last executing test programs: 1m8.643755826s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 56.102244663s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 43.493975861s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 28.362684916s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 18.106639229s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 7.09027148s ago: executing program 3 (id=630): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x439, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010100}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x44}}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2.522764079s ago: executing program 0 (id=2160): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r0, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e87020001"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x700) 2.30986383s ago: executing program 0 (id=2161): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89e0, 0x0) 2.287918389s ago: executing program 2 (id=2162): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendto$inet(r1, 0x0, 0x0, 0x8041, 0x0, 0x0) 2.248961939s ago: executing program 0 (id=2163): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x9) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f0308000300000000e2ffca1b1f0000001104c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f20900f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 2.057871257s ago: executing program 2 (id=2164): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x3, 0x1, 0x6, 0xfffffffa, 0x22}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8886}, 0x0) 2.0577394s ago: executing program 0 (id=2165): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="12000000040000080800000006"], 0x48) 1.991522905s ago: executing program 0 (id=2166): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000000200)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x28}}, 0x0) 1.926452102s ago: executing program 0 (id=2167): unshare(0x62040200) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x1000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000000600000000028290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) 837.820746ms ago: executing program 4 (id=2168): socket$packet(0x11, 0x2, 0x300) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001f", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 820.003222ms ago: executing program 2 (id=2169): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, 0x0, 0x0) 756.302169ms ago: executing program 4 (id=2170): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x38}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0) 649.825274ms ago: executing program 1 (id=2171): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000001d78bfe000000000800000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000007a000000b70000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 629.293924ms ago: executing program 1 (id=2172): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000012c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000001440)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x9, 0x1b}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x6000a010}, 0x20c0) 593.626875ms ago: executing program 4 (id=2173): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8}]}}}]}, 0x3c}}, 0x0) 521.905948ms ago: executing program 2 (id=2174): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x60}}, 0x0) 471.929808ms ago: executing program 2 (id=2175): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) 420.262637ms ago: executing program 4 (id=2176): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000009000000000000000200000d00000000060000000000080000000000000000000000000000002e"], &(0x7f0000000180)=""/129, 0x3d, 0x81, 0x1, 0x0, 0x0, @void, @value}, 0x28) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x40d, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x11008}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}]}, 0x34}}, 0x0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 353.885142ms ago: executing program 1 (id=2177): r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000b80)={0x0, 0x0, 0x0}, 0x2c8120d196112b0d) 272.365051ms ago: executing program 1 (id=2178): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f00ff0f00000000000050375ed08a56331dbf9ed78105001ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00010007080c00bdad01409bbc7a46e39a54cbbda812176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0x7}, 0x0) 203.575055ms ago: executing program 4 (id=2179): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001480)={0x28, 0x21, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x00\x00\x00\x01\x01b'}, @nested={0xc, 0x14, 0x0, 0x1, [@nested={0x6, 0xa4, 0x0, 0x1, [@generic="cc6d"]}]}]}, 0x28}], 0x1}, 0x0) 179.818064ms ago: executing program 1 (id=2180): syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @remote, @val, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @empty, @local, @broadcast}}}}, 0x0) 37.921326ms ago: executing program 2 (id=2181): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8040) 31.498202ms ago: executing program 1 (id=2182): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x8311, 0x4) 0s ago: executing program 4 (id=2183): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x44, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {}, @device_a, @device_a, @random="a514a0ed377e", {0x0, 0xff}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0x88}, @void}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): 54] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.451736][T11354] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.467816][T11354] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.479734][T11354] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.645907][ T9930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.670779][ T9930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.717944][T11624] lo speed is unknown, defaulting to 1000 [ 232.732177][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.744855][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.042392][T11640] lo speed is unknown, defaulting to 1000 [ 233.050985][T11643] netlink: 'syz.0.1520': attribute type 12 has an invalid length. [ 233.123378][T11642] netlink: 'syz.0.1520': attribute type 12 has an invalid length. [ 233.471154][T11666] Cannot find set identified by id 0 to match [ 233.562859][T11669] netlink: 'syz.2.1526': attribute type 1 has an invalid length. [ 233.595689][T11670] netlink: 'syz.4.1524': attribute type 1 has an invalid length. [ 233.658360][T11669] 8021q: adding VLAN 0 to HW filter on device bond6 [ 233.724549][T11670] 8021q: adding VLAN 0 to HW filter on device bond2 [ 233.746205][T11672] bond6: (slave gretap2): making interface the new active one [ 233.755252][T11672] bond6: (slave gretap2): Enslaving as an active interface with an up link [ 233.888524][T11681] netlink: 'syz.2.1529': attribute type 29 has an invalid length. [ 234.370544][ T9931] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.534103][T11703] netlink: 'syz.2.1536': attribute type 8 has an invalid length. [ 235.560740][ T9931] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.759705][T11704] netlink: 'syz.1.1535': attribute type 4 has an invalid length. [ 235.818183][T11704] netlink: 'syz.1.1535': attribute type 8 has an invalid length. [ 235.824405][ T5144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 235.849391][ T9931] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.873944][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 235.894243][ T5144] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 235.894270][T11704] netlink: 'syz.1.1535': attribute type 9 has an invalid length. [ 235.894288][T11704] netlink: 'syz.1.1535': attribute type 10 has an invalid length. [ 235.920879][T11704] __nla_validate_parse: 4 callbacks suppressed [ 235.920902][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1535'. [ 235.936974][ T5144] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 235.953296][ T5144] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 235.962344][ T5144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 236.064352][T11718] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1538'. [ 236.091939][T11715] lo speed is unknown, defaulting to 1000 [ 236.162425][ T9931] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.595785][T11726] Cannot find set identified by id 0 to match [ 236.661200][T11729] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1543'. [ 236.839909][T11736] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1544'. [ 237.072308][T11736] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 237.079889][T11736] macvlan2: entered allmulticast mode [ 237.085539][T11736] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 237.107565][T11727] lo speed is unknown, defaulting to 1000 [ 237.250450][T11715] chnl_net:caif_netlink_parms(): no params data found [ 237.330525][ T9931] bridge_slave_1: left allmulticast mode [ 237.337371][ T9931] bridge_slave_1: left promiscuous mode [ 237.344468][ T9931] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.354393][ T9931] bridge_slave_0: left allmulticast mode [ 237.360170][ T9931] bridge_slave_0: left promiscuous mode [ 237.367497][ T9931] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.840549][T11767] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1549'. [ 238.020542][ T9931] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.031705][ T9931] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.043785][ T9931] bond0 (unregistering): Released all slaves [ 238.054105][ T5844] Bluetooth: hci3: command tx timeout [ 238.073279][T11752] bond0: Unable to set down delay as MII monitoring is disabled [ 238.237671][T11773] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 238.430458][T11715] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.451841][T11715] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.474023][T11715] bridge_slave_0: entered allmulticast mode [ 238.484915][T11715] bridge_slave_0: entered promiscuous mode [ 238.493188][T11715] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.523766][T11715] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.540006][T11715] bridge_slave_1: entered allmulticast mode [ 238.547739][T11715] bridge_slave_1: entered promiscuous mode [ 238.667006][T11797] validate_nla: 2 callbacks suppressed [ 238.667105][T11797] netlink: 'syz.0.1557': attribute type 3 has an invalid length. [ 238.715909][T11715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 238.751640][T11715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.855251][T11715] team0: Port device team_slave_0 added [ 238.857664][T11801] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1558'. [ 238.871839][T11715] team0: Port device team_slave_1 added [ 238.892746][ T9931] hsr_slave_0: left promiscuous mode [ 238.902653][ T9931] hsr_slave_1: left promiscuous mode [ 238.921300][T11807] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1558'. [ 238.938118][ T9931] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.951286][ T9931] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.962028][ T9931] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.978312][ T9931] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.022142][ T9931] veth1_macvtap: left promiscuous mode [ 239.044032][ T9931] veth0_macvtap: left promiscuous mode [ 239.050915][ T9931] veth1_vlan: left promiscuous mode [ 239.064025][ T9931] veth0_vlan: left promiscuous mode [ 239.429367][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1563'. [ 239.758096][ T9931] team0 (unregistering): Port device team_slave_1 removed [ 239.807602][ T9931] team0 (unregistering): Port device team_slave_0 removed [ 240.133907][ T5844] Bluetooth: hci3: command tx timeout [ 240.374953][T11819] tc_dump_action: action bad kind [ 240.398208][T11821] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 240.466463][T11715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.478351][T11715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.514900][T11715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.534551][T11818] lo speed is unknown, defaulting to 1000 [ 240.535605][T11715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.553099][T11715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.594030][T11833] netlink: 'syz.0.1564': attribute type 4 has an invalid length. [ 240.601917][T11833] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1564'. [ 240.620860][T11715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.641802][T11832] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1566'. [ 240.906204][T11715] hsr_slave_0: entered promiscuous mode [ 240.918044][T11715] hsr_slave_1: entered promiscuous mode [ 240.935339][T11715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.942989][T11715] Cannot create hsr debugfs directory [ 241.095104][T11853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1571'. [ 241.160237][T11851] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 241.238030][T11865] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1572'. [ 241.292416][T11869] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1573'. [ 241.440380][T11871] netlink: 'syz.2.1575': attribute type 5 has an invalid length. [ 241.611373][T11883] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20003 [ 241.721458][T11885] netlink: 'syz.1.1578': attribute type 4 has an invalid length. [ 241.744457][T11885] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1578'. [ 241.890247][T11715] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 241.903988][T11715] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 241.943030][T11715] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 241.968442][T11715] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 242.049724][T11904] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1584'. [ 242.071351][T11901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1584'. [ 242.106888][T11906] syzkaller1: entered promiscuous mode [ 242.111940][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1584'. [ 242.122406][T11906] syzkaller1: entered allmulticast mode [ 242.129066][T11901] netlink: 'syz.2.1584': attribute type 13 has an invalid length. [ 242.149708][T11901] netlink: 'syz.2.1584': attribute type 11 has an invalid length. [ 242.172294][T11906] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1585'. [ 242.194966][T11906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1585'. [ 242.209392][T11910] netlink: 'syz.4.1587': attribute type 28 has an invalid length. [ 242.219314][ T5844] Bluetooth: hci3: command tx timeout [ 242.225369][T11906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1585'. [ 242.314337][T11715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.431243][T11715] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.468923][ T9931] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.476376][ T9931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.544905][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.552779][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.732202][T11927] netlink: 'syz.2.1593': attribute type 4 has an invalid length. [ 242.922800][T11715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.960954][T11715] veth0_vlan: entered promiscuous mode [ 242.972852][T11715] veth1_vlan: entered promiscuous mode [ 242.997311][T11715] veth0_macvtap: entered promiscuous mode [ 243.005919][T11715] veth1_macvtap: entered promiscuous mode [ 243.025917][T11715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.042041][T11715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.052702][T11715] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.061860][T11715] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.071008][T11715] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.080475][T11715] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.141281][ T5063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.152624][ T5063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.180039][ T9929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.192377][ T9929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.420951][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.231836][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.840218][ T5144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 245.854108][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 245.862661][ T5144] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 245.871680][ T5144] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 245.880469][ T5144] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 245.892548][ T5144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 245.922552][T11940] lo speed is unknown, defaulting to 1000 [ 246.008765][T11940] chnl_net:caif_netlink_parms(): no params data found [ 246.054652][T11940] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.061874][T11940] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.069512][T11940] bridge_slave_0: entered allmulticast mode [ 246.076807][T11940] bridge_slave_0: entered promiscuous mode [ 246.084310][T11940] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.091389][T11940] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.099608][T11940] bridge_slave_1: entered allmulticast mode [ 246.106795][T11940] bridge_slave_1: entered promiscuous mode [ 246.130904][T11940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.147397][T11940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.177952][T11940] team0: Port device team_slave_0 added [ 246.186394][T11940] team0: Port device team_slave_1 added [ 246.218546][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.242326][T11940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.249543][T11940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.276074][T11940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.288056][T11940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.295506][T11940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.322107][T11940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.350457][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.381535][T11940] hsr_slave_0: entered promiscuous mode [ 246.388160][T11940] hsr_slave_1: entered promiscuous mode [ 246.399012][T11940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 246.406762][T11940] Cannot create hsr debugfs directory [ 246.489143][ T63] bridge_slave_1: left allmulticast mode [ 246.495064][ T63] bridge_slave_1: left promiscuous mode [ 246.500825][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.509647][ T63] bridge_slave_0: left allmulticast mode [ 246.516332][ T63] bridge_slave_0: left promiscuous mode [ 246.522052][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.892775][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.906255][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.917635][ T63] bond0 (unregistering): Released all slaves [ 247.194855][ T63] hsr_slave_0: left promiscuous mode [ 247.200743][ T63] hsr_slave_1: left promiscuous mode [ 247.207408][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.215081][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.224891][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.232362][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.251333][ T63] veth1_macvtap: left promiscuous mode [ 247.257263][ T63] veth0_macvtap: left promiscuous mode [ 247.262832][ T63] veth1_vlan: left promiscuous mode [ 247.268257][ T63] veth0_vlan: left promiscuous mode [ 247.749929][ T63] team0 (unregistering): Port device team_slave_1 removed [ 247.799942][ T63] team0 (unregistering): Port device team_slave_0 removed [ 247.976187][ T5144] Bluetooth: hci3: command tx timeout [ 248.427830][T11940] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 248.448756][T11940] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 248.461894][T11940] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 248.484795][T11940] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 248.568999][T11940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.588974][T11940] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.601756][ T9930] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.608948][ T9930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.630273][ T5063] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.638305][ T5063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.773170][T11940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.810392][T11940] veth0_vlan: entered promiscuous mode [ 248.820731][T11940] veth1_vlan: entered promiscuous mode [ 248.849015][T11940] veth0_macvtap: entered promiscuous mode [ 248.858327][T11940] veth1_macvtap: entered promiscuous mode [ 248.873263][T11940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.884170][T11940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.894456][T11940] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.903198][T11940] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.912359][T11940] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.921845][T11940] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.990652][ T5063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.004756][ T5063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.025906][ T9930] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.034714][ T9930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.054595][T11957] __nla_validate_parse: 4 callbacks suppressed [ 250.054617][T11957] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1599'. [ 250.088465][T11957] macvtap1: entered promiscuous mode [ 250.094073][T11957] erspan0: entered promiscuous mode [ 250.099650][T11957] macvtap1: entered allmulticast mode [ 250.121003][T11957] erspan0: entered allmulticast mode [ 250.171947][T11964] erspan0: left allmulticast mode [ 250.183889][T11964] erspan0: left promiscuous mode [ 250.418117][T11973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1602'. [ 250.486215][T11979] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1602'. [ 250.509210][T11972] xt_CONNSECMARK: invalid mode: 0 [ 250.708604][T11985] netlink: 'syz.2.1606': attribute type 4 has an invalid length. [ 250.717257][T11985] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1606'. [ 251.048023][T12002] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1613'. [ 251.080567][T12002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1613'. [ 251.188901][T12006] netlink: 'syz.0.1614': attribute type 10 has an invalid length. [ 251.219384][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.285744][T12006] syz_tun: entered promiscuous mode [ 251.298804][T12006] syz_tun: left allmulticast mode [ 251.309730][T12006] syz_tun: entered allmulticast mode [ 251.321277][T12006] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 251.333196][T12008] netlink: 'syz.0.1614': attribute type 10 has an invalid length. [ 252.725343][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.859762][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 252.872634][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 252.875088][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.882189][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 252.900695][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 252.909086][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 252.917888][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 252.980290][T12020] lo speed is unknown, defaulting to 1000 [ 252.987662][T12023] bridge0: port 1(gretap0) entered blocking state [ 253.007328][T12023] bridge0: port 1(gretap0) entered disabled state [ 253.042907][T12023] gretap0: entered promiscuous mode [ 253.047575][T12031] FAULT_INJECTION: forcing a failure. [ 253.047575][T12031] name failslab, interval 1, probability 0, space 0, times 0 [ 253.061569][T12031] CPU: 0 UID: 0 PID: 12031 Comm: syz.2.1620 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 253.072378][T12031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 253.082513][T12031] Call Trace: [ 253.085830][T12031] [ 253.088801][T12031] dump_stack_lvl+0x241/0x360 [ 253.093529][T12031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.095094][T12028] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1619'. [ 253.098747][T12031] ? __pfx__printk+0x10/0x10 [ 253.098803][T12031] ? __kmalloc_noprof+0xb5/0x4c0 [ 253.117637][T12031] ? __pfx___might_resched+0x10/0x10 [ 253.122968][T12031] should_fail_ex+0x3b0/0x4e0 [ 253.127691][T12031] should_failslab+0xac/0x100 [ 253.132432][T12031] __kmalloc_noprof+0xdd/0x4c0 [ 253.137248][T12031] ? pfkey_add+0xf6f/0x3030 [ 253.141813][T12031] pfkey_add+0xf6f/0x3030 [ 253.146218][T12031] ? __pfx_pfkey_add+0x10/0x10 [ 253.151038][T12031] ? pfkey_broadcast+0x45/0x400 [ 253.155971][T12031] ? pfkey_broadcast+0x3e3/0x400 [ 253.160998][T12031] pfkey_sendmsg+0xbcc/0x1050 [ 253.165744][T12031] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 253.170972][T12031] ? __pfx_aa_sk_perm+0x10/0x10 [ 253.176051][T12031] ? __pfx_lock_release+0x10/0x10 [ 253.181353][T12031] ? __import_iovec+0x590/0x870 [ 253.186225][T12031] ? aa_sock_msg_perm+0x91/0x160 [ 253.191318][T12031] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 253.196915][T12031] __sock_sendmsg+0x221/0x270 [ 253.201736][T12031] ____sys_sendmsg+0x52a/0x7e0 [ 253.206567][T12031] ? __pfx_____sys_sendmsg+0x10/0x10 [ 253.211975][T12031] ? __fget_files+0x2a/0x410 [ 253.216777][T12031] ? __fget_files+0x2a/0x410 [ 253.221437][T12031] __sys_sendmsg+0x269/0x350 [ 253.226034][T12031] ? __pfx_lock_release+0x10/0x10 [ 253.231062][T12031] ? __pfx___sys_sendmsg+0x10/0x10 [ 253.236204][T12031] ? __pfx_vfs_write+0x10/0x10 [ 253.240991][T12031] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 253.247331][T12031] ? do_syscall_64+0x100/0x230 [ 253.252101][T12031] ? do_syscall_64+0xb6/0x230 [ 253.256968][T12031] do_syscall_64+0xf3/0x230 [ 253.261513][T12031] ? clear_bhb_loop+0x35/0x90 [ 253.266212][T12031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.272466][T12031] RIP: 0033:0x7fdecf385d29 [ 253.276898][T12031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.296967][T12031] RSP: 002b:00007fded0156038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 253.305517][T12031] RAX: ffffffffffffffda RBX: 00007fdecf575fa0 RCX: 00007fdecf385d29 [ 253.313586][T12031] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 253.321658][T12031] RBP: 00007fded0156090 R08: 0000000000000000 R09: 0000000000000000 [ 253.329627][T12031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.337596][T12031] R13: 0000000000000000 R14: 00007fdecf575fa0 R15: 00007ffdad35d408 [ 253.345580][T12031] [ 253.354726][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 253.401245][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.446452][T12023] gretap0: left promiscuous mode [ 253.453777][T12023] bridge0: port 1(gretap0) entered disabled state [ 253.734368][ T63] bridge_slave_1: left allmulticast mode [ 253.753946][ T63] bridge_slave_1: left promiscuous mode [ 253.759834][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.807703][ T63] bridge_slave_0: left allmulticast mode [ 253.813499][ T63] bridge_slave_0: left promiscuous mode [ 253.843874][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.948561][T12052] netlink: 'syz.2.1623': attribute type 4 has an invalid length. [ 253.963656][T12052] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1623'. [ 254.072445][T12070] FAULT_INJECTION: forcing a failure. [ 254.072445][T12070] name failslab, interval 1, probability 0, space 0, times 0 [ 254.085777][T12070] CPU: 1 UID: 0 PID: 12070 Comm: syz.4.1631 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 254.096603][T12070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 254.107649][T12070] Call Trace: [ 254.111207][T12070] [ 254.114174][T12070] dump_stack_lvl+0x241/0x360 [ 254.118884][T12070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.124121][T12070] ? __pfx__printk+0x10/0x10 [ 254.128737][T12070] ? __kmalloc_noprof+0xb5/0x4c0 [ 254.133693][T12070] ? __pfx___might_resched+0x10/0x10 [ 254.138987][T12070] should_fail_ex+0x3b0/0x4e0 [ 254.143799][T12070] should_failslab+0xac/0x100 [ 254.148498][T12070] __kmalloc_noprof+0xdd/0x4c0 [ 254.153271][T12070] ? pfkey_add+0x1453/0x3030 [ 254.157900][T12070] pfkey_add+0x1453/0x3030 [ 254.162355][T12070] ? __pfx_pfkey_add+0x10/0x10 [ 254.167226][T12070] ? pfkey_broadcast+0x45/0x400 [ 254.172177][T12070] ? pfkey_broadcast+0x3e3/0x400 [ 254.177123][T12070] pfkey_sendmsg+0xbcc/0x1050 [ 254.181814][T12070] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 254.186961][T12070] ? __pfx_aa_sk_perm+0x10/0x10 [ 254.191849][T12070] ? __pfx_lock_release+0x10/0x10 [ 254.196893][T12070] ? __import_iovec+0x590/0x870 [ 254.201773][T12070] ? aa_sock_msg_perm+0x91/0x160 [ 254.206860][T12070] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 254.211978][T12070] __sock_sendmsg+0x221/0x270 [ 254.216679][T12070] ____sys_sendmsg+0x52a/0x7e0 [ 254.221549][T12070] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.226838][T12070] ? __fget_files+0x2a/0x410 [ 254.231452][T12070] ? __fget_files+0x2a/0x410 [ 254.236048][T12070] __sys_sendmsg+0x269/0x350 [ 254.240646][T12070] ? __pfx_lock_release+0x10/0x10 [ 254.245676][T12070] ? __pfx___sys_sendmsg+0x10/0x10 [ 254.250799][T12070] ? __pfx_vfs_write+0x10/0x10 [ 254.255583][T12070] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 254.261941][T12070] ? do_syscall_64+0x100/0x230 [ 254.266724][T12070] ? do_syscall_64+0xb6/0x230 [ 254.271412][T12070] do_syscall_64+0xf3/0x230 [ 254.275942][T12070] ? clear_bhb_loop+0x35/0x90 [ 254.280625][T12070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.286518][T12070] RIP: 0033:0x7f79ccf85d29 [ 254.290977][T12070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.310696][T12070] RSP: 