last executing test programs: 1m28.455391405s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 1m26.56444302s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 1m6.461626922s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 1m5.373722107s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 51.972526003s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 50.598365858s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 34.283594897s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 32.816599156s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 18.434233438s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 16.914102399s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 5.257320124s ago: executing program 3 (id=295): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050021000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 4.785508309s ago: executing program 0 (id=596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x6c, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a09040000000046bbe327e703cecc658f26c68d0000000002000000000900020073797a0000000000020000000a"], 0x58}}, 0x0) 3.280013329s ago: executing program 4 (id=1717): sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x20040040) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000000000063010c000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_emit_ethernet(0x31, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa2daaaaaaaaaaaa88a844008100010088480000040000000000e960aeeb5ea37138caf951d67b8bb5c9026a59"], &(0x7f00000000c0)={0x0, 0x4, [0xf76, 0x44, 0xdfd, 0x75f]}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000140)}, 0x4008001) 3.108574533s ago: executing program 4 (id=1719): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfb, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x4) (fail_nth: 3) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, 0x0) 3.021402516s ago: executing program 4 (id=1720): r0 = socket$kcm(0x21, 0x2, 0xa) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f00000007c0)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0xf, @dev={0xfe, 0x80, '\x00', 0x17}, 0x7}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000600)="92", 0x1}], 0x1}}, {{&(0x7f0000000000)={0xa, 0x4e22, 0xc, @private2={0xfc, 0x2, '\x00', 0x1}, 0xc7b}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000040)="d5", 0x1}], 0x1}}], 0x2, 0x20000800) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @empty}}, 0xffff, 0xffc0}, 0x90) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) r2 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005f40)={0x0, 0x0, &(0x7f0000005f00)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x80b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x3a, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x4, r6, 0x0, r4}, 0x10) socketpair(0x2b, 0x3, 0x6, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'wg0\x00'}) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r9, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000cc0)=ANY=[], 0xe0c}, 0x1, 0x0, 0x0, 0x4}, 0x40) r10 = socket$nl_rdma(0x10, 0x3, 0x14) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x1, 0x4e24, 0x5, 0x2, 0x0, 0x40, 0x3a, r6, 0xffffffffffffffff}, {0x8, 0x9, 0x8001, 0x2, 0x400, 0x1, 0x8, 0x8}, {0x38000000, 0x8000, 0x1ff, 0xc}, 0x6, 0x0, 0x2, 0x1, 0x2, 0x1}, {{@in6=@local, 0x4d5, 0x3c}, 0x2, @in6=@local, 0x0, 0x2, 0x2, 0x6, 0x4, 0x7fff, 0xfffffffe}}, 0xe8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000ce222af94cdc98e59c045001002dbd7000fedbdf2508000100000000001d3d2af1435355a100836f0467d6aac8ee1d93c41eda10f06b86554df60656e92222708dabf9b9e4e8925a3e29ad86999a1b60b901d88525d8f3727038e86489956439c1416d6101a0205231dc3120b5fcf0ad7aa37de733154d21105487cea07260d9cc170ac4a01e647365c617"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) 1.699170872s ago: executing program 4 (id=1724): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(r2, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000086dd0000120000000000000060ec97000f982c00fb8000000000001200000000000000aaff02000000000000000000000000000189"], 0xfce) 1.29643426s ago: executing program 1 (id=1729): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) r3 = socket(0x11, 0x3, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x107, 0x14, 0x0, 0x20000000) getsockname$packet(r3, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r5, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x58, r6, 0x1, 0x0, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x9}}]}, 0x58}}, 0x110) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x11, r7, 0x180000000) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@gettaction={0x20, 0x32, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004}, 0x801) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=@newtfilter={0xffffffffffffff68, 0x28, 0x8, 0x70bd31, 0x4, {0x0, 0x0, 0x0, r4, {0xffe0}, {0x4, 0x4}, {0xfff1, 0x8}}}, 0x24}}, 0x40) 1.252870698s ago: executing program 4 (id=1731): syz_80211_inject_frame(&(0x7f0000000140)=@device_b, &(0x7f00000003c0)=@mgmt_frame=@assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7b9c}, @device_a, @broadcast, @from_mac=@broadcast, {0xb, 0xf29}}, 0x2482, 0x5f, @default, @val={0x1, 0x4, [{0x16}, {0x2, 0x1}, {0x18, 0x1}, {0x17, 0x1}]}, @val={0x2d, 0x1a, {0x800, 0x0, 0x1, 0x0, {0x4, 0x4, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1, 0xa26, 0xff}}, [{0xdd, 0xa2, "27e4a9eddda4e817a4048790a4cc60bffdf4e5c7ca8cbeae04ffe55b11d31fb807a38dfe75a4c01a0f119e19e5b1b3759c88799cac3a64ab4176a8c5e0538223800564fe30e2eb5d2dfc8121fb78d679c3910d2c5616d33d5c73e61554a9c327f2299a86219c9aab0ffcfd28e8fb80107f89f2c68de71dcc2de4dc668ff3818f1f00fb5a2c43d4c322e59043dc77cf61106784f747cdf65dd9de20d69ccaf74fe81e"}, {0xdd, 0xbb, "1b22e041dd5fce9f510465128b415d5c5d13ef1c4e0c6c2b6cf815b4dd5833358db82bbf057c34833e8088db3a80992ebf7963fb4d277093041a02856015149d3daea59d7af8301a8c17c271de91f9b2a38540317db91b54db0a75b88367f279c598bc40cec6891e2b440afa084c5b52ed42326a7179f013e549c0ed64e5c8f1881925d5d56166b705689eacc134d430487ff3142081b14210a7606e45cdde8f23ef5bf1817ac4f0620aa3643e24bfd9c2f491e551eec36c3b2d52"}, {0xdd, 0x1d, "34076b05b6ed96402868357c9ddad5d102eaa9e967fef9b84b6baa612e"}, {0xdd, 0x6, "aa62135a4ee2"}]}, 0x1c8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x50, 0x2, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @dev}}}]}]}, 0x50}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000014000000080016000000000018000180140002006e657464657673696d3000000000000008001500000000000800130000170000080014"], 0x4c}}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, 0x0, 0x520, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x10001}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x5}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200008c0}, 0x80) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000e40)={0x0, 0xd, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r4, @ANYBLOB="1400140064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) 746.810462ms ago: executing program 1 (id=1734): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.threads\x00', 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x5) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@getneigh={0x14, 0x1e, 0x1}, 0x14}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000002000000000000000000000000000000000000000045c9d74046c141d4d77d74b01ca859d9300325722fbbb05308ad6c5fd8d1b6aafba4f57c19a80100000000000000511e"], 0x48) syz_emit_ethernet(0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000000aaaaaaaaaa0b000d0200002012020000c84e04bea5605fbb9f6da554fb3863dffde3bc3dac7644a00ba3eb76a67dcde9115d8e7d9b13f8d42e6b82c47b1a07215cbff46af260665b5384fe24e8041573d5450212810a80dfcb4175a1af32dee5b8346a9188219483670742c2814236d4"], 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000008b7b99bc1900"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) 598.007998ms ago: executing program 2 (id=1735): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x0, 0x238, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast1, @dev, [0x0, 0x0, 0x0, 0x40000], [], 'erspan0\x00', 'pim6reg0\x00'}, 0x2f2, 0x120, 0x148, 0x0, {}, [@common=@hbh={{0x48}, {0x11, 0x6, 0x0, [0x2, 0xacf, 0x1, 0x5, 0xb, 0x8809, 0x4225, 0xeaf2, 0x81, 0x5, 0x34, 0x2, 0x6, 0xffc0, 0x5], 0xd}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x814}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) 532.750436ms ago: executing program 1 (id=1736): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, 0x9, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR2={0x5, 0x15, 0xfc}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xa}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}]}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x7}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4c801}, 0x24000040) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) r3 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), r1) sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, [""]}, 0x14}}, 0x800) 511.076963ms ago: executing program 2 (id=1737): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xffffffff) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x1}, 0x8) sendmmsg$alg(r1, &(0x7f0000002d80)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000ac0)=']', 0x1}], 0x1, 0x0, 0x0, 0x10}], 0x1, 0x24000000) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="c1fb7792a9802f008465232ae446f5ca6807e83d26195e38e718d2d185bb3cb51d9a2f316b11de7cbc80edebddb5bc65971a881d27a6fd7c602869c39e1812e7f9a31a76c2e710f4f2b37fc282e18af500981d2d66b9760feac90db56c233abed90598de975f4a4a8a56dcc1c3d35c90f7ec9053cabcb7a4f5d668ab22cd73b372af6bdec2949adbb23799c460ffb11bed336616ff47cf6741472e8bc1abefdb1622e64ae97e87c9a23e9968b22334e8d6f4b40a06eae3ebdf9a846b50883acde0ffffc7eda00c2a24724906c811af309103265974645e4e04ed9ff6e2d007633224767ef1cd9de22a4dc57541e85b9bc4503f5e08fc9811f14a75f17b2a4079396bdf1a5c5f210aa8070651b9467362a356e35b25855124863f0b5fcb39626f7f366934783e5c39b5088ea475c50fd3b82ea4c4eb8d68367cc22c2121a3484207ff9645da880c5ec6e8a1465dc4772ebf410570ee8034ab4b419bda8b55a37b0f13e235b6ee2873c31662a4d7c20340dd35da05b4ca104d94adcc61cf57cfa85170eacac377d4f77a2e25b24a7fb0f57dd16ad4e89af4e0c5d1fe5eea8c52ac0aae079e7d54cdfb8ac729cc195b1bacafcc670122bbbf8a3893f15efea8693d8e510e7f1c69bc78bf8e54d1d9073225dd7690751281fda9355daf2f5a3b2e8369c2c0518d7d1dffdb91f28bdab955a469ae873e1e0d110e6cc0bf93b1adce2cbd7cdadc772b418a38cfed3affdf1cf17b6b61249d9721d2b09b68f7a4ba824e5b54ef3cf905cf81846203a3412673928850728d430b6f72ad1c6b54ba9678ca381bc9e862263ac7b62d3e6b95a7a463e0eb8eaa381592547a54235691131c382937d3aff01d80b810", 0x269}], 0x1, 0x0, 0x0, 0x20000001}, 0x4000044) close(r1) 444.24348ms ago: executing program 1 (id=1738): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000000000008400000008000000941f6721e757691d0200000000000000180000000003000084"], 0x38}, 0x41) 385.023123ms ago: executing program 2 (id=1739): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x3, 0x0, 0x0, @u64}]}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfb, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, 0x0) 289.543122ms ago: executing program 1 (id=1740): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005f40)={0x0, 0x0, &(0x7f0000005f00)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x80b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x3a, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="0c0e00000005010100000000000000000700000054020100020000000101000091f6ff030300170073797a30000000000000000000000000000000000000000000000000000000002d35fa63f5790248be8eeaa592aadf5f4a6a7bf63312b06baa7d9e0141979ebacfa62ebd45da22ac01cdeb69f3f3beeb89294a851dab359c1528320af3f3863b01019e0b0300000005000000c703ff0701000000060000008000a10000000000ffff00004000040002000000040000005b0001800300000001000000010007000100000001000000b13f000001000000080000000200100001000000001400000000010002000000080000000300ff00000000000600000004000500020000000200000005000700000000000e000000008009000100000000000000030000fc0100000004000000020000080000000000000000020053000200000008000000040001000300000008000000fdff000003000000090000000500090000000000060000000200070000000000ffffffff09000800000000000200000009000d0000000000fdffffff810002000300000006000000060000000100000006000000000003000300000020c1000030000900020000008000000000000400030000000600000004000700030000000000000004000100010000000a0000000500040000000000001000000900020003000000020000000700720002000000000000000600010000000000090000000080030002000000000000000600070002000000f8ffffff7f0f020003000000de0000000500000001000000c6710bc02fa62000000000006d0000000800060003000000000800000003ae0003000000040000005402010000000000c00e00000907070009001d0073797a3100000000000000000000000000000000000000000000000000000000c3db324899770f04f9893a6831fa87cf544fed653d7fe8415ee6228ef5fc04d08da5a9b7336b514474d815b7e7ecbfb06beeadbdc437bd836c49aef2035e500d0400730c02000000580000000700800003000000080000000700000003000000050000006308050003000000ff7f0000983800080100000006000000ff00ff030100000008000000040000100100000002000000050009003c7d577dff0f00000000010000000000b45b0000135d010002000000e70000002691f80f010000000d000000f7ff07000200000081000000b709800002000000fc040000090005000100000080000000e402fbff01000000ff7fffff0c000900030000000000000001090800000000000400000009000b00010000800f000000090007000200000008000000ff07ff7f000000002602000009000e0000000000050000000300070002000000010000000100000803000000020000008100040001000000baf3000052ca03000100000000000000060005000000000000f07d010300010001000000010001000002000800000000010001000800af290200000003000000feff4002030000002900000001000f000100000081000000ff7f04000200000002000000f9ff2e73030000000500000004000600000000000001000008000000000000000200000005002f0c0200000003000000a40b000003000000050000000500ff0f0200000009000000c402090002000000000000000100010003000000090000005402010003000000ff070000090007000900160073797a310000000000000000000000000000000000000000000000000000000045d433dd235f760ae4ec94dbd5768c307a4d54f5ea7cbbc2b459a157a5acb70f6ed140c788147ce396639e663973be001d24d23bd0d44ac016b00741824ca7ed0000ff070100000000080000a20001000000000000000000550e0800000000000000000007000001010000000800000001ffff0701000000001000000800030000000000060000000700090003000000000000004000007002000000090000000600487c02000000ff7f0000010096eb03000000070000000400020003000000040000000600001001000000050000000104d67d000000000200000000020100020000000200000000005d00020000000600000003002006000000000400000010000008000000000400000001017b68000000000000000013080800020000004f0000000200080002000000070000000000080001000000090000000200ff01030000005a03000007001e090300000005000000eb36050002000000000000001279ff0301000000030000003b1a0200030000007b08000007007f00020000005f000000000002000100000005000000ff0310000300000010000000000001000200000004000000fbff0300030000000db50000ce0f040003000000000400000010080002000000ff0300000500040001000000ffffffff0700060003000000060000002dd9080002000000041effffffff2b450300000000000000070008000000000002000000010046050200000009000000010000000200000002000000540201000000000000000100070407000900240073797a3000000000000000000000000000000000000000000000000000000000119ad97c611c834a276021191bed446071f457756ee4dfc7d2d0f1bc6951a3a693f5fe06edc0c1695986f1ca20d90e4504a03edea2c048100000000600000007000101030000000900000002008b0002000000080000000200070003000000800000000400060003000000a000000000000000020000000900000005000600010000000080000001000800010000007f0000000080080002000000090000000300050000000000040000000800ff010000000008000000ff01030000000000ff030000010001000000000007a1000000ff000000000000008000000400050001000000000001000300100002000000ab00000006000080030000000f00000004000200030000000b0000005f00070000000000010000008f0004000300000000000000050509000200000001000080cb0cfaff0200000000140000f4ff0c0000000000650000000500020001000000070000000000060001000000050000000200400002000000080000000900d90003000000e50000000700920001000000010000807e03030002000000030000000100f8ff020000000600000009000800020000000000000000000700020000000800000001000700010000000d00000001bd07000300000000000000b10008000100000004000000de09390a010000000900000007007f00010000000a0000001d0048e9020000000700000009000101000000004000000007004405030000000900000054020100010000000900000000060d0005001f0073797a30000000000000000000000000000000000000000000000000000000003343f1fb19cfef916ae2cb87d71784f86f6994130a8bab48b63d000f99a6d28768c9b9a8ce161a4d2bb790b35b7a628302d3037b2a3cafde06bbf3fbf186ceb3ff0f02000200000004000000ee00a1946ff49f2a030000000101040000000000030000000400f4590000000005000000060080ff020000008000000007000300000000007f00000000fc040001000000020000000900050001000000070000000008020002000000070000000500070002000000090000000900080002000000ff030000757f06000100000009000000706ae600020000000900000005007ef700000000018000000300020000000000050000000200090002000000018000007f007f0000000000ffffff7fbb06ff7f02000000000e000001000c00000000000100000023dc07000100000001800000fcff0000030000000300000000007f0003000000ffffffffff0309000100000003000000700203000100000002000000faff060003000000060000000c000200010000002dcf0000fbffd33301000000010000004800af00010000001c0000000400040000000000ff0300000104030000000000ff070000fbff030003000000050000000300090002000000d90e0000070001000100000001000000280b0200020000000cb20000f5ff100000000000050000000900000001000000060000000b000100000000008a08000006000800060000000200000000000600020000000300000097000e0002000000ff070000540201000300000007000000060802000101240073797a30000000000000000000000000000000000000000000000000000000004b16b34193b5faa4a5f8a5dac4b8eaaf33dd85728b9ea7a7d6bf8f3ffdcd03341cec474bab5b55984c4b26f3523f9786446a99a940b3e27e856d4944d77559f404000500030000000500000003000500020000000100000000000900030000000000000005000700020000006d00000000009f2202000000030000007f00000002000000020000000200060003000000060000000400d60902000000ff01000007000d0003000000060000000b0007000200000002000000ff7f0200000000005be100000e000000000000000100000080000500010000004100000001f0180003000000090000000800cf7402000000ff0f00000300040000000000080000000a00070002000000090000000700090003000000f8ffffff0400ffaa0300000080000000c653400001000000000000f009000000020000000000008000040000010000007f000000faff06000000000002000000040090ff0000000009000000ff03870003000000800000000b0007000300000009000000fda408000300000005000000b13b00010300000000000080ffff0100000000000700000003000900030000000008000002007b9b000000000100000007000900010000000900000007000f0001000000010000000400bc72030000000d0000000700010003000000ff0100000700070000000000000000800080c3040100000006000000ff01010001000000000800003074020000000000070000000a0004000300"], 0xe0c}, 0x1, 0x0, 0x0, 0x4}, 0x40) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x2040000, 0x0, 0x671ec167a4b72164}, 0x0) 288.421011ms ago: executing program 4 (id=1741): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(r2, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000086dd0000120000000000000060ec97000f982c00fb8000000000002000000000000000aaff02000000000000000000000000000189"], 0xfce) 207.716864ms ago: executing program 2 (id=1742): syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @empty}, {0x0, 0x88be, 0xc, 0x0, @opaque="6b8b8368"}}}}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x5, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}]}, 0x50}, 0x1, 0x7}, 0x0) 96.677191ms ago: executing program 1 (id=1743): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) sendmsg$xdp(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x2c, 0x3, 0x0, 0x3e}, 0x10, &(0x7f0000000800)=[{&(0x7f00000001c0)}, {&(0x7f0000000200)="17cec3c0c6da3472ee5701271a750313bc66", 0x12}, {&(0x7f0000000400)}, {&(0x7f0000000500)="7feeaf8962c97d03ea75fb0a510f948732040dc6dfa2da59ddaeff71994277b5f872e5256c4c8b49139c7af210c5db83f52d8b36c49bb41f60c82dd4dc78ae1248c4e51ca69f323061817445ddc5baa4c0139f4cdbb56eb616dad8057d46dab4f29a8465dbb66ae5d011e910ea25dbfafeca0e2f8dade2b85aff3f95f2113d5615a7cfdfd194adbe42047d58027091caffc0598471127aea0ff78f6afdc38f0627a732b7a376174c3cdf32f6575d16b261", 0xb1}, {&(0x7f00000005c0)="6e6013b5c108f9d3bc22c987ee038edfd7edb6316ab6d69b7b5f11f4fbfae50540a024c3e1c3c174f8d0a1dc531a5069f069a0cd35948f55ebb300d2d68a3d9524c914fcc594a6c3b35a2d3f5a92f288f372b851898ee103e3e6aee1e593ea9dbfec105979634133028c690ca6368a7a1d", 0x71}, {&(0x7f0000000640)="84d50eb96e38467581376e10020db379ed7a834da9bf5f3615070d36db14877ba4fb6dbcf86a1a75148df208479b12db9a6fd2091bd72a902f", 0x39}], 0x6, 0x0, 0x0, 0x200008c0}, 0x24004000) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000140), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x1}, @map_fd, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffff8}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfe44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 71.526202ms ago: executing program 2 (id=1744): r0 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[{0x10, 0x84, 0xffffff44}], 0x10}}], 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x3b}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0xb, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 0s ago: executing program 2 (id=1745): r0 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x50}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) r1 = socket$igmp(0x2, 0x3, 0x2) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x6, &(0x7f00000017c0)=ANY=[@ANYBLOB="050000000000000069110400000000008510000002000000850800000000000095000000000000009500a50500000000457bab24e3cc9edbb4388b44f28c3a4b3c37334dbc9f48c61d91a32c4a4cdf8d11e508458edffa42d3e7afe8084f615fa52a59d8929b799d5d1371d3eed29cfc11aa5b115f94f52592097d4196bed9753db13ce4e54f3d1e7ad190b9d54112b0d33bae91923132086407483bbeec195a38ac7664aa4f5ac577332a096e70ecec260c5891b97bcfdd54261f5c8f8e558f59c3216e04d67442a50679f66835f13e8da7681b88d39afeee4e1804532bad932828f2478dd891ad4a8b99aa7a7151fadb21c6a02596b70fb03e6c5b6142c6959fbb431e12af8a23c9e2a024b578a242f0567b2e4eb65660be58d81ba0eb4ce9bac62758eb61673cd1f7"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async) r2 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r2, 0x107, 0x11, 0x0, &(0x7f0000000140)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000010000000f7ffff29000000180001801400020073797a5f74756e"], 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) (async) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0x0, 0x3, 0x7}, {0x0, 0x0, 0x3}}, [@tmpl={0x104, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x32}, 0x0, @in6=@mcast1, 0x3502, 0x2, 0x0, 0x0, 0x5}, {{@in6=@private0, 0x0, 0x33}, 0x2, @in=@remote, 0x0, 0x1, 0x3}, {{@in6=@mcast2, 0x4d3, 0x6c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}]}]}, 0x1bc}}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x30}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3d0, 0x1f8, 0x1f8, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x20, 'MARK\x00', 0x2, {0x0, 0x35}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="3ff825ec284a", @mac=@broadcast, @private=0xa010102, @rand_addr=0x64010101, 0x5}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 'pim6reg0\x00', 'netpci0\x00'}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420) kernel console output (not intermixed with test programs): o HW filter on device batadv0 [ 216.905186][ T9773] veth0_vlan: entered promiscuous mode [ 216.951320][ T9773] veth1_vlan: entered promiscuous mode [ 217.060126][ T9773] veth0_macvtap: entered promiscuous mode [ 217.067557][T10285] siw: device registration error -23 [ 217.147610][ T9773] veth1_macvtap: entered promiscuous mode [ 217.214461][ T9826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.246130][ T9773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.263352][ T9773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.291941][T10296] syz0: rxe_newlink: already configured on lo [ 217.299166][ T9773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.329389][T10292] NCSI netlink: No device for ifindex 0 [ 217.339187][ T9773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.393813][ T9773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.421709][ T9773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.439942][ T9773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.463925][ T9773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.663786][ T9826] veth0_vlan: entered promiscuous mode [ 217.711680][ T9826] veth1_vlan: entered promiscuous mode [ 217.888409][ T7008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.943209][ T7008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.021037][ T9826] veth0_macvtap: entered promiscuous mode [ 218.078289][T10329] syz_tun: left allmulticast mode [ 218.092767][T10329] syz_tun: left promiscuous mode [ 218.104218][T10329] bridge0: port 3(syz_tun) entered disabled state [ 218.127350][T10329] bridge_slave_0: left allmulticast mode [ 218.137811][T10329] bridge_slave_0: left promiscuous mode [ 218.148133][T10329] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.170155][T10329] bridge_slave_1: left allmulticast mode [ 218.180231][T10329] bridge_slave_1: left promiscuous mode [ 218.192830][T10329] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.227332][T10329] bond0: (slave bond_slave_0): Releasing backup interface [ 218.242442][T10329] bond_slave_0: left allmulticast mode [ 218.261575][T10329] bond0: (slave bond_slave_1): Releasing backup interface [ 218.276845][T10329] bond_slave_1: left allmulticast mode [ 218.321187][T10329] team0: Port device team_slave_0 removed [ 218.348657][T10329] team0: Port device team_slave_1 removed [ 218.367001][T10329] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.383261][T10329] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.425241][T10346] __nla_validate_parse: 13 callbacks suppressed [ 218.425262][T10346] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1078'. [ 218.450587][T10346] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1078'. [ 218.474027][ T5879] lo speed is unknown, defaulting to 1000 [ 218.474685][ T7008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.492924][T10346] siw: device registration error -23 [ 218.517454][ T7008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.537790][ T9826] veth1_macvtap: entered promiscuous mode [ 218.604431][ T9826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.648490][ T9826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.680674][ T9826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.721790][ T9826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 218.737860][ T9826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.757715][ T9826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.871017][ T9826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.906490][ T9826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.927583][ T9826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.946843][ T9826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.958796][T10364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1081'. [ 219.217876][ T7008] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.325871][ T7008] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.445313][ T7008] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.478929][ T6998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.514403][ T6998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.565098][ T7008] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.601203][ T6997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.624960][ T6997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.813264][ T7008] bridge_slave_1: left allmulticast mode [ 219.819107][ T7008] bridge_slave_1: left promiscuous mode [ 219.826913][ T7008] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.845549][ T7008] bridge_slave_0: left allmulticast mode [ 219.851263][ T7008] bridge_slave_0: left promiscuous mode [ 219.857900][ T7008] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.074613][ T5836] Bluetooth: hci3: command 0x0405 tx timeout [ 220.521179][ T7008] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.563897][ T7008] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.585469][ T7008] bond0 (unregistering): Released all slaves [ 220.599118][T10420] netlink: 'syz.1.1088': attribute type 2 has an invalid length. [ 220.847458][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 220.859492][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 220.879084][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 220.888329][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 220.898363][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 220.918235][T10430] rdma_rxe: rxe_newlink: failed to add lo [ 220.990191][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1089'. [ 221.039137][T10425] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1089'. [ 221.056910][T10425] NCSI netlink: No device for ifindex 0 [ 221.070843][T10425] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1089'. [ 221.080034][T10432] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1090'. [ 221.101630][T10432] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1090'. [ 221.125498][T10432] siw: device registration error -23 [ 221.200077][T10427] lo speed is unknown, defaulting to 1000 [ 221.222647][T10427] lo speed is unknown, defaulting to 1000 [ 221.764643][ T7008] hsr_slave_0: left promiscuous mode [ 221.770767][ T7008] hsr_slave_1: left promiscuous mode [ 221.779562][ T7008] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.787299][ T7008] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.799261][ T7008] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.807941][ T7008] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.873234][ T7008] veth1_macvtap: left promiscuous mode [ 221.878830][ T7008] veth0_macvtap: left promiscuous mode [ 221.898954][ T7008] veth1_vlan: left promiscuous mode [ 221.933258][ T7008] veth0_vlan: left promiscuous mode [ 222.368074][T10474] netlink: 'syz.1.1097': attribute type 9 has an invalid length. [ 222.459207][ T5142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 222.470368][ T5142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 222.484258][ T5142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 222.493576][ T5142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 222.501427][ T5142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 222.856625][ T7008] team0 (unregistering): Port device team_slave_1 removed [ 222.910790][ T7008] team0 (unregistering): Port device team_slave_0 removed [ 222.960763][ T5836] Bluetooth: hci0: command tx timeout [ 223.362612][T10492] FAULT_INJECTION: forcing a failure. [ 223.362612][T10492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.363701][T10476] bond1: (slave geneve2): Releasing active interface [ 223.381145][T10492] CPU: 1 UID: 0 PID: 10492 Comm: syz.4.1099 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 223.381177][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 223.381191][T10492] Call Trace: [ 223.381200][T10492] [ 223.381211][T10492] dump_stack_lvl+0x189/0x250 [ 223.381247][T10492] ? __lock_acquire+0xaac/0xd20 [ 223.381280][T10492] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.381311][T10492] ? __pfx__printk+0x10/0x10 [ 223.381332][T10492] ? __might_fault+0xb0/0x130 [ 223.381372][T10492] should_fail_ex+0x414/0x560 [ 223.381410][T10492] _copy_from_user+0x2d/0xb0 [ 223.381439][T10492] do_ip6t_set_ctl+0x69f/0xce0 [ 223.381483][T10492] ? rcu_is_watching+0x15/0xb0 [ 223.381514][T10492] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 223.381569][T10492] ? __pfx___mutex_lock+0x10/0x10 [ 223.381591][T10492] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 223.381610][T10492] ? aa_sk_perm+0x81e/0x950 [ 223.381669][T10492] ? __pfx_aa_sk_perm+0x10/0x10 [ 223.381707][T10492] nf_setsockopt+0x26c/0x290 [ 223.381729][T10492] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 223.381763][T10492] do_sock_setsockopt+0x257/0x3e0 [ 223.381787][T10492] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 223.381805][T10492] ? __fget_files+0x2a/0x420 [ 223.381836][T10492] ? __fget_files+0x3a0/0x420 [ 223.381860][T10492] ? __fget_files+0x2a/0x420 [ 223.381899][T10492] __x64_sys_setsockopt+0x18b/0x220 [ 223.381926][T10492] do_syscall_64+0xf6/0x210 [ 223.381949][T10492] ? clear_bhb_loop+0x45/0xa0 [ 223.381975][T10492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.381995][T10492] RIP: 0033:0x7f389d58e969 [ 223.382014][T10492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.382032][T10492] RSP: 002b:00007f389e390038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 223.382055][T10492] RAX: ffffffffffffffda RBX: 00007f389d7b5fa0 RCX: 00007f389d58e969 [ 223.382070][T10492] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 223.382083][T10492] RBP: 00007f389e390090 R08: 0000000000000438 R09: 0000000000000000 [ 223.382095][T10492] R10: 0000200000000a80 R11: 0000000000000246 R12: 0000000000000001 [ 223.382108][T10492] R13: 0000000000000000 R14: 00007f389d7b5fa0 R15: 00007fff6cdf2e98 [ 223.382140][T10492] [ 223.610967][T10497] syz0: rxe_newlink: already configured on lo [ 223.666455][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1101'. [ 223.731212][T10479] lo speed is unknown, defaulting to 1000 [ 223.737373][T10496] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1101'. [ 223.743222][T10499] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1102'. [ 223.766027][T10496] NCSI netlink: No device for ifindex 0 [ 223.783744][T10499] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1102'. [ 223.814077][T10496] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1101'. [ 223.818543][T10479] lo speed is unknown, defaulting to 1000 [ 224.039017][T10427] chnl_net:caif_netlink_parms(): no params data found [ 224.147157][T10511] bond0: entered promiscuous mode [ 224.164263][T10511] bond0: left promiscuous mode [ 224.245383][T10499] siw: device registration error -23 [ 224.555452][ T5142] Bluetooth: hci3: command tx timeout [ 224.586985][T10427] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.597600][T10540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1110'. [ 224.607863][T10427] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.617820][T10427] bridge_slave_0: entered allmulticast mode [ 224.625730][T10427] bridge_slave_0: entered promiscuous mode [ 224.675540][T10427] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.705522][T10427] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.712794][T10427] bridge_slave_1: entered allmulticast mode [ 224.731961][T10427] bridge_slave_1: entered promiscuous mode [ 224.838443][T10427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.949535][ T7002] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.988244][T10427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.043183][ T5142] Bluetooth: hci0: command tx timeout [ 225.109831][ T7002] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.224177][T10427] team0: Port device team_slave_0 added [ 225.272367][ T7002] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.323681][T10427] team0: Port device team_slave_1 added [ 225.336713][T10568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1116'. [ 225.347713][T10568] rdma_rxe: rxe_newlink: failed to add lo [ 225.429808][T10570] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1116'. [ 225.442356][T10570] NCSI netlink: No device for ifindex 0 [ 225.452955][T10570] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1116'. [ 225.521888][ T7002] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.560334][T10427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.570247][T10427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.596696][T10427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 225.620134][T10576] netlink: 1192 bytes leftover after parsing attributes in process `syz.4.1117'. [ 225.638495][T10576] siw: device registration error -23 [ 225.654757][T10427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 225.676645][T10427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.721340][T10427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 225.757869][T10578] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 225.800348][T10479] chnl_net:caif_netlink_parms(): no params data found [ 225.899259][T10427] hsr_slave_0: entered promiscuous mode [ 225.924290][T10427] hsr_slave_1: entered promiscuous mode [ 226.270833][ T7002] bridge_slave_1: left allmulticast mode [ 226.288224][ T7002] bridge_slave_1: left promiscuous mode [ 226.305559][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.324379][ T7002] bridge_slave_0: left allmulticast mode [ 226.333684][ T7002] bridge_slave_0: left promiscuous mode [ 226.340569][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.464930][T10617] rdma_rxe: rxe_newlink: failed to add lo [ 226.560536][T10621] NCSI netlink: No device for ifindex 0 [ 226.635418][ T5142] Bluetooth: hci3: command 0x041b tx timeout [ 226.795352][ T7002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 226.806430][ T7002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 226.816506][ T7002] bond0 (unregistering): Released all slaves [ 226.846843][T10479] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.855352][T10479] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.862660][T10479] bridge_slave_0: entered allmulticast mode [ 226.871000][T10479] bridge_slave_0: entered promiscuous mode [ 226.962062][T10624] FAULT_INJECTION: forcing a failure. [ 226.962062][T10624] name failslab, interval 1, probability 0, space 0, times 0 [ 226.979068][T10624] CPU: 1 UID: 0 