last executing test programs: 1m2.888978284s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 53.102194865s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 43.102496745s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 33.273651687s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 20.685703169s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 11.089293652s ago: executing program 3 (id=1151): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x325) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60cc67ce", 0xf}], 0x2}}, {{&(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x10) 6.303960922s ago: executing program 2 (id=3216): socketpair$unix(0x2, 0x2, 0x11, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), 0x20000000}, 0x20) 6.234052654s ago: executing program 2 (id=3218): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000b80)="3f4cf8b8e4", 0x5}], 0x1, 0x0, 0x0, 0x50}, 0x0) recvmsg$unix(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8452c0a74589b730) sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x804) recvmsg$unix(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x40000062) 6.032223497s ago: executing program 2 (id=3220): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000520000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.85997865s ago: executing program 2 (id=3223): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000b00000000000000000c85000000a800000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r4, r3, 0x2, 0x6, 0x4000, @void, @value}, 0x10) 5.732021531s ago: executing program 2 (id=3226): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000711207000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 5.570853053s ago: executing program 2 (id=3230): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="b4000000000000007910300000000000730a00ff000000009500740000000000c4b285bc2e09cc2a5266b4550845eceb4f589b"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 4.824095201s ago: executing program 4 (id=3237): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, @void, @value, @void, @value}, 0x50) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='mm_page_alloc\x00', r0}, 0x54) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000000c0)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) 4.636110831s ago: executing program 4 (id=3241): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.535855458s ago: executing program 0 (id=3243): bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, 0x0, &(0x7f0000014ff5)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 4.423945401s ago: executing program 4 (id=3245): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20) 4.341246984s ago: executing program 0 (id=3247): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000001158000000000000800000850000006d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 4.276044629s ago: executing program 4 (id=3248): close(0x3) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) 4.260957133s ago: executing program 4 (id=3249): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36) 4.201376261s ago: executing program 0 (id=3250): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000046d100180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000008208500000072000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 4.014347605s ago: executing program 1 (id=3252): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_int(r2, &(0x7f0000000340)=0xfffffffffffffff3, 0x12) write$cgroup_subtree(r2, 0x0, 0x5) 4.014165622s ago: executing program 0 (id=3253): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000180), &(0x7f00000002c0)=r1}, 0x20) 3.961656702s ago: executing program 0 (id=3254): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) 3.961532922s ago: executing program 1 (id=3255): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x8, &(0x7f0000000540)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000000000008500000090000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.871591738s ago: executing program 1 (id=3256): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xb, 0x0, 0x0) 3.772445635s ago: executing program 1 (id=3257): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100001f79a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df719af36349f298129da4871307b534bf901115e17392ac66ad022186a8929d1c000006146001e04aeacea799a22a2fa030000c412f6cae80043eb27d53319d0ad229e5752548300000000dbc2777df150dd488318b5790bee7e6c8bd03acdd77b85b941092314fd085f028f4e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b217369ca8b6712f000000001b1df65b3e1b9bf115646914ce53d13d0ccacda1ef16fdcceaede3faedc51d29a47fc813ce3d32cfc7a53ac271d6d6f4ea6bf97f2f1be2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de7940b0000db8db03d4b7745fef1d04ec633dee254a6d491b8496da787e814c4fdf0b4a387b4c8149d18c1020029a18986252a70f8f92eb6f0e8c7db000068fbaa2e2a27efd9104297f2c58159f02d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa909ac06b57479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0ef94234db1f00000000000000c20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b35f421c3552772ca7f3e2c25a65f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41aad8bda74d66f47cc17d8ba3eec0fd80f82c5f573c6d294d366505000000da0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da323947004cacadcaff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389469608241730459f012b060e7d23fd39206000000000000eb55d001623258a141bd587cc9dad46de56ef907b059b99a79ae5498f6589880ed6eea7b9c670012f80cd6a1397953ba5870786554df26236ebced9390cb6941b8365d936a7d2120eca291963eb2d537d87cbb54e588ee5d6944ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a0aa9a104e16b3b8c6e64836ac3f32f53c9a2bae513464ca03aff14b9fd8cd9539f5096412b92012e095b84c202060098df3314f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c363000000000223201780200c6ed7966130b547dbf8b497af0a77f52f2cd39000000200000e81c23cf14156951210001c800000000001500000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921e0128dfd70b438af60b060000000000000056642b49b745f3bf2c01808b6d7d748308eea09f0161b4735efbf3411738d6ee7aebf9ef40662d7836d252c566e1ee938a9a6804ed3a1079b0282a12043408cd60b9e53978c81839be0000000000456f7d2a42cb13da2022f23eaec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea394cd8ffd3d628293e591dc6f71c2710a7ea8a4fdc214e1cc275b26adfa892e6de9200000000e50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e014df20fa209bcbb5c252b11a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447dc0fc9d5f99a145dfcedad69da9cd4b75c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d583f436137a3c5dc714c9402c21d181aae59efb28d4f91652f6750b9195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa80900000000b6638c420eb4304f66e3a37aaf000000c42a570f0e9d76fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284df80e4636c25b96174327d82761c26e329555f9290af40000000000000100000fd3763655500344bae34347f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419a5c16e2055b85058099448430587a49bed2ee9647c5d3bbb47bc00edf5e9020c09ab004321610b857e8717974b633b21cb32f0e03280e09758bd445ab91d201782d656ab09f508bbbaca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92b32af00f191b66b6a6f732a91f0a2e9120be61e58c79d497247d278888901d44bf77e8246605a644e9e3d769db497c3960df05caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f3101985602688888ccb85c87b4f8ffffff7f000000002c331fca0e541b7ca2119ff0d61c5224550346115b43f8b1894c8fa8a14dc4810f61ae01000000000000000000000102000000000000000000000027c9585c0cead5d619d18475ccde2857279a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77a23b0000e49666c464d35ca9b50f3ed3e535b3da8c17a23692759ccf5a205311b7d122532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952b3d42c68a3102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e8918a0d6e2949affcacb5ba0a56aa063b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9448a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4cfb0b9c8c80158b44ecae9420654f7016b0aac117087406d343e27b372d6027ab2aec2bcad7fe6bb932bc5751d2974e95455a277fa3b472bc7bbdd2ac5a1ea608e8137ace03361607cc1a84be659355629ab13ad49008c3fcfa2423439a3607961d5b59da48a0155e8e42cc13c702cc40c99cf86c2021d72f9f4ab1b00de555a5a39593c93871ff7eb5ecadb64837a2d88723ef65aa5152e3d5864e57581b61f2b0960600000000000000265f091e7bce17d20604c5ab751773a5cf8a719a7ada06ed03832bf274707c7c970edc20f4a1eaa3b610450d2025cae6d2cb639ecd58709b05a20097208d03f7a146a6901913618738679d4e0af53eae997eecfa0dc3dcec19d3d9205450765d659220c92701ee75c8710470d9eb6f62c5c721883f1544ba66271c8dab05a933746c16b6e93294b561c6715a32a394ed1e6c01670c931bfa52c58c6f34d64e758a7a7f7d33c49336d4cba2cbb170ad7539a45774dfcc55257215c8ae719dc1c232fc6699ef01005887d04a543030b4328ab48744ac23ff56fd2da52eb9fb2eefcdd2d92d73ac1b111ea8b5e1fec36a3579879acfe366d393f1fa9cbe08d9ba57a443643e9cd251dc88e91a5e458e66ea1e822d55d4dd919a95eb4c25a08cb6e1070000003a0fd07a4ad9df240e00006aaa2db0dfe416146840d88bd08365e547c970e2983200703864a3b9e1682cb479dad6d34d211b05267eb1355520e9ec0c5014b0832f7fb35782fdbfcbf5e23a7f5d51ea480371748d18d8e10608ab8261fe058d1732f28814a9981d84a04a2bb36c89bdd245e3293a14df1ac567301a79514f103abd387d6ef2d9d94508ac0f6135c8921279573eefd5d4e33b9ef585980789a94d9848906f545559d30000b5040f0776703363249ca984cbb09752f099efbb9e7362e4999594c1086d8958e9469db01d85fb0b9b3148663e9ea2e755d96c70e540b4200e4cf82986712dd733b26d00e947d03c42215118426d548cb2077b43b89e4163d260faea1db53e2cf3427c90aefa2662a1c2b28b0e020e872bda1d39da508de5dbc37d03ee056b2579a1d16799589a2600000000aa00006c94bcaf115fbbcb216e3cb7fd9afe16d1fff2d047e508aa5f6de0ea4e9ec1b3a4ab1f8b5f312fc50000000000000000000000000042709db6de7e969ac0ce18b47280fb1b1b1531648122fed3e25edecb5200f5000000000000166f7d36b2966c19af7ffa6afa69e50821c9aa3ae60fbc196cf8ad2f7f86d79db1bb0ecbf9c3d0d3d407574def838e4def26ed9c7e6c69858f7813be8ffc565583663bebfe7485660b67e1436cbc6d4d3c48ab7b033d7d1195173edb16643f69cb779802839d490a4df94e5ea89c192af2ae83876edd59c9a7140e12ba591f073ec604f7e8f1e100cd414e9237ecfc052d9a73a868cd0e4b06da0435af72fb0d25657e8f5464b19fa83f977e6900000000367871fa37420e7a232ef9b440bb0639994c655d144c5786939d6a187b8182ddd2bec36cd28371b1754cb6c53697fb23576ee0d3fd0a5803c9be9fe384f1a7a9a8eb64d17d238fa3238a001aa8ed040a69e9ec0a627e3b3ca64d4680d819c14c71684581000000000000000000000000000000000000c6a6587715865fe14558960bc936bc83abd1f2a00b17a407457681d0760000000000000040000000000000000000004faeabea6de40ae30291662594c993099ef041c264a64d77d69e0cdfa620a191704cef91e269044acf752b55690075fa844de65a099200265e13c2a8f9b717886dea8e79407e34bc268a17965033ca1d000000000000000046595642f9fc008875ddb7aebda7a16b1d20dd8b65bcdac8cdc75a173fd2e57a9c37bf5a52ea001ec981dd7ad4e5944575ced39233ada8f3c1b856644812828bb79536a5188d14fe537250dc107121534cbbc7598f48aa2335616ae8eb72acf6982048e568e37f1f58e9714343587734c7ec0fa5c44d13165d6384bf9500757b4b0275950d6e7c451eef3fd353d47c54c4c2cf7318e6c24583ba0966225284d1abac80786519c563ddf0e6c023d537ca6e0d6d4e072c98f45415d13f0dcea174f162ebd00b42264f6fa3dccd09f4101dd254e54423b30e06713eccfacb6ffb38afff920980af938a4d78f4b9a6b5c7424e91121cda789104ee490d25843f1622bba93257cc23e45cd7ed42abdb991d51804e674e507dfd53b5ab6944df33f4f494b9ae0d2de410539828e82a939ad82b385e66809d7d4d3630b6f22c2f41fdaa0fadeea09fa4f7005813643c2d6307d55689faf6f656327ac5872a3bd4c11363909a8b9f30e5401993a0f6e1a9b42287542647d1e86b02b7e36319414629ac1f35572a9cc1e98ce1457f922da0c2de76c9e97944efad0a3ad78cda81c5b82709d696e85bbf4595ef9664a6aff8cf96446cb6c26595f4eb659d26c846471f6551dbb24fc6c03a01e33efcd5939472b687d31be9bd9bd1bcda45bd2236f06c000000007d348ebcb9d810d4dc3c55bbe4055ce9c45267daeec7a7d8b498f56ee933cc02fb53c2c28fa09ce5ada5687889357599971a8c794f8ce23c1f7add4f65280ab446ea2d130000000000000000000000d1a0313ff63bc4e4463688db1d6ac7f4595a02c89349a973f118d936f33ea18e69d7739f4532e1b8580ef125b47cf5b402b6f2beffed6cc9afe2b548c4dbc78363118818d9473f29d52444685c41620eeaeb1f8786e87aeaf287fb9b63b30e6761507503dcd47b64f0b6157d970a989844f9b7dbe83211cd7999c82bd151bee0c67f3e6642ef1772d759df9ec9b4197383f9a66217e180e434e650dd560aa3ed42acddd44d6f45807a3c63e15929cfbebc7eef1a219d3147a6c06bd974168ac689392fa851ebdf524ca2331148ff7e855cccc106074ca92153734d5c5e3f9efc6592b08e0c07c7b5d42ec71484bb2a4c0f4293138369f39f9fa4a9cc607b42ba6102f918ce4e76d66fba450e94849962fae5059bda419fd2a170ea387c10a4ada5893f38486069ef1bfdbb432ab322ce87d7a94fa967135833157bafbed3b48bb267fc3aa56d1e5b66417a673b40884fc91ec9558eab6a08222dfe37767095b2d94cda881290d6017137595cdd53972353f485adfde8015cac0e1acd64ca97d67023f75a54b1ebe55053652ad16292a15e79dc58ba080f795f1a753d1c5c85475e286c548da6f669e5c34afc272e5a32f27264d9210acec3b65a264fd5e85d5f44979431eab3fcd8d33d5476e070d2e20e6156ad9c964ebbfe7d9096461b72530295b3603bf85b0c8f9921e9ca95d744bf5c03d60f7364f3fd9d98f7acc80cabd02d061818d028056c68805ee4783aa4b90d39e9b29085429de28c615668e4b4f4dd77b3a55a8058b99f3adff03294e01da549dd64cacd59382466e562a3f67ef5d042426659574ed041bc19ed625b7c0633154a290f69437f43065795d3ae5b11ee8e935b9969f5291a32ce3adca268162efcee3898e823affe0f50f7efe763d47288004a2b310e2a79115160b8e0e09067f26a7653a3a0886691fe44a307f8f344eb9512b632bc132c26220ec86dbf788f4fadd493c37e38f782fc1c0e64f7d3e6a04aa1918796fa53353ab58cfc4505147ed35624871b085e507c90b991a675bf2b6393a732f4a69c3859dbeca89140ba5b3f47d457877d327fa9b936"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffff1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="d510c490f913672b5ae413000500", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 127.78734ms ago: executing program 0 (id=3258): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000800)=@framed={{}, [@generic={0x3, 0x8, 0x2, 0x81, 0x3}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff21, &(0x7f0000000200)}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x88402, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f0000001a80)='%pB \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 127.64894ms ago: executing program 1 (id=3259): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x27, &(0x7f00000001c0)=@framed={{}, [@tail_call, @ldst={0x3, 0x1, 0x4, 0x9, 0x0, 0x4, 0x10}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0xdf1, 0x0, 0x0, 0x0, 0x78}, @call={0x85, 0x0, 0x0, 0x33}, @btf_id, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xa}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x30}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xd}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @alu={0x4, 0x0, 0xa, 0x7, 0x7, 0x0, 0xfffffffffffffff0}, @ldst={0x2, 0x0, 0x1, 0x8, 0x7, 0xffffffffffffffe0, 0x4}, @jmp={0x5, 0x1, 0x9, 0x7, 0xa, 0xb0, 0xfffffffffffffff0}, @ldst={0x3, 0x0, 0x6, 0x8, 0x3, 0x4, 0xffffffffffffffff}]}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) 59.535155ms ago: executing program 1 (id=3260): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x500, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 0s ago: executing program 4 (id=3261): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000b700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): h: 249 > 1 [ 294.252937][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 294.275031][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 294.290641][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 294.340387][ T5849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 294.353318][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 294.363056][ T12] bridge_slave_1: left allmulticast mode [ 294.363381][T13191] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2458'. [ 294.375179][ T12] bridge_slave_1: left promiscuous mode [ 294.396884][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.481207][ T12] bridge_slave_0: left allmulticast mode [ 294.487322][ T12] bridge_slave_0: left promiscuous mode [ 294.493175][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.579257][T13200] netlink: 'syz.1.2460': attribute type 1 has an invalid length. [ 294.595086][T13200] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2460'. [ 294.954285][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.965390][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.976772][ T12] bond0 (unregistering): Released all slaves [ 294.995624][T13186] lo speed is unknown, defaulting to 1000 [ 295.020642][T13203] veth11: entered allmulticast mode [ 295.035655][T13207] netlink: 'syz.2.2464': attribute type 7 has an invalid length. [ 295.046713][T13208] netlink: 'syz.2.2464': attribute type 7 has an invalid length. [ 295.070533][T13186] vxcan1 speed is unknown, defaulting to 1000 [ 295.323264][T13224] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 295.360157][T13225] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 295.559690][T13233] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2472'. [ 295.833435][T13247] netlink: 'syz.1.2474': attribute type 2 has an invalid length. [ 295.841638][T13247] netlink: 'syz.1.2474': attribute type 8 has an invalid length. [ 295.849591][T13247] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2474'. [ 295.973040][ T12] hsr_slave_0: left promiscuous mode [ 295.980076][ T12] hsr_slave_1: left promiscuous mode [ 295.986847][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.994300][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.003745][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.012015][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.036084][ T12] veth1_macvtap: left promiscuous mode [ 296.041926][ T12] veth0_macvtap: left promiscuous mode [ 296.052131][ T12] veth1_vlan: left promiscuous mode [ 296.062237][ T12] veth0_vlan: left promiscuous mode [ 296.516635][ T5849] Bluetooth: hci4: command tx timeout [ 296.579088][ T12] team0 (unregistering): Port device team_slave_1 removed [ 296.641789][ T12] team0 (unregistering): Port device team_slave_0 removed [ 297.198798][T13186] chnl_net:caif_netlink_parms(): no params data found [ 297.415720][T13280] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2483'. [ 297.477683][T13284] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2485'. [ 297.564737][T13186] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.575520][T13186] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.606830][T13186] bridge_slave_0: entered allmulticast mode [ 297.632923][T13186] bridge_slave_0: entered promiscuous mode [ 297.667312][T13186] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.674947][T13186] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.683852][T13186] bridge_slave_1: entered allmulticast mode [ 297.697922][T13186] bridge_slave_1: entered promiscuous mode [ 297.738600][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2488'. [ 297.755421][T13292] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2488'. [ 297.774072][T13292] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2488'. [ 297.774392][T13289] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2486'. [ 297.804366][T13289] netlink: 'syz.4.2486': attribute type 1 has an invalid length. [ 297.807533][T13296] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 297.848825][T13186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.875229][T13186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.981067][T13186] team0: Port device team_slave_0 added [ 298.000962][T13186] team0: Port device team_slave_1 added [ 298.072771][T13309] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2492'. [ 298.128075][T13186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.135040][T13186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.196680][T13186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.218785][T13318] veth1_macvtap: left promiscuous mode [ 298.224310][T13318] macsec0: entered allmulticast mode [ 298.298690][T13186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.306324][T13186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.332925][T13186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.344742][T13318] veth1_macvtap: entered promiscuous mode [ 298.351130][T13318] veth1_macvtap: entered allmulticast mode [ 298.357702][T13318] macsec0: left allmulticast mode [ 298.362905][T13318] veth1_macvtap: left allmulticast mode [ 298.562565][T13186] hsr_slave_0: entered promiscuous mode [ 298.578344][T13186] hsr_slave_1: entered promiscuous mode [ 298.589003][ T5849] Bluetooth: hci4: command tx timeout [ 298.597577][T13186] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.605524][T13186] Cannot create hsr debugfs directory [ 298.793760][T13346] FAULT_INJECTION: forcing a failure. [ 298.793760][T13346] name failslab, interval 1, probability 0, space 0, times 0 [ 298.817397][T13346] CPU: 0 UID: 0 PID: 13346 Comm: syz.4.2506 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 298.828224][T13346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 298.838298][T13346] Call Trace: [ 298.841572][T13346] [ 298.844497][T13346] dump_stack_lvl+0x241/0x360 [ 298.849200][T13346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.854431][T13346] ? __pfx__printk+0x10/0x10 [ 298.859064][T13346] should_fail_ex+0x3b0/0x4e0 [ 298.863780][T13346] should_failslab+0xac/0x100 [ 298.868486][T13346] ? skb_clone+0x20c/0x390 [ 298.872931][T13346] kmem_cache_alloc_noprof+0x70/0x380 [ 298.878345][T13346] skb_clone+0x20c/0x390 [ 298.882621][T13346] __netlink_deliver_tap+0x3cc/0x7f0 [ 298.887950][T13346] ? netlink_deliver_tap+0x2e/0x1b0 [ 298.893186][T13346] netlink_deliver_tap+0x19d/0x1b0 [ 298.898336][T13346] netlink_unicast+0x7c4/0x990 [ 298.903147][T13346] ? __pfx_netlink_unicast+0x10/0x10 [ 298.908458][T13346] ? __virt_addr_valid+0x183/0x530 [ 298.913597][T13346] ? __check_object_size+0x48e/0x900 [ 298.918924][T13346] netlink_sendmsg+0x8e4/0xcb0 [ 298.923736][T13346] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.929057][T13346] ? aa_sock_msg_perm+0x91/0x160 [ 298.934026][T13346] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.939332][T13346] __sock_sendmsg+0x221/0x270 [ 298.944009][T13346] ____sys_sendmsg+0x52a/0x7e0 [ 298.948781][T13346] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.954060][T13346] ? __fget_files+0x2a/0x410 [ 298.958648][T13346] ? __sys_sendmmsg+0x392/0x720 [ 298.963493][T13346] ? __might_fault+0xaa/0x120 [ 298.968198][T13346] __sys_sendmmsg+0x36a/0x720 [ 298.972904][T13346] ? __pfx___sys_sendmmsg+0x10/0x10 [ 298.978134][T13346] ? __pfx_lock_release+0x10/0x10 [ 298.983166][T13346] ? kstrtouint_from_user+0x128/0x190 [ 298.988553][T13346] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 298.994449][T13346] ? ksys_write+0x22a/0x2b0 [ 298.998987][T13346] ? __pfx_lock_release+0x10/0x10 [ 299.004113][T13346] ? vfs_write+0x730/0xd30 [ 299.008552][T13346] ? __mutex_unlock_slowpath+0x21e/0x790 [ 299.014238][T13346] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 299.020243][T13346] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 299.026582][T13346] ? do_syscall_64+0x100/0x230 [ 299.031367][T13346] __x64_sys_sendmmsg+0xa0/0xb0 [ 299.036234][T13346] do_syscall_64+0xf3/0x230 [ 299.040757][T13346] ? clear_bhb_loop+0x35/0x90 [ 299.045454][T13346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.051355][T13346] RIP: 0033:0x7fb72317ff19 [ 299.055769][T13346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.075389][T13346] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 299.083843][T13346] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 299.091850][T13346] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 299.099858][T13346] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 299.107865][T13346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 299.115874][T13346] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 299.123902][T13346] [ 299.243385][T13363] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2511'. [ 299.606033][T13376] delete_channel: no stack [ 299.695558][T13186] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 299.723676][T13186] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 299.752701][T13186] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 299.798978][T13186] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 299.904604][T13396] netlink: 'syz.2.2521': attribute type 4 has an invalid length. [ 299.947643][T13186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.000338][T13186] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.011442][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.018646][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.043406][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.050587][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.355732][T13186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.418723][T13414] netlink: 'syz.0.2526': attribute type 2 has an invalid length. [ 300.423095][T13186] veth0_vlan: entered promiscuous mode [ 300.440603][T13414] netlink: 'syz.0.2526': attribute type 8 has an invalid length. [ 300.444859][T13186] veth1_vlan: entered promiscuous mode [ 300.495578][T13186] veth0_macvtap: entered promiscuous mode [ 300.520572][T13186] veth1_macvtap: entered promiscuous mode [ 300.552095][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.586942][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.616444][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.646752][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.662232][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.680760][ T5849] Bluetooth: hci4: command tx timeout [ 300.692551][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.692824][T13427] __nla_validate_parse: 3 callbacks suppressed [ 300.692840][T13427] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.2530'. [ 300.709871][T13186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.732260][T13423] batadv1: entered allmulticast mode [ 300.747284][T13427] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 300.752275][T13428] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.2530'. [ 300.767249][T13428] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 300.790124][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.804521][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.816403][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.830258][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.844615][T13186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.855296][T13186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.877233][T13186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.886988][T13427] netlink: 'syz.4.2530': attribute type 1 has an invalid length. [ 300.894982][T13427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2530'. [ 300.911255][T13430] FAULT_INJECTION: forcing a failure. [ 300.911255][T13430] name failslab, interval 1, probability 0, space 0, times 0 [ 300.933612][T13430] CPU: 0 UID: 0 PID: 13430 Comm: syz.0.2532 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 300.944434][T13430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 300.954518][T13430] Call Trace: [ 300.957866][T13430] [ 300.960817][T13430] dump_stack_lvl+0x241/0x360 [ 300.965495][T13430] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.970692][T13430] ? __pfx__printk+0x10/0x10 [ 300.975277][T13430] ? __kmalloc_cache_noprof+0x48/0x390 [ 300.980739][T13430] ? __pfx___might_resched+0x10/0x10 [ 300.986014][T13430] ? __asan_memset+0x23/0x50 [ 300.990610][T13430] should_fail_ex+0x3b0/0x4e0 [ 300.995299][T13430] should_failslab+0xac/0x100 [ 300.999972][T13430] __kmalloc_cache_noprof+0x70/0x390 [ 301.005250][T13430] ? cls_bpf_init+0x50/0x130 [ 301.009854][T13430] ? __pfx_cls_bpf_classify+0x10/0x10 [ 301.015252][T13430] cls_bpf_init+0x50/0x130 [ 301.019693][T13430] ? __pfx_cls_bpf_classify+0x10/0x10 [ 301.025087][T13430] tcf_proto_create+0x1df/0x2b0 [ 301.029977][T13430] tc_new_tfilter+0x1652/0x1af0 [ 301.034852][T13430] ? __pfx_tc_new_tfilter+0x10/0x10 [ 301.040061][T13430] ? rcu_read_unlock+0x87/0xa0 [ 301.044825][T13430] ? __dev_queue_xmit+0x1775/0x3f50 [ 301.050036][T13430] ? __pfx_tc_new_tfilter+0x10/0x10 [ 301.055235][T13430] rtnetlink_rcv_msg+0x791/0xcf0 [ 301.060171][T13430] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 301.065287][T13430] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 301.070762][T13430] ? ref_tracker_free+0x643/0x7e0 [ 301.075792][T13430] netlink_rcv_skb+0x1e3/0x430 [ 301.080558][T13430] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 301.086016][T13430] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 301.091315][T13430] ? netlink_deliver_tap+0x2e/0x1b0 [ 301.096524][T13430] netlink_unicast+0x7f6/0x990 [ 301.101325][T13430] ? __pfx_netlink_unicast+0x10/0x10 [ 301.106633][T13430] ? __virt_addr_valid+0x183/0x530 [ 301.111761][T13430] ? __check_object_size+0x48e/0x900 [ 301.117059][T13430] netlink_sendmsg+0x8e4/0xcb0 [ 301.121831][T13430] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.127118][T13430] ? aa_sock_msg_perm+0x91/0x160 [ 301.132063][T13430] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.137346][T13430] __sock_sendmsg+0x221/0x270 [ 301.142053][T13430] ____sys_sendmsg+0x52a/0x7e0 [ 301.146823][T13430] ? __pfx_____sys_sendmsg+0x10/0x10 [ 301.152107][T13430] ? __fget_files+0x2a/0x410 [ 301.156701][T13430] ? __sys_sendmmsg+0x392/0x720 [ 301.161568][T13430] ? __might_fault+0xaa/0x120 [ 301.166254][T13430] __sys_sendmmsg+0x36a/0x720 [ 301.170952][T13430] ? __pfx___sys_sendmmsg+0x10/0x10 [ 301.176170][T13430] ? __pfx_lock_release+0x10/0x10 [ 301.181195][T13430] ? kstrtouint_from_user+0x128/0x190 [ 301.186587][T13430] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 301.192485][T13430] ? ksys_write+0x22a/0x2b0 [ 301.196989][T13430] ? __pfx_lock_release+0x10/0x10 [ 301.202029][T13430] ? vfs_write+0x730/0xd30 [ 301.206454][T13430] ? __mutex_unlock_slowpath+0x21e/0x790 [ 301.212111][T13430] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 301.218095][T13430] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 301.224454][T13430] ? do_syscall_64+0x100/0x230 [ 301.229241][T13430] __x64_sys_sendmmsg+0xa0/0xb0 [ 301.234108][T13430] do_syscall_64+0xf3/0x230 [ 301.238616][T13430] ? clear_bhb_loop+0x35/0x90 [ 301.243298][T13430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.249207][T13430] RIP: 0033:0x7f801677ff19 [ 301.253621][T13430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.273226][T13430] RSP: 002b:00007f801754b058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 301.281641][T13430] RAX: ffffffffffffffda RBX: 00007f8016945fa0 RCX: 00007f801677ff19 [ 301.289640][T13430] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 301.297728][T13430] RBP: 00007f801754b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 301.305703][T13430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 301.313674][T13430] R13: 0000000000000000 R14: 00007f8016945fa0 R15: 00007ffd5a2ccd78 [ 301.321662][T13430] [ 301.451358][T13186] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.476741][T13186] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.485496][T13186] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.497057][T13186] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.715907][T13452] IPv6: NLM_F_CREATE should be specified when creating new route [ 301.774877][ T9934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.799600][ T9934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.801444][T13456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2541'. [ 301.860027][ T9916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.872465][ T9916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.975704][T13463] FAULT_INJECTION: forcing a failure. [ 301.975704][T13463] name failslab, interval 1, probability 0, space 0, times 0 [ 301.997391][T13463] CPU: 0 UID: 0 PID: 13463 Comm: syz.2.2544 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 302.008218][T13463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 302.018398][T13463] Call Trace: [ 302.021697][T13463] [ 302.024644][T13463] dump_stack_lvl+0x241/0x360 [ 302.029359][T13463] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.034594][T13463] ? __pfx__printk+0x10/0x10 [ 302.039223][T13463] ? ref_tracker_alloc+0x332/0x490 [ 302.044371][T13463] should_fail_ex+0x3b0/0x4e0 [ 302.049077][T13463] should_failslab+0xac/0x100 [ 302.053794][T13463] ? skb_clone+0x20c/0x390 [ 302.058240][T13463] kmem_cache_alloc_noprof+0x70/0x380 [ 302.063650][T13463] skb_clone+0x20c/0x390 [ 302.067926][T13463] __netlink_deliver_tap+0x3cc/0x7f0 [ 302.073252][T13463] ? netlink_deliver_tap+0x2e/0x1b0 [ 302.078476][T13463] netlink_deliver_tap+0x19d/0x1b0 [ 302.083625][T13463] netlink_sendskb+0x68/0x140 [ 302.088345][T13463] netlink_unicast+0x39d/0x990 [ 302.093155][T13463] ? __pfx_netlink_unicast+0x10/0x10 [ 302.098561][T13463] netlink_rcv_skb+0x262/0x430 [ 302.103332][T13463] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 302.108798][T13463] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 302.114190][T13463] ? netlink_deliver_tap+0x2e/0x1b0 [ 302.119390][T13463] netlink_unicast+0x7f6/0x990 [ 302.124210][T13463] ? __pfx_netlink_unicast+0x10/0x10 [ 302.129521][T13463] ? __virt_addr_valid+0x183/0x530 [ 302.134643][T13463] ? __check_object_size+0x48e/0x900 [ 302.140023][T13463] netlink_sendmsg+0x8e4/0xcb0 [ 302.144799][T13463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.150102][T13463] ? aa_sock_msg_perm+0x91/0x160 [ 302.155049][T13463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.160335][T13463] __sock_sendmsg+0x221/0x270 [ 302.165024][T13463] ____sys_sendmsg+0x52a/0x7e0 [ 302.169802][T13463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.175109][T13463] ? __fget_files+0x2a/0x410 [ 302.179713][T13463] ? __sys_sendmmsg+0x392/0x720 [ 302.184566][T13463] ? __might_fault+0xaa/0x120 [ 302.189271][T13463] __sys_sendmmsg+0x36a/0x720 [ 302.193962][T13463] ? __pfx___sys_sendmmsg+0x10/0x10 [ 302.199178][T13463] ? __pfx_lock_release+0x10/0x10 [ 302.204221][T13463] ? kstrtouint_from_user+0x128/0x190 [ 302.209616][T13463] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 302.215517][T13463] ? ksys_write+0x22a/0x2b0 [ 302.220023][T13463] ? __pfx_lock_release+0x10/0x10 [ 302.225057][T13463] ? vfs_write+0x730/0xd30 [ 302.229481][T13463] ? __mutex_unlock_slowpath+0x21e/0x790 [ 302.235136][T13463] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 302.241126][T13463] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.247458][T13463] ? do_syscall_64+0x100/0x230 [ 302.252238][T13463] __x64_sys_sendmmsg+0xa0/0xb0 [ 302.257095][T13463] do_syscall_64+0xf3/0x230 [ 302.261602][T13463] ? clear_bhb_loop+0x35/0x90 [ 302.266284][T13463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.272178][T13463] RIP: 0033:0x7f437c17ff19 [ 302.276591][T13463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.296201][T13463] RSP: 002b:00007f437d02e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 302.304628][T13463] RAX: ffffffffffffffda RBX: 00007f437c345fa0 RCX: 00007f437c17ff19 [ 302.312619][T13463] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 302.320609][T13463] RBP: 00007f437d02e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 302.328587][T13463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 302.336560][T13463] R13: 0000000000000000 R14: 00007f437c345fa0 R15: 00007ffc95860ac8 [ 302.344546][T13463] [ 302.437477][T13469] netlink: 'syz.0.2547': attribute type 7 has an invalid length. [ 302.447902][T13469] netlink: 'syz.0.2547': attribute type 12 has an invalid length. [ 302.473446][T13473] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2548'. [ 302.514178][T13473] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2548'. [ 302.819276][T13482] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2550'. [ 303.065880][T13497] xt_l2tp: v2 tid > 0xffff: 150994944 [ 303.071846][T13495] geneve3: entered promiscuous mode [ 303.088044][T13495] geneve3: entered allmulticast mode [ 303.199405][T13501] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2558'. [ 303.235124][T13501] netlink: 91 bytes leftover after parsing attributes in process `syz.1.2558'. [ 303.410798][T13514] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2563'. [ 303.533549][T13519] netlink: 'syz.2.2564': attribute type 11 has an invalid length. [ 303.633104][ T9916] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.106264][ T9916] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.184872][ T9916] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.264073][ T9916] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.340379][ T9916] bridge_slave_1: left allmulticast mode [ 304.346383][ T9916] bridge_slave_1: left promiscuous mode [ 304.352326][ T9916] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.362502][ T9916] bridge_slave_0: left allmulticast mode [ 304.369059][ T9916] bridge_slave_0: left promiscuous mode [ 304.374749][ T9916] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.701764][ T9916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.712580][ T9916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.727580][ T9916] bond0 (unregistering): Released all slaves [ 305.083664][ T9916] hsr_slave_0: left promiscuous mode [ 305.089810][ T9916] hsr_slave_1: left promiscuous mode [ 305.098448][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.105883][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.113963][ T9916] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.121721][ T9916] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.140626][ T9916] veth1_macvtap: left promiscuous mode [ 305.146214][ T9916] veth0_macvtap: left promiscuous mode [ 305.152071][ T9916] veth1_vlan: left promiscuous mode [ 305.157663][ T9916] veth0_vlan: left promiscuous mode [ 305.658979][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 305.669355][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 305.681214][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 305.696138][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 305.705374][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 305.726416][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 306.061735][ T9916] team0 (unregistering): Port device team_slave_1 removed [ 306.113447][ T9916] team0 (unregistering): Port device team_slave_0 removed [ 306.588214][T13548] syz_tun: left allmulticast mode [ 306.593867][T13548] syz_tun: left promiscuous mode [ 306.617222][T13548] bridge0: port 1(syz_tun) entered disabled state [ 306.774824][T13562] netlink: 'syz.2.2575': attribute type 5 has an invalid length. [ 306.839291][T13562] __nla_validate_parse: 1 callbacks suppressed [ 306.839309][T13562] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2575'. [ 306.878738][T13550] lo speed is unknown, defaulting to 1000 [ 306.895757][T13550] vxcan1 speed is unknown, defaulting to 1000 [ 307.108671][T13574] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2577'. [ 307.482633][T13550] chnl_net:caif_netlink_parms(): no params data found [ 307.752729][T13550] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.782573][T13550] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.806803][T13550] bridge_slave_0: entered allmulticast mode [ 307.813864][T13550] bridge_slave_0: entered promiscuous mode [ 307.817984][ T5849] Bluetooth: hci4: command tx timeout [ 307.831708][T13550] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.842391][T13550] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.849746][T13550] bridge_slave_1: entered allmulticast mode [ 307.857412][T13550] bridge_slave_1: entered promiscuous mode [ 307.935623][T13550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.968027][T13550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 308.054602][T13617] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 308.270746][T13550] team0: Port device team_slave_0 added [ 308.279064][T13550] team0: Port device team_slave_1 added [ 308.300860][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2594'. [ 308.309888][T13627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2594'. [ 308.354094][T13627] netlink: 'syz.1.2594': attribute type 7 has an invalid length. [ 308.365759][T13550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 308.375446][T13550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.423701][T13550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 308.469441][T13550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 308.487460][T13550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.510130][T13641] ipt_REJECT: TCP_RESET invalid for non-tcp [ 308.514997][T13550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 308.632154][T13550] hsr_slave_0: entered promiscuous mode [ 308.643062][T13550] hsr_slave_1: entered promiscuous mode [ 308.653410][T13550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 308.665371][T13550] Cannot create hsr debugfs directory [ 308.975930][T13660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2607'. [ 309.156770][T13664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2609'. [ 309.243621][T13667] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2609'. [ 309.263845][T13667] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2609'. [ 309.282920][T13664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2609'. [ 309.342343][T13550] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 309.402849][T13550] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 309.445478][T13550] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 309.453479][T13674] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2613'. [ 309.487316][T13550] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 309.623250][T13680] netlink: zone id is out of range [ 309.653127][T13680] netlink: zone id is out of range [ 309.667133][T13680] netlink: get zone limit has 8 unknown bytes [ 309.719005][T13683] veth1: entered promiscuous mode [ 309.759700][T13683] veth1: left promiscuous mode [ 309.813373][T13550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.855519][T13687] netlink: 'syz.1.2619': attribute type 13 has an invalid length. [ 309.863821][T13550] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.867161][ T5849] Bluetooth: hci4: command tx timeout [ 309.904046][T13687] syz_tun: refused to change device tx_queue_len [ 309.911571][T13687] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 309.964075][ T9942] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.971255][ T9942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.126975][T13695] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 310.158734][T13695] team0: Device ipvlan2 is already an upper device of the team interface [ 310.212292][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.219494][ T9916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.562430][T13729] ebt_among: dst integrity fail: 101 [ 310.682059][T13739] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 311.125472][T13550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 311.215450][T13550] veth0_vlan: entered promiscuous mode [ 311.248611][T13550] veth1_vlan: entered promiscuous mode [ 311.311540][T13550] veth0_macvtap: entered promiscuous mode [ 311.341837][T13550] veth1_macvtap: entered promiscuous mode [ 311.370625][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 311.381193][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.391406][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 311.402864][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.412987][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 311.423536][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.435145][T13550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 311.463134][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.474077][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.484217][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.505240][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.521068][T13550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.532679][T13550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.555924][T13550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.577789][T13550] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.587202][T13550] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.596014][T13550] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.606861][T13550] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.845585][ T9916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.885313][ T9916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.921632][ T178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.956243][ T5849] Bluetooth: hci4: command tx timeout [ 311.961306][ T178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.053857][T13792] __nla_validate_parse: 2 callbacks suppressed [ 312.053878][T13792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2649'. [ 312.100027][T13792] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2649'. [ 312.136521][T13792] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2649'. [ 312.156972][T13792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2649'. [ 312.316034][T13799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2652'. [ 312.335637][T13799] netlink: 'syz.1.2652': attribute type 3 has an invalid length. [ 312.495040][T13817] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2659'. [ 312.505076][T13817] netlink: zone id is out of range [ 312.513740][T13817] netlink: zone id is out of range [ 312.522206][T13817] netlink: get zone limit has 8 unknown bytes [ 312.569184][T13819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2656'. [ 312.812408][ T178] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.958359][ T178] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.205222][ T178] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.473611][ T178] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.532671][ T178] bridge_slave_1: left allmulticast mode [ 313.538527][ T178] bridge_slave_1: left promiscuous mode [ 313.544210][ T178] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.556161][ T178] bridge_slave_0: left allmulticast mode [ 313.562386][ T178] bridge_slave_0: left promiscuous mode [ 313.568579][ T178] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.930033][ T178] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.942671][ T178] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.953382][ T178] bond0 (unregistering): Released all slaves [ 314.264012][ T178] hsr_slave_0: left promiscuous mode [ 314.273659][ T178] hsr_slave_1: left promiscuous mode [ 314.283313][ T178] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.290973][ T178] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.299687][ T178] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.307928][ T178] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.331564][ T178] veth1_macvtap: left promiscuous mode [ 314.387451][ T178] veth0_macvtap: left promiscuous mode [ 314.406856][ T178] veth1_vlan: left promiscuous mode [ 314.412216][ T178] veth0_vlan: left promiscuous mode [ 314.416994][T13833] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2664'. [ 314.750619][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 314.769883][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 314.781047][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 314.791379][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 314.812414][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 314.826267][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 315.167497][ T178] team0 (unregistering): Port device team_slave_1 removed [ 315.209985][ T178] team0 (unregistering): Port device team_slave_0 removed [ 315.764972][T13851] lo speed is unknown, defaulting to 1000 [ 315.782709][T13851] vxcan1 speed is unknown, defaulting to 1000 [ 315.831863][T13854] syz.0.2668 (13854) used obsolete PPPIOCDETACH ioctl [ 316.039944][T13864] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2670'. [ 316.304126][T13880] netlink: 'syz.2.2674': attribute type 1 has an invalid length. [ 316.355909][T13880] 8021q: adding VLAN 0 to HW filter on device bond3 [ 316.401309][T13884] 8021q: adding VLAN 0 to HW filter on device bond3 [ 316.418120][T13884] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 316.453301][T13884] bond3: (slave vcan1): Error -95 calling set_mac_address [ 316.507535][T13851] chnl_net:caif_netlink_parms(): no params data found [ 316.658494][T13851] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.674765][T13851] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.682934][T13851] bridge_slave_0: entered allmulticast mode [ 316.692370][T13851] bridge_slave_0: entered promiscuous mode [ 316.701320][T13851] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.714235][T13851] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.723619][T13851] bridge_slave_1: entered allmulticast mode [ 316.737214][T13851] bridge_slave_1: entered promiscuous mode [ 316.824740][T13912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2679'. [ 316.842157][T13851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 316.873743][T13851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 316.917758][ T5849] Bluetooth: hci4: command tx timeout [ 316.950860][T13851] team0: Port device team_slave_0 added [ 316.989994][T13851] team0: Port device team_slave_1 added [ 317.077839][T13851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.084835][T13851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.146727][T13851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.159529][T13851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.166618][T13851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.196571][T13851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 317.293137][T13926] netlink: 'syz.4.2684': attribute type 4 has an invalid length. [ 317.304481][T13926] __nla_validate_parse: 1 callbacks suppressed [ 317.304499][T13926] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2684'. [ 317.442760][T13851] hsr_slave_0: entered promiscuous mode [ 317.473579][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.481533][T13851] hsr_slave_1: entered promiscuous mode [ 317.506782][T13851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 317.514417][T13851] Cannot create hsr debugfs directory [ 317.538094][T13946] netlink: 192 bytes leftover after parsing attributes in process `syz.4.2689'. [ 317.719533][T13950] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 317.750933][T13958] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2693'. [ 317.863580][T13960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2695'. [ 318.245969][T13851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 318.277634][T13985] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2703'. [ 318.281815][T13851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 318.340426][T13989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2704'. [ 318.357681][T13851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 318.384499][T13851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 318.410591][T13990] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2704'. [ 318.422903][T13990] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2704'. [ 318.448730][T13989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2704'. [ 318.463272][T13994] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2705'. [ 318.473674][T13992] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 318.673797][T13851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.691634][T13851] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.711490][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.718661][ T9913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.760086][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.767260][ T9913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.987984][ T5849] Bluetooth: hci4: command tx timeout [ 319.189452][T13851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 319.309903][T13851] veth0_vlan: entered promiscuous mode [ 319.352903][T13851] veth1_vlan: entered promiscuous mode [ 319.454729][T13851] veth0_macvtap: entered promiscuous mode [ 319.484617][T13851] veth1_macvtap: entered promiscuous mode [ 319.610097][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.646015][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.666101][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.685415][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.713742][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.730103][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.772931][T13851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.808609][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.843851][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.856142][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.875421][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.887132][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.898464][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.922630][T13851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.996017][T13851] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.006606][T13851] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.015578][T13851] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.025074][T13851] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.110078][T14074] FAULT_INJECTION: forcing a failure. [ 320.110078][T14074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.125980][T14074] CPU: 1 UID: 0 PID: 14074 Comm: syz.4.2733 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 320.136793][T14074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 320.146884][T14074] Call Trace: [ 320.150188][T14074] [ 320.153137][T14074] dump_stack_lvl+0x241/0x360 [ 320.157853][T14074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.163092][T14074] ? __pfx__printk+0x10/0x10 [ 320.167729][T14074] ? __pfx_lock_release+0x10/0x10 [ 320.172898][T14074] should_fail_ex+0x3b0/0x4e0 [ 320.177715][T14074] _copy_from_user+0x2f/0xc0 [ 320.182344][T14074] copy_msghdr_from_user+0xae/0x680 [ 320.187585][T14074] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 320.193410][T14074] ? __fget_files+0x2a/0x410 [ 320.197996][T14074] ? __fget_files+0x2a/0x410 [ 320.202588][T14074] __sys_sendmsg+0x209/0x350 [ 320.207174][T14074] ? __pfx_lock_release+0x10/0x10 [ 320.212224][T14074] ? __pfx___sys_sendmsg+0x10/0x10 [ 320.217353][T14074] ? __pfx_vfs_write+0x10/0x10 [ 320.222129][T14074] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 320.228467][T14074] ? do_syscall_64+0x100/0x230 [ 320.233260][T14074] ? do_syscall_64+0xb6/0x230 [ 320.237951][T14074] do_syscall_64+0xf3/0x230 [ 320.242450][T14074] ? clear_bhb_loop+0x35/0x90 [ 320.247128][T14074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.253020][T14074] RIP: 0033:0x7fb72317ff19 [ 320.257429][T14074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.277038][T14074] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.285472][T14074] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 320.293439][T14074] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 320.301421][T14074] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 320.309417][T14074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.317383][T14074] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 320.325358][T14074] [ 320.402828][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.420116][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.466349][ T9913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.490703][ T9913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.818980][T14096] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 320.826272][T14096] IPv6: NLM_F_CREATE should be set when creating new route [ 320.833585][T14096] IPv6: NLM_F_CREATE should be set when creating new route [ 320.874976][T14103] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 320.984299][T14107] net veth1_virt_wifi : renamed from virt_wifi0 (while UP) [ 321.059921][T14113] FAULT_INJECTION: forcing a failure. [ 321.059921][T14113] name failslab, interval 1, probability 0, space 0, times 0 [ 321.096926][T14113] CPU: 1 UID: 0 PID: 14113 Comm: syz.0.2746 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 321.107754][T14113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 321.117839][T14113] Call Trace: [ 321.121154][T14113] [ 321.124108][T14113] dump_stack_lvl+0x241/0x360 [ 321.128834][T14113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.134071][T14113] ? __pfx__printk+0x10/0x10 [ 321.138705][T14113] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 321.144730][T14113] ? __pfx___might_resched+0x10/0x10 [ 321.150054][T14113] ? aa_label_sk_perm+0x4f3/0x6c0 [ 321.155113][T14113] should_fail_ex+0x3b0/0x4e0 [ 321.159829][T14113] should_failslab+0xac/0x100 [ 321.164533][T14113] kmem_cache_alloc_node_noprof+0x77/0x380 [ 321.170355][T14113] ? __alloc_skb+0x1c3/0x440 [ 321.174952][T14113] __alloc_skb+0x1c3/0x440 [ 321.179474][T14113] ? __pfx___alloc_skb+0x10/0x10 [ 321.184415][T14113] netlink_sendmsg+0x638/0xcb0 [ 321.189184][T14113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.194472][T14113] ? aa_sock_msg_perm+0x91/0x160 [ 321.199588][T14113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.204868][T14113] __sock_sendmsg+0x221/0x270 [ 321.209569][T14113] ____sys_sendmsg+0x52a/0x7e0 [ 321.214341][T14113] ? __pfx_____sys_sendmsg+0x10/0x10 [ 321.219626][T14113] ? __fget_files+0x2a/0x410 [ 321.224217][T14113] ? __fget_files+0x2a/0x410 [ 321.228810][T14113] __sys_sendmsg+0x269/0x350 [ 321.233398][T14113] ? __pfx_lock_release+0x10/0x10 [ 321.238427][T14113] ? __pfx___sys_sendmsg+0x10/0x10 [ 321.243549][T14113] ? __pfx_vfs_write+0x10/0x10 [ 321.248358][T14113] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 321.254689][T14113] ? do_syscall_64+0x100/0x230 [ 321.259464][T14113] ? do_syscall_64+0xb6/0x230 [ 321.264149][T14113] do_syscall_64+0xf3/0x230 [ 321.268656][T14113] ? clear_bhb_loop+0x35/0x90 [ 321.273343][T14113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.279241][T14113] RIP: 0033:0x7f801677ff19 [ 321.283656][T14113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.303261][T14113] RSP: 002b:00007f801754b058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.311690][T14113] RAX: ffffffffffffffda RBX: 00007f8016945fa0 RCX: 00007f801677ff19 [ 321.319677][T14113] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 321.327659][T14113] RBP: 00007f801754b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 321.335645][T14113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.343702][T14113] R13: 0000000000000000 R14: 00007f8016945fa0 R15: 00007ffd5a2ccd78 [ 321.351692][T14113] [ 321.935123][T14149] FAULT_INJECTION: forcing a failure. [ 321.935123][T14149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.949697][T14149] CPU: 0 UID: 0 PID: 14149 Comm: syz.1.2763 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 321.960593][T14149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 321.970654][T14149] Call Trace: [ 321.973928][T14149] [ 321.976856][T14149] dump_stack_lvl+0x241/0x360 [ 321.981542][T14149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.986749][T14149] ? __pfx__printk+0x10/0x10 [ 321.991342][T14149] ? __pfx_lock_release+0x10/0x10 [ 321.996369][T14149] should_fail_ex+0x3b0/0x4e0 [ 322.001044][T14149] _copy_from_iter+0x21f/0x1e70 [ 322.005892][T14149] ? __virt_addr_valid+0x183/0x530 [ 322.011002][T14149] ? __pfx_lock_release+0x10/0x10 [ 322.016027][T14149] ? __alloc_skb+0x28f/0x440 [ 322.020612][T14149] ? __pfx__copy_from_iter+0x10/0x10 [ 322.025897][T14149] ? __virt_addr_valid+0x183/0x530 [ 322.031178][T14149] ? __virt_addr_valid+0x183/0x530 [ 322.036288][T14149] ? __virt_addr_valid+0x45f/0x530 [ 322.041400][T14149] ? __check_object_size+0x48e/0x900 [ 322.046688][T14149] netlink_sendmsg+0x73d/0xcb0 [ 322.051463][T14149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.056755][T14149] ? aa_sock_msg_perm+0x91/0x160 [ 322.061693][T14149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.066978][T14149] __sock_sendmsg+0x221/0x270 [ 322.071664][T14149] ____sys_sendmsg+0x52a/0x7e0 [ 322.076433][T14149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.081749][T14149] ? __fget_files+0x2a/0x410 [ 322.086350][T14149] ? __fget_files+0x2a/0x410 [ 322.090967][T14149] __sys_sendmsg+0x269/0x350 [ 322.095575][T14149] ? __pfx_lock_release+0x10/0x10 [ 322.100609][T14149] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.105736][T14149] ? __pfx_vfs_write+0x10/0x10 [ 322.110516][T14149] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 322.116842][T14149] ? do_syscall_64+0x100/0x230 [ 322.121607][T14149] ? do_syscall_64+0xb6/0x230 [ 322.126297][T14149] do_syscall_64+0xf3/0x230 [ 322.130802][T14149] ? clear_bhb_loop+0x35/0x90 [ 322.135484][T14149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.141377][T14149] RIP: 0033:0x7f8bfe77ff19 [ 322.145788][T14149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.165412][T14149] RSP: 002b:00007f8bff609058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.173835][T14149] RAX: ffffffffffffffda RBX: 00007f8bfe945fa0 RCX: 00007f8bfe77ff19 [ 322.181802][T14149] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 322.189773][T14149] RBP: 00007f8bff6090a0 R08: 0000000000000000 R09: 0000000000000000 [ 322.198356][T14149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.206325][T14149] R13: 0000000000000000 R14: 00007f8bfe945fa0 R15: 00007ffe5f7661d8 [ 322.214308][T14149] [ 322.801706][ T9913] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.155576][ T9913] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.232561][ T9913] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.292710][ T9913] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.361886][ T9913] bridge_slave_1: left allmulticast mode [ 323.369444][ T9913] bridge_slave_1: left promiscuous mode [ 323.375153][ T9913] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.384014][ T9913] bridge_slave_0: left allmulticast mode [ 323.390433][ T9913] bridge_slave_0: left promiscuous mode [ 323.396118][ T9913] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.715884][ T9913] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.731987][ T9913] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.742324][ T9913] bond0 (unregistering): Released all slaves [ 324.060270][ T9913] hsr_slave_0: left promiscuous mode [ 324.073311][ T9913] hsr_slave_1: left promiscuous mode [ 324.080614][ T9913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.088853][ T9913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.096725][ T9913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.104193][ T9913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.124835][ T9913] veth1_macvtap: left promiscuous mode [ 324.130528][ T9913] veth0_macvtap: left promiscuous mode [ 324.136124][ T9913] veth1_vlan: left promiscuous mode [ 324.141612][ T9913] veth0_vlan: left promiscuous mode [ 324.842936][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 324.854613][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 324.863280][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 324.898840][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 324.910020][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 324.917604][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 325.379631][ T9913] team0 (unregistering): Port device team_slave_1 removed [ 325.448326][ T9913] team0 (unregistering): Port device team_slave_0 removed [ 325.935054][T14181] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0 [ 325.953114][T14201] __nla_validate_parse: 14 callbacks suppressed [ 325.953136][T14201] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.2782'. [ 325.992352][T14194] lo speed is unknown, defaulting to 1000 [ 326.008661][T14194] vxcan1 speed is unknown, defaulting to 1000 [ 326.216701][T14221] netlink: 'syz.2.2786': attribute type 21 has an invalid length. [ 326.418409][T14194] chnl_net:caif_netlink_parms(): no params data found [ 326.585790][T14240] ipt_REJECT: TCP_RESET invalid for non-tcp [ 326.840146][T14194] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.885337][T14194] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.927231][T14194] bridge_slave_0: entered allmulticast mode [ 326.934238][T14194] bridge_slave_0: entered promiscuous mode [ 326.987049][T14264] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2802'. [ 326.996226][ T5849] Bluetooth: hci4: command tx timeout [ 327.014287][T14194] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.033363][T14194] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.057439][T14194] bridge_slave_1: entered allmulticast mode [ 327.081945][T14194] bridge_slave_1: entered promiscuous mode [ 327.244443][T14194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 327.276986][T14194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.383225][T14194] team0: Port device team_slave_0 added [ 327.414388][T14194] team0: Port device team_slave_1 added [ 327.433638][T14290] ebt_among: src integrity fail: 30a [ 327.478103][T14194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 327.508511][T14194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.544540][T14194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.581543][T14194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.616744][T14194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.659549][T14194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.761907][T14194] hsr_slave_0: entered promiscuous mode [ 327.768985][T14194] hsr_slave_1: entered promiscuous mode [ 327.793002][T14194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 327.801463][T14194] Cannot create hsr debugfs directory [ 327.840087][T14309] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2816'. [ 327.873527][T14305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2816'. [ 327.903407][T14310] FAULT_INJECTION: forcing a failure. [ 327.903407][T14310] name failslab, interval 1, probability 0, space 0, times 0 [ 327.916833][T14310] CPU: 1 UID: 0 PID: 14310 Comm: syz.4.2817 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 327.927648][T14310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 327.937739][T14310] Call Trace: [ 327.941037][T14310] [ 327.943985][T14310] dump_stack_lvl+0x241/0x360 [ 327.948744][T14310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.953982][T14310] ? __pfx__printk+0x10/0x10 [ 327.958618][T14310] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 327.964709][T14310] ? __pfx___might_resched+0x10/0x10 [ 327.969996][T14310] should_fail_ex+0x3b0/0x4e0 [ 327.974673][T14310] should_failslab+0xac/0x100 [ 327.979377][T14310] kmem_cache_alloc_node_noprof+0x77/0x380 [ 327.985222][T14310] ? __alloc_skb+0x1c3/0x440 [ 327.989840][T14310] __alloc_skb+0x1c3/0x440 [ 327.994255][T14310] ? __ieee80211_link_release_channel+0x38e/0x470 [ 328.000671][T14310] ? __pfx___alloc_skb+0x10/0x10 [ 328.005625][T14310] ? ieee80211_stop_ap+0xf46/0x14f0 [ 328.010844][T14310] nl80211_send_ap_stopped+0xc1/0x5e0 [ 328.016231][T14310] ? __pfx_nl80211_send_ap_stopped+0x10/0x10 [ 328.022216][T14310] ? rcu_is_watching+0x15/0xb0 [ 328.026995][T14310] ___cfg80211_stop_ap+0x567/0xa30 [ 328.032137][T14310] cfg80211_stop_ap+0x124/0x200 [ 328.036995][T14310] cfg80211_change_iface+0x53b/0xf20 [ 328.042558][T14310] nl80211_set_interface+0x761/0xac0 [ 328.047878][T14310] ? __pfx_nl80211_set_interface+0x10/0x10 [ 328.053720][T14310] genl_rcv_msg+0xb14/0xec0 [ 328.058250][T14310] ? __pfx_genl_rcv_msg+0x10/0x10 [ 328.063302][T14310] ? __pfx_lock_acquire+0x10/0x10 [ 328.068331][T14310] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 328.073700][T14310] ? __pfx_nl80211_set_interface+0x10/0x10 [ 328.079521][T14310] ? __pfx_nl80211_post_doit+0x10/0x10 [ 328.084981][T14310] ? __pfx___might_resched+0x10/0x10 [ 328.090272][T14310] netlink_rcv_skb+0x1e3/0x430 [ 328.095056][T14310] ? __pfx_genl_rcv_msg+0x10/0x10 [ 328.100107][T14310] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 328.105446][T14310] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 328.110917][T14310] genl_rcv+0x28/0x40 [ 328.114898][T14310] netlink_unicast+0x7f6/0x990 [ 328.119670][T14310] ? __pfx_netlink_unicast+0x10/0x10 [ 328.124954][T14310] ? __virt_addr_valid+0x183/0x530 [ 328.130082][T14310] ? __check_object_size+0x48e/0x900 [ 328.135380][T14310] netlink_sendmsg+0x8e4/0xcb0 [ 328.140152][T14310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.145437][T14310] ? aa_sock_msg_perm+0x91/0x160 [ 328.150378][T14310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.155662][T14310] __sock_sendmsg+0x221/0x270 [ 328.160347][T14310] ____sys_sendmsg+0x52a/0x7e0 [ 