002b:00007f79cde16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.319121][T12070] RAX: ffffffffffffffda RBX: 00007f79cd175fa0 RCX: 00007f79ccf85d29 [ 254.327097][T12070] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 254.335586][T12070] RBP: 00007f79cde16090 R08: 0000000000000000 R09: 0000000000000000 [ 254.343660][T12070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.351650][T12070] R13: 0000000000000000 R14: 00007f79cd175fa0 R15: 00007ffe4014e538 [ 254.359738][T12070] [ 254.439289][T12073] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1632'. [ 254.518281][T12073] netlink: 'syz.0.1632': attribute type 1 has an invalid length. [ 254.527544][T12073] netlink: 'syz.0.1632': attribute type 3 has an invalid length. [ 254.539429][T12073] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1632'. [ 254.551303][T12073] NCSI netlink: No device for ifindex 0 [ 254.846655][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.858717][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.868916][ T63] bond0 (unregistering): Released all slaves [ 254.895270][T12066] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 254.968279][T12020] chnl_net:caif_netlink_parms(): no params data found [ 255.014599][ T5838] Bluetooth: hci3: command tx timeout [ 255.024258][T12066] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.164816][T12066] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.209984][T12099] netlink: 'syz.4.1639': attribute type 1 has an invalid length. [ 255.291415][T12099] 8021q: adding VLAN 0 to HW filter on device bond3 [ 255.440974][T12066] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.557718][ T63] hsr_slave_0: left promiscuous mode [ 255.565882][ T63] hsr_slave_1: left promiscuous mode [ 255.578515][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.586839][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.595121][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.602757][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.625581][ T63] veth1_macvtap: left promiscuous mode [ 255.631139][ T63] veth0_macvtap: left promiscuous mode [ 255.637168][ T63] veth1_vlan: left promiscuous mode [ 255.642457][ T63] veth0_vlan: left promiscuous mode [ 256.163022][ T63] team0 (unregistering): Port device team_slave_1 removed [ 256.210966][ T63] team0 (unregistering): Port device team_slave_0 removed [ 256.745409][T12118] netlink: 'syz.0.1642': attribute type 21 has an invalid length. [ 256.758964][T12118] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 256.766274][T12118] IPv6: NLM_F_CREATE should be set when creating new route [ 256.773693][T12118] IPv6: NLM_F_CREATE should be set when creating new route [ 256.781012][T12118] IPv6: NLM_F_CREATE should be set when creating new route [ 256.813813][T12020] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.823747][T12020] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.831067][T12020] bridge_slave_0: entered allmulticast mode [ 256.854966][T12020] bridge_slave_0: entered promiscuous mode [ 256.875715][T12020] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.882843][T12020] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.893911][T12020] bridge_slave_1: entered allmulticast mode [ 256.900985][T12020] bridge_slave_1: entered promiscuous mode [ 256.973267][T12066] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 256.989570][T12020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.021212][T12020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.049728][T12066] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.082529][T12066] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.092760][T12141] netlink: 'syz.4.1646': attribute type 10 has an invalid length. [ 257.101140][ T5144] Bluetooth: hci3: command tx timeout [ 257.131816][T12066] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.186195][T12143] netlink: 'syz.0.1647': attribute type 4 has an invalid length. [ 257.203612][T12143] __nla_validate_parse: 3 callbacks suppressed [ 257.203635][T12143] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1647'. [ 257.226869][T12141] team0: Port device veth0_to_batadv added [ 257.315375][T12145] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 257.357309][T12020] team0: Port device team_slave_0 added [ 257.404847][T12020] team0: Port device team_slave_1 added [ 257.519892][T12020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.537413][T12020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.593796][T12020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.638790][T12020] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.666394][T12020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.749169][T12020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.937564][T12176] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 257.970513][T12175] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1656'. [ 257.997074][T12175] openvswitch: netlink: Message has 8 unknown bytes. [ 258.027383][T12020] hsr_slave_0: entered promiscuous mode [ 258.078360][T12183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1657'. [ 258.090388][T12182] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1656'. [ 258.118940][T12020] hsr_slave_1: entered promiscuous mode [ 258.129881][T12183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1657'. [ 258.142050][T12020] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 258.159812][T12020] Cannot create hsr debugfs directory [ 258.238619][T12175] netlink: 'syz.1.1656': attribute type 12 has an invalid length. [ 258.511193][T12206] x_tables: duplicate underflow at hook 1 [ 258.523024][T12201] netlink: 'syz.0.1660': attribute type 4 has an invalid length. [ 258.544512][T12201] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1660'. [ 258.595196][T12210] geneve0: mtu greater than device maximum [ 258.893459][T12020] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 258.902910][T12020] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 258.912774][T12020] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 258.923080][T12020] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 258.973268][T12223] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1665'. [ 259.001463][T12020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.032159][T12020] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.054458][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.061658][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.083470][ T9929] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.090918][ T9929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.107579][T12224] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1665'. [ 259.118057][T12223] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1665'. [ 259.129234][T12224] x_tables: duplicate entry at hook 1 [ 259.174293][ T5144] Bluetooth: hci3: command tx timeout [ 259.290004][T12235] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1669'. [ 259.358353][T12020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.454432][T12020] veth0_vlan: entered promiscuous mode [ 259.467367][T12020] veth1_vlan: entered promiscuous mode [ 259.488595][T12238] pimreg: entered allmulticast mode [ 259.529206][T12240] sctp: [Deprecated]: syz.0.1671 (pid 12240) Use of int in max_burst socket option. [ 259.529206][T12240] Use struct sctp_assoc_value instead [ 259.552065][T12020] veth0_macvtap: entered promiscuous mode [ 259.563930][T12241] pimreg: left allmulticast mode [ 259.596402][T12020] veth1_macvtap: entered promiscuous mode [ 259.625064][T12020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.649681][T12020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.680083][T12020] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.697796][T12020] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.710697][T12020] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.727259][T12020] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.865772][T12249] FAULT_INJECTION: forcing a failure. [ 259.865772][T12249] name failslab, interval 1, probability 0, space 0, times 0 [ 259.906021][T12249] CPU: 0 UID: 0 PID: 12249 Comm: syz.1.1675 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 259.916879][T12249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 259.926943][T12249] Call Trace: [ 259.926955][T12249] [ 259.926963][T12249] dump_stack_lvl+0x241/0x360 [ 259.926994][T12249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.927018][T12249] ? __pfx__printk+0x10/0x10 [ 259.947751][T12249] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 259.953273][T12249] ? __pfx___might_resched+0x10/0x10 [ 259.958684][T12249] should_fail_ex+0x3b0/0x4e0 [ 259.961635][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.963474][T12249] should_failslab+0xac/0x100 [ 259.976099][T12249] __kmalloc_node_noprof+0xe1/0x4d0 [ 259.981425][T12249] ? crypto_create_tfm_node+0x88/0x3d0 [ 259.987074][T12249] crypto_create_tfm_node+0x88/0x3d0 [ 259.992463][T12249] crypto_spawn_tfm2+0x5c/0x90 [ 259.997310][T12249] crypto_authenc_init_tfm+0x46/0x220 [ 260.002724][T12249] crypto_create_tfm_node+0x167/0x3d0 [ 260.008149][T12249] crypto_spawn_tfm2+0x5c/0x90 [ 260.012926][T12249] aead_init_geniv+0x18e/0x260 [ 260.017713][T12249] crypto_create_tfm_node+0x167/0x3d0 [ 260.023098][T12249] crypto_alloc_tfm_node+0x161/0x360 [ 260.028393][T12249] esp_init_state+0x611/0x10b0 [ 260.033196][T12249] ? __pfx_esp_init_state+0x10/0x10 [ 260.038439][T12249] ? __xfrm_init_state+0x708/0xea0 [ 260.043707][T12249] ? __pfx_lock_release+0x10/0x10 [ 260.048746][T12249] __xfrm_init_state+0x9db/0xea0 [ 260.053716][T12249] xfrm_init_state+0x1f/0x80 [ 260.058339][T12249] pfkey_add+0x1dfe/0x3030 [ 260.062788][T12249] ? __pfx_pfkey_add+0x10/0x10 [ 260.067561][T12249] ? pfkey_broadcast+0x45/0x400 [ 260.072422][T12249] ? pfkey_broadcast+0x3e3/0x400 [ 260.077365][T12249] pfkey_sendmsg+0xbcc/0x1050 [ 260.082055][T12249] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 260.087181][T12249] ? __pfx_aa_sk_perm+0x10/0x10 [ 260.092049][T12249] ? __pfx_lock_release+0x10/0x10 [ 260.097078][T12249] ? __import_iovec+0x590/0x870 [ 260.101928][T12249] ? aa_sock_msg_perm+0x91/0x160 [ 260.106863][T12249] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 260.112322][T12249] __sock_sendmsg+0x221/0x270 [ 260.117017][T12249] ____sys_sendmsg+0x52a/0x7e0 [ 260.121785][T12249] ? __pfx_____sys_sendmsg+0x10/0x10 [ 260.127068][T12249] ? __fget_files+0x2a/0x410 [ 260.131659][T12249] ? __fget_files+0x2a/0x410 [ 260.136253][T12249] __sys_sendmsg+0x269/0x350 [ 260.140854][T12249] ? __pfx_lock_release+0x10/0x10 [ 260.145876][T12249] ? __pfx___sys_sendmsg+0x10/0x10 [ 260.151012][T12249] ? __pfx_vfs_write+0x10/0x10 [ 260.155798][T12249] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 260.162152][T12249] ? do_syscall_64+0x100/0x230 [ 260.166923][T12249] ? do_syscall_64+0xb6/0x230 [ 260.171604][T12249] do_syscall_64+0xf3/0x230 [ 260.176105][T12249] ? clear_bhb_loop+0x35/0x90 [ 260.180805][T12249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.186696][T12249] RIP: 0033:0x7f62e4185d29 [ 260.191636][T12249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.211241][T12249] RSP: 002b:00007f62e503e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.219671][T12249] RAX: ffffffffffffffda RBX: 00007f62e4375fa0 RCX: 00007f62e4185d29 [ 260.227670][T12249] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 260.235659][T12249] RBP: 00007f62e503e090 R08: 0000000000000000 R09: 0000000000000000 [ 260.243829][T12249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 260.251830][T12249] R13: 0000000000000000 R14: 00007f62e4375fa0 R15: 00007fff75946a18 [ 260.260019][T12249] [ 260.267808][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.403196][ T9929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.413051][ T9929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.495010][T12261] netlink: 'syz.1.1677': attribute type 15 has an invalid length. [ 260.738307][T12268] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.785281][T12274] tap0: tun_chr_ioctl cmd 1074025678 [ 260.790741][T12274] tap0: group set to 0 [ 260.817158][T12268] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.893316][T12268] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.996561][T12268] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.109377][T12268] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.142449][T12268] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.160440][T12268] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.175384][T12268] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.296482][T12300] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 261.990744][T12335] lo speed is unknown, defaulting to 1000 [ 262.276146][T12341] __nla_validate_parse: 9 callbacks suppressed [ 262.276170][T12341] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1700'. [ 262.452437][T12347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1701'. [ 262.698648][ T1334] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.499424][ T1334] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.571150][ T1334] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.630246][ T1334] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.702756][ T1334] bridge_slave_1: left allmulticast mode [ 263.708744][ T1334] bridge_slave_1: left promiscuous mode [ 263.715587][ T1334] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.724663][ T1334] bridge_slave_0: left allmulticast mode [ 263.730374][ T1334] bridge_slave_0: left promiscuous mode [ 263.737056][ T1334] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.201007][ T1334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 264.274185][ T1334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 264.335297][ T1334] bond0 (unregistering): Released all slaves [ 264.651985][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 264.668558][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 264.678095][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 264.686255][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 264.702358][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 264.712279][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 264.901169][T12375] lo speed is unknown, defaulting to 1000 [ 265.263794][ T1334] hsr_slave_0: left promiscuous mode [ 265.299978][ T1334] hsr_slave_1: left promiscuous mode [ 265.324332][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.343097][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 265.353417][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 265.362584][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 265.419314][ T1334] veth1_macvtap: left promiscuous mode [ 265.435376][ T1334] veth0_macvtap: left promiscuous mode [ 265.441355][ T1334] veth1_vlan: left promiscuous mode [ 265.453478][ T1334] veth0_vlan: left promiscuous mode [ 