PID: 10624 Comm: syz.1.1129 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 226.979098][T10624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 226.979110][T10624] Call Trace: [ 226.979118][T10624] [ 226.979126][T10624] dump_stack_lvl+0x189/0x250 [ 226.979162][T10624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.979190][T10624] ? __pfx__printk+0x10/0x10 [ 226.979216][T10624] ? __pfx___might_resched+0x10/0x10 [ 226.979251][T10624] should_fail_ex+0x414/0x560 [ 226.979285][T10624] ? translate_table+0x19b/0x2040 [ 226.979312][T10624] should_failslab+0xa8/0x100 [ 226.979338][T10624] __kvmalloc_node_noprof+0x168/0x5e0 [ 226.979364][T10624] ? translate_table+0x19b/0x2040 [ 226.979396][T10624] translate_table+0x19b/0x2040 [ 226.979447][T10624] ? __pfx_translate_table+0x10/0x10 [ 226.979479][T10624] ? __might_fault+0xb0/0x130 [ 226.979523][T10624] ? _copy_from_user+0x94/0xb0 [ 226.979553][T10624] do_ip6t_set_ctl+0x970/0xce0 [ 226.979590][T10624] ? rcu_is_watching+0x15/0xb0 [ 226.979619][T10624] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 226.979669][T10624] ? __pfx___mutex_lock+0x10/0x10 [ 226.979689][T10624] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 226.979707][T10624] ? aa_sk_perm+0x81e/0x950 [ 226.979741][T10624] ? __pfx_aa_sk_perm+0x10/0x10 [ 226.979777][T10624] nf_setsockopt+0x26c/0x290 [ 226.979798][T10624] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 226.979829][T10624] do_sock_setsockopt+0x257/0x3e0 [ 226.979852][T10624] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 226.979868][T10624] ? __fget_files+0x2a/0x420 [ 226.979898][T10624] ? __fget_files+0x3a0/0x420 [ 226.979921][T10624] ? __fget_files+0x2a/0x420 [ 226.979972][T10624] __x64_sys_setsockopt+0x18b/0x220 [ 226.980023][T10624] do_syscall_64+0xf6/0x210 [ 226.980045][T10624] ? clear_bhb_loop+0x45/0xa0 [ 226.980071][T10624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.980091][T10624] RIP: 0033:0x7f4465f8e969 [ 226.980108][T10624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.980126][T10624] RSP: 002b:00007f4466d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 226.980148][T10624] RAX: ffffffffffffffda RBX: 00007f44661b5fa0 RCX: 00007f4465f8e969 [ 226.980163][T10624] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 226.980175][T10624] RBP: 00007f4466d7e090 R08: 0000000000000438 R09: 0000000000000000 [ 226.980188][T10624] R10: 0000200000000a80 R11: 0000000000000246 R12: 0000000000000001 [ 226.980201][T10624] R13: 0000000000000000 R14: 00007f44661b5fa0 R15: 00007ffde8639c78 [ 226.980233][T10624] [ 227.243402][T10479] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.244003][ T5836] Bluetooth: hci0: command tx timeout [ 227.250564][T10479] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.288301][T10479] bridge_slave_1: entered allmulticast mode [ 227.333400][T10479] bridge_slave_1: entered promiscuous mode [ 227.478094][T10479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.537174][T10479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.651816][T10479] team0: Port device team_slave_0 added [ 227.718664][T10479] team0: Port device team_slave_1 added [ 228.038372][T10651] netlink: 'syz.4.1138': attribute type 21 has an invalid length. [ 228.170053][T10479] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.178871][T10665] FAULT_INJECTION: forcing a failure. [ 228.178871][T10665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.208522][T10479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.224513][T10665] CPU: 1 UID: 0 PID: 10665 Comm: syz.4.1141 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 228.224548][T10665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 228.224562][T10665] Call Trace: [ 228.224571][T10665] [ 228.224579][T10665] dump_stack_lvl+0x189/0x250 [ 228.224619][T10665] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.224649][T10665] ? __pfx__printk+0x10/0x10 [ 228.224684][T10665] should_fail_ex+0x414/0x560 [ 228.224722][T10665] _copy_to_user+0x31/0xb0 [ 228.224751][T10665] simple_read_from_buffer+0xe1/0x170 [ 228.224783][T10665] proc_fail_nth_read+0x1df/0x250 [ 228.224815][T10665] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.224847][T10665] ? rw_verify_area+0x258/0x650 [ 228.224868][T10665] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.224898][T10665] vfs_read+0x1fd/0x980 [ 228.224926][T10665] ? __pfx___mutex_lock+0x10/0x10 [ 228.224948][T10665] ? __pfx_vfs_read+0x10/0x10 [ 228.224972][T10665] ? __fget_files+0x2a/0x420 [ 228.225004][T10665] ? __fget_files+0x3a0/0x420 [ 228.225028][T10665] ? __fget_files+0x2a/0x420 [ 228.225064][T10665] ksys_read+0x145/0x250 [ 228.225090][T10665] ? __pfx_ksys_read+0x10/0x10 [ 228.225116][T10665] ? do_syscall_64+0xba/0x210 [ 228.225159][T10665] do_syscall_64+0xf6/0x210 [ 228.225180][T10665] ? clear_bhb_loop+0x45/0xa0 [ 228.225205][T10665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.225223][T10665] RIP: 0033:0x7f389d58d37c [ 228.225240][T10665] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 228.225257][T10665] RSP: 002b:00007f389e390030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 228.225278][T10665] RAX: ffffffffffffffda RBX: 00007f389d7b5fa0 RCX: 00007f389d58d37c [ 228.225292][T10665] RDX: 000000000000000f RSI: 00007f389e3900a0 RDI: 0000000000000004 [ 228.225304][T10665] RBP: 00007f389e390090 R08: 0000000000000000 R09: 0000000000000000 [ 228.225316][T10665] R10: 0000200000000a80 R11: 0000000000000246 R12: 0000000000000001 [ 228.225328][T10665] R13: 0000000000000000 R14: 00007f389d7b5fa0 R15: 00007fff6cdf2e98 [ 228.225360][T10665] [ 228.457248][T10479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.510914][ T7002] hsr_slave_0: left promiscuous mode [ 228.522161][ T7002] hsr_slave_1: left promiscuous mode [ 228.530087][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.538187][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.549193][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.557111][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.580658][T10676] rdma_rxe: rxe_newlink: failed to add lo [ 228.594257][ T7002] veth1_macvtap: left promiscuous mode [ 228.601226][ T7002] veth0_macvtap: left promiscuous mode [ 228.608269][ T7002] veth1_vlan: left promiscuous mode [ 228.618964][ T7002] veth0_vlan: left promiscuous mode [ 228.668625][T10679] NCSI netlink: No device for ifindex 0 [ 228.685564][T10679] __nla_validate_parse: 9 callbacks suppressed [ 228.685599][T10679] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1143'. [ 228.723272][ T5836] Bluetooth: hci3: command 0x041b tx timeout [ 229.092280][ T7002] team0 (unregistering): Port device team_slave_1 removed [ 229.133916][ T7002] team0 (unregistering): Port device team_slave_0 removed [ 229.283190][ T5836] Bluetooth: hci0: command tx timeout [ 229.498269][T10671] veth3: entered allmulticast mode [ 229.508561][T10479] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.516218][T10479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.542503][T10479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.579727][T10673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1143'. [ 229.841489][T10692] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1146'. [ 230.006698][T10698] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1149'. [ 230.030247][T10479] hsr_slave_0: entered promiscuous mode [ 230.038981][T10479] hsr_slave_1: entered promiscuous mode [ 230.047671][T10479] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 230.060580][T10479] Cannot create hsr debugfs directory [ 230.303810][T10710] netlink: 'syz.2.1154': attribute type 29 has an invalid length. [ 230.311921][T10710] netlink: 'syz.2.1154': attribute type 3 has an invalid length. [ 230.332424][T10710] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1154'. [ 230.793575][ T5836] Bluetooth: hci3: command 0x041b tx timeout [ 232.036687][T10427] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 232.048830][T10727] pim6reg1: entered promiscuous mode [ 232.055107][T10727] pim6reg1: entered allmulticast mode [ 232.112188][T10427] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 232.125086][T10427] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 232.151775][T10427] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 232.327709][T10739] veth0_vlan: entered allmulticast mode [ 232.416050][T10739] ÿÿÿÿÿÿ: renamed from vlan1 [ 232.478115][T10746] macsec0: entered promiscuous mode [ 232.756192][T10427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.838354][T10427] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.884218][ T5836] Bluetooth: hci3: command 0x041b tx timeout [ 232.917911][T10759] bridge0: entered allmulticast mode [ 232.977167][T10479] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 233.119062][ T7008] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.126283][ T7008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.150929][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.158134][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.201412][T10479] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 233.288989][T10479] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 233.328029][T10479] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 233.542045][T10782] pim6reg1: entered promiscuous mode [ 233.553158][T10782] pim6reg1: entered allmulticast mode [ 233.835233][T10479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.956956][ T5202] udevd[5202]: worker [6916] /devices/virtual/block/nbd1 is taking a long time [ 236.077976][T10812] wg2: entered promiscuous mode [ 236.083175][T10812] wg2: entered allmulticast mode [ 236.147921][T10479] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.197051][T10427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.218187][ T7007] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.225400][ T7007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.264400][T10875] veth1_macvtap: left promiscuous mode [ 236.269930][T10875] macsec0: entered promiscuous mode [ 236.295549][ T7007] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.302822][ T7007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.170993][T10898] wg2: entered promiscuous mode [ 238.176404][T10898] wg2: entered allmulticast mode [ 238.281400][T10427] veth0_vlan: entered promiscuous mode [ 238.419693][T10427] veth1_vlan: entered promiscuous mode [ 239.722943][T10427] veth0_macvtap: entered promiscuous mode [ 239.775751][T10924] wg2: left promiscuous mode [ 239.782233][T10924] wg2: left allmulticast mode [ 239.815391][T10427] veth1_macvtap: entered promiscuous mode [ 239.834095][T10928] wg2: entered promiscuous mode [ 239.839200][T10928] wg2: entered allmulticast mode [ 239.944158][T10427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.988725][T10427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.036288][T10427] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.055480][T10427] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.066575][T10427] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.076891][T10427] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.100320][T10479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.215798][T10941] pim6reg1: entered promiscuous mode [ 240.221993][T10941] pim6reg1: entered allmulticast mode [ 240.297032][T10479] veth0_vlan: entered promiscuous mode [ 240.362731][T10479] veth1_vlan: entered promiscuous mode [ 240.399908][ T7002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.413996][ T7002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.492039][ T7002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.513179][ T7002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.549582][T10951] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 240.620999][T10479] veth0_macvtap: entered promiscuous mode [ 240.669232][T10479] veth1_macvtap: entered promiscuous mode [ 240.738658][T10958] netlink: 'syz.4.1222': attribute type 3 has an invalid length. [ 240.747456][T10964] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1223'. [ 240.830872][T10966] bridge1: entered promiscuous mode [ 240.855004][T10966] bridge1: entered allmulticast mode [ 240.867472][T10968] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 240.876401][T10479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.926853][T10479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.942481][T10479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.979295][T10479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.003229][T10479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.029521][T10479] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.167545][ T7002] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.190861][T10479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.209131][T10479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.218037][T10479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.230358][T10479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.305024][ T7002] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.386924][ T7002] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.419119][ T6997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.440058][ T6997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.481407][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.490257][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.600957][ T7002] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.847449][ T7002] bridge_slave_1: left allmulticast mode [ 241.857281][ T7002] bridge_slave_1: left promiscuous mode [ 241.864191][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.879903][ T7002] bridge_slave_0: left allmulticast mode [ 241.887549][ T7002] bridge_slave_0: left promiscuous mode [ 241.894048][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.318106][ T7002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 242.329314][ T7002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 242.341596][ T7002] bond0 (unregistering): Released all slaves [ 242.381441][ T5142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 242.392181][ T5142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 242.402223][ T5142] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 242.414451][ T5142] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 242.422364][ T5142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 242.487906][T10983] lo speed is unknown, defaulting to 1000 [ 242.498276][T10983] lo speed is unknown, defaulting to 1000 [ 242.834765][T11001] netlink: 4800 bytes leftover after parsing attributes in process `syz.1.1229'. [ 243.331606][T11020] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1235'. [ 243.474772][T11023] netlink: 'syz.1.1237': attribute type 10 has an invalid length. [ 243.484361][T11023] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1237'. [ 243.506090][ T7002] hsr_slave_0: left promiscuous mode [ 243.525363][ T7002] hsr_slave_1: left promiscuous mode [ 243.537846][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.547062][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.556926][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.573509][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.635324][ T5142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 243.637815][ T7002] veth1_macvtap: left promiscuous mode [ 243.649186][ T7002] veth0_macvtap: left promiscuous mode [ 243.653955][ T5142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 243.655342][ T7002] veth1_vlan: left promiscuous mode [ 243.664322][ T5142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 243.671244][ T7002] veth0_vlan: left promiscuous mode [ 243.679674][ T5142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 243.688537][ T5142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 244.108734][ T7002] team0 (unregistering): Port device team_slave_1 removed [ 244.151007][ T7002] team0 (unregistering): Port device team_slave_0 removed [ 244.475763][ T5836] Bluetooth: hci0: command tx timeout [ 244.544698][T11023] dummy0: entered promiscuous mode [ 244.552489][T11023] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 244.570661][T11031] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1239'. [ 244.769260][T11029] lo speed is unknown, defaulting to 1000 [ 244.844412][T11029] lo speed is unknown, defaulting to 1000 [ 244.996237][T10983] chnl_net:caif_netlink_parms(): no params data found [ 245.183795][T11058] smc: net device bond0 applied user defined pnetid SYZ2 [ 245.209051][T11058] netlink: 'syz.2.1246': attribute type 10 has an invalid length. [ 245.282514][T11058] veth0_macvtap: left promiscuous mode [ 245.294519][T11058] team0: Device veth0_macvtap failed to register rx_handler [ 245.544528][T11080] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1252'. [ 245.563888][T11082] netlink: 'syz.1.1253': attribute type 1 has an invalid length. [ 245.573879][T11082] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1253'. [ 245.582887][T11082] netlink: 'syz.1.1253': attribute type 1 has an invalid length. [ 245.595493][T11082] netlink: 'syz.1.1253': attribute type 29 has an invalid length. [ 245.757106][ T5836] Bluetooth: hci3: command tx timeout [ 245.844494][ T7002] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.872802][T10983] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.881205][T10983] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.892093][T10983] bridge_slave_0: entered allmulticast mode [ 245.899995][T10983] bridge_slave_0: entered promiscuous mode [ 245.991290][T10983] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.009948][T10983] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.017310][T10983] bridge_slave_1: entered allmulticast mode [ 246.029171][T10983] bridge_slave_1: entered promiscuous mode [ 246.070690][ T7002] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.078627][T11105] FAULT_INJECTION: forcing a failure. [ 246.078627][T11105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.095916][T11105] CPU: 0 UID: 0 PID: 11105 Comm: syz.2.1258 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 246.095942][T11105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 246.095965][T11105] Call Trace: [ 246.095973][T11105] [ 246.095981][T11105] dump_stack_lvl+0x189/0x250 [ 246.096016][T11105] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.096043][T11105] ? __pfx__printk+0x10/0x10 [ 246.096073][T11105] should_fail_ex+0x414/0x560 [ 246.096105][T11105] _copy_to_user+0x31/0xb0 [ 246.096131][T11105] simple_read_from_buffer+0xe1/0x170 [ 246.096157][T11105] proc_fail_nth_read+0x1df/0x250 [ 246.096185][T11105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 246.096219][T11105] ? rw_verify_area+0x258/0x650 [ 246.096237][T11105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 