693][T15909] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.780011][T15909] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.791317][T15909] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.801077][T15909] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.126717][T15992] macsec1: entered promiscuous mode [ 378.132004][T15992] team0: entered promiscuous mode [ 378.137470][T15992] team_slave_0: entered promiscuous mode [ 378.143316][T15992] team_slave_1: entered promiscuous mode [ 378.152283][T15992] macsec1: entered allmulticast mode [ 378.166840][T15992] team0: entered allmulticast mode [ 378.173057][T15992] team_slave_0: entered allmulticast mode [ 378.190718][T15992] team_slave_1: entered allmulticast mode [ 378.202576][T15992] team0: Device macsec1 is already an upper device of the team interface [ 378.266949][T15992] team0: left allmulticast mode [ 378.275072][T15992] team_slave_0: left allmulticast mode [ 378.294565][T15992] team_slave_1: left allmulticast mode [ 378.300451][T15992] team0: left promiscuous mode [ 378.307295][T15992] team_slave_0: left promiscuous mode [ 378.313184][T15992] team_slave_1: left promiscuous mode [ 378.698501][T16011] syzkaller0: entered promiscuous mode [ 378.715817][T16011] syzkaller0: entered allmulticast mode [ 378.807448][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.826083][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.933024][T16095] xt_hashlimit: size too large, truncated to 1048576 [ 382.232860][T16108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4257'. [ 382.260212][T16111] pim6reg: entered allmulticast mode [ 382.298888][T16111] pim6reg: left allmulticast mode [ 382.651862][T16127] syzkaller1: entered promiscuous mode [ 382.699177][T16127] syzkaller1: entered allmulticast mode [ 382.975884][T16143] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4273'. [ 383.022659][T16148] pim6reg: entered allmulticast mode [ 383.044390][T16148] pim6reg: left allmulticast mode [ 383.170499][T16159] bridge_slave_0: left allmulticast mode [ 383.194071][T16159] bridge_slave_0: left promiscuous mode [ 383.207301][T16159] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.285992][T16159] bridge_slave_1: left allmulticast mode [ 383.291725][T16159] bridge_slave_1: left promiscuous mode [ 383.346831][T16159] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.398046][T16159] bond0: (slave bond_slave_0): Releasing backup interface [ 383.420384][T16159] bond0: (slave bond_slave_1): Releasing backup interface [ 383.451920][T16159] team0: Port device team_slave_0 removed [ 383.472732][T16159] team0: Port device team_slave_1 removed [ 383.487208][T16159] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 383.505530][T16159] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 383.517530][T16175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4284'. [ 383.544155][T16162] team0: Mode changed to "loadbalance" [ 383.638076][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.667365][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.673920][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.718319][T16181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4288'. [ 383.741715][T16178] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 383.836160][T16189] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4290'. [ 383.858934][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.882283][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.915640][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.949663][T16178] wlan0 speed is unknown, defaulting to 1000 [ 383.971519][T16178] wlan0 speed is unknown, defaulting to 1000 [ 384.021175][T16178] wlan0 speed is unknown, defaulting to 1000 [ 384.396197][T16217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4300'. [ 384.778134][T16241] netlink: 'syz.0.4309': attribute type 29 has an invalid length. [ 384.835920][T16241] netlink: 'syz.0.4309': attribute type 29 has an invalid length. [ 384.845435][T16241] netlink: 