265.817820][T12408] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1717'. [ 265.877631][T12417] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1720'. [ 266.051869][T12424] x_tables: duplicate entry at hook 1 [ 266.347156][ T1334] team0 (unregistering): Port device team_slave_1 removed [ 266.405976][ T1334] team0 (unregistering): Port device team_slave_0 removed [ 266.774059][ T5144] Bluetooth: hci3: command tx timeout [ 267.209702][T12418] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1720'. [ 267.220039][T12423] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1717'. [ 267.438742][T12432] xt_SECMARK: invalid mode: 0 [ 267.525877][T12443] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1724'. [ 267.541793][T12443] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1724'. [ 267.593173][T12375] chnl_net:caif_netlink_parms(): no params data found [ 267.623080][T12433] vxcan3: entered allmulticast mode [ 268.144340][T12466] xt_ecn: cannot match TCP bits for non-tcp packets [ 268.218547][T12468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1731'. [ 268.233892][T12468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1731'. [ 268.857961][ T5144] Bluetooth: hci3: command tx timeout [ 269.230255][T12474] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1733'. [ 269.430549][T12477] x_tables: duplicate entry at hook 1 [ 270.308194][T12461] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1730'. [ 270.318372][T12470] sch_tbf: burst 1127 is lower than device lo mtu (65550) ! [ 270.338543][T12476] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1733'. [ 270.431723][T12375] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.441447][T12375] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.462302][T12375] bridge_slave_0: entered allmulticast mode [ 270.484756][T12375] bridge_slave_0: entered promiscuous mode [ 270.523885][T12375] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.535662][T12482] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1735'. [ 270.556103][T12375] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.563390][T12375] bridge_slave_1: entered allmulticast mode [ 270.582098][T12375] bridge_slave_1: entered promiscuous mode [ 270.681188][T12375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 270.729762][T12375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 270.876019][T12375] team0: Port device team_slave_0 added [ 270.913864][T12375] team0: Port device team_slave_1 added [ 270.933989][ T5144] Bluetooth: hci3: command tx timeout [ 270.976247][T12509] xt_l2tp: unknown flags: 10 [ 271.014222][T12514] netlink: 'syz.4.1742': attribute type 29 has an invalid length. [ 271.030263][T12375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.054099][T12375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.091786][T12375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.115081][T12375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.122208][T12375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.181815][T12375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 271.194238][T12516] netlink: 'syz.4.1742': attribute type 29 has an invalid length. [ 271.300450][T12375] hsr_slave_0: entered promiscuous mode [ 271.317720][T12375] hsr_slave_1: entered promiscuous mode [ 271.330341][T12375] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.346428][T12375] Cannot create hsr debugfs directory [ 271.454722][T12535] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1746'. [ 271.540111][T12537] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1746'. [ 271.550937][T12535] x_tables: duplicate entry at hook 1 [ 271.786455][T12375] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 271.799662][T12375] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 271.820007][T12375] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 271.843036][T12375] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 271.916426][T12375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.952601][T12375] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.971335][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.978743][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.030845][T11096] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.038029][T11096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.100930][T12557] sctp: [Deprecated]: syz.0.1755 (pid 12557) Use of int in max_burst socket option. [ 272.100930][T12557] Use struct sctp_assoc_value instead [ 272.168914][T12557] netlink: 'syz.0.1755': attribute type 15 has an invalid length. [ 272.412784][T12375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.437212][T12573] FAULT_INJECTION: forcing a failure. [ 272.437212][T12573] name failslab, interval 1, probability 0, space 0, times 0 [ 272.450470][T12573] CPU: 0 UID: 0 PID: 12573 Comm: syz.4.1759 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 272.461277][T12573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 272.471359][T12573] Call Trace: [ 272.474664][T12573] [ 272.477626][T12573] dump_stack_lvl+0x241/0x360 [ 272.482433][T12573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.487670][T12573] ? __pfx__printk+0x10/0x10 [ 272.492309][T12573] ? __kmalloc_noprof+0xb5/0x4c0 [ 272.497297][T12573] ? __pfx___might_resched+0x10/0x10 [ 272.502631][T12573] should_fail_ex+0x3b0/0x4e0 [ 272.507373][T12573] should_failslab+0xac/0x100 [ 272.512089][T12573] __kmalloc_noprof+0xdd/0x4c0 [ 272.515317][T12375] veth0_vlan: entered promiscuous mode [ 272.516871][T12573] ? esp_init_state+0x740/0x10b0 [ 272.527282][T12573] esp_init_state+0x740/0x10b0 [ 272.532104][T12573] ? __pfx_esp_init_state+0x10/0x10 [ 272.537448][T12573] ? __xfrm_init_state+0x708/0xea0 [ 272.542608][T12573] ? __pfx_lock_release+0x10/0x10 [ 272.545309][T12375] veth1_vlan: entered promiscuous mode [ 272.547683][T12573] __xfrm_init_state+0x9db/0xea0 [ 272.555770][T12578] __nla_validate_parse: 4 callbacks suppressed [ 272.555789][T12578] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1761'. [ 272.558061][T12573] xfrm_init_state+0x1f/0x80 [ 272.578135][T12573] pfkey_add+0x1dfe/0x3030 [ 272.582615][T12573] ? __pfx_pfkey_add+0x10/0x10 [ 272.586709][T12375] veth0_macvtap: entered promiscuous mode [ 272.587402][T12573] ? pfkey_broadcast+0x45/0x400 [ 272.596480][T12375] veth1_macvtap: entered promiscuous mode [ 272.597938][T12573] ? pfkey_broadcast+0x3e3/0x400 [ 272.608653][T12573] pfkey_sendmsg+0xbcc/0x1050 [ 272.613382][T12573] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 272.618556][T12573] ? __pfx_aa_sk_perm+0x10/0x10 [ 272.623452][T12573] ? __pfx_lock_release+0x10/0x10 [ 272.628507][T12573] ? __import_iovec+0x590/0x870 [ 272.633395][T12573] ? aa_sock_msg_perm+0x91/0x160 [ 272.638464][T12573] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 272.643615][T12573] __sock_sendmsg+0x221/0x270 [ 272.648341][T12573] ____sys_sendmsg+0x52a/0x7e0 [ 272.653168][T12573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.658492][T12573] ? __fget_files+0x2a/0x410 [ 272.663137][T12573] ? __fget_files+0x2a/0x410 [ 272.667781][T12573] __sys_sendmsg+0x269/0x350 [ 272.672415][T12573] ? __pfx_lock_release+0x10/0x10 [ 272.677494][T12573] ? __pfx___sys_sendmsg+0x10/0x10 [ 272.682741][T12573] ? __pfx_vfs_write+0x10/0x10 [ 272.682904][T12375] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 272.687530][T12573] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 272.687554][T12573] ? do_syscall_64+0x100/0x230 [ 272.687577][T12573] ? do_syscall_64+0xb6/0x230 [ 272.710577][T12573] do_syscall_64+0xf3/0x230 [ 272.715122][T12573] ? clear_bhb_loop+0x35/0x90 [ 272.719842][T12573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.722286][T12375] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 272.725745][T12573] RIP: 0033:0x7f79ccf85d29 [ 272.725768][T12573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.725783][T12573] RSP: 002b:00007f79cde16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.725805][T12573] RAX: ffffffffffffffda RBX: 00007f79cd175fa0 RCX: 00007f79ccf85d29 [ 272.725819][T12573] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 272.744769][T12375] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.757283][T12573] RBP: 00007f79cde16090 R08: 0000000000000000 R09: 0000000000000000 [ 272.757310][T12573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 272.757323][T12573] R13: 0000000000000000 R14: 00007f79cd175fa0 R15: 00007ffe4014e538 [ 272.757352][T12573] [ 272.864266][T12375] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.873063][T12375] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.898927][T12375] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.980005][T12583] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1763'. [ 273.014448][ T5144] Bluetooth: hci3: command tx timeout [ 273.217934][T12603] Bluetooth: MGMT ver 1.23 [ 273.226768][ T7482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.236800][ T7482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.263132][T12599] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1766'. [ 273.297827][ T7488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.306674][ T7488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.327759][T12602] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1766'. [ 273.364453][T12602] x_tables: duplicate entry at hook 1 [ 273.376099][T12599] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1766'. [ 274.091751][ T5912] IPVS: starting estimator thread 0... [ 274.101951][T12633] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1778'. [ 274.203715][T12634] IPVS: using max 30 ests per chain, 72000 per kthread [ 274.536440][T12652] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 274.675653][T12665] netlink: 'syz.2.1786': attribute type 10 has an invalid length. [ 274.692445][T12665] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1786'. [ 274.714425][T12665] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check. [ 274.798070][T12671] ax25_connect(): syz.1.1789 uses autobind, please contact jreuter@yaina.de [ 274.881221][T12669] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1787'. [ 274.981006][T12672] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1787'. [ 275.012321][T12669] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1787'. [ 275.034079][T12672] x_tables: duplicate entry at hook 1 [ 275.136293][ T7488] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.263057][ T7488] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.348948][ T7488] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.400784][ T7488] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.503404][ T7488] bridge_slave_1: left allmulticast mode [ 276.509488][ T7488] bridge_slave_1: left promiscuous mode [ 276.516842][ T7488] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.526389][ T7488] bridge_slave_0: left allmulticast mode [ 276.532055][ T7488] bridge_slave_0: left promiscuous mode [ 276.538085][ T7488] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.108542][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.123740][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.133110][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.151411][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.172004][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.183811][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.243212][ T7488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 277.259307][ T7488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 277.271274][ T7488] bond0 (unregistering): Released all slaves [ 277.396897][T12695] netlink: 'syz.1.1794': attribute type 4 has an invalid length. [ 277.502650][T12697] lo speed is unknown, defaulting to 1000 [ 277.780832][T12713] lo speed is unknown, defaulting to 1000 [ 277.787639][T12722] x_tables: ip6_tables: LED.0 target: invalid size 40 (kernel) != (user) 0 [ 277.930566][T12724] __nla_validate_parse: 2 callbacks suppressed [ 277.930586][T12724] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1803'. [ 278.063083][ T7488] hsr_slave_0: left promiscuous mode [ 278.084905][ T7488] hsr_slave_1: left promiscuous mode [ 278.138683][ T7488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.170539][ T7488] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.180849][ T7488] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.197432][T12741] x_tables: duplicate entry at hook 1 [ 278.200938][ T7488] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.258818][ T7488] veth1_macvtap: left promiscuous mode [ 278.273776][ T7488] veth0_macvtap: left promiscuous mode [ 278.285009][ T7488] veth1_vlan: left promiscuous mode [ 278.290641][ T7488] veth0_vlan: left promiscuous mode [ 278.858278][ T7488] team0 (unregistering): Port device team_slave_1 removed [ 278.906640][ T7488] team0 (unregistering): Port device team_slave_0 removed [ 279.254700][ T5144] Bluetooth: hci3: command tx timeout [ 279.394285][T12735] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1803'. [ 279.408198][T12742] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 37500 - 0 [ 279.423741][T12742] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 37500 - 0 [ 279.432069][T12742] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 37500 - 0 [ 279.453771][T12742] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 37500 - 0 [ 279.462823][T12742] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 45246 - 0 [ 279.471356][T12742] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 45246 - 0 [ 279.493762][T12742] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 45246 - 0 [ 279.502071][T12742] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 45246 - 0 [ 279.526647][T12742] geneve2: entered promiscuous mode [ 279.535015][T12742] geneve2: entered allmulticast mode [ 279.565955][T12697] chnl_net:caif_netlink_parms(): no params data found [ 279.761462][T12754] bond0: left allmulticast mode [ 279.773968][T12754] bond_slave_0: left allmulticast mode [ 279.779487][T12754] bond_slave_1: left allmulticast mode [ 279.822786][T12758] (unnamed net_device) (uninitialized): option lacp_active: invalid value (3) [ 279.877197][T12757] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 279.915530][T12757] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 279.959669][T12763] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1812'. [ 279.969036][T12763] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1812'. [ 279.979893][T12697] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.992803][T12697] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.000435][T12697] bridge_slave_0: entered allmulticast mode [ 280.007867][T12697] bridge_slave_0: entered promiscuous mode [ 280.020219][T12757] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 280.032521][T12757] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 280.048238][T12697] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.065125][T12697] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.072733][T12697] bridge_slave_1: entered allmulticast mode [ 280.080530][T12697] bridge_slave_1: entered promiscuous mode [ 280.084996][T12764] xt_recent: Unsupported userspace flags (00000042) [ 280.096194][T12757] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 280.113032][T12757] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 280.182646][T12757] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 280.201707][T12757] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 280.226753][T12697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.251248][T12697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.279258][T12772] ip6t_srh: unknown srh invflags 4000 [ 280.332461][T12697] team0: Port device team_slave_0 added [ 280.367611][T12697] team0: Port device team_slave_1 added [ 280.388098][T12777] FAULT_INJECTION: forcing a failure. [ 280.388098][T12777] name failslab, interval 1, probability 0, space 0, times 0 [ 280.404034][T12777] CPU: 1 UID: 0 PID: 12777 Comm: syz.0.1816 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 280.414854][T12777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 280.424940][T12777] Call Trace: [ 280.428226][T12777] [ 280.431153][T12777] dump_stack_lvl+0x241/0x360 [ 280.435931][T12777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.441146][T12777] ? __pfx__printk+0x10/0x10 [ 280.445740][T12777] ? kmem_cache_alloc_noprof+0x48/0x380 [ 280.451290][T12777] ? __pfx___might_resched+0x10/0x10 [ 280.456629][T12777] should_fail_ex+0x3b0/0x4e0 [ 280.462008][T12777] should_failslab+0xac/0x100 [ 280.466690][T12777] ? skb_clone+0x20c/0x390 [ 280.471112][T12777] kmem_cache_alloc_noprof+0x70/0x380 [ 280.476483][T12777] ? __pfx_lock_release+0x10/0x10 [ 280.481525][T12777] skb_clone+0x20c/0x390 [ 280.485767][T12777] pfkey_broadcast_one+0x99/0x330 [ 280.490796][T12777] ? pfkey_broadcast+0x45/0x400 [ 280.495650][T12777] pfkey_broadcast+0x3ca/0x400 [ 280.500414][T12777] ? pfkey_broadcast+0x45/0x400 [ 280.505280][T12777] pfkey_sendmsg+0xe10/0x1050 [ 280.509967][T12777] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 280.515098][T12777] ? __pfx_aa_sk_perm+0x10/0x10 [ 280.519956][T12777] ? __pfx_lock_release+0x10/0x10 [ 280.524977][T12777] ? __import_iovec+0x590/0x870 [ 280.529828][T12777] ? aa_sock_msg_perm+0x91/0x160 [ 280.534766][T12777] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 280.539884][T12777] __sock_sendmsg+0x221/0x270 [ 280.544607][T12777] ____sys_sendmsg+0x52a/0x7e0 [ 280.549392][T12777] ? __pfx_____sys_sendmsg+0x10/0x10 [ 280.554701][T12777] ? __fget_files+0x2a/0x410 [ 280.559307][T12777] ? __fget_files+0x2a/0x410 [ 280.563931][T12777] __sys_sendmsg+0x269/0x350 [ 280.568533][T12777] ? __pfx_lock_release+0x10/0x10 [ 280.573606][T12777] ? __pfx___sys_sendmsg+0x10/0x10 [ 280.578725][T12777] ? __pfx_vfs_write+0x10/0x10 [ 280.583505][T12777] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 280.589837][T12777] ? do_syscall_64+0x100/0x230 [ 280.594602][T12777] ? do_syscall_64+0xb6/0x230 [ 280.599279][T12777] do_syscall_64+0xf3/0x230 [ 280.603781][T12777] ? clear_bhb_loop+0x35/0x90 [ 280.608467][T12777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.614365][T12777] RIP: 0033:0x7feb50b85d29 [ 280.618781][T12777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.638397][T12777] RSP: 002b:00007feb51970038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 280.646841][T12777] RAX: ffffffffffffffda RBX: 00007feb50d75fa0 RCX: 00007feb50b85d29 [ 280.655233][T12777] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 280.663474][T12777] RBP: 00007feb51970090 R08: 0000000000000000 R09: 0000000000000000 [ 280.671447][T12777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 280.679505][T12777] R13: 0000000000000000 R14: 00007feb50d75fa0 R15: 00007ffe04040578 [ 280.687675][T12777] [ 280.778241][T12757] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 280.806359][T12757] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 280.837411][T12757] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 280.851872][T12757] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 280.854841][T12782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1817'. [ 280.877405][T12757] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 280.886281][T12757] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 280.968301][T12697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.983578][T12697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.011401][T12697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.076926][T12757] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 281.088978][T12782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1817'. [ 281.099074][T12757] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 281.120266][T12697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.133820][T12697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.167133][T12697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.273901][T12789] tipc: Enabling of bearer rejected, failed to enable media [ 281.334366][ T5144] Bluetooth: hci3: command tx timeout [ 281.342710][T12787] lo speed is unknown, defaulting to 1000 [ 281.502117][T12697] hsr_slave_0: entered promiscuous mode [ 281.522662][T12697] hsr_slave_1: entered promiscuous mode [ 281.544491][T12697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 281.559779][T12697] Cannot create hsr debugfs directory [ 281.937160][T12815] FAULT_INJECTION: forcing a failure. [ 281.937160][T12815] name failslab, interval 1, probability 0, space 0, times 0 [ 281.984235][T12815] CPU: 0 UID: 0 PID: 12815 Comm: syz.4.1828 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 281.995242][T12815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 282.005325][T12815] Call Trace: [ 282.008672][T12815] [ 282.011644][T12815] dump_stack_lvl+0x241/0x360 [ 282.016349][T12815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.021564][T12815] ? __pfx__printk+0x10/0x10 [ 282.026190][T12815] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 282.032197][T12815] ? __pfx___might_resched+0x10/0x10 [ 282.038104][T12815] should_fail_ex+0x3b0/0x4e0 [ 282.042831][T12815] should_failslab+0xac/0x100 [ 282.047528][T12815] kmem_cache_alloc_node_noprof+0x77/0x380 [ 282.053370][T12815] ? __alloc_skb+0x1c3/0x440 [ 282.057981][T12815] ? __mutex_unlock_slowpath+0x21e/0x790 [ 282.063630][T12815] __alloc_skb+0x1c3/0x440 [ 282.068054][T12815] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 282.074041][T12815] ? __pfx___alloc_skb+0x10/0x10 [ 282.078975][T12815] ? net_generic+0x1d0/0x240 [ 282.083566][T12815] ? pfkey_broadcast+0x3e3/0x400 [ 282.088508][T12815] pfkey_sendmsg+0xce4/0x1050 [ 282.093198][T12815] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 282.098416][T12815] ? __pfx_aa_sk_perm+0x10/0x10 [ 282.103271][T12815] ? __pfx_lock_release+0x10/0x10 [ 282.108335][T12815] ? __import_iovec+0x590/0x870 [ 282.113275][T12815] ? aa_sock_msg_perm+0x91/0x160 [ 282.118211][T12815] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 282.123345][T12815] __sock_sendmsg+0x221/0x270 [ 282.128123][T12815] ____sys_sendmsg+0x52a/0x7e0 [ 282.132893][T12815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 282.138187][T12815] ? __fget_files+0x2a/0x410 [ 282.142792][T12815] ? __fget_files+0x2a/0x410 [ 282.147648][T12815] __sys_sendmsg+0x269/0x350 [ 282.152420][T12815] ? __pfx_lock_release+0x10/0x10 [ 282.157621][T12815] ? __pfx___sys_sendmsg+0x10/0x10 [ 282.162738][T12815] ? __pfx_vfs_write+0x10/0x10 [ 282.167519][T12815] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 282.174196][T12815] ? do_syscall_64+0x100/0x230 [ 282.178963][T12815] ? do_syscall_64+0xb6/0x230 [ 282.183651][T12815] do_syscall_64+0xf3/0x230 [ 282.188152][T12815] ? clear_bhb_loop+0x35/0x90 [ 282.192913][T12815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.198803][T12815] RIP: 0033:0x7f79ccf85d29 [ 282.203212][T12815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.222835][T12815] RSP: 002b:00007f79cde16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.231257][T12815] RAX: ffffffffffffffda RBX: 00007f79cd175fa0 RCX: 00007f79ccf85d29 [ 282.239227][T12815] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 282.247192][T12815] RBP: 00007f79cde16090 R08: 0000000000000000 R09: 0000000000000000 [ 282.255159][T12815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 282.263126][T12815] R13: 0000000000000000 R14: 00007f79cd175fa0 R15: 00007ffe4014e538 [ 282.271252][T12815] [ 282.351763][T12817] netlink: 243 bytes leftover after parsing attributes in process `syz.2.1829'. [ 282.390563][T12817] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 282.594699][T12819] netlink: 'syz.4.1830': attribute type 1 has an invalid length. [ 282.625855][T12819] 8021q: adding VLAN 0 to HW filter on device bond4 [ 282.675409][T12819] 8021q: adding VLAN 0 to HW filter on device bond4 [ 282.682548][T12819] bond4: (slave vcan1): The slave device specified does not support setting the MAC address [ 282.695582][T12819] bond4: (slave vcan1): Error -95 calling set_mac_address [ 282.800882][T12825] bond0: (slave syz_tun): Releasing backup interface [ 282.808742][T12825] syz_tun (unregistering): left allmulticast mode [ 282.853193][T12822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 282.878372][T12822] bond4: (slave batadv0): making interface the new active one [ 282.896997][T12822] bond4: (slave batadv0): Enslaving as an active interface with an up link [ 283.188182][T12697] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 283.222366][T12697] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 283.240958][T12846] xt_CT: You must specify a L4 protocol and not use inversions on it [ 283.257563][T12697] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 283.295813][T12697] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 283.403294][T12851] syz.1.1838[12851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 283.403392][T12851] syz.1.1838[12851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 283.416226][ T5144] Bluetooth: hci3: command tx timeout [ 283.441798][T12851] syz.1.1838[12851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 283.495875][T12848] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1839'. [ 283.547002][T12697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.590854][T12697] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.642623][T12856] FAULT_INJECTION: forcing a failure. [ 283.642623][T12856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 283.646986][ T7488] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.663302][ T7488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.666981][T12856] CPU: 0 UID: 0 PID: 12856 Comm: syz.2.1840 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 283.681443][T12856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 283.691546][T12856] Call Trace: [ 283.694852][T12856] [ 283.697887][T12856] dump_stack_lvl+0x241/0x360 [ 283.702598][T12856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.707826][T12856] ? __pfx__printk+0x10/0x10 [ 283.712549][T12856] ? __pfx_lock_release+0x10/0x10 [ 283.717597][T12856] ? __lock_acquire+0x1397/0x2100 [ 283.722642][T12856] should_fail_ex+0x3b0/0x4e0 [ 283.727350][T12856] _copy_from_user+0x2f/0xc0 [ 283.732009][T12856] kstrtouint_from_user+0xc6/0x190 [ 283.737169][T12856] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 283.743177][T12856] ? __pfx_lock_acquire+0x10/0x10 [ 283.748238][T12856] proc_fail_nth_write+0xaa/0x2d0 [ 283.753328][T12856] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 283.759245][T12856] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 283.765067][T12856] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 283.770886][T12856] vfs_write+0x2a3/0xd30 [ 283.775137][T12856] ? __pfx_vfs_write+0x10/0x10 [ 283.779901][T12856] ? __fget_files+0x2a/0x410 [ 283.784500][T12856] ? __fget_files+0x395/0x410 [ 283.789183][T12856] ? __fget_files+0x2a/0x410 [ 283.793783][T12856] ksys_write+0x18f/0x2b0 [ 283.798140][T12856] ? __pfx_ksys_write+0x10/0x10 [ 283.802987][T12856] ? do_syscall_64+0x100/0x230 [ 283.807758][T12856] ? do_syscall_64+0xb6/0x230 [ 283.812438][T12856] do_syscall_64+0xf3/0x230 [ 283.816952][T12856] ? clear_bhb_loop+0x35/0x90 [ 283.821635][T12856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.827528][T12856] RIP: 0033:0x7fdecf3847df [ 283.831954][T12856] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 283.851559][T12856] RSP: 002b:00007fded0156030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 283.859978][T12856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdecf3847df [ 283.867944][T12856] RDX: 0000000000000001 RSI: 00007fded01560a0 RDI: 0000000000000004 [ 283.875913][T12856] RBP: 00007fded0156090 R08: 0000000000000000 R09: 0000000000000000 [ 283.883879][T12856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 283.891882][T12856] R13: 0000000000000000 R14: 00007fdecf575fa0 R15: 00007ffdad35d408 [ 283.899874][T12856] [ 283.912719][ T7488] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.919899][ T7488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.998443][T12697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 284.305190][T12869] netlink: 'syz.2.1845': attribute type 1 has an invalid length. [ 284.322753][T12869] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1845'. [ 284.376340][T12697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.511603][T12697] veth0_vlan: entered promiscuous mode [ 284.549434][T12888] netlink: 'syz.4.1849': attribute type 4 has an invalid length. [ 284.556103][T12697] veth1_vlan: entered promiscuous mode [ 284.701895][T12697] veth0_macvtap: entered promiscuous mode [ 284.745972][T12697] veth1_macvtap: entered promiscuous mode [ 284.776930][T12897] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 284.828441][T12697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.845873][T12697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.863744][T12697] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.872514][T12697] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.883063][T12697] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.920159][T12697] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.080293][ T9179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.088275][T12896] infiniband syz!: set down [ 285.100940][T12896] infiniband syz!: added team_slave_0 [ 285.103659][ T9179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.154980][T12896] syz!: rxe_create_cq: returned err = -12 [ 285.187800][T12896] infiniband syz!: Couldn't create ib_mad CQ [ 285.198753][T11097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.207115][T12896] infiniband syz!: Couldn't open port 1 [ 285.219421][T11097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.253265][T12911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1857'. [ 285.283236][T12896] RDS/IB: syz!: added [ 285.307347][T12896] smc: adding ib device syz! with port count 1 [ 