328.165124][T14310] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.170426][T14310] ? __fget_files+0x2a/0x410 [ 328.175036][T14310] ? __fget_files+0x2a/0x410 [ 328.179644][T14310] __sys_sendmsg+0x269/0x350 [ 328.184242][T14310] ? __pfx_lock_release+0x10/0x10 [ 328.189274][T14310] ? __pfx___sys_sendmsg+0x10/0x10 [ 328.194399][T14310] ? __pfx_vfs_write+0x10/0x10 [ 328.199182][T14310] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 328.205512][T14310] ? do_syscall_64+0x100/0x230 [ 328.210287][T14310] ? do_syscall_64+0xb6/0x230 [ 328.214972][T14310] do_syscall_64+0xf3/0x230 [ 328.219475][T14310] ? clear_bhb_loop+0x35/0x90 [ 328.224164][T14310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.230062][T14310] RIP: 0033:0x7fb72317ff19 [ 328.234476][T14310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.254081][T14310] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.262498][T14310] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 328.270468][T14310] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 328.278456][T14310] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 328.286434][T14310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.294420][T14310] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 328.302432][T14310] [ 328.544793][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2821'. [ 328.588916][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2821'. [ 328.774157][T14338] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2829'. [ 328.806878][T14338] netlink: zone id is out of range [ 328.812055][T14338] netlink: zone id is out of range [ 328.847076][T14338] netlink: get zone limit has 8 unknown bytes [ 329.060311][T14194] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 329.066711][ T5849] Bluetooth: hci4: command tx timeout [ 329.099455][T14194] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 329.114473][T14349] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2833'. [ 329.124513][T14194] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 329.168674][T14194] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 329.282250][T14362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2839'. [ 329.341509][T14362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2839'. [ 329.348445][T14194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.450385][T14365] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 329.490546][T14194] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.515402][T14371] netlink: zone id is out of range [ 329.520905][T14371] netlink: zone id is out of range [ 329.526399][T14371] netlink: get zone limit has 8 unknown bytes [ 329.539715][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.546881][ T9913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.568905][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.576082][ T9913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.715349][T14194] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 330.085912][T14194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.212738][T14194] veth0_vlan: entered promiscuous mode [ 330.273716][T14194] veth1_vlan: entered promiscuous mode [ 330.361841][T14194] veth0_macvtap: entered promiscuous mode [ 330.400278][T14194] veth1_macvtap: entered promiscuous mode [ 330.456729][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.489986][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.507840][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.541562][ T46] hid-generic 0005:046D:FFF9.0003: item fetching failed at offset 0/1 [ 330.545101][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.551078][ T46] hid-generic 0005:046D:FFF9.0003: probe with driver hid-generic failed with error -22 [ 330.596360][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.618947][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.654949][T14194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.703148][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.727613][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.738164][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.749357][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.759623][T14194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.775160][T14194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.791498][T14194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.804593][T14431] netlink: 'syz.0.2864': attribute type 1 has an invalid length. [ 330.807007][T14194] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.823365][T14431] netlink: 'syz.0.2864': attribute type 2 has an invalid length. [ 330.836580][T14194] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.856622][T14194] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.865378][T14194] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.017286][T14443] __nla_validate_parse: 7 callbacks suppressed [ 331.017306][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2867'. [ 331.053042][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.086975][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.108586][T14443] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2867'. [ 331.118831][T14443] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2867'. [ 331.128973][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2867'. [ 331.156856][ T5849] Bluetooth: hci4: command tx timeout [ 331.198391][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.206264][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.595586][T14469] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2877'. [ 331.610210][T14470] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2876'. [ 331.751275][T14476] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2880'. [ 331.766741][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2880'. [ 331.793861][T14476] netlink: 'syz.1.2880': attribute type 1 has an invalid length. [ 331.809536][T14476] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2880'. [ 331.821472][T14478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2881'. [ 331.831101][T14476] netlink: 'syz.1.2880': attribute type 7 has an invalid length. [ 331.839287][T14476] netlink: 'syz.1.2880': attribute type 8 has an invalid length. [ 331.852122][T14480] netlink: 'syz.0.2882': attribute type 1 has an invalid length. [ 331.862478][T14476] bridge0: entered promiscuous mode [ 331.885397][T14476] gretap0: entered promiscuous mode [ 331.895203][T14476] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 331.903123][T14476] Cannot create hsr debugfs directory [ 331.908963][T14476] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network [ 331.920777][T14476] hsr1: Slave B (batadv_slave_1) is not up; please bring it up to get a fully working HSR network [ 332.723049][ T9934] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.562829][ T9934] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.613466][ T9934] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.673114][ T9934] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.760179][ T9934] bridge_slave_1: left allmulticast mode [ 333.766118][ T9934] bridge_slave_1: left promiscuous mode [ 333.772253][ T9934] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.784009][ T9934] bridge_slave_0: left allmulticast mode [ 333.790167][ T9934] bridge_slave_0: left promiscuous mode [ 333.795847][ T9934] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.170449][ T9934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 334.182319][ T9934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 334.196043][ T9934] bond0 (unregistering): Released all slaves [ 334.633023][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 334.642993][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 334.654844][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 334.683338][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 334.693660][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 334.701379][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 334.734858][T14527] lo speed is unknown, defaulting to 1000 [ 334.766102][ T9934] hsr_slave_0: left promiscuous mode [ 334.775556][ T9934] hsr_slave_1: left promiscuous mode [ 334.785503][ T9934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.793085][ T9934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.801239][ T9934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.808935][ T9934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.833228][ T9934] veth1_macvtap: left promiscuous mode [ 334.839149][ T9934] veth0_macvtap: left promiscuous mode [ 334.844934][ T9934] veth1_vlan: left promiscuous mode [ 334.850498][ T9934] veth0_vlan: left promiscuous mode [ 335.279014][T14533] FAULT_INJECTION: forcing a failure. [ 335.279014][T14533] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.309786][T14533] CPU: 0 UID: 0 PID: 14533 Comm: syz.2.2899 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 335.320617][T14533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 335.330706][T14533] Call Trace: [ 335.334018][T14533] [ 335.336983][T14533] dump_stack_lvl+0x241/0x360 [ 335.341711][T14533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.346963][T14533] ? __pfx__printk+0x10/0x10 [ 335.352903][T14533] ? __pfx_lock_release+0x10/0x10 [ 335.357973][T14533] should_fail_ex+0x3b0/0x4e0 [ 335.362692][T14533] _copy_from_iter+0x21f/0x1e70 [ 335.367572][T14533] ? __virt_addr_valid+0x183/0x530 [ 335.372721][T14533] ? __pfx_lock_release+0x10/0x10 [ 335.377772][T14533] ? __alloc_skb+0x28f/0x440 [ 335.382368][T14533] ? __pfx__copy_from_iter+0x10/0x10 [ 335.387656][T14533] ? __virt_addr_valid+0x183/0x530 [ 335.392766][T14533] ? __virt_addr_valid+0x183/0x530 [ 335.397892][T14533] ? __virt_addr_valid+0x45f/0x530 [ 335.403035][T14533] ? __check_object_size+0x48e/0x900 [ 335.408338][T14533] netlink_sendmsg+0x73d/0xcb0 [ 335.413503][T14533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.418793][T14533] ? aa_sock_msg_perm+0x91/0x160 [ 335.423735][T14533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.429020][T14533] __sock_sendmsg+0x221/0x270 [ 335.434133][T14533] ____sys_sendmsg+0x52a/0x7e0 [ 335.438905][T14533] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.444193][T14533] ? __fget_files+0x2a/0x410 [ 335.448782][T14533] ? __fget_files+0x2a/0x410 [ 335.453374][T14533] __sys_sendmsg+0x269/0x350 [ 335.457979][T14533] ? __pfx_lock_release+0x10/0x10 [ 335.463005][T14533] ? __pfx___sys_sendmsg+0x10/0x10 [ 335.468127][T14533] ? __pfx_vfs_write+0x10/0x10 [ 335.472920][T14533] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 335.479251][T14533] ? do_syscall_64+0x100/0x230 [ 335.484029][T14533] ? do_syscall_64+0xb6/0x230 [ 335.488724][T14533] do_syscall_64+0xf3/0x230 [ 335.493233][T14533] ? clear_bhb_loop+0x35/0x90 [ 335.497918][T14533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.503811][T14533] RIP: 0033:0x7f437c17ff19 [ 335.508227][T14533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.527838][T14533] RSP: 002b:00007f437d02e058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 335.536260][T14533] RAX: ffffffffffffffda RBX: 00007f437c345fa0 RCX: 00007f437c17ff19 [ 335.544240][T14533] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 335.552208][T14533] RBP: 00007f437d02e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 335.560270][T14533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.568327][T14533] R13: 0000000000000000 R14: 00007f437c345fa0 R15: 00007ffc95860ac8 [ 335.576315][T14533] [ 335.802714][ T9934] team0 (unregistering): Port device team_slave_1 removed [ 335.851470][ T9934] team0 (unregistering): Port device team_slave_0 removed [ 336.306414][T14527] vxcan1 speed is unknown, defaulting to 1000 [ 336.546755][T14547] __nla_validate_parse: 15 callbacks suppressed [ 336.546775][T14547] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2905'. [ 336.595446][T14527] chnl_net:caif_netlink_parms(): no params data found [ 336.626211][T14556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'. [ 336.747425][ T5839] Bluetooth: hci4: command tx timeout [ 336.763481][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'. [ 336.807518][T14569] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2906'. [ 336.863921][T14569] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2906'. [ 336.948354][T14580] veth0_to_hsr: entered promiscuous mode [ 336.996677][T14527] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.037179][T14527] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.051890][T14527] bridge_slave_0: entered allmulticast mode [ 337.074660][T14527] bridge_slave_0: entered promiscuous mode [ 337.087376][T14588] FAULT_INJECTION: forcing a failure. [ 337.087376][T14588] name failslab, interval 1, probability 0, space 0, times 0 [ 337.094822][T14527] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.118322][T14527] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.124074][T14588] CPU: 0 UID: 0 PID: 14588 Comm: syz.1.2913 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 337.128390][T14527] bridge_slave_1: entered allmulticast mode [ 337.136234][T14588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 337.143512][T14527] bridge_slave_1: entered promiscuous mode [ 337.152159][T14588] Call Trace: [ 337.152172][T14588] [ 337.152181][T14588] dump_stack_lvl+0x241/0x360 [ 337.152216][T14588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 337.174119][T14588] ? __pfx__printk+0x10/0x10 [ 337.178799][T14588] should_fail_ex+0x3b0/0x4e0 [ 337.183491][T14588] should_failslab+0xac/0x100 [ 337.188177][T14588] ? skb_clone+0x20c/0x390 [ 337.192612][T14588] kmem_cache_alloc_noprof+0x70/0x380 [ 337.198013][T14588] skb_clone+0x20c/0x390 [ 337.202274][T14588] __netlink_deliver_tap+0x3cc/0x7f0 [ 337.207585][T14588] ? netlink_deliver_tap+0x2e/0x1b0 [ 337.212815][T14588] netlink_deliver_tap+0x19d/0x1b0 [ 337.217941][T14588] netlink_unicast+0x7c4/0x990 [ 337.222732][T14588] ? __pfx_netlink_unicast+0x10/0x10 [ 337.228032][T14588] ? __virt_addr_valid+0x183/0x530 [ 337.233149][T14588] ? __check_object_size+0x48e/0x900 [ 337.238443][T14588] netlink_sendmsg+0x8e4/0xcb0 [ 337.243217][T14588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 337.248498][T14588] ? aa_sock_msg_perm+0x91/0x160 [ 337.253438][T14588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 337.258718][T14588] __sock_sendmsg+0x221/0x270 [ 337.263398][T14588] ____sys_sendmsg+0x52a/0x7e0 [ 337.268189][T14588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 337.273474][T14588] ? __fget_files+0x2a/0x410 [ 337.278063][T14588] ? __fget_files+0x2a/0x410 [ 337.282660][T14588] __sys_sendmsg+0x269/0x350 [ 337.287254][T14588] ? __pfx_lock_release+0x10/0x10 [ 337.292282][T14588] ? __pfx___sys_sendmsg+0x10/0x10 [ 337.297402][T14588] ? __pfx_vfs_write+0x10/0x10 [ 337.302189][T14588] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 337.308517][T14588] ? do_syscall_64+0x100/0x230 [ 337.313287][T14588] ? do_syscall_64+0xb6/0x230 [ 337.317993][T14588] do_syscall_64+0xf3/0x230 [ 337.322524][T14588] ? clear_bhb_loop+0x35/0x90 [ 337.327227][T14588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.333143][T14588] RIP: 0033:0x7f8bfe77ff19 [ 337.337556][T14588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.357172][T14588] RSP: 002b:00007f8bff609058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 337.365849][T14588] RAX: ffffffffffffffda RBX: 00007f8bfe945fa0 RCX: 00007f8bfe77ff19 [ 337.373817][T14588] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 337.381797][T14588] RBP: 00007f8bff6090a0 R08: 0000000000000000 R09: 0000000000000000 [ 337.389775][T14588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 337.397748][T14588] R13: 0000000000000000 R14: 00007f8bfe945fa0 R15: 00007ffe5f7661d8 [ 337.405730][T14588] [ 337.515418][T14588] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 337.532964][T14580] sch_tbf: burst 0 is lower than device bridge_slave_0 mtu (1514) ! [ 337.588441][T14593] netlink: 'syz.0.2914': attribute type 2 has an invalid length. [ 337.636188][T14579] veth0_to_hsr: left promiscuous mode [ 337.646015][T14527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.684550][T14527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.836348][T14527] team0: Port device team_slave_0 added [ 337.870510][T14527] team0: Port device team_slave_1 added [ 337.944618][T14527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.959147][T14527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.993160][T14527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 338.037451][T14527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 338.050138][T14527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.077567][T14527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.190269][T14527] hsr_slave_0: entered promiscuous mode [ 338.213227][T14527] hsr_slave_1: entered promiscuous mode [ 338.227856][T14527] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 338.247989][T14527] Cannot create hsr debugfs directory [ 338.270098][T14629] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2925'. [ 338.299650][T14629] 0·: renamed from hsr_slave_1 (while UP) [ 338.317178][T14629] 0·: entered