last executing test programs: 1m29.954447074s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 1m21.205935091s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 1m9.368955095s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 59.983397099s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 48.86170009s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 25.359505619s ago: executing program 0 (id=1330): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2400c094) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0) (fail_nth: 1) 2.893536164s ago: executing program 3 (id=2534): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv4_newnexthop={0x20, 0x68, 0x1, 0x70bd29, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_OIF={0x8, 0x5, r1}]}, 0x20}}, 0x0) 2.621537886s ago: executing program 2 (id=2537): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10) sendmsg$alg(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="19", 0x1}], 0x1, 0x0, 0x0, 0x400c010}, 0x880) 2.193638381s ago: executing program 2 (id=2540): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x100000, @dev={0xfe, 0x80, '\x00', 0x34}, 0x9}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 2.121285893s ago: executing program 1 (id=2541): unshare(0x2a020480) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = socket(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x38, r3, 0x1, 0x0, 0x0, {0x5}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_SOCKETS={0x4, 0x7, 0x0, 0x1, [{0x8}]}]}, 0x38}}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmsg$inet(r7, 0x0, 0x4000) recvmsg(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2}, 0x0) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r5) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wpan0\x00'}) sendmsg$IEEE802154_LLSEC_SETPARAMS(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r8, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}}, 0x84) sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r8, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x814) write(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) 2.109184702s ago: executing program 3 (id=2542): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000008a0000000400"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, 0x0, &(0x7f00000003c0)=""/127}, 0x20) 2.021577603s ago: executing program 4 (id=2543): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 1.730606007s ago: executing program 1 (id=2544): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448d2, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080), 0xfd32) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff}, 0x6) 1.727127939s ago: executing program 2 (id=2545): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="400000001000050400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000200012800b001c0065727370616e0000100002"], 0x40}}, 0x0) 1.673623849s ago: executing program 3 (id=2546): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x22, &(0x7f0000001b40)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x2, 0x13, 0x14, 0x67, 0x0, 0x2, 0x32, 0x0, @empty, @broadcast}}}}}, 0x0) 1.673472829s ago: executing program 4 (id=2547): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, 0x0, &(0x7f0000000100)) 1.45593428s ago: executing program 4 (id=2548): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x655c, 0xffffffff, 0x20000000, 0x9, 0x800}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.316885387s ago: executing program 2 (id=2549): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=@newsa={0x13c, 0x10, 0x713, 0x70bd27, 0x4, {{@in6=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x0, 0x2f}, {@in=@multicast1, 0x1, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x8727e}, {0x0, 0xffffdffff7fffffb, 0x6, 0x5}, {0x1, 0x9, 0x400}, 0x80000000, 0x3506, 0xa, 0x4, 0x0, 0x21}, [@algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0x0) 1.24352621s ago: executing program 3 (id=2550): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="0100000000000000000011"], 0x14}}, 0x0) 1.122021681s ago: executing program 1 (id=2551): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000800010080000000080002"], 0x60}}, 0x0) 949.674088ms ago: executing program 2 (id=2552): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e20, @loopback}], 0x10) 920.413068ms ago: executing program 3 (id=2553): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000240), &(0x7f0000000280)=0x8) 755.538679ms ago: executing program 4 (id=2554): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newqdisc={0x5c, 0x24, 0xd0f, 0x70bd28, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0x7}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0xa3, 0x0, 0x2, 0x4, 0x8}}, {0x4}}]}, @qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x401}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 608.118181ms ago: executing program 1 (id=2555): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000c00)='_', 0x1}], 0x1}}], 0x1, 0x4008014) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000000600)=""/275, 0x158, 0x2, 0x0, 0x0) 587.001362ms ago: executing program 2 (id=2556): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) recvmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x12000) 510.959567ms ago: executing program 3 (id=2557): write$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)=0x1, 0x12) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500), 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3000}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 317.532894ms ago: executing program 4 (id=2558): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000), 0x4) 316.863544ms ago: executing program 1 (id=2559): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1], 0x4c}, 0x1, 0x0, 0x0, 0x20004010}, 0x0) 68.596459ms ago: executing program 1 (id=2560): r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa00"], 0x1c) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0) 0s ago: executing program 4 (id=2561): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000900dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=ANY=[@ANYBLOB="4400000010003b15000800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000b401001c00128009000100626f6e64000000000c000280050001000600000008000a00", @ANYRES32=r1], 0x44}}, 0x0) kernel console output (not intermixed with test programs): 1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.314043][T12450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1756'. [ 251.289263][T12475] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1762'. [ 251.985907][ T7884] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.641368][ T7884] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.793966][ T7884] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.997362][ T7884] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.218186][ T7884] bridge_slave_1: left allmulticast mode [ 253.241267][ T7884] bridge_slave_1: left promiscuous mode [ 253.261747][ T7884] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.292986][ T7884] bridge_slave_0: left allmulticast mode [ 253.298773][ T7884] bridge_slave_0: left promiscuous mode [ 253.305675][ T7884] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.332670][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 253.347472][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 253.364668][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 253.374871][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 253.382862][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 253.390421][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 253.942577][T12529] __nla_validate_parse: 1 callbacks suppressed [ 253.942598][T12529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1778'. [ 253.998087][T12533] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1778'. [ 254.151336][ T7884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.163810][ T7884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.188717][ T7884] bond0 (unregistering): Released all slaves [ 254.410400][T12546] netlink: 'syz.2.1781': attribute type 9 has an invalid length. [ 254.487493][T12550] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1783'. [ 254.509991][T12550] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1783'. [ 254.544100][T12553] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1782'. [ 254.714532][ T7884] hsr_slave_0: left promiscuous mode [ 254.720665][ T7884] hsr_slave_1: left promiscuous mode [ 254.727340][ T7884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.735829][ T7884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.744436][ T7884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.752800][ T7884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.782354][T12558] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1786'. [ 254.785907][ T7884] veth1_macvtap: left promiscuous mode [ 254.797101][ T7884] veth0_macvtap: left promiscuous mode [ 254.803110][ T7884] veth1_vlan: left promiscuous mode [ 254.808431][ T7884] veth0_vlan: left promiscuous mode [ 254.990322][T12565] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1788'. [ 255.452215][ T5146] Bluetooth: hci4: command tx timeout [ 255.561778][ T7884] team0 (unregistering): Port device team_slave_1 removed [ 255.641334][ T7884] team0 (unregistering): Port device team_slave_0 removed [ 255.945069][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.959529][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.309618][T12513] chnl_net:caif_netlink_parms(): no params data found [ 256.562078][T12513] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.582164][T12513] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.602035][T12513] bridge_slave_0: entered allmulticast mode [ 256.630551][T12513] bridge_slave_0: entered promiscuous mode [ 256.657303][T12513] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.668659][T12513] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.676629][T12513] bridge_slave_1: entered allmulticast mode [ 256.684269][T12513] bridge_slave_1: entered promiscuous mode [ 256.730786][T12614] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1800'. [ 256.747399][T12614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1800'. [ 256.776384][T12615] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1800'. [ 256.786121][T12513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.816827][T12513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.900378][T12513] team0: Port device team_slave_0 added [ 256.913759][T12513] team0: Port device team_slave_1 added [ 256.924014][ T9873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.932853][ T9873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.019835][T12627] Cannot find add_set index 2 as target [ 257.051418][T12513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.070845][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.128423][T12513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.142185][T12513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.149839][T12513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.209388][T12513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.242371][T12635] openvswitch: netlink: Multiple metadata blocks provided [ 257.410821][T12513] hsr_slave_0: entered promiscuous mode [ 257.437985][T12513] hsr_slave_1: entered promiscuous mode [ 257.448902][T12513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.456814][T12513] Cannot create hsr debugfs directory [ 257.477236][T12645] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 257.490501][T12651] sctp: [Deprecated]: syz.1.1812 (pid 12651) Use of int in maxseg socket option. [ 257.490501][T12651] Use struct sctp_assoc_value instead [ 257.532286][ T5146] Bluetooth: hci4: command tx timeout [ 258.169794][T12513] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 258.195120][T12513] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 258.215416][T12513] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 258.235225][T12513] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 258.369572][T12688] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 258.380466][T12513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.444929][T12513] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.495085][T12690] erspan0: entered promiscuous mode [ 258.500431][T12694] IPVS: ovf: UDP 127.0.0.1:19999 - no destination available [ 258.531671][T12690] macsec3: entered promiscuous mode [ 258.560751][T12690] erspan0: left promiscuous mode [ 258.729659][ T9869] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.736845][ T9869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.796871][T12700] hsr0: entered promiscuous mode [ 258.810249][T12700] hsr0: entered allmulticast mode [ 258.823772][T12700] hsr_slave_0: entered allmulticast mode [ 258.829443][T12700] hsr_slave_1: entered allmulticast mode [ 258.885354][ T1327] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.892550][ T1327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.240374][T12731] FAULT_INJECTION: forcing a failure. [ 259.240374][T12731] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.275875][T12513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.305180][T12731] CPU: 1 UID: 0 PID: 12731 Comm: syz.2.1834 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 259.305208][T12731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 259.305218][T12731] Call Trace: [ 259.305224][T12731] [ 259.305231][T12731] dump_stack_lvl+0x241/0x360 [ 259.305258][T12731] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.305277][T12731] ? __pfx__printk+0x10/0x10 [ 259.305295][T12731] ? __pfx_lock_release+0x10/0x10 [ 259.305316][T12731] ? aa_label_sk_perm+0x4f3/0x6c0 [ 259.305345][T12731] should_fail_ex+0x40a/0x550 [ 259.305373][T12731] _copy_from_user+0x2d/0xb0 [ 259.305394][T12731] rds_get_mr+0xd1/0x180 [ 259.305414][T12731] ? __pfx_rds_get_mr+0x10/0x10 [ 259.305433][T12731] ? __pfx___might_resched+0x10/0x10 [ 259.305459][T12731] rds_setsockopt+0x26d/0x1130 [ 259.305479][T12731] ? __pfx_rds_setsockopt+0x10/0x10 [ 259.305491][T12731] ? aa_sk_perm+0x96d/0xab0 [ 259.305518][T12731] ? __pfx_aa_sk_perm+0x10/0x10 [ 259.305538][T12731] ? __pfx_lock_acquire+0x10/0x10 [ 259.305555][T12731] ? aa_sock_opt_perm+0x79/0x120 [ 259.305579][T12731] ? __pfx_rds_setsockopt+0x10/0x10 [ 259.305601][T12731] do_sock_setsockopt+0x3af/0x720 [ 259.305623][T12731] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 259.305643][T12731] ? __fget_files+0x395/0x410 [ 259.305663][T12731] ? __fget_files+0x2a/0x410 [ 259.305689][T12731] __x64_sys_setsockopt+0x1ee/0x280 [ 259.305712][T12731] do_syscall_64+0xf3/0x230 [ 259.305732][T12731] ? clear_bhb_loop+0x35/0x90 [ 259.305754][T12731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.305774][T12731] RIP: 0033:0x7f39f598d169 [ 259.305790][T12731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.305803][T12731] RSP: 002b:00007f39f68af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 259.305821][T12731] RAX: ffffffffffffffda RBX: 00007f39f5ba5fa0 RCX: 00007f39f598d169 [ 259.305832][T12731] RDX: 0000000000000002 RSI: 0000000000000114 RDI: 0000000000000003 [ 259.305842][T12731] RBP: 00007f39f68af090 R08: 0000000000000020 R09: 0000000000000000 [ 259.305851][T12731] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 259.305861][T12731] R13: 0000000000000000 R14: 00007f39f5ba5fa0 R15: 00007fff95fa9078 [ 259.305885][T12731] [ 259.550125][T12733] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.590030][T12735] netlink: 'syz.3.1836': attribute type 1 has an invalid length. [ 259.593083][T12738] bridge_slave_0: entered promiscuous mode [ 259.612282][ T5146] Bluetooth: hci4: command tx timeout [ 259.612671][T12738] bridge_slave_0: entered allmulticast mode [ 259.669146][T12513] veth0_vlan: entered promiscuous mode [ 259.680055][T12513] veth1_vlan: entered promiscuous mode [ 259.699798][T12735] 8021q: adding VLAN 0 to HW filter on device bond6 [ 259.753788][T12742] __nla_validate_parse: 6 callbacks suppressed [ 259.753807][T12742] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1839'. [ 259.771994][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 259.798613][T12742] netlink: 'syz.2.1839': attribute type 4 has an invalid length. [ 259.849350][T12513] veth0_macvtap: entered promiscuous mode [ 259.893856][T12513] veth1_macvtap: entered promiscuous mode [ 259.980273][T12513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.024879][T12742] vlan0: entered promiscuous mode [ 260.063676][T12513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.093014][T12513] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.102139][T12513] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.110950][T12513] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.126902][T12513] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.153888][T12765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1843'. [ 260.373754][ T9869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.381618][ T9869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.423763][ T9869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.439337][ T9869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.614572][T12787] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 260.664702][T12791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1850'. [ 260.689394][T12789] FAULT_INJECTION: forcing a failure. [ 260.689394][T12789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.707904][T12789] CPU: 1 UID: 0 PID: 12789 Comm: syz.3.1849 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 260.707929][T12789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 260.707940][T12789] Call Trace: [ 260.707946][T12789] [ 260.707953][T12789] dump_stack_lvl+0x241/0x360 [ 260.707978][T12789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.707996][T12789] ? __pfx__printk+0x10/0x10 [ 260.708019][T12789] ? snprintf+0xda/0x120 [ 260.708039][T12789] should_fail_ex+0x40a/0x550 [ 260.708067][T12789] _copy_to_user+0x31/0xb0 [ 260.708089][T12789] simple_read_from_buffer+0xca/0x150 [ 260.708114][T12789] proc_fail_nth_read+0x1e9/0x250 [ 260.708138][T12789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.708163][T12789] ? rw_verify_area+0x243/0x630 [ 260.708179][T12789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.708202][T12789] vfs_read+0x1f8/0xb40 [ 260.708221][T12789] ? fdget_pos+0x254/0x320 [ 260.708243][T12789] ? __pfx___mutex_lock+0x10/0x10 [ 260.708263][T12789] ? __pfx_vfs_read+0x10/0x10 [ 260.708284][T12789] ? __fget_files+0x2a/0x410 [ 260.708312][T12789] ? __fget_files+0x395/0x410 [ 260.708333][T12789] ? __fget_files+0x2a/0x410 [ 260.708368][T12789] ksys_read+0x18f/0x2b0 [ 260.708388][T12789] ? __pfx_ksys_read+0x10/0x10 [ 260.708406][T12789] ? do_syscall_64+0x100/0x230 [ 260.708429][T12789] ? do_syscall_64+0xb6/0x230 [ 260.708451][T12789] do_syscall_64+0xf3/0x230 [ 260.708470][T12789] ? clear_bhb_loop+0x35/0x90 [ 260.708497][T12789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.708517][T12789] RIP: 0033:0x7efcb898bb7c [ 260.708532][T12789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 260.708546][T12789] RSP: 002b:00007efcb974e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 260.708564][T12789] RAX: ffffffffffffffda RBX: 00007efcb8ba5fa0 RCX: 00007efcb898bb7c [ 260.708576][T12789] RDX: 000000000000000f RSI: 00007efcb974e0a0 RDI: 0000000000000004 [ 260.708590][T12789] RBP: 00007efcb974e090 R08: 0000000000000000 R09: 0000000000000000 [ 260.708600][T12789] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 260.708610][T12789] R13: 0000000000000000 R14: 00007efcb8ba5fa0 R15: 00007ffc7e97c8a8 [ 260.708638][T12789] [ 260.852645][T12798] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 261.143481][T12804] bridge0: port 1(70·) entered blocking state [ 261.172045][T12804] bridge0: port 1(70·) entered disabled state [ 261.178416][T12804] 0·: entered allmulticast mode [ 261.211632][T12804] hsr_slave_0: entered allmulticast mode [ 261.234593][T12804] hsr_slave_1: entered allmulticast mode [ 261.241482][T12804] 0·: entered promiscuous mode [ 261.315057][T12804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1853'. [ 261.927278][ T1327] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.193746][ T1327] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.358958][ T1327] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.423171][ T1327] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.511357][ T1327] bridge_slave_1: left allmulticast mode [ 262.517437][ T1327] bridge_slave_1: left promiscuous mode [ 262.523245][ T1327] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.531575][ T1327] bridge_slave_0: left allmulticast mode [ 262.537579][ T1327] bridge_slave_0: left promiscuous mode [ 262.543370][ T1327] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.866218][ T1327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 262.932448][ T1327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.963604][T12832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1862'. [ 262.982378][ T1327] bond0 (unregistering): Released all slaves [ 262.998146][T12832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1862'. [ 263.024079][T12832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1862'. [ 263.365874][T12849] lo speed is unknown, defaulting to 1000 [ 263.464952][T12849] lo speed is unknown, defaulting to 1000 [ 263.484473][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 263.489659][T12849] lo speed is unknown, defaulting to 1000 [ 263.501340][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 263.516592][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 263.533191][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 263.537968][T12849] infiniband s›z0: RDMA CMA: cma_listen_on_dev, error -98 [ 263.549266][ T5843] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 263.557632][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 263.575544][T12851] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1866'. [ 263.634182][T12850] batadv_slave_1: entered promiscuous mode [ 263.640200][T12850] batadv_slave_1: entered allmulticast mode [ 263.648608][T12850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.656361][T12850] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 263.663995][T12850] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 263.678371][T12850] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 263.696294][T12849] lo speed is unknown, defaulting to 1000 [ 263.745936][T12859] lo speed is unknown, defaulting to 1000 [ 263.796609][T12849] lo speed is unknown, defaulting to 1000 [ 263.817622][T12849] lo speed is unknown, defaulting to 1000 [ 263.835883][T12849] lo speed is unknown, defaulting to 1000 [ 263.864628][T12849] lo speed is unknown, defaulting to 1000 [ 263.876703][T12849] lo speed is unknown, defaulting to 1000 [ 263.948592][ T1327] hsr_slave_0: left promiscuous mode [ 263.978739][ T1327] hsr_slave_1: left promiscuous mode [ 263.984750][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 264.002570][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 264.015610][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 264.026491][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 264.049371][T12870] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1870'. [ 264.079680][ T1327] veth1_macvtap: left promiscuous mode [ 264.085629][ T1327] veth0_macvtap: left promiscuous mode [ 264.091788][ T1327] veth1_vlan: left promiscuous mode [ 264.098422][ T1327] veth0_vlan: left promiscuous mode [ 264.231406][T12886] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1875'. [ 264.668891][ T1327] team0 (unregistering): Port device team_slave_1 removed [ 264.715713][ T1327] team0 (unregistering): Port device team_slave_0 removed [ 265.199718][T12889] lo: entered promiscuous mode [ 265.222069][T12885] pim6reg1: entered allmulticast mode [ 265.234572][T12859] chnl_net:caif_netlink_parms(): no params data found [ 265.337871][T12903] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1879'. [ 265.437512][T12910] openvswitch: netlink: Flow actions attr not present in new flow. [ 265.509519][T12913] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 265.547077][T12907] lo speed is unknown, defaulting to 1000 [ 265.552359][T12859] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.559924][T12859] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.593296][T12859] bridge_slave_0: entered allmulticast mode [ 265.600344][T12859] bridge_slave_0: entered promiscuous mode [ 265.622641][ T5843] Bluetooth: hci4: command tx timeout [ 265.644747][T12859] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.661151][T12859] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.674221][T12859] bridge_slave_1: entered allmulticast mode [ 265.681524][T12859] bridge_slave_1: entered promiscuous mode [ 265.799082][T12859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.818009][T12913] lo speed is unknown, defaulting to 1000 [ 265.820523][T12918] IPVS: length: 129 != 24 [ 265.855076][T12859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.950489][T12859] team0: Port device team_slave_0 added [ 265.989294][T12859] team0: Port device team_slave_1 added [ 266.086147][T12859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.100033][T12859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.151453][T12859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.165381][T12859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.173816][T12859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.200174][T12859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.335389][T12938] FAULT_INJECTION: forcing a failure. [ 266.335389][T12938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.357849][T12938] CPU: 0 UID: 0 PID: 12938 Comm: syz.3.1886 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 266.357877][T12938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.357887][T12938] Call Trace: [ 266.357893][T12938] [ 266.357900][T12938] dump_stack_lvl+0x241/0x360 [ 