285.323935][T12896] smc: ib device syz! port 1 has pnetid [ 285.333990][T12911] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1857'. [ 285.366548][T12886] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 285.378940][T12914] netlink: 'syz.2.1856': attribute type 1 has an invalid length. [ 285.518013][ T5144] Bluetooth: hci3: command tx timeout [ 285.564652][T12915] netlink: 'syz.2.1856': attribute type 10 has an invalid length. [ 285.572554][T12915] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1856'. [ 285.582462][T12915] veth0_vlan: left promiscuous mode [ 285.587869][T12915] veth0_vlan: entered promiscuous mode [ 285.608860][T12915] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 285.795147][T12918] netlink: 'syz.4.1859': attribute type 1 has an invalid length. [ 285.836928][T12919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1858'. [ 285.861715][T12918] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 285.874064][T12919] netlink: 'syz.1.1858': attribute type 12 has an invalid length. [ 285.906252][T12921] 8021q: adding VLAN 0 to HW filter on device bond5 [ 285.934477][T11096] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 286.077421][T11097] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 286.257650][T12928] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1862'. [ 286.295758][T12933] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1863'. [ 286.438065][T12938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1864'. [ 286.468082][T12943] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1866'. [ 286.694470][T12951] netlink: 'syz.0.1867': attribute type 21 has an invalid length. [ 286.702395][T12951] netlink: 'syz.0.1867': attribute type 1 has an invalid length. [ 286.738681][T12956] netlink: get zone limit has 8 unknown bytes [ 286.828472][T12960] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 287.023807][T12972] netlink: 'syz.2.1876': attribute type 1 has an invalid length. [ 287.089445][T12978] pimreg: entered allmulticast mode [ 287.123800][T12981] xt_CT: You must specify a L4 protocol and not use inversions on it [ 287.608161][T13009] netlink: 'syz.0.1884': attribute type 38 has an invalid length. [ 287.779865][T13010] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.816290][T13010] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 287.874311][ T9179] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.599190][T13017] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 289.910891][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 289.935368][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 289.958525][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 289.966690][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 290.002781][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 290.030548][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 290.365281][ T9179] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.420280][T13029] lo speed is unknown, defaulting to 1000 [ 290.616765][ T9179] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.692640][T13043] __nla_validate_parse: 6 callbacks suppressed [ 290.692663][T13043] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.1890'. [ 290.831877][ T9179] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.940329][T13052] tipc: Enabling of bearer rejected, failed to enable media [ 291.099467][ T9179] bridge_slave_1: left allmulticast mode [ 291.108283][ T9179] bridge_slave_1: left promiscuous mode [ 291.125797][ T9179] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.154745][ T9179] bridge_slave_0: left allmulticast mode [ 291.179930][ T9179] bridge_slave_0: left promiscuous mode [ 291.198458][ T9179] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.451325][T13081] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1902'. [ 291.716544][ T9179] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 291.728730][ T9179] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 291.739888][ T9179] bond0 (unregistering): Released all slaves [ 291.971092][T13093] batman_adv: batadv0: Removing interface: gretap1 [ 291.995198][T13029] chnl_net:caif_netlink_parms(): no params data found [ 292.133875][ T5144] Bluetooth: hci3: command tx timeout [ 292.223945][T13029] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.231142][T13029] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.238590][T13029] bridge_slave_0: entered allmulticast mode [ 292.289032][T13029] bridge_slave_0: entered promiscuous mode [ 292.303231][T13029] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.323241][T13029] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.348951][T13029] bridge_slave_1: entered allmulticast mode [ 292.392314][T13029] bridge_slave_1: entered promiscuous mode [ 292.483897][ T9179] hsr_slave_0: left promiscuous mode [ 292.496860][ T9179] hsr_slave_1: left promiscuous mode [ 292.514632][ T9179] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.537732][ T9179] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.564644][ T9179] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 292.581098][ T9179] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.638874][ T9179] veth1_macvtap: left promiscuous mode [ 292.653737][ T9179] veth0_macvtap: left promiscuous mode [ 292.661055][ T9179] veth1_vlan: left promiscuous mode [ 292.672705][ T9179] veth0_vlan: left promiscuous mode [ 292.819884][T13120] netlink: 'syz.0.1911': attribute type 1 has an invalid length. [ 293.417184][ T9179] team0 (unregistering): Port device team_slave_1 removed [ 293.515342][ T9179] team0 (unregistering): Port device team_slave_0 removed [ 294.071087][T13107] lo speed is unknown, defaulting to 1000 [ 294.101898][T13029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.134446][T13029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.224276][ T5144] Bluetooth: hci3: command tx timeout [ 294.400511][T13029] team0: Port device team_slave_0 added [ 294.433174][T13029] team0: Port device team_slave_1 added [ 294.501914][T13029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.521762][T13029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.600781][T13029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 294.665020][T13029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 294.685858][T13029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.725548][T13029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 294.870162][T13029] hsr_slave_0: entered promiscuous mode [ 294.893834][T13029] hsr_slave_1: entered promiscuous mode [ 294.925515][T13029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 294.935167][T13029] Cannot create hsr debugfs directory [ 295.467970][T13175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1922'. [ 295.667079][T13184] veth0_to_bridge: entered promiscuous mode [ 295.678259][T13178] lo speed is unknown, defaulting to 1000 [ 295.901138][T13029] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 295.944976][T13029] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 295.966402][T13029] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 296.086646][T13192] netdevsim netdevsim4 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 296.104230][T13192] netdevsim netdevsim4 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 296.112909][T13192] netdevsim netdevsim4 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 296.132268][T13192] netdevsim netdevsim4 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 296.206498][T13192] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 296.224923][T13192] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 20001 - 0 [ 296.240938][T13192] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 20001 - 0 [ 296.249844][T13192] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 20001 - 0 [ 296.258537][T13192] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 20001 - 0 [ 296.303913][ T5144] Bluetooth: hci3: command tx timeout [ 296.321410][T13192] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 296.370210][T13029] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 296.497780][T13206] netlink: 'syz.4.1930': attribute type 1 has an invalid length. [ 296.581841][T13176] veth0_to_bridge: left promiscuous mode [ 296.620866][T13029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.735284][T13213] Unsupported ieee802154 address type: 0 [ 296.789389][T13029] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.839311][T11096] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.846501][T11096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.916529][T11096] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.923755][T11096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.995688][T13216] netlink: 'syz.0.1933': attribute type 5 has an invalid length. [ 297.064698][T13218] lo speed is unknown, defaulting to 1000 [ 297.086769][T13225] ipt_rpfilter: unknown options [ 297.816158][T13029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 298.099026][T13029] veth0_vlan: entered promiscuous mode [ 298.177625][T13029] veth1_vlan: entered promiscuous mode [ 298.328230][T13029] veth0_macvtap: entered promiscuous mode [ 298.366892][T13256] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 298.402772][ T5144] Bluetooth: hci3: command tx timeout [ 298.438912][T13029] veth1_macvtap: entered promiscuous mode [ 298.536310][T13029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.609617][T13029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.618800][T13264] xt_hashlimit: max too large, truncated to 1048576 [ 298.707953][T13029] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.724534][T13029] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.744140][T13029] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.758658][T13029] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.937245][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.960672][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.009094][ T7488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.018388][ T7488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.050885][T13274] syzkaller0: entered promiscuous mode [ 299.067032][T13274] syzkaller0: entered allmulticast mode [ 299.386167][T13291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1952'. [ 299.609482][T13296] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1953'. [ 300.306953][T13305] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1955'. [ 302.569537][T13325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1961'. [ 302.579269][T13325] (unnamed net_device) (uninitialized): option ad_select: invalid value (7) [ 302.592565][T13326] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 302.653483][T13328] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 302.691301][T13328] netlink: 'syz.0.1965': attribute type 4 has an invalid length. [ 302.818110][T13342] SET target dimension over the limit! [ 302.895871][T11097] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.191352][T11097] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.265597][T11097] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.348958][T11097] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.480800][T11097] bridge_slave_1: left allmulticast mode [ 303.486560][T11097] bridge_slave_1: left promiscuous mode [ 303.492233][T11097] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.501170][T11097] bridge_slave_0: left allmulticast mode [ 303.507085][T11097] bridge_slave_0: left promiscuous mode [ 303.512896][T11097] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.850836][T11097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.862235][T11097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.872784][T11097] bond0 (unregistering): Released all slaves [ 304.110620][T11097] hsr_slave_0: left promiscuous mode [ 304.124015][T11097] hsr_slave_1: left promiscuous mode [ 304.130378][T11097] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.143645][T11097] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.154110][T11097] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.161548][T11097] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.184479][T11097] veth1_macvtap: left promiscuous mode [ 304.190007][T11097] veth0_macvtap: left promiscuous mode [ 304.195583][T11097] veth1_vlan: left promiscuous mode [ 304.201958][T11097] veth0_vlan: left promiscuous mode [ 304.673349][T11097] team0 (unregistering): Port device team_slave_1 removed [ 304.841407][T13354] xt_TCPMSS: Only works on TCP SYN packets [ 304.878246][ T29] audit: type=1107 audit(1734655152.318:2): pid=13348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='p?€†vãÊ&_q• ¨<ñ,PÊ~1çéîwOBÓi•ëÔ¿;Ì‹È÷$e5Ðø}rxÃ]Xf“êÆ? ‡âÖG·iMò]4Ð0p„ÕêtÖ³ñh`»ö~¬ÈŠÙÑYшxeGǦª<#u ?9Å0©¾ÇÜ\= G!í y-œ÷ [ 304.878246][ T29] hõ'ÃÆd”ÓÙù¶A) Œ×‚ßsó7©­ˆy †µ>|Ç3Weæ|¾¾üÜ¥#1ézŽ_R§?