allmulticast mode [ 338.324969][T14629] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 338.345452][T14630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 338.642259][T14640] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 338.826792][ T5839] Bluetooth: hci4: command tx timeout [ 338.840373][T14647] tipc: Enabling of bearer rejected, media not registered [ 338.865508][T14527] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 338.875375][T14527] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 338.915195][T14527] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 338.959429][T14527] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 339.001310][T14658] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2937'. [ 339.117365][T14527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.125273][T14660] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.2939'. [ 339.135433][T14527] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.159640][ T178] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.166813][ T178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.191642][T14667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2939'. [ 339.221898][T14660] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.2939'. [ 339.284792][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.291974][ T9916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.733239][T14527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.855644][T14527] veth0_vlan: entered promiscuous mode [ 339.885377][T14527] veth1_vlan: entered promiscuous mode [ 339.960279][T14527] veth0_macvtap: entered promiscuous mode [ 339.983458][T14527] veth1_macvtap: entered promiscuous mode [ 340.026128][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.042264][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.048777][T14711] netlink: 'syz.1.2957': attribute type 1 has an invalid length. [ 340.063432][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.086748][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.099707][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.111462][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.135799][T14527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 340.164031][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 340.179267][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.189727][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 340.201005][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.212392][T14527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 340.223282][T14527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.235245][T14527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 340.298348][T14527] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.317179][T14527] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.326281][T14527] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.335452][T14527] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.491130][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.523084][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.561396][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.570103][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.986370][T14754] FAULT_INJECTION: forcing a failure. [ 340.986370][T14754] name failslab, interval 1, probability 0, space 0, times 0 [ 341.004666][T14754] CPU: 0 UID: 0 PID: 14754 Comm: syz.4.2967 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 341.015487][T14754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 341.025572][T14754] Call Trace: [ 341.028885][T14754] [ 341.031844][T14754] dump_stack_lvl+0x241/0x360 [ 341.036565][T14754] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.041805][T14754] ? __pfx__printk+0x10/0x10 [ 341.046419][T14754] ? fs_reclaim_acquire+0x93/0x130 [ 341.051549][T14754] ? __pfx___might_resched+0x10/0x10 [ 341.056877][T14754] should_fail_ex+0x3b0/0x4e0 [ 341.061593][T14754] should_failslab+0xac/0x100 [ 341.066305][T14754] __kmalloc_noprof+0xdd/0x4c0 [ 341.071096][T14754] ? kstrtouint_from_user+0x128/0x190 [ 341.076492][T14754] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 341.082248][T14754] tomoyo_realpath_from_path+0xcf/0x5e0 [ 341.087846][T14754] tomoyo_path_number_perm+0x236/0x860 [ 341.093340][T14754] ? __lock_acquire+0x1397/0x2100 [ 341.098407][T14754] ? tomoyo_path_number_perm+0x206/0x860 [ 341.104081][T14754] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 341.110153][T14754] ? __fget_files+0x2a/0x410 [ 341.114776][T14754] ? __fget_files+0x2a/0x410 [ 341.119403][T14754] security_file_ioctl+0xc6/0x2a0 [ 341.124464][T14754] __se_sys_ioctl+0x46/0x170 [ 341.129086][T14754] do_syscall_64+0xf3/0x230 [ 341.133619][T14754] ? clear_bhb_loop+0x35/0x90 [ 341.138335][T14754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.144265][T14754] RIP: 0033:0x7fb72317ff19 [ 341.148709][T14754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.168781][T14754] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.177244][T14754] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 341.185255][T14754] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 341.193225][T14754] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 341.201191][T14754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.209177][T14754] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 341.217216][T14754] [ 341.228207][T14754] ERROR: Out of memory at tomoyo_realpath_from_path. [ 341.485251][T14773] netlink: 'syz.1.2976': attribute type 10 has an invalid length. [ 341.514964][T14773] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 341.591667][T14773] bond0: entered promiscuous mode [ 341.733010][T14784] openvswitch: netlink: Missing key (keys=40, expected=80) [ 341.738499][T14792] FAULT_INJECTION: forcing a failure. [ 341.738499][T14792] name failslab, interval 1, probability 0, space 0, times 0 [ 341.753220][T14792] CPU: 0 UID: 0 PID: 14792 Comm: syz.4.2982 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 341.764024][T14792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 341.774131][T14792] Call Trace: [ 341.777440][T14792] [ 341.780393][T14792] dump_stack_lvl+0x241/0x360 [ 341.785070][T14792] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.790285][T14792] ? __pfx__printk+0x10/0x10 [ 341.794919][T14792] ? fs_reclaim_acquire+0x93/0x130 [ 341.800066][T14792] ? __pfx___might_resched+0x10/0x10 [ 341.805469][T14792] ? dynamic_dname+0x141/0x1b0 [ 341.810274][T14792] should_fail_ex+0x3b0/0x4e0 [ 341.814988][T14792] should_failslab+0xac/0x100 [ 341.819677][T14792] __kmalloc_noprof+0xdd/0x4c0 [ 341.824454][T14792] ? tomoyo_encode+0x26f/0x540 [ 341.829228][T14792] tomoyo_encode+0x26f/0x540 [ 341.833813][T14792] ? __pfx_sockfs_dname+0x10/0x10 [ 341.838839][T14792] tomoyo_realpath_from_path+0x59e/0x5e0 [ 341.844490][T14792] tomoyo_path_number_perm+0x236/0x860 [ 341.850131][T14792] ? __lock_acquire+0x1397/0x2100 [ 341.855158][T14792] ? tomoyo_path_number_perm+0x206/0x860 [ 341.860901][T14792] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 341.866950][T14792] ? __fget_files+0x2a/0x410 [ 341.871555][T14792] ? __fget_files+0x2a/0x410 [ 341.876151][T14792] security_file_ioctl+0xc6/0x2a0 [ 341.881181][T14792] __se_sys_ioctl+0x46/0x170 [ 341.885771][T14792] do_syscall_64+0xf3/0x230 [ 341.890277][T14792] ? clear_bhb_loop+0x35/0x90 [ 341.894960][T14792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.900853][T14792] RIP: 0033:0x7fb72317ff19 [ 341.905265][T14792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.924890][T14792] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.933679][T14792] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 341.941666][T14792] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004 [ 341.949638][T14792] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 341.957609][T14792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.965579][T14792] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 341.973564][T14792] [ 341.987568][T14792] ERROR: Out of memory at tomoyo_realpath_from_path. [ 342.358717][T14813] __nla_validate_parse: 7 callbacks suppressed [ 342.358737][T14813] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2987'. [ 342.469596][T14820] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2989'. [ 342.573356][ T178] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.828551][ T178] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.885395][ T178] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.953758][ T178] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.038072][ T178] bridge_slave_1: left allmulticast mode [ 344.043763][ T178] bridge_slave_1: left promiscuous mode [ 344.050532][ T178] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.059915][ T178] bridge_slave_0: left allmulticast mode [ 344.065677][ T178] bridge_slave_0: left promiscuous mode [ 344.071590][ T178] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.674499][T14849] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2996'. [ 344.748091][ T178] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 344.770987][ T178] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 344.811928][ T178] bond0 (unregistering): Released all slaves [ 344.847278][T14832] veth0_macvtap: left promiscuous mode [ 344.860349][T14854] netlink: 'syz.1.2997': attribute type 10 has an invalid length. [ 344.945598][T14854] syz_tun: entered promiscuous mode [ 344.948429][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 344.986857][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 344.999187][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 345.011704][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 345.019750][ T5849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 345.038598][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 345.113849][T14863] openvswitch: netlink: Actions may not be safe on all matching packets [ 345.167850][T14865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3000'. [ 345.232399][T14856] lo speed is unknown, defaulting to 1000 [ 345.248353][T14869] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3002'. [ 345.261224][T14856] vxcan1 speed is unknown, defaulting to 1000 [ 345.479244][T14881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3004'. [ 345.746000][ T178] hsr_slave_0: left promiscuous mode [ 345.760908][ T178] hsr_slave_1: left promiscuous mode [ 345.771029][ T178] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.778954][ T178] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.787971][ T178] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.795938][ T178] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 345.820652][ T178] veth1_macvtap: left promiscuous mode [ 345.826202][ T178] veth0_macvtap: left promiscuous mode [ 345.832018][ T178] veth1_vlan: left promiscuous mode [ 345.837591][ T178] veth0_vlan: left promiscuous mode [ 346.294755][ T178] team0 (unregistering): Port device team_slave_1 removed [ 346.342609][ T178] team0 (unregistering): Port device team_slave_0 removed [ 346.601940][T14899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3010'. [ 346.673402][T14902] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3010'. [ 347.066967][ T5839] Bluetooth: hci4: command tx timeout [ 347.120200][T14856] chnl_net:caif_netlink_parms(): no params data found [ 347.323033][T14922] infiniband syz2: set active [ 347.365388][T14856] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.385543][T14856] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.398823][T14856] bridge_slave_0: entered allmulticast mode [ 347.406021][T14856] bridge_slave_0: entered promiscuous mode [ 347.420840][T14562] vxcan1 speed is unknown, defaulting to 1000 [ 347.436598][T14856] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.444013][T14856] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.451508][T14856] bridge_slave_1: entered allmulticast mode [ 347.469506][T14856] bridge_slave_1: entered promiscuous mode [ 347.500974][T14922] x_tables: unsorted entry at hook 3 [ 347.529577][T14856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.533811][T14933] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3017'. [ 347.551666][T14856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.623671][T14935] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3018'. [ 347.636391][T14856] team0: Port device team_slave_0 added [ 347.648805][T14856] team0: Port device team_slave_1 added [ 347.682179][T14856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.694107][T14856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.721392][T14856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.742189][T14856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.756651][T14856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.808892][T14856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.872645][T14856] hsr_slave_0: entered promiscuous mode [ 347.887313][T14856] hsr_slave_1: entered promiscuous mode [ 347.895090][T14856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 347.904105][T14856] Cannot create hsr debugfs directory [ 348.202783][T14952] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.3024'. [ 348.234931][T14954] tipc: Started in network mode [ 348.248414][T14954] tipc: Node identity bad882f8f283, cluster identity 4711 [ 348.266904][T14954] tipc: Enabled bearer , priority 0 [ 348.324337][T14954] tipc: Resetting bearer [ 348.362148][T14953] tipc: Resetting bearer [ 348.935303][T14971] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3031'. [ 349.157152][ T5839] Bluetooth: hci4: command tx timeout [ 349.359742][ T1571] tipc: Node number set to 1213956856 [ 350.298260][T14953] tipc: Disabling bearer [ 350.313430][T14959] FAULT_INJECTION: forcing a failure. [ 350.313430][T14959] name failslab, interval 1, probability 0, space 0, times 0 [ 350.336807][T14959] CPU: 0 UID: 0 PID: 14959 Comm: syz.4.3027 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 350.347665][T14959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 350.357746][T14959] Call Trace: [ 350.361043][T14959] [ 350.363998][T14959] dump_stack_lvl+0x241/0x360 [ 350.368715][T14959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.373947][T14959] ? __pfx__printk+0x10/0x10 [ 350.378571][T14959] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 350.382639][T14856] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 350.384569][T14959] ? __pfx___might_resched+0x10/0x10 [ 350.384599][T14959] should_fail_ex+0x3b0/0x4e0 [ 350.401350][T14959] should_failslab+0xac/0x100 [ 350.406064][T14959] kmem_cache_alloc_node_noprof+0x77/0x380 [ 350.411907][T14959] ? __alloc_skb+0x1c3/0x440 [ 350.416524][T14959] __alloc_skb+0x1c3/0x440 [ 350.420979][T14959] ? __pfx___alloc_skb+0x10/0x10 [ 350.425947][T14959] ? netlink_ack_tlv_len+0x6e/0x200 [ 350.431720][T14959] netlink_ack+0x145/0xa50 [ 350.436169][T14959] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 350.441663][T14959] ? __pfx_nl802154_post_doit+0x10/0x10 [ 350.447253][T14959] ? __pfx___might_resched+0x10/0x10 [ 350.452584][T14959] netlink_rcv_skb+0x262/0x430 [ 350.457354][T14959] ? __pfx_genl_rcv_msg+0x10/0x10 [ 350.462380][T14959] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 350.467685][T14959] genl_rcv+0x28/0x40 [ 350.471667][T14959] netlink_unicast+0x7f6/0x990 [ 350.476446][T14959] ? __pfx_netlink_unicast+0x10/0x10 [ 350.481730][T14959] ? __virt_addr_valid+0x183/0x530 [ 350.486846][T14959] ? __check_object_size+0x48e/0x900 [ 350.492153][T14959] netlink_sendmsg+0x8e4/0xcb0 [ 350.496928][T14959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.502213][T14959] ? aa_sock_msg_perm+0x91/0x160 [ 350.507165][T14959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.512448][T14959] __sock_sendmsg+0x221/0x270 [ 350.517126][T14959] ____sys_sendmsg+0x52a/0x7e0 [ 350.521896][T14959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 350.527178][T14959] ? __fget_files+0x2a/0x410 [ 350.531769][T14959] ? __fget_files+0x2a/0x410 [ 350.536362][T14959] __sys_sendmsg+0x269/0x350 [ 350.540963][T14959] ? __pfx_lock_release+0x10/0x10 [ 350.545989][T14959] ? __pfx___sys_sendmsg+0x10/0x10 [ 350.551114][T14959] ? __pfx_vfs_write+0x10/0x10 [ 350.556158][T14959] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 350.562484][T14959] ? do_syscall_64+0x100/0x230 [ 350.567258][T14959] ? do_syscall_64+0xb6/0x230 [ 350.571936][T14959] do_syscall_64+0xf3/0x230 [ 350.576437][T14959] ? clear_bhb_loop+0x35/0x90 [ 350.581119][T14959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.587008][T14959] RIP: 0033:0x7fb72317ff19 [ 350.591419][T14959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.611037][T14959] RSP: 002b:00007fb720ff6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.619461][T14959] RAX: ffffffffffffffda RBX: 00007fb723345fa0 RCX: 00007fb72317ff19 [ 350.627438][T14959] RDX: 0000000000000084 RSI: 00000000200003c0 RDI: 0000000000000004 [ 350.635499][T14959] RBP: 00007fb720ff60a0 R08: 0000000000000000 R09: 0000000000000000 [ 350.643473][T14959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.651466][T14959] R13: 0000000000000000 R14: 00007fb723345fa0 