266.357925][T12938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.357943][T12938] ? __pfx__printk+0x10/0x10 [ 266.357962][T12938] ? __pfx_lock_release+0x10/0x10 [ 266.357993][T12938] should_fail_ex+0x40a/0x550 [ 266.358019][T12938] _copy_from_user+0x2d/0xb0 [ 266.358047][T12938] __sys_bpf+0x1be/0x820 [ 266.358071][T12938] ? __pfx___sys_bpf+0x10/0x10 [ 266.358104][T12938] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 266.358127][T12938] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 266.358151][T12938] ? do_syscall_64+0x100/0x230 [ 266.358176][T12938] __x64_sys_bpf+0x7c/0x90 [ 266.358196][T12938] do_syscall_64+0xf3/0x230 [ 266.358215][T12938] ? clear_bhb_loop+0x35/0x90 [ 266.358239][T12938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.358259][T12938] RIP: 0033:0x7efcb898d169 [ 266.358273][T12938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.358287][T12938] RSP: 002b:00007efcb974e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 266.358305][T12938] RAX: ffffffffffffffda RBX: 00007efcb8ba5fa0 RCX: 00007efcb898d169 [ 266.358317][T12938] RDX: 0000000000000038 RSI: 0000400000000280 RDI: 000000000000001a [ 266.358327][T12938] RBP: 00007efcb974e090 R08: 0000000000000000 R09: 0000000000000000 [ 266.358337][T12938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.358346][T12938] R13: 0000000000000000 R14: 00007efcb8ba5fa0 R15: 00007ffc7e97c8a8 [ 266.358370][T12938] [ 266.696476][T12859] hsr_slave_0: entered promiscuous mode [ 266.732620][T12859] hsr_slave_1: entered promiscuous mode [ 266.769024][T12859] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 266.791956][T12859] Cannot create hsr debugfs directory [ 266.811318][T12949] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1890'. [ 266.870558][T12951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1891'. [ 266.880999][T12951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1891'. [ 266.940472][T12951] bridge0: port 5(vlan2) entered blocking state [ 266.965041][T12951] bridge0: port 5(vlan2) entered disabled state [ 266.971523][T12951] vlan2: entered allmulticast mode [ 266.978885][T12951] vlan2: left allmulticast mode [ 267.042559][T12957] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1894'. [ 267.062074][T12957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1894'. [ 267.258300][T12964] netlink: 'syz.2.1898': attribute type 1 has an invalid length. [ 267.311163][T12970] netlink: 'syz.1.1897': attribute type 2 has an invalid length. [ 267.361821][T12964] 8021q: adding VLAN 0 to HW filter on device bond1 [ 267.550774][T12974] bond1: (slave veth3): Enslaving as an active interface with a down link [ 267.667606][T12987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1901'. [ 267.702306][ T5843] Bluetooth: hci4: command tx timeout [ 267.776127][T12993] netlink: 'syz.2.1905': attribute type 30 has an invalid length. [ 267.822598][T12993] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0) [ 267.845755][T12993] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255 [ 268.104846][T12859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 268.144618][T12859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 268.168338][T12859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 268.186867][T12859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 268.378947][T12859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.449825][T12859] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.475456][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.482735][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.502635][ T1327] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.509757][ T1327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.569958][T13024] lo speed is unknown, defaulting to 1000 [ 268.858504][T12859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.990897][T13037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1916'. [ 269.033677][T12859] veth0_vlan: entered promiscuous mode [ 269.064493][T12859] veth1_vlan: entered promiscuous mode [ 269.140432][T12859] veth0_macvtap: entered promiscuous mode [ 269.154885][T12859] veth1_macvtap: entered promiscuous mode [ 269.225407][T12859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.254641][T12859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.281092][T13044] sctp: [Deprecated]: syz.1.1917 (pid 13044) Use of struct sctp_assoc_value in delayed_ack socket option. [ 269.281092][T13044] Use struct sctp_sack_info instead [ 269.299933][T12859] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.309453][T12859] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.321296][T12859] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.331396][T12859] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.443388][T13048] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1917'. [ 269.491146][ T9869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.518967][ T9869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.560505][ T9869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.583396][ T9869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.633895][T13057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1918'. [ 269.796020][T13060] netlink: 'syz.3.1921': attribute type 7 has an invalid length. [ 269.804149][T13060] netlink: 'syz.3.1921': attribute type 8 has an invalid length. [ 269.856345][T13061] netlink: 'syz.3.1921': attribute type 11 has an invalid length. [ 270.200386][T13080] xt_cgroup: xt_cgroup: no path or classid specified [ 270.588286][ T5945] lo speed is unknown, defaulting to 1000 [ 270.693024][ T1316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.044947][ T1316] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.094040][ T1316] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.286903][T13120] __nla_validate_parse: 6 callbacks suppressed [ 272.286922][T13120] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1938'. [ 272.287743][ T1316] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.335140][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 272.351826][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 272.362086][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 272.389931][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 272.398356][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 272.407284][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 272.435898][T13127] netlink: 'syz.1.1939': attribute type 21 has an invalid length. [ 272.518326][T13121] lo speed is unknown, defaulting to 1000 [ 272.553061][T13101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1934'. [ 272.610674][T13101] netlink: 'syz.2.1934': attribute type 1 has an invalid length. [ 272.624669][ T1316] bridge_slave_1: left allmulticast mode [ 272.635747][ T1316] bridge_slave_1: left promiscuous mode [ 272.635871][T13101] netlink: 'syz.2.1934': attribute type 2 has an invalid length. [ 272.641470][ T1316] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.656938][T13101] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1934'. [ 272.713692][ T1316] bridge_slave_0: left allmulticast mode [ 272.723800][ T1316] bridge_slave_0: left promiscuous mode [ 272.729593][ T1316] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.022729][T13149] x_tables: duplicate underflow at hook 3 [ 273.174812][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.185346][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.195406][ T1316] bond0 (unregistering): Released all slaves [ 273.256040][T13101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1934'. [ 273.341729][T13149] sch_tbf: peakrate 8 is lower than or equals to rate 16779622270084705854 ! [ 273.764329][T13173] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1951'. [ 273.810085][T13173] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1951'. [ 273.824557][T13121] chnl_net:caif_netlink_parms(): no params data found [ 273.843522][T13173] netlink: 'syz.3.1951': attribute type 2 has an invalid length. [ 273.894923][T13166] lo speed is unknown, defaulting to 1000 [ 274.004026][T13170] lo speed is unknown, defaulting to 1000 [ 274.083894][ T1316] hsr_slave_0: left promiscuous mode [ 274.101102][ T1316] hsr_slave_1: left promiscuous mode [ 274.117290][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.138520][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.168215][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.184805][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.236721][ T1316] veth1_macvtap: left promiscuous mode [ 274.242427][ T1316] veth0_macvtap: left promiscuous mode [ 274.248390][ T1316] veth1_vlan: left promiscuous mode [ 274.261159][ T1316] veth0_vlan: left promiscuous mode [ 274.335393][T13195] netlink: 'syz.3.1956': attribute type 5 has an invalid length. [ 274.492804][ T5843] Bluetooth: hci4: command tx timeout [ 274.788078][ T1316] team0 (unregistering): Port device team_slave_1 removed [ 274.833319][ T1316] team0 (unregistering): Port device team_slave_0 removed [ 275.263719][T13195] : entered promiscuous mode [ 275.374416][T13203] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1958'. [ 275.469817][T13207] xt_l2tp: v2 tid > 0xffff: 4294967295 [ 275.482588][T13202] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1957'. [ 275.492516][T13121] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.500678][T13121] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.508658][T13121] bridge_slave_0: entered allmulticast mode [ 275.529532][T13121] bridge_slave_0: entered promiscuous mode [ 275.541495][T13214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1959'. [ 275.546419][T13121] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.557943][T13121] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.567007][T13121] bridge_slave_1: entered allmulticast mode [ 275.578391][T13121] bridge_slave_1: entered promiscuous mode [ 275.611255][T13215] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1961'. [ 275.627726][T13214] 0·: left allmulticast mode [ 275.632524][T13214] hsr_slave_0: left allmulticast mode [ 275.637994][T13214] hsr_slave_1: left allmulticast mode [ 275.643810][T13214] 0·: left promiscuous mode [ 275.659305][T13214] bridge0: port 1(70·) entered disabled state [ 275.823086][T13121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.837780][T13121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.958429][T13121] team0: Port device team_slave_0 added [ 276.009374][T13121] team0: Port device team_slave_1 added [ 276.081194][T13121] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.094032][T13121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.120737][T13121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.135546][T13121] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.142698][T13121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.168906][T13121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.186946][T13224] bond0: (slave macvlan5): Opening slave failed [ 276.313328][T13121] hsr_slave_0: entered promiscuous mode [ 276.329913][T13121] hsr_slave_1: entered promiscuous mode [ 276.342189][T13121] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 276.360093][T13121] Cannot create hsr debugfs directory [ 276.429264][T13233] pim6reg1: entered promiscuous mode [ 276.442027][T13233] pim6reg1: entered allmulticast mode [ 276.573567][ T5843] Bluetooth: hci4: command tx timeout [ 277.023699][T13121] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 277.036459][T13121] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 277.047680][T13121] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 277.061246][T13121] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 277.217737][T13121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.256018][T13121] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.267758][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.274867][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.396836][ T9869] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.404040][ T9869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.880373][T13280] lo speed is unknown, defaulting to 1000 [ 277.893848][T13121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 278.001238][T13284] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 278.041200][T13285] __nla_validate_parse: 4 callbacks suppressed [ 278.041217][T13285] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1981'. [ 278.112398][T13285] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 278.137888][T13121] veth0_vlan: entered promiscuous mode [ 278.176126][T13285] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 278.210058][T13121] veth1_vlan: entered promiscuous mode [ 278.621091][T13121] veth0_macvtap: entered promiscuous mode [ 278.625037][T13295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1985'. [ 278.633395][T13121] veth1_macvtap: entered promiscuous mode [ 278.668863][ T5146] Bluetooth: hci4: command tx timeout [ 