=' [ 304.921122][T11097] team0 (unregistering): Port device team_slave_0 removed [ 304.945823][T13360] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1970'. [ 304.993675][T13360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1970'. [ 305.243062][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 305.252524][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 305.293737][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 305.315069][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 305.341109][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 305.358058][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 305.837233][T13353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1969'. [ 305.894431][T13361] lo speed is unknown, defaulting to 1000 [ 305.958196][T13372] lo speed is unknown, defaulting to 1000 [ 306.126681][T13387] netlink: 'syz.1.1978': attribute type 7 has an invalid length. [ 306.149462][T13387] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1978'. [ 306.180571][T13387] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.198257][T13387] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.212198][T13387] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.231007][T13387] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.402732][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.425209][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.434695][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.443994][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.454053][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.464041][T13393] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1980'. [ 306.478126][T13390] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.497657][T13390] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 306.529074][T13390] netdevsim netdevsim2 eth3 (unregistering): unset [1, 2] type 2 family 0 port 45246 - 0 [ 306.539322][T13394] netlink: 'syz.1.1980': attribute type 10 has an invalid length. [ 306.571592][T13394] batman_adv: batadv0: Adding interface: virt_wifi0 [ 306.579105][T13394] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.606419][T13394] batman_adv: batadv0: Interface activated: virt_wifi0 [ 306.623971][T13397] lo speed is unknown, defaulting to 1000 [ 306.670875][T13390] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.694643][T13390] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 306.705082][T13390] netdevsim netdevsim2 eth2 (unregistering): unset [1, 2] type 2 family 0 port 45246 - 0 [ 306.767190][T13397] lo speed is unknown, defaulting to 1000 [ 306.801794][T13397] lo speed is unknown, defaulting to 1000 [ 306.811793][T13390] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.821812][T13390] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 306.832488][T13390] netdevsim netdevsim2 eth1 (unregistering): unset [1, 2] type 2 family 0 port 45246 - 0 [ 306.979118][T13390] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.009236][T13390] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 307.042704][T13390] netdevsim netdevsim2 eth0 (unregistering): unset [1, 2] type 2 family 0 port 45246 - 0 [ 307.079961][T13397] infiniband syz0: set active [ 307.091825][T13397] infiniband syz0: added lo [ 307.126739][ T5933] lo speed is unknown, defaulting to 1000 [ 307.137394][T13409] netlink: 'syz.0.1983': attribute type 5 has an invalid length. [ 307.199481][T13397] RDS/IB: syz0: added [ 307.204197][T13397] smc: adding ib device syz0 with port count 1 [ 307.210404][T13397] smc: ib device syz0 port 1 has pnetid [ 307.216516][ T5933] lo speed is unknown, defaulting to 1000 [ 307.223659][T13397] lo speed is unknown, defaulting to 1000 [ 307.235641][T13372] chnl_net:caif_netlink_parms(): no params data found [ 307.381879][T13390] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 45246 - 0 [ 307.403753][T13390] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 37500 - 0 [ 307.412345][T13390] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 307.440896][T13372] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.448195][T13372] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.455780][T13372] bridge_slave_0: entered allmulticast mode [ 307.462860][T13372] bridge_slave_0: entered promiscuous mode [ 307.476332][T13390] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 45246 - 0 [ 307.489227][T13390] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 37500 - 0 [ 307.497696][ T5838] Bluetooth: hci3: command tx timeout [ 307.510846][T13390] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 307.523100][T13390] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 45246 - 0 [ 307.536977][T13390] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 37500 - 0 [ 307.546651][T13390] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 307.556785][T13372] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.564053][T13372] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.571281][T13372] bridge_slave_1: entered allmulticast mode [ 307.578958][T13372] bridge_slave_1: entered promiscuous mode [ 307.584955][T13397] lo speed is unknown, defaulting to 1000 [ 307.640310][T13390] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 45246 - 0 [ 307.669507][T13390] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 37500 - 0 [ 307.697556][T13390] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 307.727978][T13372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.758455][T13420] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.769947][T13420] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.787853][T13372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.797544][T13397] lo speed is unknown, defaulting to 1000 [ 307.829689][T13372] team0: Port device team_slave_0 added [ 307.845832][T13420] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.856226][T13420] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.874289][T13372] team0: Port device team_slave_1 added [ 307.920060][T13420] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 307.931858][T13420] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.947113][T13372] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.970312][T13372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.997815][T13372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 308.011267][T13397] lo speed is unknown, defaulting to 1000 [ 308.012477][T13372] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 308.028296][T13372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.059878][T13372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 308.075788][T13420] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 308.095958][T13420] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.221679][T13397] lo speed is unknown, defaulting to 1000 [ 308.239091][T13372] hsr_slave_0: entered promiscuous mode [ 308.277160][T13372] hsr_slave_1: entered promiscuous mode [ 308.303937][T13372] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 308.332156][T13372] Cannot create hsr debugfs directory [ 308.442366][T13429] netlink: 'syz.4.1989': attribute type 4 has an invalid length. [ 308.452444][T13420] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 308.464456][T13420] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.473071][T13397] lo speed is unknown, defaulting to 1000 [ 308.478823][T13420] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 308.478923][T13420] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.494907][T13420] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 308.512290][T13420] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.531248][T13431] IPVS: Error joining to the multicast group [ 308.587130][T13420] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 308.613936][T13420] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.703315][T13436] netlink: 'syz.4.1991': attribute type 1 has an invalid length. [ 308.805262][T13436] lo speed is unknown, defaulting to 1000 [ 308.806871][T13397] lo speed is unknown, defaulting to 1000 [ 309.135463][T13372] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 309.157621][T13372] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 309.175840][T13436] lo speed is unknown, defaulting to 1000 [ 309.176207][T13372] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 309.234111][T13372] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 309.395056][T13372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.426488][T13372] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.437724][T11097] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.444885][T11097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.515822][T13372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 309.535137][T13372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 309.573848][ T5838] Bluetooth: hci3: command 0x041b tx timeout [ 309.613386][T11097] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.620557][T11097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.256482][T13464] __nla_validate_parse: 34 callbacks suppressed [ 310.256503][T13464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1999'. [ 310.289319][T13464] netlink: 'syz.0.1999': attribute type 10 has an invalid length. [ 310.292950][T13372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.448355][T13372] veth0_vlan: entered promiscuous mode [ 310.521740][T13468] netlink: 'syz.0.2001': attribute type 4 has an invalid length. [ 310.530209][T13468] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2001'. [ 310.548579][T13372] veth1_vlan: entered promiscuous mode [ 310.557965][T13470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2002'. [ 310.641527][T13372] veth0_macvtap: entered promiscuous mode [ 310.675677][T13372] veth1_macvtap: entered promiscuous mode [ 310.718677][T13372] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.760505][T13372] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.787404][T13372] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.804078][T13372] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.812834][T13372] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.827591][T13372] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.014906][ T7488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.024506][ T7488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.057989][T13485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2007'. [ 311.095266][T13485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2007'. [ 311.129034][ T7488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.150857][ T7488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.394201][ T29] audit: type=1107 audit(1734655158.838:3): pid=13496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='p?€†vãÊ&_q• ¨<ñ,PÊ~1çéîwOBÓi•ëÔ¿;Ì‹È÷$e5Ðø}rxÃ]Xf“êÆ? ‡âÖG·iMò]4Ð0p„ÕêtÖ³ñh`»ö~¬ÈŠÙÑYшxeGǦª<#u ?9Å0©¾ÇÜ\= G!í y-œ÷ [ 311.394201][ T29] hõ'ÃÆd”ÓÙù¶A) Œ×‚ßsó7©­ˆy †µ>|Ç3Weæ|¾¾üÜ¥#1ézŽ_R§?=' [ 311.499951][T13509] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2014'. [ 311.519752][T13508] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2014'. [ 311.519855][T13498] can: request_module (can-proto-0) failed. [ 311.607844][T13512] netlink: 'syz.4.2015': attribute type 4 has an invalid length. [ 311.631032][T13512] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2015'. [ 311.981946][T13526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2020'. [ 311.991351][T13526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2020'. [ 312.005205][T13526] gtp1: entered promiscuous mode [ 312.010451][T13526] gtp1: entered allmulticast mode [ 312.572992][T13549] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? [ 312.718806][T13551] netlink: 'syz.0.2027': attribute type 4 has an invalid length. [ 313.340393][ T7488] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.791154][ T7488] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.865309][ T7488] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.934389][ T7488] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.984179][ T5144] Bluetooth: hci2: command 0x0406 tx timeout [ 314.055430][ T7488] bridge_slave_1: left allmulticast mode [ 314.061262][ T7488] bridge_slave_1: left promiscuous mode [ 314.067174][ T7488] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.076699][ T7488] bridge_slave_0: left allmulticast mode [ 314.082651][ T7488] bridge_slave_0: left promiscuous mode [ 314.089662][ T7488] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.479971][ T7488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 314.491068][ T7488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 314.501703][ T7488] bond0 (unregistering): Released all slaves [ 314.899407][ T7488] hsr_slave_0: left promiscuous mode [ 314.905373][ T7488] hsr_slave_1: left promiscuous mode [ 314.911198][ T7488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.920353][ T7488] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.928163][ T7488] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.943882][ T7488] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.962485][ T7488] veth1_macvtap: left promiscuous mode [ 314.968094][ T7488] veth0_macvtap: left promiscuous mode [ 314.974755][ T7488] veth1_vlan: left promiscuous mode [ 314.980080][ T7488] veth0_vlan: left promiscuous mode [ 315.531945][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 315.565436][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 315.592968][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 315.600300][T13592] __nla_validate_parse: 6 callbacks suppressed [ 315.600316][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2037'. [ 315.630974][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 315.668559][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 315.684025][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 316.036419][T13602] netlink: 'syz.2.2040': attribute type 4 has an invalid length. [ 316.053952][T13602] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2040'. [ 316.185485][ T7488] team0 (unregistering): Port device team_slave_1 removed [ 316.241873][T13601] xt_policy: output policy not valid in PREROUTING and INPUT [ 316.252466][ T7488] team0 (unregistering): Port device team_slave_0 removed [ 316.809714][T13598] lo speed is unknown, defaulting to 1000 [ 316.815337][T13601] netlink: 'syz.4.2039': attribute type 21 has an invalid length. [ 316.839910][T13601] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2039'. [ 316.888017][T13601] netlink: 'syz.4.2039': attribute type 5 has an invalid length. [ 316.897498][T13601] netlink: 'syz.4.2039': attribute type 6 has an invalid length. [ 316.905776][T13601] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2039'. [ 316.915518][T13609] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2041'. [ 316.947854][T13585] lo speed is unknown, defaulting to 1000 [ 317.233033][T13598] lo speed is unknown, defaulting to 1000 [ 317.360725][T13627] veth6: entered allmulticast mode [ 317.576892][T13585] lo speed is unknown, defaulting to 1000 [ 317.747209][ T5838] Bluetooth: hci3: command tx timeout [ 317.876737][T13639] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2051'. [ 318.295032][T13642] xt_CT: You must specify a L4 protocol and not use inversions on it [ 318.342253][T13585] chnl_net:caif_netlink_parms(): no params data found [ 318.523983][T13585] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.531420][T13585] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.539641][T13585] bridge_slave_0: entered allmulticast mode [ 318.547291][T13585] bridge_slave_0: entered promiscuous mode [ 318.556725][T13585] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.564046][T13585] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.571431][T13585] bridge_slave_1: entered allmulticast mode [ 318.579347][T13585] bridge_slave_1: entered promiscuous mode [ 318.589778][T13667] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 45246 - 0 [ 318.600160][T13667] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 318.610146][T13667] netdevsim netdevsim2 eth3 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 318.627507][T13669] vlan0: entered allmulticast mode [ 318.755654][T13667] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 45246 - 0 [ 318.784097][T13667] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 318.803168][T13667] netdevsim netdevsim2 eth2 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 318.925707][T13585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 318.958281][T13667] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 45246 - 0 [ 318.979287][T13667] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 318.994562][T13667] netdevsim netdevsim2 eth1 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 319.011750][T13585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.115438][T13667] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 45246 - 0 [ 319.151739][T13667] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 37500 - 0 [ 319.192176][T13667] netdevsim netdevsim2 eth0 