R15: 00007ffd417ad898 [ 350.659453][T14959] [ 350.673329][T14856] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 350.730495][T14856] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 350.737665][T14983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3033'. [ 350.753417][T14856] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 351.105181][T14856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.165708][T14856] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.197384][ T9934] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.204569][ T9934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.236632][ T5839] Bluetooth: hci4: command tx timeout [ 351.279876][ T178] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.287056][ T178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.407233][T15024] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3047'. [ 351.506908][T15018] tipc: Started in network mode [ 351.511846][T15018] tipc: Node identity e66c41fd5047, cluster identity 4711 [ 351.547194][T15018] tipc: Enabled bearer , priority 0 [ 351.588698][T15018] tipc: Resetting bearer [ 351.605559][T15017] tipc: Resetting bearer [ 351.628401][T15030] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3049'. [ 351.682676][T15028] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 351.756415][T15037] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3051'. [ 352.591026][ T1571] tipc: Node number set to 3056288253 [ 353.307989][ T5839] Bluetooth: hci4: command tx timeout [ 353.551658][T15017] tipc: Disabling bearer [ 353.633004][T14856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 353.765385][T14856] veth0_vlan: entered promiscuous mode [ 353.793998][T14856] veth1_vlan: entered promiscuous mode [ 353.823613][T15063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 353.860890][T14856] veth0_macvtap: entered promiscuous mode [ 353.885563][T14856] veth1_macvtap: entered promiscuous mode [ 353.926312][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.947283][T15065] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3061'. [ 353.949505][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.968294][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.979337][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.990478][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.001761][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.012695][T15067] openvswitch: netlink: ERSPAN option length err (len 4096, max 255). [ 354.022163][T14856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.048162][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.074726][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.087519][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.098113][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.109179][T14856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.122839][T14856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.136439][T14856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.149271][T15067] nbd: must specify a size in bytes for the device [ 354.159924][T15067] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 354.172115][T14856] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.184304][T14856] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.191881][T15072] x_tables: duplicate underflow at hook 1 [ 354.208333][T14856] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.225105][T14856] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.405171][ T9934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.432706][ T9934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.451171][T15080] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3067'. [ 354.492884][ T9934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.522249][ T9934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.575096][T15083] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3067'. [ 354.822369][T15096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3074'. [ 355.013846][ T9934] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.554894][ T9934] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.920921][ T9934] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.204172][ T9934] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.281396][ T9934] bridge_slave_1: left allmulticast mode [ 356.287932][ T9934] bridge_slave_1: left promiscuous mode [ 356.293845][ T9934] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.303583][ T9934] bridge_slave_0: left allmulticast mode [ 356.310211][ T9934] bridge_slave_0: left promiscuous mode [ 356.315899][ T9934] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.653762][ T9934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.664897][ T9934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.677319][ T9934] bond0 (unregistering): Released all slaves [ 356.962229][ T9934] hsr_slave_0: left promiscuous mode [ 356.977664][ T9934] hsr_slave_1: left promiscuous mode [ 356.984851][ T9934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.016833][ T9934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.057455][ T9934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.086764][ T9934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.103850][T15121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3077'. [ 357.145885][T15121] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3077'. [ 357.179442][ T9934] veth1_macvtap: left promiscuous mode [ 357.196211][ T9934] veth0_macvtap: left promiscuous mode [ 357.202031][ T9934] veth1_vlan: left promiscuous mode [ 357.208913][ T9934] veth0_vlan: left promiscuous mode [ 357.374727][T15130] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3082'. [ 357.411272][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 357.422987][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 357.438160][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 357.449398][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 357.465392][ T5849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 357.473630][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 357.834067][ T9934] team0 (unregistering): Port device team_slave_1 removed [ 357.880367][ T9934] team0 (unregistering): Port device team_slave_0 removed [ 358.380450][T15131] lo speed is unknown, defaulting to 1000 [ 358.397550][T15131] vxcan1 speed is unknown, defaulting to 1000 [ 358.464701][T15139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3086'. [ 359.093215][T15131] chnl_net:caif_netlink_parms(): no params data found [ 359.137514][T15178] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3096'. [ 359.171081][T15180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3098'. [ 359.195493][T15180] netlink: 'syz.4.3098': attribute type 2 has an invalid length. [ 359.295553][T15131] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.303430][T15131] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.310816][T15131] bridge_slave_0: entered allmulticast mode [ 359.317987][T15131] bridge_slave_0: entered promiscuous mode [ 359.325647][T15131] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.333987][T15131] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.341416][T15131] bridge_slave_1: entered allmulticast mode [ 359.348927][T15131] bridge_slave_1: entered promiscuous mode [ 359.401748][T15131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 359.424536][T15131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 359.520408][T15131] team0: Port device team_slave_0 added [ 359.530090][T15197] netlink: 'syz.2.3104': attribute type 21 has an invalid length. [ 359.542195][T15131] team0: Port device team_slave_1 added [ 359.549073][ T5849] Bluetooth: hci4: command tx timeout [ 359.557506][T15197] netlink: 'syz.2.3104': attribute type 21 has an invalid length. [ 359.593255][T15198] FAULT_INJECTION: forcing a failure. [ 359.593255][T15198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 359.621696][T15131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.629426][T15131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.662035][T15198] CPU: 0 UID: 0 PID: 15198 Comm: syz.1.3105 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 359.666586][T15131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 359.672827][T15198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 359.672844][T15198] Call Trace: [ 359.672854][T15198] [ 359.672865][T15198] dump_stack_lvl+0x241/0x360 [ 359.672899][T15198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.672924][T15198] ? __pfx__printk+0x10/0x10 [ 359.687480][T15131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 359.693460][T15198] ? 0xffffffffa0000718 [ 359.693485][T15198] ? 0xffffffffa0000d50 [ 359.693508][T15198] should_fail_ex+0x3b0/0x4e0 [ 359.693534][T15198] _copy_to_user+0x31/0xb0 [ 359.697127][T15131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.699720][T15198] bpf_test_finish+0x2e6/0x890 [ 359.699754][T15198] ? __pfx_bpf_test_finish+0x10/0x10 [ 359.704527][T15131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.709596][T15198] ? _copy_from_user+0x99/0xc0 [ 359.709628][T15198] ? bpf_test_init+0x15a/0x180 [ 359.709650][T15198] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 359.709675][T15198] ? __pfx_lock_release+0x10/0x10 [ 359.709706][T15198] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 359.709727][T15198] ? __fget_files+0x2a/0x410 [ 359.815376][T15198] ? __fget_files+0x2a/0x410 [ 359.820005][T15198] ? fput+0x21b/0x290 [ 359.824001][T15198] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 359.829814][T15198] bpf_prog_test_run+0x2e4/0x360 [ 359.834760][T15198] __sys_bpf+0x48d/0x810 [ 359.839092][T15198] ? __pfx___sys_bpf+0x10/0x10 [ 359.843866][T15198] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 359.849850][T15198] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 359.856176][T15198] ? do_syscall_64+0x100/0x230 [ 359.860964][T15198] __x64_sys_bpf+0x7c/0x90 [ 359.865384][T15198] do_syscall_64+0xf3/0x230 [ 359.869891][T15198] ? clear_bhb_loop+0x35/0x90 [ 359.874578][T15198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.880479][T15198] RIP: 0033:0x7f8bfe77ff19 [ 359.884897][T15198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.904501][T15198] RSP: 002b:00007f8bff609058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 359.912917][T15198] RAX: ffffffffffffffda RBX: 00007f8bfe945fa0 RCX: 00007f8bfe77ff19 [ 359.920925][T15198] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 359.928901][T15198] RBP: 00007f8bff6090a0 R08: 0000000000000000 R09: 0000000000000000 [ 359.936870][T15198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 359.944928][T15198] R13: 0000000000000000 R14: 00007f8bfe945fa0 R15: 00007ffe5f7661d8 [ 359.952913][T15198] [ 360.032040][T15131] hsr_slave_0: entered promiscuous mode [ 360.058558][T15131] hsr_slave_1: entered promiscuous mode [ 360.072489][T15131] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 360.082190][T15131] Cannot create hsr debugfs directory [ 360.109728][T15209] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 360.968769][T15131] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 360.989021][T15131] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 361.038502][T15131] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 361.062009][T15131] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 361.225825][T15259] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 361.325529][T15131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 361.344899][T15131] 8021q: adding VLAN 0 to HW filter on device team0 [ 361.375634][T15131] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 361.386393][T15131] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 361.406408][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.413709][ T9913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 361.423029][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.430181][ T9913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 361.633647][ T5849] Bluetooth: hci4: command tx timeout [ 361.870083][T15131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.016165][T15131] veth0_vlan: entered promiscuous mode [ 362.040971][T15131] veth1_vlan: entered promiscuous mode [ 362.124666][T15131] veth0_macvtap: entered promiscuous mode [ 362.164200][T15131] veth1_macvtap: entered promiscuous mode [ 362.223473][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.252414][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.284339][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.330524][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.365762][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 362.421738][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.461094][T15131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.522449][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.564308][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.605062][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.636158][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.647835][T15347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3156'. [ 362.659723][T15131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.702108][T15131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.723639][T15131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.739606][T15349] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3154'. [ 362.795599][T15131] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.807973][T15131] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.817130][T15131] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.817877][T15355] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3157'. [ 362.825859][T15131] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.040718][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.048858][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.056372][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.064356][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.128701][T15370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3162'. [ 363.409577][T15381] netlink: 'syz.1.3166': attribute type 29 has an invalid length. [ 363.419793][T15381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3166'. [ 363.443071][T15381] netlink: 'syz.1.3166': attribute type 29 has an invalid length. [ 363.451839][T15381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3166'. [ 363.474358][T15381] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3166'. [ 363.503269][T15387] veth0_vlan: entered allmulticast mode [ 363.562139][T15387] ªªªªªª: renamed from vlan0 [ 363.787477][T15393] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3173'. [ 364.289210][T15430] netlink: 'syz.0.3181': attribute type 30 has an invalid length. [ 364.367380][T15437] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3184'. [ 364.665263][ T9933] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.747970][ T9933] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.812200][ T9933] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.882067][ T9933] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.960914][ T9933] bridge_slave_1: left allmulticast mode [ 365.967462][ T9933] bridge_slave_1: left promiscuous mode [ 365.973117][ T9933] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.982772][ T9933] bridge_slave_0: left allmulticast mode [ 365.989491][ T9933] bridge_slave_0: left promiscuous mode [ 365.995190][ T9933] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.314384][ T9933] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 366.325909][ T9933] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 366.336165][ T9933] bond0 (unregistering): Released all slaves [ 366.622226][ T9933] hsr_slave_0: left promiscuous mode [ 366.633754][ T9933] hsr_slave_1: left promiscuous mode [ 366.640449][ T9933] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.648405][ T9933] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.656175][ T9933] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.663894][ T9933] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.685370][ T9933] veth1_macvtap: left promiscuous mode [ 366.691064][ T9933] veth0_macvtap: left promiscuous mode [ 366.697187][ T9933] veth1_vlan: left promiscuous mode [ 366.702541][ T9933] veth0_vlan: left promiscuous mode [ 366.808631][T15458] IPVS: set_ctl: invalid protocol: 8 224.0.0.2:0 [ 367.214643][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 367.249694][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 367.268087][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 367.280991][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 367.295360][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 367.312011][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 367.535216][ T9933] team0 (unregistering): Port device team_slave_1 removed [ 367.578748][ T9933] team0 (unregistering): Port device team_slave_0 removed [ 368.073334][T15473] lo speed is unknown, defaulting to 1000 [ 368.097638][T15473] vxcan1 speed is unknown, defaulting to 1000 [ 