246.096264][T11105] vfs_read+0x1fd/0x980 [ 246.096289][T11105] ? __pfx___mutex_lock+0x10/0x10 [ 246.096308][T11105] ? __pfx_vfs_read+0x10/0x10 [ 246.096364][T11105] ? __fget_files+0x2a/0x420 [ 246.096393][T11105] ? __fget_files+0x3a0/0x420 [ 246.096416][T11105] ? __fget_files+0x2a/0x420 [ 246.096449][T11105] ksys_read+0x145/0x250 [ 246.096472][T11105] ? __pfx_ksys_read+0x10/0x10 [ 246.096497][T11105] ? do_syscall_64+0xba/0x210 [ 246.096522][T11105] do_syscall_64+0xf6/0x210 [ 246.096542][T11105] ? clear_bhb_loop+0x45/0xa0 [ 246.096566][T11105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.096585][T11105] RIP: 0033:0x7f9e3b78d37c [ 246.096602][T11105] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 246.096620][T11105] RSP: 002b:00007f9e3c516030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 246.096640][T11105] RAX: ffffffffffffffda RBX: 00007f9e3b9b6080 RCX: 00007f9e3b78d37c [ 246.096654][T11105] RDX: 000000000000000f RSI: 00007f9e3c5160a0 RDI: 0000000000000006 [ 246.096666][T11105] RBP: 00007f9e3c516090 R08: 0000000000000000 R09: 0000000000000000 [ 246.096677][T11105] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.096689][T11105] R13: 0000000000000001 R14: 00007f9e3b9b6080 R15: 00007ffc43ab1808 [ 246.096721][T11105] [ 246.335489][T10983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.351649][T10983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.404766][ T7002] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.532241][ T7002] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.564534][ T5836] Bluetooth: hci0: command tx timeout [ 246.576412][T10983] team0: Port device team_slave_0 added [ 246.601307][T10983] team0: Port device team_slave_1 added [ 246.615483][T11121] xt_CT: You must specify a L4 protocol and not use inversions on it [ 246.694161][T10983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.710484][T10983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.761745][T10983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.786469][T10983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.804405][T10983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.832274][T10983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.160112][T10983] hsr_slave_0: entered promiscuous mode [ 247.167842][T10983] hsr_slave_1: entered promiscuous mode [ 247.190564][T11143] x_tables: duplicate underflow at hook 2 [ 247.241519][T11147] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1268'. [ 247.336144][ T7002] bridge_slave_1: left allmulticast mode [ 247.341932][ T7002] bridge_slave_1: left promiscuous mode [ 247.373424][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.434626][ T7002] bridge_slave_0: left allmulticast mode [ 247.440772][ T7002] bridge_slave_0: left promiscuous mode [ 247.456279][T11154] openvswitch: netlink: VXLAN extension 173 out of range max 1 [ 247.464583][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.476083][T11154] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 247.482582][T11154] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 247.833607][ T5836] Bluetooth: hci3: command tx timeout [ 247.986823][T11184] netlink: 'syz.4.1278': attribute type 11 has an invalid length. [ 248.085738][ T7002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.099611][ T7002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.110173][ T7002] bond0 (unregistering): Released all slaves [ 248.332535][T11029] chnl_net:caif_netlink_parms(): no params data found [ 248.385732][T11191] netlink: 'syz.4.1280': attribute type 32 has an invalid length. [ 248.408011][T11191] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1280'. [ 248.442027][T11191] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52) [ 248.478463][T11195] xt_bpf: check failed: parse error [ 248.643561][ T5836] Bluetooth: hci0: command tx timeout [ 248.795962][T11211] tunl0: entered promiscuous mode [ 248.804562][T11211] netlink: 'syz.1.1287': attribute type 3 has an invalid length. [ 248.812432][T11211] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1287'. [ 248.812447][T11210] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1286'. [ 249.061006][ T7002] hsr_slave_0: left promiscuous mode [ 249.068387][ T7002] hsr_slave_1: left promiscuous mode [ 249.079296][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.090318][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.099724][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.112366][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.157564][ T7002] veth1_macvtap: left promiscuous mode [ 249.163974][ T7002] veth0_macvtap: left promiscuous mode [ 249.171509][ T7002] veth1_vlan: left promiscuous mode [ 249.179871][ T7002] veth0_vlan: left promiscuous mode [ 249.660141][ T7002] team0 (unregistering): Port device team_slave_1 removed [ 249.698435][ T7002] team0 (unregistering): Port device team_slave_0 removed [ 249.924105][ T5836] Bluetooth: hci3: command tx timeout [ 250.052316][T11223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1289'. [ 250.064485][T11223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1289'. [ 250.075422][T11223] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1289'. [ 250.368596][T11029] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.385131][T11029] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.392556][T11029] bridge_slave_0: entered allmulticast mode [ 250.401828][T11029] bridge_slave_0: entered promiscuous mode [ 250.410630][T11029] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.421587][T11029] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.430669][T11029] bridge_slave_1: entered allmulticast mode [ 250.447532][T11029] bridge_slave_1: entered promiscuous mode [ 250.460284][T11251] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1294'. [ 250.463650][T11227] lo speed is unknown, defaulting to 1000 [ 250.592795][T11227] lo speed is unknown, defaulting to 1000 [ 250.641149][T11258] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 2, id = 0 [ 250.675217][T11029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.713339][ T5836] Bluetooth: hci0: command tx timeout [ 250.726144][T11029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.849440][T11029] team0: Port device team_slave_0 added [ 250.866534][T11029] team0: Port device team_slave_1 added [ 250.996468][T11029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.013606][T11029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.050774][T11272] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 251.060209][T11029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.123401][T11029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.130374][T11029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.156769][T11029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.255439][T10983] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 251.419255][T10983] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 251.480039][T11029] hsr_slave_0: entered promiscuous mode [ 251.488553][T11029] hsr_slave_1: entered promiscuous mode [ 251.494893][T11029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.502501][T11029] Cannot create hsr debugfs directory [ 251.535807][T10983] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 251.579433][T10983] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 251.728027][T11298] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 252.004147][ T5836] Bluetooth: hci3: command tx timeout [ 252.281872][T11322] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1317'. [ 252.300686][T10983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.418054][T10983] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.488733][ T7002] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.495978][ T7002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.586696][ T6998] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.593914][ T6998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.782127][T11346] netlink: 'syz.2.1323': attribute type 1 has an invalid length. [ 252.906456][T11029] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 252.976940][T11029] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 253.038422][T11029] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 253.079713][T11361] ªªªªªª: renamed from vlan0 [ 253.098859][T11029] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 253.455388][T10983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.510454][T11029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.637461][T11029] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.708448][T10983] veth0_vlan: entered promiscuous mode [ 253.756910][T10983] veth1_vlan: entered promiscuous mode [ 253.775593][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.782798][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.880071][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.887303][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.058894][T10983] veth0_macvtap: entered promiscuous mode [ 254.114375][T10983] veth1_macvtap: entered promiscuous mode [ 254.222011][T10983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.258591][T10983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.300634][T10983] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.328229][T10983] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.354391][T10983] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.383436][T10983] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.722357][T11029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.736393][T11429] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1342'. [ 254.761217][T11429] macsec0: left promiscuous mode [ 254.773301][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.781157][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.884425][ T6998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.921396][ T6998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.010833][T11029] veth0_vlan: entered promiscuous mode [ 255.108589][T11029] veth1_vlan: entered promiscuous mode [ 255.398686][T11029] veth0_macvtap: entered promiscuous mode [ 255.435122][T11029] veth1_macvtap: entered promiscuous mode [ 255.443999][T11456] tipc: Started in network mode [ 255.466474][T11456] tipc: Node identity ac14140f, cluster identity 4711 [ 255.508263][T11456] tipc: New replicast peer: 255.255.255.255 [ 255.521831][T11463] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 255.535219][T11456] tipc: Enabled bearer , priority 10 [ 255.542891][T11463] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1348'. [ 255.576503][T11460] batadv_slave_1: entered promiscuous mode [ 255.582418][T11460] batadv_slave_1: entered allmulticast mode [ 255.701790][ T7002] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.763580][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.769920][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.773980][T11029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.810251][T11029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.840021][T11029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.905703][ T7002] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.957942][T11029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.972219][T11029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.986593][T11029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.019237][ T7002] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.043827][T11029] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.052578][T11029] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.065708][T11029] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.075072][T11029] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.168321][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.181380][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.247184][ T7002] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.270194][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.292106][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.523592][ T24] tipc: Node number set to 2886997007 [ 256.568878][ T7002] bridge_slave_1: left allmulticast mode [ 256.575387][ T7002] bridge_slave_1: left promiscuous mode [ 256.581163][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.595045][ T7002] bridge_slave_0: left allmulticast mode [ 256.600773][ T7002] bridge_slave_0: left promiscuous mode [ 256.607144][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.333687][ T7002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.365319][ T7002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.386837][ T7002] bond0 (unregistering): Released all slaves [ 257.449160][ T5142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 257.466389][ T5142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 257.490914][ T5142] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 257.499575][ T5142] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 257.507402][ T5142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 257.594076][T11510] lo speed is unknown, defaulting to 1000 [ 257.601489][T11510] lo speed is unknown, defaulting to 1000 [ 257.960423][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1352'. [ 258.014440][T11529] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1352'. [ 258.168894][T11540] netlink: 'syz.1.1356': attribute type 1 has an invalid length. [ 258.282751][T11545] netlink: 'syz.4.1358': attribute type 2 has an invalid length. [ 258.731644][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 258.745558][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 258.757128][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 258.768620][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 258.781089][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 258.848753][ T7002] hsr_slave_0: left promiscuous mode [ 258.872121][ T7002] hsr_slave_1: left promiscuous mode [ 258.887701][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 258.903710][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.911951][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.920029][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.946646][ T7002] veth1_macvtap: left promiscuous mode [ 258.952315][ T7002] veth0_macvtap: left promiscuous mode [ 258.963283][ T7002] veth1_vlan: left promiscuous mode [ 258.968794][ T7002] veth0_vlan: left promiscuous mode [ 259.098105][T11590] netlink: 'syz.2.1366': attribute type 2 has an invalid length. [ 259.475845][ T7002] team0 (unregistering): Port device team_slave_1 removed [ 259.511997][ T7002] team0 (unregistering): Port device team_slave_0 removed [ 259.603530][ T5142] Bluetooth: hci0: command tx timeout [ 259.862551][T11579] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1366'. [ 260.126181][T11606] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1369'. [ 260.382260][T11618] netlink: 'syz.2.1372': attribute type 33 has an invalid length. [ 260.391820][T11618] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1372'. [ 260.445290][T11620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1372'. [ 260.885360][ T5142] Bluetooth: hci3: command tx timeout [ 261.673118][ T5142] Bluetooth: hci0: command tx timeout [ 261.718710][T11510] chnl_net:caif_netlink_parms(): no params data found [ 261.750215][T11562] lo speed is unknown, defaulting to 1000 [ 261.777894][T11562] lo speed is unknown, defaulting to 1000 [ 261.784350][T11633] nbd: must specify an index to disconnect [ 261.801554][T11633] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1376'. [ 261.814376][T11635] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1375'. [ 261.823463][T11633] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1376'. [ 261.961153][T11639] xt_socket: unknown flags 0x2 [ 262.198034][T11510] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.227049][T11510] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.244207][T11510] bridge_slave_0: entered allmulticast mode [ 262.276190][T11510] bridge_slave_0: entered promiscuous mode [ 262.300785][T11510] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.304342][T11665] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 262.324549][T11510] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.347127][T11510] bridge_slave_1: entered allmulticast mode [ 262.361199][T11510] bridge_slave_1: entered promiscuous mode [ 262.485019][T11672] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1384'. [ 262.630976][T11510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.699560][T11510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 262.954861][ T5142] Bluetooth: hci3: command tx timeout [ 263.753272][ T5142] Bluetooth: hci0: command tx timeout [ 264.135390][T11510] team0: Port device team_slave_0 added [ 264.139517][T11708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1393'. [ 264.153323][T11708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1393'. [ 264.175361][T11510] team0: Port device team_slave_1 added [ 264.208676][T11709] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1393'. [ 264.272265][ T7002] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.338246][T11708] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1393'. [ 264.359743][T11708] nbd: illegal input index -8454144 [ 264.368657][T11718] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1395'. [ 264.421416][ T7002] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.448812][T11510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 264.459626][T11510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.487014][T11510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 264.500449][T11510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 264.516328][T11510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.542320][T11510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.632491][ T7002] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.760285][T11510] hsr_slave_0: entered promiscuous mode [ 264.768584][T11510] hsr_slave_1: entered promiscuous mode [ 264.808236][ T7002] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.827899][T11728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1399'. [ 265.033417][ T5142] Bluetooth: hci3: command tx timeout [ 265.323438][T11562] chnl_net:caif_netlink_parms(): no params data found [ 265.381140][T11767] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1408'. [ 265.491744][ T7002] bridge_slave_1: left allmulticast mode [ 265.501481][ T7002] bridge_slave_1: left promiscuous mode [ 265.509735][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.522926][ T7002] bridge_slave_0: left allmulticast mode [ 265.529299][ T7002] bridge_slave_0: left promiscuous mode [ 