'syz.0.4309': attribute type 29 has an invalid length. [ 384.904027][T16247] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4312'. [ 385.682746][T16284] netlink: 'syz.2.4328': attribute type 1 has an invalid length. [ 385.698449][T16284] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4328'. [ 386.226835][T16311] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4340'. [ 386.923193][T16346] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4355'. [ 387.454530][T16373] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4368'. [ 387.714692][T16384] veth1_to_team: entered promiscuous mode [ 388.046617][T16401] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4381'. [ 388.199362][T16408] lo speed is unknown, defaulting to 1000 [ 388.225863][T16408] wlan0 speed is unknown, defaulting to 1000 [ 388.591134][T16426] Bluetooth: MGMT ver 1.23 [ 388.731060][T16433] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4394'. [ 389.131269][T16449] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4401'. [ 389.174445][T16446] xt_CT: No such helper "syz1" [ 389.270271][T16455] siw: device registration error -23 [ 389.600088][T16465] pim6reg: entered allmulticast mode [ 389.644863][T16465] pim6reg: left allmulticast mode [ 389.697016][T16470] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4408'. [ 389.974648][T16483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4414'. [ 390.036678][T16487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4416'. [ 390.317172][T16501] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4422'. [ 390.958700][T16529] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4435'. [ 391.125692][T16536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4437'. [ 391.348173][T16543] bridge0: port 4(vlan2) entered disabled state [ 391.354794][T16543] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.362350][T16543] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.578807][T16543] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 391.593794][T16543] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 391.653458][T16543] veth1_macvtap: left allmulticast mode [ 391.668221][T16543] macsec0: left allmulticast mode [ 391.673619][T16543] macsec0: left promiscuous mode [ 391.683988][T16543] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.706282][T16543] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.719356][T16543] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.729577][T16543] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.778508][T15852] lo speed is unknown, defaulting to 1000 [ 391.890563][T16568] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input6 [ 392.529230][T16598] syzkaller1: entered promiscuous mode [ 392.555427][T16595] __nla_validate_parse: 2 callbacks suppressed [ 392.555447][T16595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4462'. [ 392.561772][T16598] syzkaller1: entered allmulticast mode [ 392.580962][T16604] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4465'. [ 392.611392][T16598] bridge_slave_0: default FDB implementation only supports local addresses [ 392.747073][T16610] netlink: 'syz.4.4467': attribute type 10 has an invalid length. [ 392.779181][T16610] [ 392.781583][T16610] ====================================================== [ 392.788633][T16610] WARNING: possible circular locking dependency detected [ 392.795681][T16610] 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 Not tainted [ 392.802809][T16610] ------------------------------------------------------ [ 392.809837][T16610] syz.4.4467/16610 is trying to acquire lock: [ 392.815905][T16610] ffff88805b830768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_change_mac+0xc6/0x1160 [ 392.825677][T16610] [ 392.825677][T16610] but task is already holding lock: [ 392.833038][T16610] ffff8880659a4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50 [ 392.842020][T16610] [ 392.842020][T16610] which lock already depends on the new lock. [ 392.842020][T16610] [ 392.852424][T16610] [ 392.852424][T16610] the existing dependency chain (in reverse order) is: [ 392.861446][T16610] [ 392.861446][T16610] -> #1 (&dev->lock){+.