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 319.259539][T13585] team0: Port device team_slave_0 added [ 319.282608][T13585] team0: Port device team_slave_1 added [ 319.345899][T13585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 319.359369][T13585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.430138][T13585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 319.455625][T13585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 319.472816][T13585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.523848][T13585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 319.594461][T13706] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2065'. [ 319.653182][T13667] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 45246 - 0 [ 319.662390][T13667] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 37500 - 0 [ 319.671203][T13667] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 319.692801][T13705] lo: left allmulticast mode [ 319.699056][T13705] tunl0: left allmulticast mode [ 319.706284][T13705] gre0: left allmulticast mode [ 319.712094][T13705] gretap0: left allmulticast mode [ 319.720001][T13705] erspan0: left allmulticast mode [ 319.726627][T13705] ip_vti0: left allmulticast mode [ 319.733079][T13705] ip6_vti0: left allmulticast mode [ 319.748919][T13705] sit0: left allmulticast mode [ 319.755463][T13705] ip6tnl0: left allmulticast mode [ 319.761575][T13705] ip6gre0: left allmulticast mode [ 319.768045][T13705] ip6gretap0: left allmulticast mode [ 319.774982][T13705] vcan0: left allmulticast mode [ 319.780940][T13705] bond0: left allmulticast mode [ 319.788589][T13705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.796654][T13705] team0: left allmulticast mode [ 319.804200][T13705] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.812136][T13705] dummy0: left allmulticast mode [ 319.817553][ T5838] Bluetooth: hci3: command tx timeout [ 319.824759][T13705] nlmon0: left allmulticast mode [ 319.831083][T13705] caif0: left allmulticast mode [ 319.836441][T13705] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 319.857054][T13667] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 45246 - 0 [ 319.865983][T13667] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 37500 - 0 [ 319.874845][T13667] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 319.887561][T13585] hsr_slave_0: entered promiscuous mode [ 319.904769][T13585] hsr_slave_1: entered promiscuous mode [ 319.911136][T13585] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 319.919273][T13585] Cannot create hsr debugfs directory [ 319.929548][T13667] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 45246 - 0 [ 319.938934][T13667] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 37500 - 0 [ 319.956015][T13667] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 320.017976][T13667] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 45246 - 0 [ 320.030318][T13667] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 37500 - 0 [ 320.042130][T13667] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 320.094741][T13713] netlink: 'syz.4.2066': attribute type 1 has an invalid length. [ 320.276102][T13713] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2066'. [ 320.299196][T13716] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2068'. [ 320.416290][T13716] tipc: Enabled bearer , priority 0 [ 320.438685][T13716] syzkaller0: entered promiscuous mode [ 320.470948][T13716] syzkaller0: entered allmulticast mode [ 320.579388][T13716] tipc: Resetting bearer [ 320.644890][T13716] tipc: Disabling bearer [ 320.854462][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2073'. [ 320.872375][T13734] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2073'. [ 320.905456][T13742] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2075'. [ 320.931382][T13742] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2075'. [ 321.085136][T13748] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2076'. [ 321.110388][T13585] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 321.129180][T13748] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2076'. [ 321.130632][T13585] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 321.156989][T13585] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 321.167299][T13751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.187503][T13585] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 321.341193][T13585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 321.374931][T13585] 8021q: adding VLAN 0 to HW filter on device team0 [ 321.410305][T11096] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.417585][T11096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 321.456079][T11096] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.463243][T11096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 321.532676][T13585] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 321.565067][T13585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 321.581480][T13757] veth1_to_hsr: entered promiscuous mode [ 321.594516][T13757] veth1_to_hsr: left promiscuous mode [ 321.819808][T13585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 321.904333][ T5838] Bluetooth: hci3: command tx timeout [ 321.931103][T13585] veth0_vlan: entered promiscuous mode [ 321.982001][T13585] veth1_vlan: entered promiscuous mode [ 322.057739][T13585] veth0_macvtap: entered promiscuous mode [ 322.078278][T13585] veth1_macvtap: entered promiscuous mode [ 322.108726][T13585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 322.127549][T13585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 322.140200][T13585] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.150258][T13585] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.171082][T13585] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.181766][T13585] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.281118][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.298594][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.370398][T11100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.378877][T11100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.408299][T13833] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2113'. [ 323.548902][T13831] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.560375][T13831] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.569833][T13831] bond0 (unregistering): Released all slaves [ 323.587791][T13833] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2113'. [ 323.597901][T13833] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 323.799103][T13841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2117'. [ 323.821994][T13841] 8021q: adding VLAN 0 to HW filter on device bond4 [ 323.840561][T13841] 8021q: adding VLAN 0 to HW filter on device bond4 [ 323.857533][T13841] bond4: (slave vcan1): The slave device specified does not support setting the MAC address [ 323.880071][T13841] bond4: (slave vcan1): Error -95 calling set_mac_address [ 324.046516][ T9179] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.618790][ T9179] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.695066][ T9179] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.761612][ T9179] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.861458][ T9179] bridge_slave_1: left allmulticast mode [ 325.868160][ T9179] bridge_slave_1: left promiscuous mode [ 325.874091][ T9179] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.883054][ T9179] bridge_slave_0: left allmulticast mode [ 325.888960][ T9179] bridge_slave_0: left promiscuous mode [ 325.895504][ T9179] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.464712][ T5144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 326.502812][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 326.515371][ T5144] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 326.543754][ T5144] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 326.554945][ T5144] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 326.578601][ T5144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 326.692415][ T9179] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 326.709586][ T9179] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 326.720415][ T9179] bond0 (unregistering): Released all slaves [ 326.800615][T13871] lo speed is unknown, defaulting to 1000 [ 327.177772][T13871] lo speed is unknown, defaulting to 1000 [ 327.435242][T13906] mac80211_hwsim hwsim71 wlan0: entered promiscuous mode [ 327.442511][T13906] macvlan2: entered allmulticast mode [ 327.486235][T13906] mac80211_hwsim hwsim71 wlan0: entered allmulticast mode [ 327.513231][T13906] mac80211_hwsim hwsim71 wlan0: left promiscuous mode [ 328.128720][T13871] chnl_net:caif_netlink_parms(): no params data found [ 328.146204][T13937] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2152'. [ 328.214476][ T9179] hsr_slave_0: left promiscuous mode [ 328.261285][ T9179] hsr_slave_1: left promiscuous mode [ 328.330134][ T9179] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 328.338413][ T9179] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.377925][ T9179] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.397517][ T9179] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.424735][T13953] netlink: 332 bytes leftover after parsing attributes in process `syz.0.2159'. [ 328.447242][T13953] netlink: 'syz.0.2159': attribute type 3 has an invalid length. [ 328.503556][ T9179] veth1_macvtap: left promiscuous mode [ 328.523400][ T9179] veth0_macvtap: left promiscuous mode [ 328.541461][ T9179] veth1_vlan: left promiscuous mode [ 328.559486][ T9179] veth0_vlan: left promiscuous mode [ 328.614558][ T5144] Bluetooth: hci3: command tx timeout [ 329.562547][ T9179] team0 (unregistering): Port device team_slave_1 removed [ 329.617803][ T9179] team0 (unregistering): Port device team_slave_0 removed [ 330.235642][T13970] lo speed is unknown, defaulting to 1000 [ 330.579892][T13871] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.622475][T13871] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.643992][T13871] bridge_slave_0: entered allmulticast mode [ 330.651663][T13871] bridge_slave_0: entered promiscuous mode [ 330.684783][T13871] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.702577][ T5144] Bluetooth: hci3: command tx timeout [ 330.705310][T13871] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.729869][T13871] bridge_slave_1: entered allmulticast mode [ 330.754093][T13871] bridge_slave_1: entered promiscuous mode [ 330.789951][T13970] lo speed is unknown, defaulting to 1000 [ 330.857073][T13871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.916730][T13871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.018835][T13871] team0: Port device team_slave_0 added [ 331.051213][T13871] team0: Port device team_slave_1 added [ 331.094365][T14012] [ 331.096762][T14012] ============================= [ 331.101699][T14012] WARNING: suspicious RCU usage [ 331.107500][T14012] 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 Not tainted [ 331.114791][T14012] ----------------------------- [ 331.119748][T14012] net/ethtool/common.c:873 suspicious rcu_dereference_protected() usage! [ 331.128265][T14012] [ 331.128265][T14012] other info that might help us debug this: [ 331.128265][T14012] [ 331.138720][T14012] [ 331.138720][T14012] rcu_scheduler_active = 2, debug_locks = 1 [ 331.146998][T14012] 1 lock held by syz.1.2182/14012: [ 331.152144][T14012] #0: ffff88804a8fc658 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sk_setsockopt+0xebc/0x3290 [ 331.162069][T14012] [ 331.162069][T14012] stack backtrace: [ 331.168037][T14012] CPU: 1 UID: 0 PID: 14012 Comm: syz.1.2182 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 331.178812][T14012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 331.188885][T14012] Call Trace: [ 331.192169][T14012] [ 331.195113][T14012] dump_stack_lvl+0x241/0x360 [ 331.199802][T14012] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.205014][T14012] ? __pfx__printk+0x10/0x10 [ 331.209616][T14012] lockdep_rcu_suspicious+0x226/0x340 [ 331.215085][T14012] __ethtool_get_ts_info+0x97/0x410 [ 331.220551][T14012] ethtool_get_phc_vclocks+0xa1/0x160 [ 331.226112][T14012] ? __pfx_ethtool_get_phc_vclocks+0x10/0x10 [ 331.232100][T14012] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 331.238109][T14012] ? dev_get_by_index+0x23/0x2d0 [ 331.243083][T14012] sock_set_timestamping+0x3e2/0xab0 [ 331.248374][T14012] ? __pfx_sock_set_timestamping+0x10/0x10 [ 331.254191][T14012] sk_setsockopt+0x1fe7/0x3290 [ 331.258960][T14012] ? __pfx_sk_setsockopt+0x10/0x10 [ 331.264432][T14012] ? __pfx___might_resched+0x10/0x10 [ 331.269720][T14012] ? __lock_acquire+0x1397/0x2100 [ 331.274756][T14012] udp_lib_setsockopt+0x11d/0xc10 [ 331.279797][T14012] ? __pfx_udp_lib_setsockopt+0x10/0x10 [ 331.285435][T14012] ? __pfx_aa_sk_perm+0x10/0x10 [ 331.290296][T14012] udpv6_setsockopt+0x73/0xb0 [ 331.295061][T14012] ? __pfx_udp_v6_push_pending_frames+0x10/0x10 [ 331.301301][T14012] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 331.307201][T14012] do_sock_setsockopt+0x3af/0x720 [ 331.312317][T14012] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 331.317871][T14012] ? __fget_files+0x395/0x410 [ 331.322594][T14012] ? __fget_files+0x2a/0x410 [ 331.327236][T14012] __x64_sys_setsockopt+0x1ee/0x280 [ 331.332550][T14012] do_syscall_64+0xf3/0x230 [ 331.337062][T14012] ? clear_bhb_loop+0x35/0x90 [ 331.341802][T14012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.347875][T14012] RIP: 0033:0x7f62e4185d29 [ 331.352378][T14012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.372021][T14012] RSP: 002b:00007f62e503e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 331.380472][T14012] RAX: ffffffffffffffda RBX: 00007f62e4375fa0 RCX: 00007f62e4185d29 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 331.388595][T14012] RDX: 0000000000000025 RSI: 0000000000000001 RDI: 0000000000000003 [ 331.396952][T14012] RBP: 00007f62e4201aa8 R08: 0000000000000004 R09: 0000000000000000 [ 331.404946][T14012] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 331.413003][T14012] R13: 0000000000000000 R14: 00007f62e4375fa0 R15: 00007fff75946a18 [ 331.421010][T14012] [ 332.336765][T11100] bridge_slave_1: left allmulticast mode [ 332.342466][T11100] bridge_slave_1: left promiscuous mode [ 332.348699][T11100] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.356977][T11100] bridge_slave_0: left allmulticast mode [ 332.362638][T11100] bridge_slave_0: left promiscuous mode [ 332.368587][T11100] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.444805][T11100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.461346][T11100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.471433][T11100] bond0 (unregistering): Released all slaves [ 332.815583][T11100] team0 (unregistering): Port device team_slave_1 removed [ 332.857404][T11100] team0 (unregistering): Port device team_slave_0 removed