265.540644][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.833362][ T5142] Bluetooth: hci0: command tx timeout [ 265.865288][ T7002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.879194][ T7002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.889766][ T7002] bond0 (unregistering): Released all slaves [ 266.132215][T11782] rdma_rxe: rxe_newlink: failed to add lo [ 266.215791][T11787] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1412'. [ 266.234642][T11793] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1414'. [ 266.248664][T11787] NCSI netlink: No device for ifindex 0 [ 266.256416][T11787] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1412'. [ 266.290389][T11562] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.310270][T11562] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.318236][T11562] bridge_slave_0: entered allmulticast mode [ 266.330237][T11562] bridge_slave_0: entered promiscuous mode [ 266.446689][T11562] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.456470][T11562] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.475587][T11562] bridge_slave_1: entered allmulticast mode [ 266.493912][T11562] bridge_slave_1: entered promiscuous mode [ 266.697735][T11562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.738129][T11562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.969772][T11562] team0: Port device team_slave_0 added [ 267.006232][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 267.014294][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 267.031133][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 267.039581][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 267.119452][ T5142] Bluetooth: hci3: command tx timeout [ 267.134465][T11562] team0: Port device team_slave_1 added [ 267.141385][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 267.153139][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 267.174001][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 267.181852][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 267.213872][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 267.221889][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 267.247629][ T7002] hsr_slave_0: left promiscuous mode [ 267.254617][ T7002] hsr_slave_1: left promiscuous mode [ 267.260514][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.268052][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.278478][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.286563][ T7002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.307553][ T7002] veth1_macvtap: left promiscuous mode [ 267.313236][ T7002] veth0_macvtap: left promiscuous mode [ 267.318824][ T7002] veth1_vlan: left promiscuous mode [ 267.324282][ T7002] veth0_vlan: left promiscuous mode [ 267.691995][ T7002] team0 (unregistering): Port device team_slave_1 removed [ 267.726386][ T7002] team0 (unregistering): Port device team_slave_0 removed [ 268.077537][T11825] netlink: 'syz.1.1423': attribute type 8 has an invalid length. [ 268.085521][T11825] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 268.118057][T11833] vlan0: entered promiscuous mode [ 268.123785][T11833] bridge0: entered promiscuous mode [ 268.229128][T11562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 268.240413][T11562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.302732][T11562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 268.347251][T11844] netlink: 'syz.2.1430': attribute type 10 has an invalid length. [ 268.397578][T11562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 268.409919][T11562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.441923][T11562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 268.520394][T11844] team0: Device veth0_macvtap failed to register rx_handler [ 268.539089][T11510] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 268.579997][T11562] hsr_slave_0: entered promiscuous mode [ 268.588237][T11562] hsr_slave_1: entered promiscuous mode [ 268.595086][T11562] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 268.602890][T11562] Cannot create hsr debugfs directory [ 268.612967][T11510] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 268.662047][T11510] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 268.744934][T11510] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 268.759623][T11861] netlink: 'syz.2.1437': attribute type 1 has an invalid length. [ 269.209158][T11878] __nla_validate_parse: 4 callbacks suppressed [ 269.209178][T11878] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1441'. [ 269.379138][T11510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.487747][T11510] 8021q: adding VLAN 0 to HW filter on device team0 [ 269.520116][T11885] netlink: 'syz.1.1442': attribute type 11 has an invalid length. [ 269.528868][T11885] netlink: 'syz.1.1442': attribute type 11 has an invalid length. [ 269.554289][T11885] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1442'. [ 269.586395][ T6997] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.593599][ T6997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.646485][ T6997] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.653720][ T6997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.909271][T11562] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 269.945850][T11562] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 270.017224][T11562] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 270.062688][T11562] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 270.074204][T11902] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1447'. [ 270.416296][T11562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.521071][T11920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1451'. [ 270.523512][T11562] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.565463][ T7008] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.572656][ T7008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.659861][ T7008] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.667076][ T7008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.718139][T11924] netlink: 'syz.1.1453': attribute type 1 has an invalid length. [ 270.731702][T11924] netlink: 'syz.1.1453': attribute type 2 has an invalid length. [ 270.779487][T11510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.991646][T11510] veth0_vlan: entered promiscuous mode [ 271.052021][T11510] veth1_vlan: entered promiscuous mode [ 271.194506][T11510] veth0_macvtap: entered promiscuous mode [ 271.239071][T11510] veth1_macvtap: entered promiscuous mode [ 271.375337][T11510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.467449][T11510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.522084][T11510] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.573250][T11510] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.603459][T11510] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.612228][T11510] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.625067][T11960] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1460'. [ 271.778018][T11562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.068176][ T6998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.091181][T11562] veth0_vlan: entered promiscuous mode [ 272.092341][ T6998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.178908][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1464'. [ 272.194188][T11976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1463'. [ 272.213974][T11977] syz0: rxe_newlink: already configured on lo [ 272.256690][T11562] veth1_vlan: entered promiscuous mode [ 272.272170][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1464'. [ 272.312945][T11971] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1463'. [ 272.331826][ T7002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.344970][T11974] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1464'. [ 272.354278][T11974] NCSI netlink: No device for ifindex 0 [ 272.361501][ T7002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.385815][T11562] veth0_macvtap: entered promiscuous mode [ 272.409008][T11562] veth1_macvtap: entered promiscuous mode [ 272.507286][T11562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.532462][T11562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.561771][T11562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 272.590757][T11562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.602994][T11986] validate_nla: 1 callbacks suppressed [ 272.609161][T11986] netlink: 'syz.1.1465': attribute type 5 has an invalid length. [ 272.637032][T11562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.667907][T11562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 272.730761][T11562] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.771390][T11562] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.803436][T11562] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.833332][T11562] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.215220][T12005] FAULT_INJECTION: forcing a failure. [ 273.215220][T12005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.279438][T12005] CPU: 0 UID: 0 PID: 12005 Comm: syz.1.1470 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 273.279467][T12005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 273.279479][T12005] Call Trace: [ 273.279486][T12005] [ 273.279494][T12005] dump_stack_lvl+0x189/0x250 [ 273.279524][T12005] ? __lock_acquire+0xaac/0xd20 [ 273.279552][T12005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.279578][T12005] ? __pfx__printk+0x10/0x10 [ 273.279596][T12005] ? __might_fault+0xb0/0x130 [ 273.279631][T12005] should_fail_ex+0x414/0x560 [ 273.279665][T12005] _copy_from_user+0x2d/0xb0 [ 273.279689][T12005] kstrtouint_from_user+0xc4/0x170 [ 273.279711][T12005] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 273.279747][T12005] proc_fail_nth_write+0x88/0x240 [ 273.279773][T12005] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 273.279810][T12005] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 273.279837][T12005] vfs_write+0x27b/0xa90 [ 273.279868][T12005] ? __pfx_vfs_write+0x10/0x10 [ 273.279889][T12005] ? __fget_files+0x2a/0x420 [ 273.279917][T12005] ? __fget_files+0x3a0/0x420 [ 273.279939][T12005] ? __fget_files+0x2a/0x420 [ 273.279970][T12005] ksys_write+0x145/0x250 [ 273.279994][T12005] ? __pfx_ksys_write+0x10/0x10 [ 273.280018][T12005] ? do_syscall_64+0xba/0x210 [ 273.280042][T12005] do_syscall_64+0xf6/0x210 [ 273.280060][T12005] ? clear_bhb_loop+0x45/0xa0 [ 273.280084][T12005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.280102][T12005] RIP: 0033:0x7f4465f8d41f [ 273.280118][T12005] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 273.280134][T12005] RSP: 002b:00007f4466d5d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 273.280153][T12005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4465f8d41f [ 273.280166][T12005] RDX: 0000000000000001 RSI: 00007f4466d5d0a0 RDI: 0000000000000003 [ 273.280177][T12005] RBP: 00007f4466d5d090 R08: 0000000000000000 R09: 0000000000000000 [ 273.280188][T12005] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000001 [ 273.280200][T12005] R13: 0000000000000000 R14: 00007f44661b6080 R15: 00007ffde8639c78 [ 273.280250][T12005] [ 273.516822][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.731356][ T6998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.771215][ T6998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.843884][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.887146][ T7008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.911795][ T7008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.139515][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.266328][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.533426][ T36] bridge_slave_1: left allmulticast mode [ 274.539138][ T36] bridge_slave_1: left promiscuous mode [ 274.550163][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.589471][ T36] bridge_slave_0: left allmulticast mode [ 274.598269][ T36] bridge_slave_0: left promiscuous mode [ 274.613414][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.203548][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 275.227665][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 275.236343][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 275.255680][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 275.271148][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 275.373899][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.395701][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.415810][ T36] bond0 (unregistering): Released all slaves [ 275.511146][T12037] lo speed is unknown, defaulting to 1000 [ 275.637053][T12037] lo speed is unknown, defaulting to 1000 [ 275.974516][T12057] __nla_validate_parse: 3 callbacks suppressed [ 275.974537][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1476'. [ 276.003457][T12057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1476'. [ 276.008740][T12060] netlink: 'syz.1.1477': attribute type 5 has an invalid length. [ 276.426345][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1481'. [ 276.506115][T12078] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1482'. [ 276.617288][T12084] netlink: 'syz.1.1482': attribute type 10 has an invalid length. [ 276.729418][T12084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.743611][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 276.754381][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 276.762089][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 276.770655][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 276.778418][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 276.792569][T12084] batadv0: entered allmulticast mode [ 276.843318][T12084] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 277.050423][ T36] hsr_slave_0: left promiscuous mode [ 277.068039][ T36] hsr_slave_1: left promiscuous mode [ 277.079003][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.096992][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.115022][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.129518][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.170289][ T36] veth1_macvtap: left promiscuous mode [ 277.176854][ T36] veth0_macvtap: left promiscuous mode [ 277.182520][ T36] veth1_vlan: left promiscuous mode [ 277.192067][ T36] veth0_vlan: left promiscuous mode [ 277.358690][ T5142] Bluetooth: hci0: command tx timeout [ 277.619725][T12112] netlink: 'syz.1.1489': attribute type 2 has an invalid length. [ 277.786759][T12119] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1488'. [ 277.915960][T12122] netlink: 'syz.1.1491': attribute type 4 has an invalid length. [ 278.002831][ T36] team0 (unregistering): Port device team_slave_1 removed [ 278.051825][ T36] team0 (unregistering): Port device team_slave_0 removed [ 278.705557][T12102] vlan2: entered promiscuous mode [ 278.710674][T12102] bridge0: entered promiscuous mode [ 278.831671][T12089] lo speed is unknown, defaulting to 1000 [ 278.895523][ T5142] Bluetooth: hci3: command tx timeout [ 278.936357][T12089] lo speed is unknown, defaulting to 1000 [ 279.237471][T12145] netlink: 'syz.1.1495': attribute type 3 has an invalid length. [ 279.368751][T12037] chnl_net:caif_netlink_parms(): no params data found [ 279.435828][ T5142] Bluetooth: hci0: command tx timeout [ 279.950909][T12176] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1500'. [ 280.015763][T12171] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1500'. [ 280.248058][T12037] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.279021][T12037] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.288207][T12037] bridge_slave_0: entered allmulticast mode [ 280.300666][T12037] bridge_slave_0: entered promiscuous mode [ 280.318104][T12037] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.347056][T12037] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.369101][T12037] bridge_slave_1: entered allmulticast mode [ 280.401984][T12037] bridge_slave_1: entered promiscuous mode [ 280.480742][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.612372][T12037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.660030][T12197] netem: incorrect ge model size [ 280.669587][T12197] netem: change failed [ 280.679233][T12203] xt_hashlimit: Unknown mode mask 115, kernel too old? [ 280.689287][T12200] netlink: 'syz.1.1510': attribute type 11 has an invalid length. [ 280.723825][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.749472][T12037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.914614][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.953306][ T5142] Bluetooth: hci3: command tx timeout [ 280.990238][T12037] team0: Port device team_slave_0 added [ 281.027612][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.061835][T12226] netlink: 1192 bytes leftover after parsing attributes in process `syz.4.1515'. [ 281.065604][T12224] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1515'. [ 281.088525][T12037] team0: Port device team_slave_1 added [ 281.097198][T12222] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1516'. [ 281.107117][T12222] NCSI netlink: No device for ifindex 0 [ 281.122608][T12222] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1516'. [ 281.172303][T12037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.180110][T12037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.207183][T12037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.278373][T12037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.288525][T12037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.314777][T12037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.489109][T12037] hsr_slave_0: entered promiscuous mode [ 281.504425][T12037] hsr_slave_1: entered promiscuous mode [ 281.513295][ T5142] Bluetooth: hci0: command tx timeout [ 281.659367][T12089] chnl_net:caif_netlink_parms(): no params data found [ 281.732041][ T36] bridge_slave_1: left allmulticast mode [ 281.743453][ T36] bridge_slave_1: left promiscuous mode [ 281.765978][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.814133][ T36] bridge_slave_0: left allmulticast mode [ 281.824353][ T36] bridge_slave_0: left promiscuous mode [ 281.839642][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.375320][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.388527][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.407493][ T36] bond0 (unregistering): Released all slaves [ 282.880038][T12273] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1528'. [ 283.033204][ T5142] Bluetooth: hci3: command tx timeout [ 283.092828][T12089] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.105188][T12089] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.112474][T12089] bridge_slave_0: entered allmulticast mode [ 283.121522][T12089] bridge_slave_0: entered promiscuous mode [ 283.144707][T12089] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.160910][T12089] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.175796][T12089] bridge_slave_1: entered allmulticast mode [ 283.203790][T12089] bridge_slave_1: entered promiscuous mode [ 283.561856][T12291] netlink: 'syz.4.1535': attribute type 11 has an invalid length. [ 283.593133][ T5142] Bluetooth: hci0: command tx timeout [ 283.655964][T12297] bond2: entered promiscuous mode [ 283.661035][T12297] bond2: entered allmulticast mode [ 283.674529][T12297] 8021q: adding VLAN 0 to HW filter on device bond2 [ 283.701547][T12297] bond3: entered promiscuous mode [ 283.707256][T12297] bond3: entered allmulticast mode [ 283.712710][T12297] 8021q: adding VLAN 0 to HW filter on device bond3 [ 283.736252][T12089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.749235][T12089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 283.782913][ T36] hsr_slave_0: left promiscuous mode [ 283.806777][ T36] hsr_slave_1: left promiscuous mode [ 283.812750][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.829964][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.842124][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.863112][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.890044][ T36] veth1_macvtap: left promiscuous mode [ 283.915098][ T36] veth0_macvtap: left promiscuous mode [ 283.920909][ T36] veth1_vlan: left promiscuous mode [ 283.929300][ T36] veth0_vlan: left promiscuous mode [ 284.338233][ T36] team0 (unregistering): Port device team_slave_1 removed [ 284.385912][ T36] team0 (unregistering): Port device team_slave_0 removed [ 284.754276][T12297] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 284.877235][T12309] bridge0: entered allmulticast mode [ 284.880822][T12317] netlink: 1192 bytes leftover after parsing attributes in process `syz.4.1541'. [ 284.963262][T12089] team0: Port device team_slave_0 added [ 284.976757][T12089] team0: Port device team_slave_1 added [ 284.995746][T12319] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1543'. [ 285.020400][T12319] netlink: 'syz.1.1543': attribute type 3 has an invalid length. [ 285.082337][T12322] netlink: 'syz.2.1544': attribute type 4 has an invalid length. [ 285.103802][T12322] netlink: 'syz.2.1544': attribute type 4 has an invalid length. [ 285.113441][ T5142] Bluetooth: hci3: command tx timeout [ 285.208628][T12089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.221505][T12089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.252331][T12089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.270931][T12089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.280559][T12089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.308389][T12089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.418930][T12089] hsr_slave_0: entered promiscuous mode [ 285.426047][T12089] hsr_slave_1: entered promiscuous mode [ 285.432363][T12089] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.440326][T12089] Cannot create hsr debugfs directory [ 285.539073][T12037] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 285.557710][T12037] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 285.580600][T12037] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 285.606481][T12037] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 285.872068][T12337] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1550'. [ 285.898843][T12337] FAULT_INJECTION: forcing a failure. [ 285.898843][T12337] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.914287][T12337] CPU: 0 UID: 0 PID: 12337 Comm: syz.2.1550 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 285.914318][T12337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 285.914331][T12337] Call Trace: [ 285.914339][T12337] [ 285.914347][T12337] dump_stack_lvl+0x189/0x250 [ 285.914380][T12337] ? __lock_acquire+0xaac/0xd20 [ 285.914411][T12337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.914440][T12337] ? __pfx__printk+0x10/0x10 [ 285.914460][T12337] ? __might_fault+0xb0/0x130 [ 285.914495][T12337] should_fail_ex+0x414/0x560 [ 285.914533][T12337] _copy_from_user+0x2d/0xb0 [ 285.914559][T12337] ___sys_sendmsg+0x158/0x2a0 [ 285.914584][T12337] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.914642][T12337] ? __fget_files+0x2a/0x420 [ 285.914665][T12337] ? __fget_files+0x3a0/0x420 [ 285.914700][T12337] __x64_sys_sendmsg+0x19b/0x260 [ 285.914723][T12337] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 285.914762][T12337] ? do_syscall_64+0xba/0x210 [ 285.914787][T12337] do_syscall_64+0xf6/0x210 [ 285.914808][T12337] ? clear_bhb_loop+0x45/0xa0 [ 285.914837][T12337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.914855][T12337] RIP: 0033:0x7f9e3b78e969 [ 285.914873][T12337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.914890][T12337] RSP: 002b:00007f9e3c537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.914919][T12337] RAX: ffffffffffffffda RBX: 00007f9e3b9b5fa0 RCX: 00007f9e3b78e969 [ 285.914934][T12337] RDX: 0000000000000040 RSI: 0000200000000140 RDI: 0000000000000004 [ 285.914946][T12337] RBP: 00007f9e3c537090 R08: 0000000000000000 R09: 0000000000000000 [ 285.914959][T12337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.914970][T12337] R13: 0000000000000000 R14: 00007f9e3b9b5fa0 R15: 00007ffc43ab1808 [ 285.915001][T12337] [ 285.929472][T12037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.137139][T12338] xt_CT: No such helper "netbios-ns" [ 286.235946][T12342] vlan0: entered promiscuous mode [ 286.241066][T12342] veth1_to_team: entered promiscuous mode [ 286.291952][T12037] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.324147][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.331331][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.364959][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.372141][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.567727][T12089] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 286.615130][T12089] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 286.634526][T12089] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 286.675696][T12089] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 286.735588][T12367] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1562'. [ 286.958123][T12089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.981518][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1565'. [ 287.028300][T12380] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1565'. [ 287.054675][T12380] NCSI netlink: No device for ifindex 0 [ 287.061457][T12380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1565'. [ 287.066152][T12089] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.104420][ T7004] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.111562][ T7004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.148209][ T7004] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.155466][ T7004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.194830][T12037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.377126][T12037] veth0_vlan: entered promiscuous mode [ 287.414072][T12397] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1573'. [ 287.420293][T12037] veth1_vlan: entered promiscuous mode [ 287.484717][T12404] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1575'. [ 287.515876][T12404] bridge0: left allmulticast mode [ 287.542000][T12404] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1575'. [ 287.570882][T12037] veth0_macvtap: entered promiscuous mode [ 287.599339][T12404] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1575'. [ 287.616745][T12037] veth1_macvtap: entered promiscuous mode [ 287.620502][T12404] netlink: 1192 bytes leftover after parsing attributes in process `syz.1.1575'. [ 287.676039][T12037] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.737145][T12037] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.767734][T12037] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.781868][T12037] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.792361][T12037] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.802097][T12037] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.884269][T12089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.942985][T12425] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1581'. [ 288.043527][T12426] NCSI netlink: No device for ifindex 0 [ 288.058960][T12089] veth0_vlan: entered promiscuous mode [ 288.091033][ T7007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.103276][ T7007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.195600][ T7007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.213064][ T7007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.227396][T12089] veth1_vlan: entered promiscuous mode [ 288.327566][T12089] veth0_macvtap: entered promiscuous mode [ 288.364942][T12089] veth1_macvtap: entered promiscuous mode [ 288.412608][T12089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 288.453188][T12089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.485515][T12089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.510959][T12089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 288.534959][T12089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 288.594828][T12089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.714910][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.725673][T12089] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.736070][T12089] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.744953][T12089] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.754028][T12089] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.778829][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.788838][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.844494][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.866821][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.892980][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.918130][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 288.938907][T12455] netlink: 'syz.4.1590': attribute type 4 has an invalid length. [ 289.044234][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 289.072248][ T5883] lo speed is unknown, defaulting to 1000 [ 289.090112][ T5883] syz0: Port: 1 Link DOWN [ 289.101963][T12444] netlink: 'syz.1.1586': attribute type 24 has an invalid length. [ 289.119983][ T10] lo speed is unknown, defaulting to 1000 [ 289.188688][ T7004] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.232981][ T7008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.253540][ T7008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.349084][ T7007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.360751][ T7007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.402303][ T7004] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.509102][ T7004] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.769151][ T7004] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.948819][ T7004] bridge_slave_1: left allmulticast mode [ 289.955742][ T7004] bridge_slave_1: left promiscuous mode [ 289.961506][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.971292][ T7004] bridge_slave_0: left allmulticast mode [ 289.977247][ T7004] bridge_slave_0: left promiscuous mode [ 289.982972][ T7004] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.259115][ T7004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.269755][ T7004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.281421][ T7004] bond0 (unregistering): Released all slaves [ 290.789983][ T7004] hsr_slave_0: left promiscuous mode [ 290.812621][ T7004] hsr_slave_1: left promiscuous mode [ 290.818849][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.831233][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.839407][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.847049][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.877880][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 290.878636][ T7004] veth1_macvtap: left promiscuous mode [ 290.886619][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 290.890967][ T7004] veth0_macvtap: left promiscuous mode [ 290.898600][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 290.909052][ T7004] veth1_vlan: left promiscuous mode [ 290.911698][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 290.915593][ T7004] veth0_vlan: left promiscuous mode [ 290.930835][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 291.332596][ T7004] team0 (unregistering): Port device team_slave_1 removed [ 291.370698][ T7004] team0 (unregistering): Port device team_slave_0 removed [ 291.831319][T12482] __nla_validate_parse: 6 callbacks suppressed [ 291.831340][T12482] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1597'. [ 291.900851][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 291.915093][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 291.934415][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 291.954793][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 291.967858][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 292.184495][T12465] lo speed is unknown, defaulting to 1000 [ 292.192063][T12465] lo speed is unknown, defaulting to 1000 [ 292.216858][T12483] lo speed is unknown, defaulting to 1000 [ 292.338254][T12496] gtp0: entered promiscuous mode [ 292.353695][T12496] gtp0: entered allmulticast mode [ 292.452783][T12503] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1606'. [ 292.621864][T12508] netlink: 'syz.4.1607': attribute type 11 has an invalid length. [ 292.666862][T12508] netlink: 'syz.4.1607': attribute type 11 has an invalid length. [ 292.698254][T12508] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1607'. [ 292.756823][ T7004] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.812564][T12483] lo speed is unknown, defaulting to 1000 [ 292.941332][T12510] netlink: 'syz.1.1608': attribute type 11 has an invalid length. [ 292.956457][T12510] tap0: tun_chr_ioctl cmd 1074025676 [ 292.961913][T12510] tap0: owner set to 0 [ 293.002834][ T7004] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.055976][ T5836] Bluetooth: hci0: command tx timeout [ 293.247720][ T7004] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.410143][T12517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'. [ 293.427021][ T7004] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.571983][T12524] netlink: 1192 bytes leftover after parsing attributes in process `syz.4.1613'. [ 293.901542][T12465] chnl_net:caif_netlink_parms(): no params data found [ 294.056394][T12547] sctp: [Deprecated]: syz.2.1622 (pid 12547) Use of int in maxseg socket option. [ 294.056394][T12547] Use struct sctp_assoc_value instead [ 294.071439][T12547] validate_nla: 56 callbacks suppressed [ 294.071455][T12547] netlink: 'syz.2.1622': attribute type 237 has an invalid length. [ 294.073869][ T5836] Bluetooth: hci3: command tx timeout [ 294.091519][T12553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1620'. [ 294.142422][ T7004] bridge_slave_1: left allmulticast mode [ 294.152765][ T7004] bridge_slave_1: left promiscuous mode [ 294.159153][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.179029][ T7004] bridge_slave_0: left allmulticast mode [ 294.204528][ T7004] bridge_slave_0: left promiscuous mode [ 294.211666][ T7004] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.573428][ T7004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.584581][ T7004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.595458][ T7004] bond0 (unregistering): Released all slaves [ 294.641785][T12558] vlan0: entered promiscuous mode [ 294.955488][T12465] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.963133][T12465] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.970699][T12465] bridge_slave_0: entered allmulticast mode [ 294.977927][T12465] bridge_slave_0: entered promiscuous mode [ 295.046809][T12465] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.075237][T12465] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.098256][T12465] bridge_slave_1: entered allmulticast mode [ 295.108013][T12465] bridge_slave_1: entered promiscuous mode [ 295.114132][ T5836] Bluetooth: hci0: command tx timeout [ 295.182185][T12584] bond0: (slave batadv0): Releasing backup interface [ 295.198460][T12584] batadv0: left allmulticast mode [ 295.400251][T12590] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.1635'. [ 295.480825][T12465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.539757][T12465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.623715][T12599] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1637'. [ 295.646868][ T7004] hsr_slave_0: left promiscuous mode [ 295.661365][ T7004] hsr_slave_1: left promiscuous mode [ 295.667637][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.675271][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.683972][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.706820][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.743541][ T7004] veth1_macvtap: left promiscuous mode [ 295.749381][ T7004] veth0_macvtap: left promiscuous mode [ 295.763529][ T7004] veth1_vlan: left promiscuous mode [ 295.770500][ T7004] veth0_vlan: left promiscuous mode [ 295.855860][T12613] netlink: 1192 bytes leftover after parsing attributes in process `syz.4.1642'. [ 296.154275][ T5836] Bluetooth: hci3: command tx timeout [ 296.181396][ T7004] team0 (unregistering): Port device team_slave_1 removed [ 296.221710][ T7004] team0 (unregistering): Port device team_slave_0 removed [ 296.587267][T12483] chnl_net:caif_netlink_parms(): no params data found [ 296.601364][T12605] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1640'. [ 296.734542][T12465] team0: Port device team_slave_0 added [ 296.851994][T12465] team0: Port device team_slave_1 added [ 296.931391][T12628] __nla_validate_parse: 2 callbacks suppressed [ 296.931411][T12628] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1647'. [ 297.025921][T12465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.045123][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.109906][T12465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.174411][T12639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1650'. [ 297.196181][ T5836] Bluetooth: hci0: command tx timeout [ 297.212332][T12465] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.231221][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.286519][T12465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.320087][T12483] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.335195][T12483] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.342472][T12483] bridge_slave_0: entered allmulticast mode [ 297.352336][T12483] bridge_slave_0: entered promiscuous mode [ 297.377872][T12483] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.392783][T12483] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.407116][T12483] bridge_slave_1: entered allmulticast mode [ 297.417003][T12483] bridge_slave_1: entered promiscuous mode [ 297.489385][T12483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.585007][T12465] hsr_slave_0: entered promiscuous mode [ 297.600980][T12465] hsr_slave_1: entered promiscuous mode [ 297.617742][T12483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.698473][T12650] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1653'. [ 297.722523][T12483] team0: Port device team_slave_0 added [ 297.733391][T12650] netlink: 'syz.2.1653': attribute type 6 has an invalid length. [ 297.838087][T12483] team0: Port device team_slave_1 added [ 297.933867][T12483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.941314][T12483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.967504][T12483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.989894][T12483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.998313][T12483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.024712][T12483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.122411][T12483] hsr_slave_0: entered promiscuous mode [ 298.128847][T12483] hsr_slave_1: entered promiscuous mode [ 298.135316][T12483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.142887][T12483] Cannot create hsr debugfs directory [ 298.233140][ T5836] Bluetooth: hci3: command tx timeout [ 298.427441][T12675] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1661'. [ 298.766317][T12483] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 298.791456][T12483] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 298.876595][T12483] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 298.937404][T12483] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 298.982488][T12465] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 299.028252][T12465] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 299.075091][T12465] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 299.112033][T12465] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 299.186164][T12695] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1667'. [ 299.222173][ T30] audit: type=1800 audit(1745614795.349:4): pid=12694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1669" name="hugetlb.2MB.usage_in_bytes" dev="tmpfs" ino=2546 res=0 errno=0 [ 299.293099][ T5836] Bluetooth: hci0: command tx timeout [ 299.369753][T12483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.431937][T12465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.473816][T12703] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 299.493566][T12483] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.506080][T12465] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.540332][ T7002] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.547558][ T7002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.582000][ T7008] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.589200][ T7008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.628408][ T7008] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.635684][ T7008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.657169][T12710] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1675'. [ 299.720408][ T7008] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.727649][ T7008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.743266][T12710] lo: left allmulticast mode [ 299.752649][T12710] tunl0: entered promiscuous mode [ 299.779923][T12710] gre0: entered promiscuous mode [ 299.821483][T12710] gretap0: entered promiscuous mode [ 299.857182][T12710] erspan0: entered promiscuous mode [ 299.885751][T12710] ip_vti0: entered promiscuous mode [ 299.950459][T12713] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1675'. [ 299.993135][T12713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1675'. [ 300.184598][T12728] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1680'. [ 300.205077][T12732] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1681'. [ 300.313883][ T5836] Bluetooth: hci3: command tx timeout [ 300.366989][T12745] sctp: [Deprecated]: syz.2.1683 (pid 12745) Use of int in max_burst socket option. [ 300.366989][T12745] Use struct sctp_assoc_value instead [ 300.442882][T12752] vlan1: entered promiscuous mode [ 300.448464][T12752] bridge0: entered promiscuous mode [ 300.514132][T12465] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.537923][T12483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.651764][T12758] Bluetooth: MGMT ver 1.23 [ 300.725253][T12483] veth0_vlan: entered promiscuous mode [ 300.742345][T12465] veth0_vlan: entered promiscuous mode [ 300.781137][T12465] veth1_vlan: entered promiscuous mode [ 300.790863][T12483] veth1_vlan: entered promiscuous mode [ 300.859350][T12465] veth0_macvtap: entered promiscuous mode [ 300.888714][T12465] veth1_macvtap: entered promiscuous mode [ 300.911741][T12483] veth0_macvtap: entered promiscuous mode [ 300.942351][T12483] veth1_macvtap: entered promiscuous mode [ 300.961892][T12465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.978435][T12465] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.015745][T12465] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.025535][T12465] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.035646][T12465] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.046665][T12465] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.066848][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.082957][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.098979][T12483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.158507][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 301.188351][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.209633][T12483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.239580][T12483] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.249130][T12483] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.262881][T12483] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.272707][T12483] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.346267][T12786] netlink: 'syz.1.1697': attribute type 20 has an invalid length. [ 301.362779][ T7002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.379463][ T7002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.471209][ T7002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.487746][ T7002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.506946][ T6997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.527952][ T6997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.596488][ T3427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.611555][ T3427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.853638][T12802] syz_tun: left allmulticast mode [ 301.868787][T12802] pimreg: left allmulticast mode [ 301.942026][T12806] __nla_validate_parse: 4 callbacks suppressed [ 301.942045][T12806] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1704'. [ 301.971440][T12806] tipc: Enabling of bearer rejected, failed to enable media [ 301.982887][T12808] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1705'. [ 302.023846][T12808] netlink: 1192 bytes leftover after parsing attributes in process `syz.1.1705'. [ 302.158432][T12820] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1708'. [ 302.258887][ T7004] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.332521][T12824] syzkaller0: entered allmulticast mode [ 302.549149][ T7004] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.740221][ T7004] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.901444][ T7004] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.918491][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 302.930202][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 302.940958][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 302.950065][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 302.959266][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 303.004425][T12827] lo speed is unknown, defaulting to 1000 [ 303.011471][T12827] lo speed is unknown, defaulting to 1000 [ 303.185413][ T7004] bridge_slave_1: left allmulticast mode [ 303.191111][ T7004] bridge_slave_1: left promiscuous mode [ 303.208651][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.222853][ T7004] bridge_slave_0: left allmulticast mode [ 303.229239][ T7004] bridge_slave_0: left promiscuous mode [ 303.239237][ T7004] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.547662][ T7004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.559039][ T7004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.568977][ T7004] bond0 (unregistering): Released all slaves [ 303.998263][T12843] netlink: 'syz.1.1715': attribute type 20 has an invalid length. [ 304.014075][ T5142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 304.029905][ T5142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 304.038188][ T5142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 304.048069][ T5142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 304.053537][T12849] netlink: 'syz.2.1714': attribute type 1 has an invalid length. [ 304.060197][ T5142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 304.070544][T12849] netlink: 'syz.2.1714': attribute type 2 has an invalid length. [ 304.114324][T12848] bond_slave_0: left allmulticast mode [ 304.178887][T12827] chnl_net:caif_netlink_parms(): no params data found [ 304.210611][T12845] lo speed is unknown, defaulting to 1000 [ 304.268768][T12845] lo speed is unknown, defaulting to 1000 [ 304.561993][ T7004] hsr_slave_0: left promiscuous mode [ 304.572667][ T7004] hsr_slave_1: left promiscuous mode [ 304.584763][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.592208][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.614110][ T7004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.621563][ T7004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.673987][ T7004] veth1_macvtap: left promiscuous mode [ 304.679583][ T7004] veth0_macvtap: left promiscuous mode [ 304.703332][ T7004] veth1_vlan: left promiscuous mode [ 304.708711][ T7004] veth0_vlan: left promiscuous mode [ 305.040277][ T5836] Bluetooth: hci0: command tx timeout [ 305.295321][ T7004] team0 (unregistering): Port device team_slave_1 removed [ 305.329845][ T7004] team0 (unregistering): Port device team_slave_0 removed [ 305.678869][T12827] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.686269][T12827] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.695582][T12827] bridge_slave_0: entered allmulticast mode [ 305.703968][T12827] bridge_slave_0: entered promiscuous mode [ 305.711694][T12866] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1720'. [ 305.737580][T12827] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.753477][T12827] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.773817][T12827] bridge_slave_1: entered allmulticast mode [ 305.781593][T12827] bridge_slave_1: entered promiscuous mode [ 305.935889][T12827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.964289][T12827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.122792][T12827] team0: Port device team_slave_0 added [ 306.136631][T12827] team0: Port device team_slave_1 added [ 306.153805][ T5836] Bluetooth: hci3: command tx timeout [ 306.199937][T12897] FAULT_INJECTION: forcing a failure. [ 306.199937][T12897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.232113][T12899] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1729'. [ 306.247077][T12897] CPU: 1 UID: 0 PID: 12897 Comm: syz.2.1730 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 306.247105][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 306.247119][T12897] Call Trace: [ 306.247130][T12897] [ 306.247138][T12897] dump_stack_lvl+0x189/0x250 [ 306.247167][T12897] ? __lock_acquire+0xaac/0xd20 [ 306.247195][T12897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.247220][T12897] ? __pfx__printk+0x10/0x10 [ 306.247238][T12897] ? __might_fault+0xb0/0x130 [ 306.247270][T12897] should_fail_ex+0x414/0x560 [ 306.247303][T12897] _copy_from_iter+0x1db/0x15a0 [ 306.247330][T12897] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 306.247350][T12897] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 306.247374][T12897] ? __pfx__copy_from_iter+0x10/0x10 [ 306.247395][T12897] ? __build_skb_around+0x257/0x3e0 [ 306.247415][T12897] ? netlink_sendmsg+0x642/0xb30 [ 306.247440][T12897] ? skb_put+0x11b/0x210 [ 306.247471][T12897] netlink_sendmsg+0x6b2/0xb30 [ 306.247511][T12897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.247539][T12897] ? aa_sock_msg_perm+0x94/0x160 [ 306.247557][T12897] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 306.247576][T12897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.247602][T12897] __sock_sendmsg+0x219/0x270 [ 306.247628][T12897] ____sys_sendmsg+0x505/0x830 [ 306.247670][T12897] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.247698][T12897] ? import_iovec+0x74/0xa0 [ 306.247724][T12897] ___sys_sendmsg+0x21f/0x2a0 [ 306.247745][T12897] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.247799][T12897] ? __fget_files+0x2a/0x420 [ 306.247822][T12897] ? __fget_files+0x3a0/0x420 [ 306.247855][T12897] __x64_sys_sendmsg+0x19b/0x260 [ 306.247876][T12897] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 306.247911][T12897] ? do_syscall_64+0xba/0x210 [ 306.247934][T12897] do_syscall_64+0xf6/0x210 [ 306.247952][T12897] ? clear_bhb_loop+0x45/0xa0 [ 306.247974][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.247992][T12897] RIP: 0033:0x7f9e3b78e969 [ 306.248009][T12897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.248024][T12897] RSP: 002b:00007f9e3c537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 306.248043][T12897] RAX: ffffffffffffffda RBX: 00007f9e3b9b5fa0 RCX: 00007f9e3b78e969 [ 306.248056][T12897] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 0000000000000003 [ 306.248067][T12897] RBP: 00007f9e3c537090 R08: 0000000000000000 R09: 0000000000000000 [ 306.248077][T12897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.248088][T12897] R13: 0000000000000000 R14: 00007f9e3b9b5fa0 R15: 00007ffc43ab1808 [ 306.248116][T12897] [ 306.249358][T12827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.263840][T12899] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1729'. [ 306.283551][T12901] netlink: 'syz.4.1731': attribute type 20 has an invalid length. [ 306.454804][T12827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.569507][T12827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.662530][T12827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.683279][T12827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.709941][T12827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.725860][T12910] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1733'. [ 306.819590][T12827] hsr_slave_0: entered promiscuous mode [ 306.832767][T12827] hsr_slave_1: entered promiscuous mode [ 307.007231][T12845] chnl_net:caif_netlink_parms(): no params data found [ 307.061397][ T7004] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.113617][ T5836] Bluetooth: hci0: command tx timeout [ 307.245743][ T7004] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.264229][T12929] netlink: 1192 bytes leftover after parsing attributes in process `syz.1.1740'. [ 307.276291][T12926] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1740'. [ 307.442790][T12939] syz.1.1743: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 307.488259][ T7004] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.501187][T12939] CPU: 0 UID: 0 PID: 12939 Comm: syz.1.1743 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 307.501217][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 307.501231][T12939] Call Trace: [ 307.501239][T12939] [ 307.501249][T12939] dump_stack_lvl+0x189/0x250 [ 307.501285][T12939] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 307.501313][T12939] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.501337][T12939] ? __pfx__printk+0x10/0x10 [ 307.501352][T12939] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 307.501378][T12939] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 307.501409][T12939] warn_alloc+0x214/0x310 [ 307.501431][T12939] ? __pfx___schedule+0x10/0x10 [ 307.501456][T12939] ? __pfx_warn_alloc+0x10/0x10 [ 307.501477][T12939] ? kasan_save_track+0x4f/0x80 [ 307.501494][T12939] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 307.501512][T12939] ? xskq_create+0x56/0x170 [ 307.501536][T12939] ? __x64_sys_setsockopt+0x18b/0x220 [ 307.501550][T12939] ? do_syscall_64+0xf6/0x210 [ 307.501585][T12939] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.501608][T12939] __vmalloc_node_range_noprof+0x125/0x12c0 [ 307.501657][T12939] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 307.501677][T12939] ? xskq_create+0x56/0x170 [ 307.501700][T12939] ? __kasan_kmalloc+0x93/0xb0 [ 307.501721][T12939] vmalloc_user_noprof+0x74/0x80 [ 307.501742][T12939] ? xskq_create+0xbf/0x170 [ 307.501763][T12939] xskq_create+0xbf/0x170 [ 307.501788][T12939] xsk_init_queue+0xb0/0x110 [ 307.501811][T12939] xsk_setsockopt+0x43f/0x710 [ 307.501835][T12939] ? __pfx_xsk_setsockopt+0x10/0x10 [ 307.501864][T12939] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 307.501879][T12939] ? __pfx_xsk_setsockopt+0x10/0x10 [ 307.501904][T12939] do_sock_setsockopt+0x257/0x3e0 [ 307.501928][T12939] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 307.501945][T12939] ? __fget_files+0x2a/0x420 [ 307.501975][T12939] ? __fget_files+0x3a0/0x420 [ 307.502001][T12939] ? __fget_files+0x2a/0x420 [ 307.502026][T12939] __x64_sys_setsockopt+0x18b/0x220 [ 307.502045][T12939] do_syscall_64+0xf6/0x210 [ 307.502060][T12939] ? clear_bhb_loop+0x45/0xa0 [ 307.502078][T12939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.502092][T12939] RIP: 0033:0x7f4465f8e969 [ 307.502105][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.502118][T12939] RSP: 002b:00007f4466d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 307.502133][T12939] RAX: ffffffffffffffda RBX: 00007f44661b5fa0 RCX: 00007f4465f8e969 [ 307.502144][T12939] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 307.502152][T12939] RBP: 00007f4466010ab1 R08: 0000000000000004 R09: 0000000000000000 [ 307.502161][T12939] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.502170][T12939] R13: 0000000000000000 R14: 00007f44661b5fa0 R15: 00007ffde8639c78 [ 307.502192][T12939] [ 307.502206][T12939] Mem-Info: [ 