278.714353][T13121] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.745814][T13121] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.768747][T13121] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.792105][T13121] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.800840][T13121] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.817035][T13121] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.949411][ T9869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.967722][ T9869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.025772][ T9869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.040997][ T9869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.171532][T13308] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1988'. [ 279.213527][T13307] lo speed is unknown, defaulting to 1000 [ 279.545462][T13307] x_tables: duplicate entry at hook 2 [ 279.557430][T13321] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1991'. [ 279.615110][T13319] netlink: 'syz.4.1992': attribute type 1 has an invalid length. [ 279.835479][T13333] batman_adv: batadv0: Adding interface: dummy0 [ 279.867515][T13333] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.899117][T13333] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 280.147136][T13351] xt_socket: unknown flags 0x8 [ 280.296865][T13364] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2003'. [ 280.450065][T13374] xt_connbytes: Forcing CT accounting to be enabled [ 280.530232][T13377] lo speed is unknown, defaulting to 1000 [ 280.732405][ T5146] Bluetooth: hci4: command 0x0419 tx timeout [ 280.848865][T13387] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2010'. [ 281.264022][T13401] netlink: 'syz.2.2013': attribute type 1 has an invalid length. [ 281.301538][T13401] netlink: 'syz.2.2013': attribute type 3 has an invalid length. [ 281.349169][T13401] pim6reg1: entered promiscuous mode [ 281.367921][T13401] pim6reg1: entered allmulticast mode [ 281.565021][T13415] ax25_connect(): syz.4.2017 uses autobind, please contact jreuter@yaina.de [ 281.576036][ T7881] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.730620][ T7881] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.799937][ T7881] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.893037][ T7881] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.969386][ T7881] bridge_slave_1: left allmulticast mode [ 281.976593][ T7881] bridge_slave_1: left promiscuous mode [ 281.982557][ T7881] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.990853][ T7881] bridge_slave_0: left allmulticast mode [ 281.996947][ T7881] bridge_slave_0: left promiscuous mode [ 282.002739][ T7881] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.338008][ T7881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.349305][ T7881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.359271][ T7881] bond0 (unregistering): Released all slaves [ 282.579942][ T7881] hsr_slave_0: left promiscuous mode [ 282.588012][ T7881] hsr_slave_1: left promiscuous mode [ 282.593960][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.601385][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.610970][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.652274][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.734787][ T7881] veth1_macvtap: left promiscuous mode [ 282.761563][ T7881] veth0_macvtap: left promiscuous mode [ 282.769163][T13425] netlink: 'syz.1.2018': attribute type 11 has an invalid length. [ 282.779736][ T7881] veth1_vlan: left promiscuous mode [ 282.794329][ T7881] veth0_vlan: left promiscuous mode [ 282.829940][T13431] netlink: 'syz.2.2019': attribute type 1 has an invalid length. [ 283.020507][T13440] IPVS: Scheduler module ip_vs_sip not found [ 283.039460][T13442] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2021'. [ 283.119541][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 283.129059][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 283.143874][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 283.158842][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 283.167287][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 283.177155][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 283.476796][ T7881] team0 (unregistering): Port device team_slave_1 removed [ 283.528753][ T7881] team0 (unregistering): Port device team_slave_0 removed [ 283.927299][T13431] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 283.933274][T13438] geneve0: entered allmulticast mode [ 284.040866][T13444] lo speed is unknown, defaulting to 1000 [ 284.276352][T13457] netlink: 'syz.2.2024': attribute type 4 has an invalid length. [ 284.354270][T13463] netlink: 'syz.4.2027': attribute type 10 has an invalid length. [ 284.409589][T13463] team0: left allmulticast mode [ 284.424476][T13463] team_slave_0: left allmulticast mode [ 284.438681][T13463] team_slave_1: left allmulticast mode [ 284.445955][T13463] team0: left promiscuous mode [ 284.450850][T13463] team_slave_0: left promiscuous mode [ 284.502214][T13463] team_slave_1: left promiscuous mode [ 284.523888][T13463] bridge0: port 3(team0) entered disabled state [ 284.565568][T13463] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.654501][T13474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2029'. [ 284.718389][T13472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2030'. [ 284.938934][T13444] chnl_net:caif_netlink_parms(): no params data found [ 285.059530][T13464] infiniband syz1: set down [ 285.067456][T13464] infiniband syz1: added team_slave_0 [ 285.074341][T13464] syz1: rxe_create_cq: returned err = -12 [ 285.080695][T13464] infiniband syz1: Couldn't create ib_mad CQ [ 285.088355][T13464] infiniband syz1: Couldn't open port 1 [ 285.127077][T13464] RDS/IB: syz1: added [ 285.146133][T13464] smc: adding ib device syz1 with port count 1 [ 285.163734][T13464] smc: ib device syz1 port 1 has pnetid [ 285.212301][ T5843] Bluetooth: hci4: command tx timeout [ 285.341544][T13486] lo: entered allmulticast mode [ 285.348338][T13486] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 285.496217][T13486] lo: left allmulticast mode [ 285.520965][T13486] bridge_slave_0: left promiscuous mode [ 285.527941][T13486] bridge_slave_0: left allmulticast mode [ 285.569627][T13486] geneve0: left allmulticast mode [ 285.616850][T13486] vlan5: left allmulticast mode [ 285.625367][T13486] batadv0: left allmulticast mode [ 285.642542][T13486] bond4: left promiscuous mode [ 285.647361][T13486] bond4: left allmulticast mode [ 285.667679][T13444] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.682863][T13444] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.690209][T13444] bridge_slave_0: entered allmulticast mode [ 285.697485][T13444] bridge_slave_0: entered promiscuous mode [ 285.734473][T13444] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.762051][T13444] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.769312][T13444] bridge_slave_1: entered allmulticast mode [ 285.803067][T13444] bridge_slave_1: entered promiscuous mode [ 285.858202][T13444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.907011][T13504] 8021q: adding VLAN 0 to HW filter on device bond2 [ 285.916814][T13504] bond0: (slave bond2): Enslaving as a backup interface with a down link [ 285.974303][T13444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.133966][T13444] team0: Port device team_slave_0 added [ 286.151583][T13444] team0: Port device team_slave_1 added [ 286.218361][T13444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.261918][T13444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.331463][T13444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.348455][T13444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.355821][T13444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.417907][T13444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.583859][T13534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2042'. [ 286.595436][T13444] hsr_slave_0: entered promiscuous mode [ 286.603835][T13444] hsr_slave_1: entered promiscuous mode [ 286.609971][T13444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 286.638027][T13444] Cannot create hsr debugfs directory [ 286.782762][T13534] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2042'. [ 286.815867][T13540] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2045'. [ 287.267779][T13549] xt_socket: unknown flags 0x4 [ 287.285548][T13444] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 287.302794][ T5843] Bluetooth: hci4: command tx timeout [ 287.308152][T13444] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 287.331150][T13444] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 287.358212][T13444] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 287.574530][T13444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.611374][T13444] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.644178][ T7881] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.651354][ T7881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.659110][T13568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2054'. [ 287.673871][ T1327] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.681037][ T1327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.874989][T13577] : entered promiscuous mode [ 287.879964][T13577] bond_slave_0: entered promiscuous mode [ 287.885964][T13577] bond_slave_1: entered promiscuous mode [ 288.241821][T13444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.317954][T13444] veth0_vlan: entered promiscuous mode [ 288.339547][T13444] veth1_vlan: entered promiscuous mode [ 288.424766][T13444] veth0_macvtap: entered promiscuous mode [ 288.471217][T13444] veth1_macvtap: entered promiscuous mode [ 288.527852][T13444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.551343][T13444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.568110][T13444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.596359][T13444] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.610195][T13444] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.634987][T13444] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.832067][ T9873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.839932][ T9873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.932977][ T1327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.948427][ T1327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.287593][T13636] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2071'. [ 289.447711][T13636] 8021q: adding VLAN 0 to HW filter on device  [ 289.467302][T13636] batman_adv: batadv0: Interface activated: dummy0 [ 289.480119][T13636] batadv0: mtu less than device minimum [ 289.491759][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.504863][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.517447][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.529961][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.542561][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.555131][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.567631][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.580161][T13636] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 289.642823][ T7150] lo speed is unknown, defaulting to 1000 [ 289.675366][T13646] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2074'. [ 289.701907][T13646] netlink: 'syz.2.2074': attribute type 10 has an invalid length. [ 290.011049][T13663] xt_CT: You must specify a L4 protocol and not use inversions on it [ 290.251207][ T7881] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.945587][ T7881] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.220250][ T7881] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.303799][ T7881] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.437898][T13685] geneve2: entered promiscuous mode [ 291.453248][T13685] geneve2: entered allmulticast mode [ 291.790491][ T7881] bridge_slave_1: left allmulticast mode [ 291.817525][ T7881] bridge_slave_1: left promiscuous mode [ 291.832309][ T7881] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.892885][ T7881] bridge_slave_0: left allmulticast mode [ 291.898597][ T7881] bridge_slave_0: left promiscuous mode [ 291.920256][ T7881] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.948974][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 291.959114][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 291.968585][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 291.984927][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 291.995792][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 292.011209][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 292.786234][T13718] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2091'. [ 293.110319][ T7881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.128014][ T7881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.138843][ T7881] bond0 (unregistering): Released all slaves [ 293.155630][T13708] pim6reg1: entered promiscuous mode [ 293.165486][T13708] pim6reg1: entered allmulticast mode [ 293.180098][T13714] veth5: entered promiscuous mode [ 293.187639][T13714] veth5: entered allmulticast mode [ 293.212211][T13700] IPVS: Unknown mcast interface: virt_wifi0 [ 293.310954][T13698] lo speed is unknown, defaulting to 1000 [ 293.374597][T13733] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2099'. [ 293.393528][T13733] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2099'. [ 293.393859][T13735] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2099'. [ 293.838589][T13742] tunl0: entered promiscuous mode [ 293.854758][T13748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2102'. [ 293.873540][T13742] gre0: entered promiscuous mode [ 293.891462][T13742] gretap0: entered promiscuous mode [ 293.912780][T13742] erspan0: entered promiscuous mode [ 293.920682][T13742] ip_vti0: entered promiscuous mode [ 293.928168][T13742] ip6_vti0: entered promiscuous mode [ 293.941634][T13742] sit0: entered promiscuous mode [ 293.960739][T13742] ip6tnl0: entered promiscuous mode [ 293.971497][T13742] ip6gre0: entered promiscuous mode [ 293.981015][T13742] syz_tun: entered promiscuous mode [ 293.989394][T13742] ip6gretap0: entered promiscuous mode [ 293.997976][T13742] bridge0: entered promiscuous mode [ 294.005181][T13742] vcan0: entered promiscuous mode [ 294.011604][T13742] bond0: entered promiscuous mode [ 294.017413][T13742] bond_slave_0: entered promiscuous mode [ 294.024089][T13742] bond_slave_1: entered promiscuous mode [ 294.032754][T13742] team0: entered promiscuous mode [ 294.037811][T13742] team_slave_0: entered promiscuous mode [ 294.044153][T13742] team_slave_1: entered promiscuous mode [ 294.050213][T13742] dummy0: entered promiscuous mode [ 294.067720][T13742] nlmon0: entered promiscuous mode [ 294.077679][T13742] caif0: entered promiscuous mode [ 294.083296][T13742] batadv0: entered promiscuous mode [ 294.088602][T13742] vxcan0: entered promiscuous mode [ 294.094295][T13742] vxcan1: entered promiscuous mode [ 294.099485][T13742] veth0: entered promiscuous mode [ 294.104681][ T5843] Bluetooth: hci4: command tx timeout [ 294.111543][T13742] veth1: entered promiscuous mode [ 294.117000][T13742] wg0: entered promiscuous mode [ 294.122273][T13742] wg1: entered promiscuous mode [ 294.127246][T13742] wg2: entered promiscuous mode [ 294.132601][T13742] veth0_to_bridge: entered promiscuous mode [ 294.140531][T13742] veth1_to_bridge: entered promiscuous mode [ 294.146698][T13742] veth0_to_bond: entered promiscuous mode [ 294.153279][T13742] veth1_to_bond: entered promiscuous mode [ 294.159254][T13742] veth0_to_team: entered promiscuous mode [ 294.165227][T13742] veth1_to_team: entered promiscuous mode [ 294.171084][T13742] veth0_to_batadv: entered promiscuous mode [ 294.177591][T13742] batadv_slave_0: entered promiscuous mode [ 294.183600][T13742] veth1_to_batadv: entered promiscuous mode [ 294.190105][T13742] batadv_slave_1: left allmulticast mode [ 294.196879][T13742] xfrm0: entered promiscuous mode [ 294.202125][T13742] veth0_to_hsr: entered promiscuous mode [ 294.207873][T13742] veth1_to_hsr: entered promiscuous mode [ 294.214042][T13742] veth1_virt_wifi: entered promiscuous mode [ 294.220049][T13742] veth0_virt_wifi: entered promiscuous mode [ 294.226352][T13742] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 294.234312][T13742] vlan0: entered promiscuous mode [ 294.239403][T13742] vlan1: entered promiscuous mode [ 294.244632][T13742] macvlan0: entered promiscuous mode [ 294.249984][T13742] macvlan1: entered promiscuous mode [ 294.256069][T13742] ipvlan0: entered promiscuous mode [ 294.261355][T13742] ipvlan1: entered promiscuous mode [ 294.266820][T13742] veth0_macvtap: entered promiscuous mode [ 294.272944][T13742] macvtap0: entered promiscuous mode [ 294.278314][T13742] macsec0: entered promiscuous mode [ 294.283815][T13742] geneve0: entered promiscuous mode [ 294.289094][T13742] geneve1: entered promiscuous mode [ 294.298064][T13742] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 294.305218][T13742] gretap1: entered promiscuous mode [ 294.310477][T13742] veth2: entered promiscuous mode [ 294.315719][T13742] veth3: entered promiscuous mode [ 294.320844][T13742] syztnl0: entered promiscuous mode [ 294.326544][T13742] bond1: entered promiscuous mode [ 294.331569][T13742] ip6erspan0: entered promiscuous mode [ 294.337820][T13742] macvtap1: entered promiscuous mode [ 294.343305][T13742] veth4: entered promiscuous mode [ 294.348406][T13742] veth5: entered promiscuous mode [ 294.353751][T13742] bridge1: entered promiscuous mode [ 294.359021][T13742] macvlan2: entered promiscuous mode [ 294.364471][T13742] vxlan0: entered promiscuous mode [ 294.376500][T13742] batadv1: left allmulticast mode [ 294.382460][T13742] bridge2: entered promiscuous mode [ 294.387740][T13742] gretap2: entered promiscuous mode [ 294.393251][T13742] ip6gre1: entered promiscuous mode [ 294.398544][T13742] macsec1: entered promiscuous mode [ 294.408315][T13742] mac80211_hwsim hwsim50 wlan0: entered promiscuous mode [ 294.415695][T13742] netdevsim netdevsim4 eth0: entered promiscuous mode [ 294.422787][T13742] netdevsim netdevsim4 eth1: entered promiscuous mode [ 294.429946][T13742] netdevsim netdevsim4 eth2: entered promiscuous mode [ 294.437192][T13742] netdevsim netdevsim4 eth3: entered promiscuous mode [ 294.444290][T13742] gre1: entered promiscuous mode [ 294.476314][T13750] IPv6: Can't replace route, no match found [ 294.647373][T13758] netlink: 'syz.4.2105': attribute type 5 has an invalid length. [ 294.698855][T13758] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2105'. [ 294.825857][T13756] batadv0 (unregistering): left promiscuous mode [ 294.862301][T13767] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2106'. [ 294.879445][T13767] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 294.886815][T13767] IPv6: NLM_F_CREATE should be set when creating new route [ 294.894132][T13767] IPv6: NLM_F_CREATE should be set when creating new route [ 294.928183][ T7881] hsr_slave_0: left promiscuous mode [ 294.943350][ T7881] hsr_slave_1: left promiscuous mode [ 294.955348][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 294.963404][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 294.973116][ T7881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.982744][ T7881] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 294.995858][ T30] audit: type=1804 audit(1742027222.983:5): pid=13778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2109" name=2F6E6577726F6F742F3432392F18 dev="tmpfs" ino=2217 res=1 errno=0 [ 295.024185][ T30] audit: type=1800 audit(1742027222.983:6): pid=13778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2109" name=18 dev="tmpfs" ino=2217 res=0 errno=0 [ 295.079429][ T7881] veth1_macvtap: left promiscuous mode [ 295.087815][ T7881] veth0_macvtap: left promiscuous mode [ 295.093584][ T7881] veth1_vlan: left promiscuous mode [ 295.099165][ T7881] veth0_vlan: left promiscuous mode [ 295.380994][T13789] netlink: 'syz.4.2112': attribute type 10 has an invalid length. [ 295.502745][T13793] netlink: 'syz.4.2112': attribute type 1 has an invalid length. [ 295.510662][T13793] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2112'. [ 295.558246][T13795] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2112'. [ 295.787577][ T7881] team0 (unregistering): Port device team_slave_1 removed [ 295.829457][ T7881] team0 (unregistering): Port device team_slave_0 removed [ 296.179479][ T5843] Bluetooth: hci4: command tx timeout [ 296.263208][T13774] veth0_to_bridge: entered promiscuous mode [ 296.269962][T13776] veth0_to_bridge: left promiscuous mode [ 296.301106][T13789] veth1_macvtap: left promiscuous mode [ 296.320869][T13789] team0: Device veth1_macvtap failed to register rx_handler [ 296.405298][T13792] vlan4: left allmulticast mode [ 296.410213][T13792] bond0: left allmulticast mode [ 296.425307][T13792] vlan4: left promiscuous mode [ 296.430271][T13792] bridge0: port 1(vlan4) entered disabled state [ 296.560945][T13809] lo speed is unknown, defaulting to 1000 [ 296.616932][T13698] chnl_net:caif_netlink_parms(): no params data found [ 296.746409][T13816] sctp: [Deprecated]: syz.4.2117 (pid 13816) Use of struct sctp_assoc_value in delayed_ack socket option. [ 296.746409][T13816] Use struct sctp_sack_info instead [ 296.897230][T13816] bridge3: the hash_elasticity option has been deprecated and is always 16 [ 296.960786][T13698] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.977868][T13698] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.988422][T13698] bridge_slave_0: entered allmulticast mode [ 296.999571][T13698] bridge_slave_0: entered promiscuous mode [ 297.028616][T13698] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.042318][T13698] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.049977][T13698] bridge_slave_1: entered allmulticast mode [ 297.058517][T13698] bridge_slave_1: entered promiscuous mode [ 297.137265][T13698] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.159863][T13698] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.305416][T13698] team0: Port device team_slave_0 added [ 297.321208][T13698] team0: Port device team_slave_1 added [ 297.355888][T13836] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2121'. [ 297.430994][T13698] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.438689][T13698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.473186][T13698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.505414][T13834] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2121'. [ 297.533555][T13698] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.540682][T13698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.567475][T13698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.819637][T13698] hsr_slave_0: entered promiscuous mode [ 297.843322][T13698] hsr_slave_1: entered promiscuous mode [ 297.849949][T13698] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.864704][T13698] Cannot create hsr debugfs directory [ 298.150693][T13846] bond0 (unregistering): left promiscuous mode [ 298.186659][T13846] bond0 (unregistering): Released all slaves [ 298.200655][T13850] tipc: Enabled bearer , priority 0 [ 298.252029][ T5843] Bluetooth: hci4: command tx timeout [ 298.314037][T13849] tipc: Disabling bearer [ 298.554499][T13878] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2132'. [ 298.742319][T13891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2136'. [ 298.787561][T13892] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2134'. [ 298.957201][T13901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2140'. [ 299.055140][T13698] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 299.082169][T13698] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 299.108252][T13698] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 299.128445][T13698] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 299.168364][T13914] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) ! [ 299.295787][T13698] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.317635][T13698] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.339518][ T7884] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.346680][ T7884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.349348][T13920] netlink: 'syz.3.2146': attribute type 1 has an invalid length. [ 299.368576][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.375730][ T7884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.394977][T13922] netlink: 'syz.3.2146': attribute type 1 has an invalid length. [ 299.587835][T13698] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.646616][T13933] ipt_REJECT: TCP_RESET invalid for non-tcp [ 299.703092][T13698] veth0_vlan: entered promiscuous mode [ 299.742953][T13698] veth1_vlan: entered promiscuous mode [ 299.810773][T13939] dvmrp0: entered allmulticast mode [ 299.910382][T13698] veth0_macvtap: entered promiscuous mode [ 299.954575][T13698] veth1_macvtap: entered promiscuous mode [ 299.997438][T13698] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.038682][T13698] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.076465][T13698] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.092593][T13698] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.101522][T13698] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.122254][T13698] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.150469][T13949] __nla_validate_parse: 3 callbacks suppressed [ 300.150489][T13949] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2155'. [ 300.198285][T13953] netlink: 212 bytes leftover after parsing attributes in process `syz.3.2154'. [ 300.299877][T13949] nbd: socks must be embedded in a SOCK_ITEM attr [ 300.332229][ T5843] Bluetooth: hci4: command tx timeout [ 300.360847][T13958] netlink: 'syz.4.2156': attribute type 1 has an invalid length. [ 300.536468][T13962] bridge_slave_0: entered promiscuous mode [ 300.540509][ T9868] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.546561][T13962] bridge_slave_0: entered allmulticast mode [ 300.587548][T13962] IPVS: set_ctl: invalid protocol: 0 172.20.20.13:20004 [ 300.602082][ T9868] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.721996][ T9868] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.738657][ T9868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.789952][T13970] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2161'. [ 300.852337][T13970] lo: left promiscuous mode [ 300.857105][T13970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2161'. [ 301.319252][T14003] netlink: 'syz.4.2167': attribute type 1 has an invalid length. [ 301.427437][T14008] tun0: tun_chr_ioctl cmd 1074025677 [ 301.439559][T14008] tun0: linktype set to 512 [ 301.553473][T14013] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2170'. [ 301.644754][T14017] lo speed is unknown, defaulting to 1000 [ 301.653669][T14020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2172'. [ 301.668211][T14020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2172'. [ 301.841565][T14027] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2174'. [ 301.921130][T14036] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2174'. [ 301.982390][T14038] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2176'. [ 302.077226][ T1316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.251285][T14041] xt_CT: No such helper "snmp" [ 302.602311][ T1316] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.970422][ T1316] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.032801][ T1316] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.117080][ T1316] bridge_slave_1: left allmulticast mode [ 303.123040][ T1316] bridge_slave_1: left promiscuous mode [ 303.128705][ T1316] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.138161][ T1316] bridge_slave_0: left allmulticast mode [ 303.143982][ T1316] bridge_slave_0: left promiscuous mode [ 303.149626][ T1316] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.522793][T14058] netlink: 'syz.4.2181': attribute type 4 has an invalid length. [ 303.550553][T14052] netlink: 'syz.2.2179': attribute type 1 has an invalid length. [ 303.646434][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.666903][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.700933][ T1316] bond0 (unregistering): Released all slaves [ 303.919811][T14072] No such timeout policy "syz0" [ 303.970905][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 303.983330][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 303.992613][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 304.013101][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 304.020644][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 304.028717][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 304.261355][T14091] SET target dimension over the limit! [ 304.283772][T14076] lo speed is unknown, defaulting to 1000 [ 304.858154][ T1316] hsr_slave_0: left promiscuous mode [ 304.868950][ T1316] hsr_slave_1: left promiscuous mode [ 304.884940][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.897602][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.901693][T14123] netlink: 'syz.3.2200': attribute type 1 has an invalid length. [ 304.913365][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.920935][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.948995][ T1316] veth1_macvtap: left promiscuous mode [ 304.954731][ T1316] veth0_macvtap: left promiscuous mode [ 304.960289][ T1316] veth1_vlan: left promiscuous mode [ 304.966196][ T1316] veth0_vlan: left promiscuous mode [ 305.450122][ T1316] team0 (unregistering): Port device team_slave_1 removed [ 305.494064][ T1316] team0 (unregistering): Port device team_slave_0 removed [ 305.920446][T14123] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 305.941465][T14126] bridge0: entered promiscuous mode [ 306.092770][ T5843] Bluetooth: hci4: command tx timeout [ 306.170995][ T30] audit: type=1804 audit(1742027234.153:7): pid=14134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2203" name="/newroot/452/cgroup.controllers" dev="tmpfs" ino=2337 res=1 errno=0 [ 306.197220][T14139] lo: entered promiscuous mode [ 306.208590][T14139] lo: left allmulticast mode [ 306.282003][ T30] audit: type=1800 audit(1742027234.153:8): pid=14134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2203" name="cgroup.controllers" dev="tmpfs" ino=2337 res=0 errno=0 [ 306.326048][T14076] chnl_net:caif_netlink_parms(): no params data found [ 306.364242][T14151] __nla_validate_parse: 7 callbacks suppressed [ 306.364259][T14151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2206'. [ 306.614240][T14149] lo speed is unknown, defaulting to 1000 [ 306.692899][T14076] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.705424][T14076] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.740087][T14076] bridge_slave_0: entered allmulticast mode [ 306.766262][T14076] bridge_slave_0: entered promiscuous mode [ 306.798132][T14076] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.814060][T14076] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.831294][T14076] bridge_slave_1: entered allmulticast mode [ 306.860934][T14076] bridge_slave_1: entered promiscuous mode [ 306.907627][T14171] netlink: 'syz.1.2213': attribute type 2 has an invalid length. [ 306.918224][T14172] net_ratelimit: 12 callbacks suppressed [ 306.918240][T14172] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 306.956575][T14076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.959149][T14171] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 306.988656][T14176] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2214'. [ 307.017523][T14076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.139163][T14076] team0: Port device team_slave_0 added [ 307.163197][T14076] team0: Port device team_slave_1 added [ 307.326487][T14076] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.351981][T14076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.378504][T14076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.391739][T14076] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.398835][T14076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.425586][T14076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.612609][T14076] hsr_slave_0: entered promiscuous mode [ 307.618983][T14076] hsr_slave_1: entered promiscuous mode [ 307.653689][T14076] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.661295][T14076] Cannot create hsr debugfs directory [ 308.051562][T14223] SET target dimension over the limit! [ 308.058418][T14222] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 308.070023][T14220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2225'. [ 308.115337][T14220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2225'. [ 308.142055][T14220] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2225'. [ 308.166954][T14220] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2225'. [ 308.176595][ T5843] Bluetooth: hci4: command tx timeout [ 308.270942][T14224] lo speed is unknown, defaulting to 1000 [ 308.312444][T14227] netlink: 'syz.2.2227': attribute type 9 has an invalid length. [ 308.526523][T14076] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 308.548856][T14076] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 308.562756][T14076] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 308.590042][T14076] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 308.859162][T14076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.883067][T14076] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.941348][ T9869] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.948520][ T9869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.063191][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.070324][ T7884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.174032][T14249] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 309.182644][T14249] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 309.190853][T14249] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 309.199390][T14249] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 309.209989][T14249] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2234'. [ 309.210004][T14248] netlink: 'syz.2.2234': attribute type 10 has an invalid length. [ 309.556938][ T9873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.632492][ T9873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.661756][T14273] netlink: 'syz.4.2237': attribute type 303 has an invalid length. [ 309.677301][T14076] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.699048][T14278] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2240'. [ 309.740214][T14273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2237'. [ 309.755894][T14278] netlink: 'syz.1.2240': attribute type 21 has an invalid length. [ 309.763845][T14273] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 309.797474][T14273] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 309.866777][T14076] veth0_vlan: entered promiscuous mode [ 309.890198][T14076] veth1_vlan: entered promiscuous mode [ 309.976330][T14076] veth0_macvtap: entered promiscuous mode [ 310.001213][T14291] vlan2: entered promiscuous mode [ 310.010055][T14291] : (slave vlan2): Opening slave failed [ 310.030849][T14076] veth1_macvtap: entered promiscuous mode [ 310.077251][T14076] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.103801][T14076] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.124158][T14076] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.141118][T14076] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.150416][T14076] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.159641][T14076] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.252636][ T5843] Bluetooth: hci4: command tx timeout [ 310.326884][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.335706][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.399539][ T9873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.433136][T14306] gre0: left promiscuous mode [ 310.440031][ T9873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.446595][T14306] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2247'. [ 310.468032][T14306] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 310.507604][T14306] netlink: 'syz.4.2247': attribute type 2 has an invalid length. [ 311.209453][T14331] batman_adv: batadv0: Interface deactivated: dummy0 [ 311.249055][T14331] bond1: left promiscuous mode [ 311.255707][T14331] bond1: left allmulticast mode [ 311.260828][T14331] batadv1: left promiscuous mode [ 311.266142][T14331] geneve2: left promiscuous mode [ 311.275781][T14331] geneve2: left allmulticast mode [ 311.282493][T14331] gretap1: left promiscuous mode [ 311.287530][T14331] bridge2: left promiscuous mode [ 311.312102][T14331] bridge2: left allmulticast mode [ 311.338939][ T975] lo speed is unknown, defaulting to 1000 [ 311.384634][T14353] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2261'. [ 311.457888][ T1327] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.842325][ T1327] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.308669][ T1327] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.370227][ T1327] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.503259][ T1327] bridge_slave_1: left allmulticast mode [ 312.508915][ T1327] bridge_slave_1: left promiscuous mode [ 312.514897][ T1327] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.527257][ T1327] bridge_slave_0: left allmulticast mode [ 312.533181][ T1327] bridge_slave_0: left promiscuous mode [ 312.538866][ T1327] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.960960][T14371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2266'. [ 313.079648][ T1327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.092659][ T1327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.105981][ T1327] bond0 (unregistering): Released all slaves [ 313.162263][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.178632][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.187695][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.219122][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.242411][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.258494][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 313.440231][T14375] lo speed is unknown, defaulting to 1000 [ 313.819014][ T1327] hsr_slave_0: left promiscuous mode [ 313.840364][ T1327] hsr_slave_1: left promiscuous mode [ 313.846518][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.854197][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.865473][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.873161][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.918297][ T1327] veth1_macvtap: left promiscuous mode [ 313.924083][ T1327] veth0_macvtap: left promiscuous mode [ 313.929819][ T1327] veth1_vlan: left promiscuous mode [ 313.935381][ T1327] veth0_vlan: left promiscuous mode [ 313.968990][T14403] Bluetooth: MGMT ver 1.23 [ 314.025479][T14406] netlink: 'syz.1.2275': attribute type 1 has an invalid length. [ 314.313703][T14411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2276'. [ 314.323400][T14411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2276'. [ 