368.207199][T15479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3196'. [ 368.661030][T15473] chnl_net:caif_netlink_parms(): no params data found [ 369.371627][T15473] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.386744][ T5839] Bluetooth: hci4: command tx timeout [ 369.446899][T15473] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.462956][T15473] bridge_slave_0: entered allmulticast mode [ 369.470692][T15473] bridge_slave_0: entered promiscuous mode [ 369.478719][T15473] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.485826][T15473] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.493077][T15473] bridge_slave_1: entered allmulticast mode [ 369.500387][T15473] bridge_slave_1: entered promiscuous mode [ 369.739073][T15473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 369.795343][T15473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 369.827317][T15537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3224'. [ 369.866701][T15537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3224'. [ 369.937544][T15473] team0: Port device team_slave_0 added [ 369.945685][T15473] team0: Port device team_slave_1 added [ 369.967614][T15537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3224'. [ 370.150879][T15537] bond0: (slave bond_slave_0): Releasing backup interface [ 370.239373][T15473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.255271][T15473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.306405][T15473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.329130][T15473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.336120][T15473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.390636][T15473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.611013][T15473] hsr_slave_0: entered promiscuous mode [ 370.643400][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 370.652964][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 370.662274][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 370.674670][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 370.685523][ T5849] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 370.693962][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 370.733054][T15473] hsr_slave_1: entered promiscuous mode [ 370.777641][T15473] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 370.785377][T15473] Cannot create hsr debugfs directory [ 370.965538][T15561] lo speed is unknown, defaulting to 1000 [ 371.006037][T15561] vxcan1 speed is unknown, defaulting to 1000 [ 371.467219][ T5849] Bluetooth: hci4: command tx timeout [ 371.563714][T15590] syzkaller0: entered promiscuous mode [ 371.594944][T15590] syzkaller0: entered allmulticast mode [ 372.746995][ T5849] Bluetooth: hci3: command tx timeout [ 373.554542][ T5849] Bluetooth: hci4: command tx timeout [ 374.826723][ T5849] Bluetooth: hci3: command tx timeout [ 375.623752][T15473] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 375.630728][ T5849] Bluetooth: hci4: command tx timeout [ 375.649840][ T35] [ 375.652202][ T35] ============================= [ 375.657042][ T35] [ BUG: Invalid wait context ] [ 375.661882][ T35] 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 Not tainted [ 375.668982][ T35] ----------------------------- [ 375.673812][ T35] kworker/u8:2/35 is trying to lock: [ 375.679080][ T35] ffff888012135a00 (&trie->lock){....}-{3:3}, at: trie_delete_elem+0x96/0x6a0 [ 375.687960][ T35] other info that might help us debug this: [ 375.693830][ T35] context-{5:5} [ 375.697273][ T35] 2 locks held by kworker/u8:2/35: [ 375.702367][ T35] #0: ffff8880b863e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 375.712294][ T35] #1: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540 [ 375.721689][ T35] stack backtrace: [ 375.725395][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.13.0-rc1-syzkaller-00229-g3dd002f20098 #0 [ 375.736076][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 375.746143][ T35] Workqueue: 0x0 (events_unbound) [ 375.751265][ T35] Call Trace: [ 375.754537][ T35] [ 375.757457][ T35] dump_stack_lvl+0x241/0x360 [ 375.762134][ T35] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.767346][ T35] ? __pfx__printk+0x10/0x10 [ 375.771948][ T35] __lock_acquire+0x15a8/0x2100 [ 375.776808][ T35] lock_acquire+0x1ed/0x550 [ 375.781310][ T35] ? trie_delete_elem+0x96/0x6a0 [ 375.786244][ T35] ? __pfx_lock_acquire+0x10/0x10 [ 375.791259][ T35] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 375.797141][ T35] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 375.803464][ T35] _raw_spin_lock_irqsave+0xd5/0x120 [ 375.808911][ T35] ? trie_delete_elem+0x96/0x6a0 [ 375.813839][ T35] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 375.819725][ T35] ? __pfx___bpf_ringbuf_reserve+0x10/0x10 [ 375.825526][ T35] trie_delete_elem+0x96/0x6a0 [ 375.830284][ T35] ? arch_irq_work_raise+0x6f/0x80 [ 375.835389][ T35] ? bpf_ringbuf_output+0x17d/0x1e0 [ 375.840577][ T35] ? bpf_trace_run2+0x1fc/0x540 [ 375.845420][ T35] bpf_prog_3613b967e43977f2+0x76/0x7a [ 375.850868][ T35] bpf_trace_run2+0x2ec/0x540 [ 375.855539][ T35] ? __pfx_bpf_trace_run2+0x10/0x10 [ 375.860731][ T35] ? trace_tlb_flush+0x77/0x140 [ 375.865576][ T35] trace_tlb_flush+0x11c/0x140 [ 375.870338][ T35] switch_mm_irqs_off+0x77a/0xa70 [ 375.875352][ T35] ? psi_task_switch+0x41d/0x7a0 [ 375.880286][ T35] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 375.885829][ T35] __schedule+0x10c8/0x4c30 [ 375.890333][ T35] ? __pfx___schedule+0x10/0x10 [ 375.895173][ T35] ? __pfx_lock_release+0x10/0x10 [ 375.900188][ T35] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 375.906158][ T35] ? schedule+0x90/0x320 [ 375.910392][ T35] ? wq_worker_sleeping+0x66/0x240 [ 375.915493][ T35] ? schedule+0x90/0x320 [ 375.919725][ T35] schedule+0x14b/0x320 [ 375.923872][ T35] worker_thread+0xa30/0xd30 [ 375.928464][ T35] ? __kthread_parkme+0x169/0x1d0 [ 375.933477][ T35] ? __pfx_worker_thread+0x10/0x10 [ 375.938576][ T35] kthread+0x2f0/0x390 [ 375.942634][ T35] ? __pfx_worker_thread+0x10/0x10 [ 375.947737][ T35] ? __pfx_kthread+0x10/0x10 [ 375.952318][ T35] ret_from_fork+0x4b/0x80 [ 375.956724][ T35] ? __pfx_kthread+0x10/0x10 [ 375.961309][ T35] ret_from_fork_asm+0x1a/0x30 [ 375.966072][ T35] [ 375.986421][T15561] chnl_net:caif_netlink_parms(): no params data found [ 376.010155][T15473] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 376.037696][T15473] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 376.059920][T15473] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 376.095764][T15561] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.103464][T15561] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.110753][T15561] bridge_slave_0: entered allmulticast mode [ 376.119013][T15561] bridge_slave_0: entered promiscuous mode [ 376.125941][T15561] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.133472][T15561] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.142404][T15561] bridge_slave_1: entered allmulticast mode [ 376.149348][T15561] bridge_slave_1: entered promiscuous mode [ 376.169322][T15561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.180533][T15561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.209000][T15561] team0: Port device team_slave_0 added [ 376.217079][T15561] team0: Port device team_slave_1 added [ 376.235555][T15561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.242900][T15561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.269457][T15561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 376.281478][T15561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 376.288739][T15561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.315084][T15561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.362032][T15561] hsr_slave_0: entered promiscuous mode [ 376.368395][T15561] hsr_slave_1: entered promiscuous mode [ 376.374261][T15561] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 376.382049][T15561] Cannot create hsr debugfs directory [ 376.410927][T15473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 376.455164][T15473] 8021q: adding VLAN 0 to HW filter on device team0 [ 376.472605][T15561] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.483324][T15561] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.500137][ T9940] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.507231][ T9940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 376.515538][ T9940] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.522641][ T9940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.548871][T15561] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.563061][T15561] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.619113][T15561] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.629955][T15561] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.675908][T15473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.695046][T15561] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.709644][T15561] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.737594][T15473] veth0_vlan: entered promiscuous mode [ 376.746078][T15473] veth1_vlan: entered promiscuous mode [ 376.765003][T15473] veth0_macvtap: entered promiscuous mode [ 376.775670][T15473] veth1_macvtap: entered promiscuous mode [ 376.798299][T15561] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 376.810851][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.821999][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.831961][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.842451][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.852362][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.862859][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.873835][T15473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.882097][T15561] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 376.893911][T15561] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 376.902459][T15561] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 376.912540][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.923556][ T5849] Bluetooth: hci3: command tx timeout [ 376.929811][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.940039][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.950955][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.960819][T15473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.971574][T15473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.983509][T15473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.994695][T15473] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.003999][T15473] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.012839][T15473] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.021684][T15473] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.059776][T15473] ieee80211 phy64: Selected rate control algorithm 'minstrel_ht' [ 377.090825][T15473] ieee80211 phy65: Selected rate control algorithm 'minstrel_ht' [ 377.098845][ T9916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.113127][ T9916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.133549][ T9933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.147327][ T9933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.162404][T15561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.178780][T15561] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.191358][ T9933] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.198479][ T9933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.214664][ T9916] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.221826][ T9916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 377.325384][T15561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 377.354529][T15561] veth0_vlan: entered promiscuous mode [ 377.364291][T15561] veth1_vlan: entered promiscuous mode [ 377.382678][T15561] veth0_macvtap: entered promiscuous mode [ 377.392349][T15561] veth1_macvtap: entered promiscuous mode [ 377.404759][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.415502][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.425890][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.437180][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.447707][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.458648][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.469066][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.480293][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.490966][T15561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 377.503011][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.515711][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.525737][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.537429][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.547623][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.558546][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.568551][T15561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 377.579121][T15561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.590363][T15561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 377.600026][T15561] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.608895][T15561] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.617779][T15561] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.626938][T15561] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.655008][T15561] ieee80211 phy66: Selected rate control algorithm 'minstrel_ht' [ 377.675483][ T9940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.677486][T15561] ieee80211 phy67: Selected rate control algorithm 'minstrel_ht' [ 377.688725][ T9940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.706157][ T9940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.719927][ T9940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.521385][ T9940] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.909333][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.871627][ T9940] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.360961][ T9940] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.421515][ T9940] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.500392][ T9940] bridge_slave_1: left allmulticast mode [ 380.506106][ T9940] bridge_slave_1: left promiscuous mode [ 380.515637][ T9940] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.529569][ T9940] bridge_slave_0: left allmulticast mode [ 380.535247][ T9940] bridge_slave_0: left promiscuous mode [ 380.542058][ T9940] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.643331][ T9940] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 380.654793][ T9940] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 380.665452][ T9940] bond0 (unregistering): Released all slaves [ 380.975083][ T9940] hsr_slave_0: left promiscuous mode [ 380.981036][ T9940] hsr_slave_1: left promiscuous mode [ 380.992533][ T9940] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.000202][ T9940] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.010749][ T9940] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 381.018323][ T9940] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 381.030924][ T9940] veth1_macvtap: left promiscuous mode [ 381.036439][ T9940] veth0_macvtap: left promiscuous mode [ 381.042459][ T9940] veth1_vlan: left promiscuous mode [ 381.050370][ T9940] veth0_vlan: left promiscuous mode [ 381.202226][ T9940] team0 (unregistering): Port device team_slave_1 removed [ 381.242668][ T9940] team0 (unregistering): Port device team_slave_0 removed [ 381.672910][ T9940] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.712610][ T9940] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.751663][ T9940] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.792547][ T9940] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.849401][ T9940] bridge_slave_1: left allmulticast mode [ 381.855083][ T9940] bridge_slave_1: left promiscuous mode [ 381.864052][ T9940] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.874408][ T9940] bridge_slave_0: left allmulticast mode [ 381.882553][ T9940] bridge_slave_0: left promiscuous mode [ 381.891174][ T9940] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.007309][ T9940] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 382.017830][ T9940] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 382.028179][ T9940] bond0 (unregistering): Released all slaves [ 382.300907][ T9940] hsr_slave_0: left promiscuous mode [ 382.309691][ T9940] hsr_slave_1: left promiscuous mode [ 382.315570][ T9940] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 382.324986][ T9940] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.341953][ T9940] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.350007][ T9940] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.364217][ T9940] veth1_macvtap: left promiscuous mode [ 382.370798][ T9940] veth0_macvtap: left promiscuous mode [ 382.376363][ T9940] veth1_vlan: left promiscuous mode [ 382.383881][ T9940] veth0_vlan: left promiscuous mode [ 382.525587][ T9940] team0 (unregistering): Port device team_slave_1 removed [ 382.550835][ T9940] team0 (unregistering): Port device team_slave_0 removed