307.594916][ T31] INFO: task udevd:6916 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 307.594939][ T31] Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 [ 307.594953][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 307.594965][ T31] task:udevd state:D stack:23528 pid:6916 tgid:6916 ppid:5202 task_flags:0x400140 flags:0x00004002 [ 307.595025][ T31] Call Trace: [ 307.595034][ T31] [ 307.595049][ T31] __schedule+0x16e2/0x4cd0 [ 307.595086][ T31] ? blk_mq_flush_plug_list+0x10e/0x1760 [ 307.595117][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 307.595148][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 307.595172][ T31] ? schedule+0x165/0x360 [ 307.602890][T12939] active_anon:4503 inactive_anon:0 isolated_anon:0 [ 307.602890][T12939] active_file:1393 inactive_file:38443 isolated_file:0 [ 307.602890][T12939] unevictable:768 dirty:182 writeback:0 [ 307.602890][T12939] slab_reclaimable:10968 slab_unreclaimable:101752 [ 307.602890][T12939] mapped:28729 shmem:1438 pagetables:808 [ 307.602890][T12939] sec_pagetables:0 bounce:0 [ 307.602890][T12939] kernel_misc_reclaimable:0 [ 307.602890][T12939] free:1350144 free_pcp:358 free_cma:0 [ 307.624144][ T31] ? __pfx___schedule+0x10/0x10 [ 307.624206][ T31] ? schedule+0x91/0x360 [ 307.629468][T12939] Node 0 active_anon:18012kB inactive_anon:0kB active_file:5572kB inactive_file:153700kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114916kB dirty:728kB writeback:0kB shmem:4216kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11764kB pagetables:3232kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 307.648524][ T31] schedule+0x165/0x360 [ 307.652270][T12939] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 307.656849][ T31] schedule_timeout+0x12b/0x270 [ 307.662102][T12939] Node 0 [ 307.667649][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 307.675980][T12939] DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 307.684155][ T31] ? __pfx_process_timeout+0x10/0x10 [ 307.688435][T12939] lowmem_reserve[]: [ 307.692851][ T31] ? prepare_to_wait_event+0x437/0x480 [ 307.701394][T12939] 0 [ 307.702873][ T31] nbd_queue_rq+0x662/0xf10 [ 307.707612][T12939] 2504 [ 307.712043][ T31] ? __pfx_nbd_queue_rq+0x10/0x10 [ 307.712081][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 307.718339][T12939] 2504 [ 307.727691][ T31] ? __lock_acquire+0xaac/0xd20 [ 307.747709][T12939] 2504 [ 307.751071][ T31] blk_mq_dispatch_rq_list+0xa60/0x19b0 [ 307.759170][T12939] 2504 [ 307.759192][T12939] Node 0 DMA32 free:1468496kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:18004kB inactive_anon:0kB active_file:5572kB inactive_file:153608kB unevictable:1536kB writepending:724kB present:3129332kB managed:2564200kB mlocked:0kB bounce:0kB free_pcp:1428kB local_pcp:840kB free_cma:0kB [ 307.759255][T12939] lowmem_reserve[]: 0 0 0 0 0 [ 307.759300][T12939] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:4kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 307.783709][ T31] ? sbitmap_get+0x229/0x390 [ 307.797399][T12939] lowmem_reserve[]: [ 307.806202][ T31] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 307.817125][T12939] 0 [ 307.822112][ T31] ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0 [ 307.883570][T12939] 0 [ 307.961391][ T31] __blk_mq_sched_dispatch_requests+0xdb2/0x15a0 [ 308.061792][T12939] 0 [ 308.091682][ T31] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 308.190798][T12939] 0 0 [ 308.197875][T12939] Node 1 Normal free:3916720kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 308.227013][ T31] ? __lock_acquire+0xaac/0xd20 [ 308.231926][ T31] ? blk_mq_run_hw_queue+0x31f/0x4f0 [ 308.236009][T12939] lowmem_reserve[]: 0 0 0 0 0 [ 308.237397][ T5836] Bluetooth: hci3: command tx timeout [ 308.247319][T12939] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB [ 308.247836][ T31] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 308.247848][T12939] 0*512kB [ 308.255529][T12939] 1*1024kB [ 308.261750][ T31] ? blk_mq_run_hw_queue+0x31f/0x4f0 [ 308.269018][T12939] (U) [ 308.272945][ T31] blk_mq_run_hw_queue+0x348/0x4f0 [ 308.275785][T12939] 1*2048kB [ 308.280766][ T31] blk_mq_flush_plug_list+0xff9/0x1760 [ 308.289425][ T31] ? trace_block_plug+0x7a/0x1f0 [ 308.289987][T12939] (M) [ 308.294410][ T31] ? blk_mq_flush_plug_list+0xb20/0x1760 [ 308.294441][ T31] ? blk_mq_submit_bio+0xd78/0x2240 [ 308.308102][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 308.312381][T12939] 3*4096kB [ 308.314042][ T31] ? blk_mq_submit_bio+0x44e/0x2240 [ 308.314076][ T31] __blk_flush_plug+0x3d3/0x4b0 [ 308.314107][ T31] ? __pfx___blk_flush_plug+0x10/0x10 [ 308.314141][ T31] __submit_bio+0x2d3/0x5a0 [ 308.314165][ T31] ? ktime_get+0x3e/0x1f0 [ 308.314185][ T31] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 308.314208][ T31] ? __pfx___submit_bio+0x10/0x10 [ 308.314252][ T31] ? bio_associate_blkg+0x6d/0x230 [ 308.314283][ T31] submit_bio_noacct_nocheck+0x4b1/0xb50 [ 308.327488][T12939] (M) [ 308.332837][ T31] ? bio_associate_blkg+0x6d/0x230 [ 308.348328][T12939] = 15360kB [ 308.348345][T12939] Node 0 DMA32: 68*4kB [ 308.353414][ T31] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 308.353452][ T31] ? submit_bio_noacct+0xd65/0x1a70 [ 308.353491][ T31] block_read_full_folio+0x7b7/0x830 [ 308.353529][ T31] ? __pfx_blkdev_get_block+0x10/0x10 [ 308.353562][ T31] filemap_read_folio+0x114/0x380 [ 308.353586][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 308.353614][ T31] ? __pfx_filemap_read_folio+0x10/0x10 [ 308.353647][ T31] do_read_cache_folio+0x354/0x590 [ 308.353672][ T31] ? __pfx_blkdev_read_folio+0x10/0x10 [ 308.358768][T12939] (UME) [ 308.364434][ T31] read_part_sector+0xb6/0x270 [ 308.371565][T12939] 599*8kB [ 308.372203][ T31] adfspart_check_ICS+0xa4/0xa50 [ 308.375345][T12939] (UME) [ 308.379484][ T31] ? snprintf+0xda/0x120 [ 308.390874][T12939] 314*16kB [ 308.396734][ T31] ? policy_nodemask+0x27c/0x720 [ 308.409766][T12939] (UME) [ 308.412438][ T31] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 308.418003][T12939] 492*32kB (UME) 980*64kB (UME) 561*128kB (UM) 386*256kB (UM) 253*512kB (UME) 124*1024kB (UME) [ 308.423333][ T31] ? set_page_refcounted+0xa0/0x1e0 [ 308.423373][ T31] bdev_disk_changed+0x75c/0x14b0 [ 308.423423][ T31] ? __pfx_bdev_disk_changed+0x10/0x10 [ 308.423450][ T31] ? wait_on_inode+0xc0/0x230 [ 308.423487][ T31] blkdev_get_whole+0x380/0x510 [ 308.423517][ T31] bdev_open+0x31e/0xd30 [ 308.423550][ T31] blkdev_open+0x3a3/0x500 [ 308.429066][T12939] 16*2048kB [ 308.431852][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 308.436642][T12939] (UME) [ 308.444515][ T31] do_dentry_open+0xdf0/0x1970 [ 308.445235][T12939] 225*4096kB [ 308.447464][ T31] vfs_open+0x3b/0x340 [ 308.451656][T12939] (M) [ 308.468178][ T31] ? path_openat+0x2ecd/0x3830 [ 308.468212][ T31] path_openat+0x2ee5/0x3830 [ 308.468231][ T31] ? arch_stack_walk+0xfc/0x150 [ 308.483103][T12939] = 1470056kB [ 308.498886][ T31] ? __pfx_path_openat+0x10/0x10 [ 308.499620][T12939] Node 0 [ 308.504450][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.504496][ T31] do_filp_open+0x1fa/0x410 [ 308.509599][T12939] Normal: [ 308.518988][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 308.521425][T12939] 0*4kB [ 308.524266][ T31] ? _raw_spin_unlock+0x28/0x50 [ 308.528995][T12939] 0*8kB [ 308.532273][ T31] ? alloc_fd+0x64c/0x6c0 [ 308.540566][T12939] 0*16kB [ 308.544209][ T31] do_sys_openat2+0x121/0x1c0 [ 308.549128][T12939] 0*32kB [ 308.558218][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 308.562440][T12939] 0*64kB [ 308.565435][ T31] __x64_sys_openat+0x138/0x170 [ 308.571395][T12939] 0*128kB [ 308.576107][ T31] do_syscall_64+0xf6/0x210 [ 308.583149][T12939] 0*256kB [ 308.584028][ T31] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 308.586793][T12939] 0*512kB [ 308.591622][ T31] ? clear_bhb_loop+0x45/0xa0 [ 308.598715][T12939] 0*1024kB [ 308.598830][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.601733][T12939] 0*2048kB [ 308.614830][ T31] RIP: 0033:0x7f8b1c9169a4 [ 308.614853][ T31] RSP: 002b:00007ffc34deb980 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 308.614876][ T31] RAX: ffffffffffffffda RBX: 000055f0ddedce80 RCX: 00007f8b1c9169a4 [ 308.614891][ T31] RDX: 00000000000a0800 RSI: 000055f0ddedbda0 RDI: 00000000ffffff9c [ 308.614906][ T31] RBP: 000055f0ddedbda0 R08: 0000000000000001 R09: 7fffffffffffffff [ 308.622967][T12939] 0*4096kB [ 308.637610][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800 [ 308.639217][T12939] = 0kB [ 308.642174][ T31] R13: 000055f0ddec7ce0 R14: 0000000000000001 R15: 000055f0ddebc910 [ 308.646877][T12939] Node 1 Normal: 210*4kB (UE) 61*8kB [ 308.650415][ T31] [ 308.661267][T12939] (UME) [ 308.664376][ T31] [ 308.664376][ T31] Showing all locks held in the system: [ 308.672641][T12939] 30*16kB [ 308.688768][ T31] 1 lock held by khungtaskd/31: [ 308.688787][ T31] #0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 308.688880][ T31] 3 locks held by kworker/u8:8/3427: [ 308.688892][ T31] #0: ffff88801a089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 308.729169][T12939] (UME) [ 308.742090][ T31] #1: [ 308.746061][T12939] 185*32kB [ 308.778924][ T31] ffffc9000c4d7c60 ( [ 308.782070][T12939] (UME) 90*64kB (UME) 26*128kB (UME) 16*256kB (UM) 9*512kB (UME) 4*1024kB (UM) 4*2048kB (U) 947*4096kB (M) = 3916720kB [ 308.787050][ T31] (linkwatch_work).work [ 308.799224][T12939] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 308.799245][T12939] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 308.799261][T12939] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 308.799277][T12939] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 308.799293][T12939] 41276 total pagecache pages [ 308.799311][T12939] 0 pages in swap cache [ 308.799319][T12939] Free swap = 124996kB [ 308.799327][T12939] Total swap = 124996kB [ 308.799337][T12939] 2097051 pages RAM [ 308.799344][T12939] 0 pages HighMem/MovableOnly [ 308.799353][T12939] 424343 pages reserved [ 308.799360][T12939] 0 pages cma reserved [ 308.876192][ T31] ){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 308.883438][ T31] #2: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 308.892462][ T31] 2 locks held by getty/5588: [ 308.897347][ T31] #0: ffff888034fea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 308.907158][ T31] #1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 308.917320][ T31] 3 locks held by udevd/6916: [ 308.922005][ T31] #0: ffff888024954358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 308.931257][ T31] #1: ffff88801f39df10 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x31f/0x4f0 [ 308.940794][ T31] #2: ffff888024ea0178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc8/0xf10 [ 308.949706][ T31] 6 locks held by kworker/u8:15/7004: [ 308.955426][ T31] #0: ffff88801aef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 308.966418][ T31] #1: ffffc9000c3ffc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 308.977061][ T31] #2: ffffffff8f2e6310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x145/0xbd0 [ 308.986525][ T31] #3: ffff8880617590e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 308.996601][ T31] #4: ffff888061758250 (&devlink->lock_key#24){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 309.007725][ T31] #5: ffffffff8df41200 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 309.017692][ T31] 7 locks held by syz-executor/12827: [ 309.023136][ T31] #0: ffff888034f12420 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 309.032035][ T31] #1: ffff888034538488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 309.041899][ T31] #2: ffff888026ce1b48 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 309.051980][ T31] #3: ffffffff8eb93f68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 309.062526][ T31] #4: ffff888061fff0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 [ 309.073195][ T31] #5: ffff888061da7250 (&devlink->lock_key#25){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 [ 309.083398][ T31] #6: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 309.092854][ T31] 3 locks held by syz-executor/12845: [ 309.098283][ T31] #0: ffffffff8ea8db60 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 309.107876][ T31] #1: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 309.117154][ T31] #2: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f4/0x730 [ 309.128088][ T31] 1 lock held by syz.4.1741/12927: [ 309.133218][ T31] #0: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 309.142303][ T31] 1 lock held by syz.4.1741/12930: [ 309.147433][ T31] #0: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x323/0x1b50 [ 309.156721][ T31] 1 lock held by syz.1.1743/12939: [ 309.162054][ T31] #0: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730 [ 309.173061][ T31] 2 locks held by syz.2.1745/12943: [ 309.178263][ T31] #0: ffffffff8f3573b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 309.186473][ T31] #1: ffffffff8f2f2e48 (rtnl_mutex){+.+.}-{4:4}, at: ethnl_default_doit+0x4f5/0xe90 [ 309.196120][ T5836] Bluetooth: hci0: command tx timeout [ 309.201615][ T31] [ 309.210801][ T31] ============================================= [ 309.210801][ T31] [ 309.219370][ T31] NMI backtrace for cpu 1 [ 309.219384][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 309.219403][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 309.219412][ T31] Call Trace: [ 309.219418][ T31] [ 309.219425][ T31] dump_stack_lvl+0x189/0x250 [ 309.219452][ T31] ? __wake_up_klogd+0xd9/0x110 [ 309.219476][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.219501][ T31] ? __pfx__printk+0x10/0x10 [ 309.219531][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 309.219560][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 309.219581][ T31] ? _printk+0xcf/0x120 [ 309.219602][ T31] ? __pfx__printk+0x10/0x10 [ 309.219621][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 309.219641][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 309.219668][ T31] watchdog+0xfee/0x1030 [ 309.219692][ T31] ? watchdog+0x1de/0x1030 [ 309.219721][ T31] kthread+0x70e/0x8a0 [ 309.219745][ T31] ? __pfx_watchdog+0x10/0x10 [ 309.219766][ T31] ? __pfx_kthread+0x10/0x10 [ 309.219787][ T31] ? __pfx_kthread+0x10/0x10 [ 309.219807][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 309.219833][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.219860][ T31] ? __pfx_kthread+0x10/0x10 [ 309.219880][ T31] ret_from_fork+0x4b/0x80 [ 309.219897][ T31] ? __pfx_kthread+0x10/0x10 [ 309.219917][ T31] ret_from_fork_asm+0x1a/0x30 [ 309.219949][ T31] [ 309.219956][ T31] Sending NMI from CPU 1 to CPUs 0: [ 309.367890][ C0] NMI backtrace for cpu 0 [ 309.367907][ C0] CPU: 0 UID: 0 PID: 7007 Comm: kworker/u8:18 Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 309.367927][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 309.367937][ C0] Workqueue: bat_events batadv_nc_worker [ 309.367964][ C0] RIP: 0010:__kasan_check_byte+0x2d/0x40 [ 309.367985][ C0] Code: 00 41 56 53 48 89 f3 49 89 fe e8 1e 12 00 00 84 c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 89 c3 e8 b6 03 00 00 89 d8 5b <41> 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 [ 309.368000][ C0] RSP: 0018:ffffc9000f167960 EFLAGS: 00000202 [ 309.368013][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 61a86ed6bd65cc00 [ 309.368023][ C0] RDX: 0000000000000000 RSI: ffffffff8b57c996 RDI: 1ffff1100613a37b [ 309.368034][ C0] RBP: ffffffff8b23ab67 R08: 0000000000000001 R09: 0000000000000000 [ 309.368044][ C0] R10: dffffc0000000000 R11: fffffbfff1efd7ef R12: 0000000000000000 [ 309.368055][ C0] R13: ffff8880309d1bd8 R14: ffff8880309d1bd8 R15: 0000000000000001 [ 309.368066][ C0] FS: 0000000000000000(0000) GS:ffff8881260cf000(0000) knlGS:0000000000000000 [ 309.368079][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 309.368089][ C0] CR2: 0000558f0189d088 CR3: 000000000dd36000 CR4: 00000000003526f0 [ 309.368103][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 309.368112][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 309.368121][ C0] Call Trace: [ 309.368128][ C0] [ 309.368136][ C0] lock_acquire+0x8d/0x360 [ 309.368158][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 309.368182][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 309.368208][ C0] ? batadv_nc_purge_paths+0xe7/0x3b0 [ 309.368230][ C0] _raw_spin_lock_bh+0x36/0x50 [ 309.368251][ C0] ? batadv_nc_purge_paths+0xe7/0x3b0 [ 309.368272][ C0] ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10 [ 309.368296][ C0] batadv_nc_purge_paths+0xe7/0x3b0 [ 309.368325][ C0] batadv_nc_worker+0x369/0x610 [ 309.368347][ C0] ? process_scheduled_works+0x9ec/0x17a0 [ 309.368371][ C0] process_scheduled_works+0xadb/0x17a0 [ 309.368413][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 309.368445][ C0] worker_thread+0x8a0/0xda0 [ 309.368472][ C0] kthread+0x70e/0x8a0 [ 309.368490][ C0] ? __pfx_worker_thread+0x10/0x10 [ 309.368503][ C0] ? __pfx_kthread+0x10/0x10 [ 309.368521][ C0] ? __pfx_kthread+0x10/0x10 [ 309.368537][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 309.368558][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.368582][ C0] ? __pfx_kthread+0x10/0x10 [ 309.368597][ C0] ret_from_fork+0x4b/0x80 [ 309.368612][ C0] ? __pfx_kthread+0x10/0x10 [ 309.368628][ C0] ret_from_fork_asm+0x1a/0x30 [ 309.368651][ C0] [ 309.369309][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 309.644712][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00099-g49ba1ca2e0cc #0 PREEMPT(full) [ 309.656514][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 309.666568][ T31] Call Trace: [ 309.669850][ T31] [ 309.672785][ T31] dump_stack_lvl+0x99/0x250 [ 309.677393][ T31] ? __asan_memcpy+0x40/0x70 [ 309.681987][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.687204][ T31] ? __pfx__printk+0x10/0x10 [ 309.691810][ T31] panic+0x2db/0x790 [ 309.695721][ T31] ? __pfx_panic+0x10/0x10 [ 309.700144][ T31] ? tick_nohz_tick_stopped+0x86/0xb0 [ 309.705534][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 309.710913][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 309.717080][ T31] watchdog+0x102d/0x1030 [ 309.721423][ T31] ? watchdog+0x1de/0x1030 [ 309.725862][ T31] kthread+0x70e/0x8a0 [ 309.729933][ T31] ? __pfx_watchdog+0x10/0x10 [ 309.734615][ T31] ? __pfx_kthread+0x10/0x10 [ 309.739211][ T31] ? __pfx_kthread+0x10/0x10 [ 309.743807][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 309.749011][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.754232][ T31] ? __pfx_kthread+0x10/0x10 [ 309.758841][ T31] ret_from_fork+0x4b/0x80 [ 309.763275][ T31] ? __pfx_kthread+0x10/0x10 [ 309.767879][ T31] ret_from_fork_asm+0x1a/0x30 [ 309.772661][ T31] [ 309.776010][ T31] Kernel Offset: disabled [ 309.780340][ T31] Rebooting in 86400 seconds..