314.343941][T14411] netlink: 30 bytes leftover after parsing attributes in process `syz.2.2276'. [ 314.354061][T14411] nbd: socks must be embedded in a SOCK_ITEM attr [ 314.599350][ T1327] team0 (unregistering): Port device team_slave_1 removed [ 314.646091][ T1327] team0 (unregistering): Port device team_slave_0 removed [ 315.089400][T14403] lo speed is unknown, defaulting to 1000 [ 315.186787][T14375] chnl_net:caif_netlink_parms(): no params data found [ 315.292272][ T5843] Bluetooth: hci4: command tx timeout [ 315.463200][T14437] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 315.513198][T14375] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.522476][T14375] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.532440][T14375] bridge_slave_0: entered allmulticast mode [ 315.540673][T14375] bridge_slave_0: entered promiscuous mode [ 315.591590][T14375] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.612625][T14375] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.619854][T14375] bridge_slave_1: entered allmulticast mode [ 315.656626][T14375] bridge_slave_1: entered promiscuous mode [ 315.769932][T14375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 315.798194][T14375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 315.818329][T14447] lo speed is unknown, defaulting to 1000 [ 315.833612][T14437] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 315.957327][T14375] team0: Port device team_slave_0 added [ 315.993985][T14375] team0: Port device team_slave_1 added [ 316.133842][T14375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.157020][T14375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.208421][T14466] openvswitch: netlink: Multiple metadata blocks provided [ 316.215599][T14375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.254075][T14375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.270284][T14375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.299518][T14375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.430252][T14476] xt_bpf: check failed: parse error [ 316.535857][T14375] hsr_slave_0: entered promiscuous mode [ 316.558495][T14375] hsr_slave_1: entered promiscuous mode [ 316.585345][T14375] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.597771][T14375] Cannot create hsr debugfs directory [ 316.968845][T14487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 317.088741][T14493] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 317.098846][T14493] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2294'. [ 317.378393][ T5843] Bluetooth: hci4: command tx timeout [ 317.385367][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.474233][T14375] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 317.513363][T14375] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 317.539093][T14375] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 317.567805][T14375] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 317.647925][T14506] netlink: 'syz.3.2301': attribute type 6 has an invalid length. [ 317.754112][T14375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.816583][T14375] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.884366][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.891510][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.909166][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.916352][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.923244][T14520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2304'. [ 318.068620][T14531] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2307'. [ 318.304787][T14375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.342661][T14553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2312'. [ 318.399390][T14375] veth0_vlan: entered promiscuous mode [ 318.441043][T14375] veth1_vlan: entered promiscuous mode [ 318.482298][T14562] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2313'. [ 318.500205][T14564] pimreg: entered allmulticast mode [ 318.506934][T14566] dvmrp0: left allmulticast mode [ 318.512942][T14566] pimreg: left allmulticast mode [ 318.525596][T14562] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2313'. [ 318.589717][T14375] veth0_macvtap: entered promiscuous mode [ 318.623253][T14375] veth1_macvtap: entered promiscuous mode [ 318.667584][T14375] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.715678][T14375] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.770398][T14375] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.794345][T14375] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.806017][T14375] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.816500][T14375] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.012457][T14577] netlink: 'syz.3.2317': attribute type 16 has an invalid length. [ 319.031138][T14584] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2318'. [ 319.050193][T14577] netlink: 'syz.3.2317': attribute type 17 has an invalid length. [ 319.148476][T14577] 8021q: adding VLAN 0 to HW filter on device  [ 319.156803][T14577] batman_adv: batadv0: Interface activated: dummy0 [ 319.167413][T14577] batadv0: mtu less than device minimum [ 319.178768][T14577] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 319.191299][T14577] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 319.203882][T14577] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 319.215493][T14577] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 319.227204][T14577] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 319.249693][T14593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2322'. [ 319.260137][T14593] netlink: 'syz.1.2322': attribute type 2 has an invalid length. [ 319.272602][ T7150] lo speed is unknown, defaulting to 1000 [ 319.282303][T14587] @ÿ: renamed from bond_slave_0 [ 319.349560][T14595] wireguard0: entered promiscuous mode [ 319.368649][T14595] wireguard0: entered allmulticast mode [ 319.452148][ T5843] Bluetooth: hci4: command tx timeout [ 319.462728][ T9873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.482330][ T9873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.506009][T14592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2320'. [ 319.533689][T14592] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2320'. [ 319.655120][ T1327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.678917][ T1327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.802161][ T30] audit: type=1800 audit(1742027247.753:9): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 319.856114][ T30] audit: type=1800 audit(1742027247.753:10): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 319.886715][ T30] audit: type=1800 audit(1742027247.753:11): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 319.966186][ T30] audit: type=1800 audit(1742027247.753:12): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.042334][ T30] audit: type=1800 audit(1742027247.753:13): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.164285][T14619] lo speed is unknown, defaulting to 1000 [ 320.173431][ T30] audit: type=1800 audit(1742027247.753:14): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.278696][ T30] audit: type=1800 audit(1742027247.753:15): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.384057][ T30] audit: type=1800 audit(1742027247.753:16): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.413834][ T30] audit: type=1800 audit(1742027247.753:17): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.452123][ T30] audit: type=1800 audit(1742027247.763:18): pid=14612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2325" name="memory.events" dev="tmpfs" ino=2463 res=0 errno=0 [ 320.751703][T14632] netlink: 'syz.2.2329': attribute type 14 has an invalid length. [ 320.791994][T14632] netlink: 'syz.2.2329': attribute type 11 has an invalid length. [ 320.984635][T14642] lo speed is unknown, defaulting to 1000 [ 321.196617][T14652] x_tables: unsorted entry at hook 1 [ 321.320460][T14648] nr0: entered promiscuous mode [ 321.373760][T14660] SET target dimension over the limit! [ 321.629375][T14664] lo speed is unknown, defaulting to 1000 [ 321.970487][T14682] FAULT_INJECTION: forcing a failure. [ 321.970487][T14682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.995648][T14682] CPU: 0 UID: 0 PID: 14682 Comm: syz.3.2344 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 321.995673][T14682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 321.995693][T14682] Call Trace: [ 321.995699][T14682] [ 321.995707][T14682] dump_stack_lvl+0x241/0x360 [ 321.995733][T14682] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.995750][T14682] ? __pfx__printk+0x10/0x10 [ 321.995767][T14682] ? __pfx_lock_release+0x10/0x10 [ 321.995798][T14682] should_fail_ex+0x40a/0x550 [ 321.995826][T14682] _copy_from_iter+0x1df/0x1c40 [ 321.995844][T14682] ? __virt_addr_valid+0x183/0x530 [ 321.995859][T14682] ? __pfx_lock_release+0x10/0x10 [ 321.995886][T14682] ? __alloc_skb+0x28f/0x440 [ 321.995900][T14682] ? __pfx__copy_from_iter+0x10/0x10 [ 321.995919][T14682] ? __virt_addr_valid+0x183/0x530 [ 321.995932][T14682] ? __virt_addr_valid+0x183/0x530 [ 321.995944][T14682] ? __virt_addr_valid+0x45f/0x530 [ 321.995959][T14682] ? __phys_addr_symbol+0x2f/0x70 [ 321.995973][T14682] ? __check_object_size+0x47a/0x730 [ 321.995998][T14682] netlink_sendmsg+0x742/0xcb0 [ 321.996038][T14682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.996064][T14682] ? aa_sock_msg_perm+0x91/0x160 [ 321.996092][T14682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.996112][T14682] __sock_sendmsg+0x221/0x270 [ 321.996138][T14682] ____sys_sendmsg+0x53a/0x860 [ 321.996164][T14682] ? __pfx_____sys_sendmsg+0x10/0x10 [ 321.996181][T14682] ? __fget_files+0x2a/0x410 [ 321.996207][T14682] ? __fget_files+0x2a/0x410 [ 321.996236][T14682] __sys_sendmsg+0x269/0x350 [ 321.996260][T14682] ? __pfx___sys_sendmsg+0x10/0x10 [ 321.996291][T14682] ? do_sys_openat2+0x17a/0x1d0 [ 321.996339][T14682] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 321.996362][T14682] ? do_syscall_64+0x100/0x230 [ 321.996384][T14682] ? do_syscall_64+0xb6/0x230 [ 321.996405][T14682] do_syscall_64+0xf3/0x230 [ 321.996423][T14682] ? clear_bhb_loop+0x35/0x90 [ 321.996447][T14682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.996474][T14682] RIP: 0033:0x7efcb898d169 [ 321.996489][T14682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.996503][T14682] RSP: 002b:00007efcb974e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.996521][T14682] RAX: ffffffffffffffda RBX: 00007efcb8ba5fa0 RCX: 00007efcb898d169 [ 321.996533][T14682] RDX: 0000000000000000 RSI: 0000400000001380 RDI: 0000000000000003 [ 321.996544][T14682] RBP: 00007efcb974e090 R08: 0000000000000000 R09: 0000000000000000 [ 321.996554][T14682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.996564][T14682] R13: 0000000000000000 R14: 00007efcb8ba5fa0 R15: 00007ffc7e97c8a8 [ 321.996590][T14682] [ 323.001281][ T1316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.096679][ T1316] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.180715][ T1316] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.272513][ T1316] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.330930][ T1316] bridge_slave_1: left allmulticast mode [ 323.337012][ T1316] bridge_slave_1: left promiscuous mode [ 323.344206][ T1316] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.353696][ T1316] bridge_slave_0: left allmulticast mode [ 323.359353][ T1316] bridge_slave_0: left promiscuous mode [ 323.365295][ T1316] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.713209][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.727875][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.738048][ T1316] bond0 (unregistering): Released all slaves [ 323.867657][T14691] __nla_validate_parse: 5 callbacks suppressed [ 323.867675][T14691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2347'. [ 323.914710][T14694] netlink: 'syz.1.2345': attribute type 1 has an invalid length. [ 323.934258][T14694] netlink: 'syz.1.2345': attribute type 3 has an invalid length. [ 323.952538][T14697] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2346'. [ 323.978584][T14694] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2345'. [ 323.981883][T14695] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2348'. [ 324.022185][T14694] NCSI netlink: No device for ifindex 246 [ 324.052093][T14695] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 324.090123][T14695] netlink: 'syz.4.2348': attribute type 4 has an invalid length. [ 324.114195][T14695] netlink: 3441 bytes leftover after parsing attributes in process `syz.4.2348'. [ 324.164924][T14705] netlink: 'syz.2.2349': attribute type 19 has an invalid length. [ 324.183418][T14705] netlink: 'syz.2.2349': attribute type 19 has an invalid length. [ 324.299864][T14707] netlink: 'syz.4.2351': attribute type 7 has an invalid length. [ 324.362923][T14709] netlink: 'syz.1.2352': attribute type 1 has an invalid length. [ 324.461091][T14709] bond0: entered promiscuous mode [ 324.466406][T14709] bond0: entered allmulticast mode [ 