+.}-{4:4}: [ 392.868674][T16610] lock_acquire+0x1ed/0x550 [ 392.873715][T16610] __mutex_lock+0x19c/0x1010 [ 392.878835][T16610] register_netdevice+0x12d8/0x1b70 [ 392.884567][T16610] cfg80211_register_netdevice+0x149/0x2f0 [ 392.890908][T16610] ieee80211_if_add+0x119d/0x1780 [ 392.896460][T16610] ieee80211_register_hw+0x3708/0x42e0 [ 392.902555][T16610] mac80211_hwsim_new_radio+0x2a89/0x49f0 [ 392.908806][T16610] init_mac80211_hwsim+0x87a/0xb00 [ 392.914453][T16610] do_one_initcall+0x248/0x930 [ 392.919744][T16610] do_initcall_level+0x157/0x210 [ 392.925233][T16610] do_initcalls+0x71/0xd0 [ 392.930093][T16610] kernel_init_freeable+0x435/0x5d0 [ 392.935821][T16610] kernel_init+0x1d/0x2b0 [ 392.940682][T16610] ret_from_fork+0x4b/0x80 [ 392.945628][T16610] ret_from_fork_asm+0x1a/0x30 [ 392.950919][T16610] [ 392.950919][T16610] -> #0 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 392.958663][T16610] validate_chain+0x18ef/0x5920 [ 392.964040][T16610] __lock_acquire+0x1397/0x2100 [ 392.969452][T16610] lock_acquire+0x1ed/0x550 [ 392.974488][T16610] __mutex_lock+0x19c/0x1010 [ 392.979612][T16610] ieee80211_change_mac+0xc6/0x1160 [ 392.985338][T16610] netif_set_mac_address+0x327/0x510 [ 392.991146][T16610] dev_set_mac_address+0x38/0x50 [ 392.996606][T16610] bond_enslave+0xff3/0x3910 [ 393.001716][T16610] do_set_master+0x579/0x730 [ 393.006828][T16610] do_setlink+0xfee/0x40f0 [ 393.011765][T16610] rtnl_newlink+0x15a6/0x1d90 [ 393.016972][T16610] rtnetlink_rcv_msg+0x791/0xcf0 [ 393.022443][T16610] netlink_rcv_skb+0x206/0x480 [ 393.027737][T16610] netlink_unicast+0x7f6/0x990 [ 393.033058][T16610] netlink_sendmsg+0x8de/0xcb0 [ 393.038363][T16610] __sock_sendmsg+0x221/0x270 [ 393.043587][T16610] ____sys_sendmsg+0x53a/0x860 [ 393.048906][T16610] __sys_sendmsg+0x269/0x350 [ 393.054023][T16610] do_syscall_64+0xf3/0x230 [ 393.059081][T16610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.065506][T16610] [ 393.065506][T16610] other info that might help us debug this: [ 393.065506][T16610] [ 393.075735][T16610] Possible unsafe locking scenario: [ 393.075735][T16610] [ 393.083185][T16610] CPU0 CPU1 [ 393.088554][T16610] ---- ---- [ 393.093915][T16610] lock(&dev->lock); [ 393.097914][T16610] lock(&rdev->wiphy.mtx); [ 393.104945][T16610] lock(&dev->lock); [ 393.111454][T16610] lock(&rdev->wiphy.mtx); [ 393.115963][T16610] [ 393.115963][T16610] *** DEADLOCK *** [ 393.115963][T16610] [ 393.124105][T16610] 2 locks held by syz.4.4467/16610: [ 393.129299][T16610] #0: ffffffff8fed6cc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 393.138381][T16610] #1: ffff8880659a4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50 [ 393.147802][T16610] [ 393.147802][T16610] stack backtrace: [ 393.153714][T16610] CPU: 1 UID: 0 PID: 16610 Comm: syz.4.4467 Not tainted 6.14.0-rc6-syzkaller-01241-g702e3fa16cd4 #0 [ 393.153737][T16610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 393.153753][T16610] Call Trace: [ 393.153761][T16610] [ 393.153769][T16610] dump_stack_lvl+0x241/0x360 [ 393.153793][T16610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.153812][T16610] ? __pfx__printk+0x10/0x10 [ 393.153832][T16610] print_circular_bug+0x13a/0x1b0 [ 393.153855][T16610] check_noncircular+0x36a/0x4a0 [ 393.153876][T16610] ? __pfx_check_noncircular+0x10/0x10 [ 393.153895][T16610] ? lockdep_lock+0x123/0x2b0 [ 393.153920][T16610] ? radix_tree_node_alloc+0x19a/0x3c0 [ 393.153940][T16610] ? idr_get_free+0x296/0xab0 [ 393.153958][T16610] ? idr_alloc_u32+0x195/0x330 [ 393.153976][T16610] ? idr_alloc_cyclic+0x106/0x300 [ 393.153995][T16610] ? __kernfs_new_node+0x12d/0x870 [ 393.154020][T16610] ? kernfs_create_dir_ns+0x43/0x120 [ 393.154044][T16610] ? sysfs_create_dir_ns+0x189/0x3a0 [ 393.154065][T16610] ? kobject_add_internal+0x435/0x8d0 [ 393.154088][T16610] ? kobject_init_and_add+0x124/0x190 [ 393.154112][T16610] validate_chain+0x18ef/0x5920 [ 393.154139][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154162][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154180][T16610] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 393.154205][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154223][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154241][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154262][T16610] ? idr_get_free+0x91c/0xab0 [ 393.154282][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.154301][T16610] ? mark_lock+0x9a/0x360 [ 393.154322][T16610] __lock_acquire+0x1397/0x2100 [ 393.154356][T16610] lock_acquire+0x1ed/0x550 [ 393.154381][T16610] ? ieee80211_change_mac+0xc6/0x1160 [ 393.154406][T16610] ? __pfx_lock_acquire+0x10/0x10 [ 393.154432][T16610] ? __pfx___might_resched+0x10/0x10 [ 393.154460][T16610] __mutex_lock+0x19c/0x1010 [ 393.154481][T16610] ? ieee80211_change_mac+0xc6/0x1160 [ 393.154504][T16610] ? __pfx_lock_release+0x10/0x10 [ 393.154537][T16610] ? ieee80211_change_mac+0xc6/0x1160 [ 393.154558][T16610] ? __pfx___mutex_lock+0x10/0x10 [ 393.154583][T16610] ? __pfx_vxlan_netdevice_event+0x10/0x10 [ 393.154601][T16610] ? ib_device_get_by_netdev+0x85/0x5e0 [ 393.154628][T16610] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 393.154653][T16610] ? hsr_netdev_notify+0x295/0xb50 [ 393.154678][T16610] ieee80211_change_mac+0xc6/0x1160 [ 393.154701][T16610] ? ip6_route_dev_notify+0x99/0x600 [ 393.154720][T16610] ? notifier_call_chain+0x15a/0x3f0 [ 393.154746][T16610] ? notifier_call_chain+0x3cc/0x3f0 [ 393.154772][T16610] netif_set_mac_address+0x327/0x510 [ 393.154794][T16610] ? __pfx_netif_set_mac_address+0x10/0x10 [ 393.154819][T16610] dev_set_mac_address+0x38/0x50 [ 393.154837][T16610] bond_enslave+0xff3/0x3910 [ 393.154860][T16610] ? rtmsg_ifinfo_build_skb+0x1a2/0x260 [ 393.154888][T16610] ? __pfx_bond_enslave+0x10/0x10 [ 393.154912][T16610] ? __pfx___dev_change_flags+0x10/0x10 [ 393.154929][T16610] ? validate_linkmsg+0x828/0xa40 [ 393.154952][T16610] ? mutex_is_locked+0x17/0x50 [ 393.154970][T16610] do_set_master+0x579/0x730 [ 393.154990][T16610] do_setlink+0xfee/0x40f0 [ 393.155016][T16610] ? __pfx_do_setlink+0x10/0x10 [ 393.155037][T16610] ? __pfx___might_resched+0x10/0x10 [ 393.155062][T16610] ? __pfx___mutex_trylock_common+0x10/0x10 [ 393.155089][T16610] ? rcu_is_watching+0x15/0xb0 [ 393.155108][T16610] ? trace_contention_end+0x3c/0x120 [ 393.155127][T16610] ? __mutex_lock+0x397/0x1010 [ 393.155149][T16610] ? __pfx_aa_get_newest_label+0x10/0x10 [ 393.155179][T16610] ? rtnl_newlink+0xc4c/0x1d90 [ 393.155204][T16610] ? __pfx___mutex_lock+0x10/0x10 [ 393.155229][T16610] ? ns_capable+0x8a/0xf0 [ 393.155249][T16610] ? rtnl_link_get_net_capable+0x168/0x340 [ 393.155268][T16610] rtnl_newlink+0x15a6/0x1d90 [ 393.155295][T16610] ? is_bpf_text_address+0x285/0x2a0 [ 393.155310][T16610] ? is_bpf_text_address+0x26/0x2a0 [ 393.155330][T16610] ? __pfx_rtnl_newlink+0x10/0x10 [ 393.155356][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.155382][T16610] ? validate_chain+0x11e/0x5920 [ 393.155400][T16610] ? __pfx_lock_acquire+0x10/0x10 [ 393.155426][T16610] ? __pfx_lock_release+0x10/0x10 [ 393.155453][T16610] ? __pfx_validate_chain+0x10/0x10 [ 393.155471][T16610] ? mark_lock+0x9a/0x360 [ 393.155488][T16610] ? __lock_acquire+0x1397/0x2100 [ 393.155531][T16610] ? __pfx_lock_release+0x10/0x10 [ 393.155562][T16610] ? __pfx_rtnl_newlink+0x10/0x10 [ 393.155588][T16610] rtnetlink_rcv_msg+0x791/0xcf0 [ 393.155613][T16610] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 393.155639][T16610] ? __lock_acquire+0x1397/0x2100 [ 393.155665][T16610] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 393.155697][T16610] netlink_rcv_skb+0x206/0x480 [ 393.155723][T16610] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 393.155749][T16610] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 393.155782][T16610] ? netlink_deliver_tap+0x2e/0x1b0 [ 393.155809][T16610] netlink_unicast+0x7f6/0x990 [ 393.155834][T16610] ? __pfx_netlink_unicast+0x10/0x10 [ 393.155856][T16610] ? __virt_addr_valid+0x45f/0x530 [ 393.155872][T16610] ? __phys_addr_symbol+0x2f/0x70 [ 393.155887][T16610] ? __check_object_size+0x47a/0x730 [ 393.155912][T16610] netlink_sendmsg+0x8de/0xcb0 [ 393.155943][T16610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.155970][T16610] ? aa_sock_msg_perm+0x91/0x160 [ 393.155998][T16610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.156023][T16610] __sock_sendmsg+0x221/0x270 [ 393.156049][T16610] ____sys_sendmsg+0x53a/0x860 [ 393.156072][T16610] ? __pfx_____sys_sendmsg+0x10/0x10 [ 393.156090][T16610] ? __fget_files+0x2a/0x410 [ 393.156117][T16610] ? __fget_files+0x2a/0x410 [ 393.156145][T16610] __sys_sendmsg+0x269/0x350 [ 393.156166][T16610] ? __pfx___sys_sendmsg+0x10/0x10 [ 393.156201][T16610] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 393.156228][T16610] ? do_syscall_64+0x100/0x230 [ 393.156251][T16610] ? do_syscall_64+0xb6/0x230 [ 393.156274][T16610] do_syscall_64+0xf3/0x230 [ 393.156298][T16610] ? clear_bhb_loop+0x35/0x90 [ 393.156323][T16610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.156355][T16610] RIP: 0033:0x7f2eeaf8d169 [ 393.156371][T16610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.156386][T16610] RSP: 002b:00007f2eebd0c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.156405][T16610] RAX: ffffffffffffffda RBX: 00007f2eeb1a5fa0 RCX: 00007f2eeaf8d169 [ 393.156418][T16610] RDX: 0000000000000000 RSI: 0000400000000600 RDI: 0000000000000003 [ 393.156428][T16610] RBP: 00007f2eeb00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 393.156440][T16610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 SYZFAIL: failed to send rpc fd=3 want=48 sent=0 n=-1 (errno 32: Broken pipe) [ 393.156449][T16610] R13: 0000000000000000 R14: 00007f2eeb1a5fa0 R15: 00007fffe4f32d48 [ 393.156467][T16610] [ 393.816825][T16610] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 394.601201][T14800] bridge_slave_1: left allmulticast mode [ 394.607300][T14800] bridge_slave_1: left promiscuous mode [ 394.612951][T14800] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.622159][T14800] bridge_slave_0: left allmulticast mode [ 394.627937][T14800] bridge_slave_0: left promiscuous mode [ 394.633586][T14800] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.988427][T14800] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 394.998090][T14800] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 395.007472][T14800] bond0 (unregistering): Released all slaves [ 395.065299][T14800] IPVS: stopping master sync thread 14820 ... [ 395.197307][T14800] hsr_slave_0: left promiscuous mode [ 395.202998][T14800] hsr_slave_1: left promiscuous mode [ 395.472494][T14800] team0 (unregistering): Port device team_slave_1 removed [ 395.505869][T14800] team0 (unregistering): Port device team_slave_0 removed [ 396.490370][T14800] bridge_slave_1: left allmulticast mode [ 396.496104][T14800] bridge_slave_1: left promiscuous mode [ 396.501856][T14800] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.510090][T14800] bridge_slave_0: left allmulticast mode [ 396.515807][T14800] bridge_slave_0: left promiscuous mode [ 396.521553][T14800] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.004612][T14800] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 397.015034][T14800] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 397.024064][T14800] bond0 (unregistering): Released all slaves [ 397.120348][T14800] bond0 (unregistering): Released all slaves [ 397.488081][T14800] hsr_slave_0: left promiscuous mode [ 397.493728][T14800] hsr_slave_1: left promiscuous mode [ 397.499451][T14800] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.507170][T14800] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.516827][T14800] hsr_slave_0: left promiscuous mode [ 397.522484][T14800] hsr_slave_1: left promiscuous mode [ 397.787238][T14800] team0 (unregistering): Port device team_slave_1 removed [ 397.819532][T14800] team0 (unregistering): Port device team_slave_0 removed