324.484621][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 324.488117][T14709] batadv0: entered allmulticast mode [ 324.499260][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 324.520700][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 324.533585][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 324.542423][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 324.550776][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 324.602219][T14714] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2352'. [ 324.616288][T14709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 324.635025][T14709] bond0: (slave batadv0): making interface the new active one [ 324.650872][T14709] batadv0: entered promiscuous mode [ 324.660435][T14709] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 324.794668][ T1316] hsr_slave_0: left promiscuous mode [ 324.808504][ T1316] hsr_slave_1: left promiscuous mode [ 324.820554][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.836814][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.858817][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.881795][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.967765][ T1316] veth1_macvtap: left promiscuous mode [ 324.973884][ T1316] veth0_macvtap: left promiscuous mode [ 324.979628][ T1316] veth1_vlan: left promiscuous mode [ 324.987202][ T1316] veth0_vlan: left promiscuous mode [ 325.121604][T14736] FAULT_INJECTION: forcing a failure. [ 325.121604][T14736] name failslab, interval 1, probability 0, space 0, times 0 [ 325.162884][T14736] CPU: 1 UID: 0 PID: 14736 Comm: syz.3.2358 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 325.162913][T14736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 325.162923][T14736] Call Trace: [ 325.162929][T14736] [ 325.162937][T14736] dump_stack_lvl+0x241/0x360 [ 325.162962][T14736] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.162980][T14736] ? __pfx__printk+0x10/0x10 [ 325.163011][T14736] should_fail_ex+0x40a/0x550 [ 325.163038][T14736] should_failslab+0xac/0x100 [ 325.163061][T14736] ? skb_clone+0x20c/0x390 [ 325.163082][T14736] kmem_cache_alloc_noprof+0x70/0x380 [ 325.163109][T14736] skb_clone+0x20c/0x390 [ 325.163131][T14736] __netlink_deliver_tap+0x3c4/0x7f0 [ 325.163166][T14736] ? netlink_deliver_tap+0x2e/0x1b0 [ 325.163186][T14736] netlink_deliver_tap+0x19d/0x1b0 [ 325.163209][T14736] netlink_unicast+0x7c4/0x990 [ 325.163235][T14736] ? __pfx_netlink_unicast+0x10/0x10 [ 325.163253][T14736] ? __virt_addr_valid+0x45f/0x530 [ 325.163270][T14736] ? __phys_addr_symbol+0x2f/0x70 [ 325.163285][T14736] ? __check_object_size+0x47a/0x730 [ 325.163311][T14736] netlink_sendmsg+0x8de/0xcb0 [ 325.163346][T14736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 325.163373][T14736] ? aa_sock_msg_perm+0x91/0x160 [ 325.163409][T14736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 325.163429][T14736] __sock_sendmsg+0x221/0x270 [ 325.163454][T14736] ____sys_sendmsg+0x53a/0x860 [ 325.163481][T14736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 325.163498][T14736] ? __fget_files+0x2a/0x410 [ 325.163523][T14736] ? __fget_files+0x2a/0x410 [ 325.163555][T14736] __sys_sendmsg+0x269/0x350 [ 325.163579][T14736] ? __pfx___sys_sendmsg+0x10/0x10 [ 325.163611][T14736] ? do_sys_openat2+0x17a/0x1d0 [ 325.163660][T14736] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 325.163684][T14736] ? do_syscall_64+0x100/0x230 [ 325.163707][T14736] ? do_syscall_64+0xb6/0x230 [ 325.163730][T14736] do_syscall_64+0xf3/0x230 [ 325.163749][T14736] ? clear_bhb_loop+0x35/0x90 [ 325.163773][T14736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.163794][T14736] RIP: 0033:0x7efcb898d169 [ 325.163809][T14736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.163823][T14736] RSP: 002b:00007efcb974e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 325.163842][T14736] RAX: ffffffffffffffda RBX: 00007efcb8ba5fa0 RCX: 00007efcb898d169 [ 325.163854][T14736] RDX: 0000000000000000 RSI: 0000400000001380 RDI: 0000000000000003 [ 325.163865][T14736] RBP: 00007efcb974e090 R08: 0000000000000000 R09: 0000000000000000 [ 325.163875][T14736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 325.163885][T14736] R13: 0000000000000000 R14: 00007efcb8ba5fa0 R15: 00007ffc7e97c8a8 [ 325.163913][T14736] [ 325.863728][ T1316] team0 (unregistering): Port device team_slave_1 removed [ 325.918188][ T1316] team0 (unregistering): Port device team_slave_0 removed [ 326.350009][T14714] bond0: left promiscuous mode [ 326.355338][T14714] batadv0: left promiscuous mode [ 326.360447][T14714] bond0: left allmulticast mode [ 326.366178][T14714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.381157][T14713] lo speed is unknown, defaulting to 1000 [ 326.605016][T14740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2359'. [ 326.662286][ T5843] Bluetooth: hci4: command tx timeout [ 326.697730][T14749] netlink: 'syz.2.2361': attribute type 11 has an invalid length. [ 326.791048][T14749] netlink: 'syz.2.2361': attribute type 3 has an invalid length. [ 326.864530][T14753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2362'. [ 327.176201][T14713] chnl_net:caif_netlink_parms(): no params data found [ 327.210548][T14771] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2366'. [ 327.281075][T14774] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2367'. [ 327.574833][T14782] net_ratelimit: 15 callbacks suppressed [ 327.574851][T14782] netlink: del zone limit has 4 unknown bytes [ 327.652776][T14713] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.680256][T14713] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.700531][T14713] bridge_slave_0: entered allmulticast mode [ 327.731460][T14713] bridge_slave_0: entered promiscuous mode [ 327.748314][T14713] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.757410][T14713] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.764920][T14713] bridge_slave_1: entered allmulticast mode [ 327.773161][T14713] bridge_slave_1: entered promiscuous mode [ 327.837150][T14713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 327.868167][T14713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.957610][T14713] team0: Port device team_slave_0 added [ 327.987124][T14713] team0: Port device team_slave_1 added [ 328.079301][T14801] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 4, id = 0 [ 328.093318][T14802] lo speed is unknown, defaulting to 1000 [ 328.099635][T14713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.110411][T14713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.146717][T14713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.163566][T14713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.170627][T14713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.197049][T14713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.305926][T14713] hsr_slave_0: entered promiscuous mode [ 328.312773][T14713] hsr_slave_1: entered promiscuous mode [ 328.323388][T14713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 328.363378][T14713] Cannot create hsr debugfs directory [ 328.732345][ T5843] Bluetooth: hci4: command tx timeout [ 328.832589][T14828] netlink: 'syz.3.2380': attribute type 21 has an invalid length. [ 328.849111][T14826] 8021q: adding VLAN 0 to HW filter on device bond3 [ 328.925744][T14826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 328.945144][T14826] bond3: (slave batadv0): Enslaving as an active interface with an up link [ 328.965245][T14826] __nla_validate_parse: 4 callbacks suppressed [ 328.965262][T14826] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2382'. [ 329.011082][T14834] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2384'. [ 329.025039][T14834] netlink: zone id is out of range [ 329.033831][T14834] netlink: zone id is out of range [ 329.042018][T14834] netlink: zone id is out of range [ 329.047196][T14834] netlink: zone id is out of range [ 329.063716][T14834] netlink: zone id is out of range [ 329.068955][T14834] netlink: zone id is out of range [ 329.074272][T14834] netlink: zone id is out of range [ 329.079393][T14834] netlink: zone id is out of range [ 329.085604][T14834] netlink: zone id is out of range [ 329.142811][T14826] vlan2: entered promiscuous mode [ 329.149196][T14837] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2385'. [ 329.161001][T14826] bond3: entered promiscuous mode [ 329.172907][T14826] batadv0: entered promiscuous mode [ 329.385950][T14847] vlan2: entered promiscuous mode [ 329.528501][T14850] bond4: entered promiscuous mode [ 329.534775][T14850] bond4: entered allmulticast mode [ 329.540545][T14850] 8021q: adding VLAN 0 to HW filter on device bond4 [ 329.745820][T14855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2392'. [ 329.822490][T14862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2393'. [ 329.830996][T14861] macsec0: entered promiscuous mode [ 329.837752][T14861] macsec0: left promiscuous mode [ 330.436896][ T30] audit: type=1804 audit(1742027258.423:19): pid=14878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2399" name="/newroot/526/cgroup.controllers" dev="tmpfs" ino=2728 res=1 errno=0 [ 330.516626][ T30] audit: type=1800 audit(1742027258.423:20): pid=14878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2399" name="cgroup.controllers" dev="tmpfs" ino=2728 res=0 errno=0 [ 330.577280][ T30] audit: type=1804 audit(1742027258.463:21): pid=14878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2399" name="/newroot/526/cgroup.controllers" dev="tmpfs" ino=2728 res=1 errno=0 [ 330.619904][ T30] audit: type=1804 audit(1742027258.463:22): pid=14878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2399" name="/newroot/526/cgroup.controllers" dev="tmpfs" ino=2728 res=1 errno=0 [ 330.872047][ T5843] Bluetooth: hci4: command tx timeout [ 330.938966][T14880] 0·: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 331.032256][T14713] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 331.080955][T14713] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 331.208762][T14713] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 331.255929][T14713] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 331.388053][T14893] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2402'. [ 331.853008][T14713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.943673][T14713] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.023619][ T7884] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.030795][ T7884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.155607][ T9869] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.162793][ T9869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.395259][T14713] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 332.430975][T14922] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2407'. [ 332.496484][T14713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 332.749741][T14928] syzkaller0: tun_chr_ioctl cmd 1074025684 [ 332.833750][T14930] syzkaller0: create flow: hash 526569119 index 1 [ 332.892823][ T5843] Bluetooth: hci4: command tx timeout [ 332.974387][T14928] sctp: [Deprecated]: syz.1.2409 (pid 14928) Use of struct sctp_assoc_value in delayed_ack socket option. [ 332.974387][T14928] Use struct sctp_sack_info instead [ 333.148650][T14944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2411'. [ 333.188015][T14944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2411'. [ 333.436403][T14950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2413'. [ 334.297194][T14927] syzkaller0: delete flow: hash 526569119 index 1 [ 335.638698][T14965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2418'. [ 339.916142][T14950] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 339.948048][T14950] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 340.191594][T14713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.386833][T14713] veth0_vlan: entered promiscuous mode [ 340.431249][T14713] veth1_vlan: entered promiscuous mode [ 340.574407][T14972] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 38595 - 0 [ 340.590321][T14972] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 38595 - 0 [ 340.617231][T14972] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 38595 - 0 [ 340.655320][T14972] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 38595 - 0 [ 340.727148][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2424'. [ 340.736650][T14972] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 42153 - 0 [ 340.807483][T14972] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 42153 - 0 [ 340.842085][T14972] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 42153 - 0 [ 340.861104][T14972] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 42153 - 0 [ 340.871398][T14972] geneve4: entered promiscuous mode [ 340.894639][T14972] geneve4: entered allmulticast mode [ 340.903789][T14983] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2424'. [ 340.955693][T14980] batman_adv: batadv0: Interface deactivated: dummy0 [ 340.982792][T14980] batman_adv: batadv0: Removing interface: dummy0 [ 341.759068][T14980] bond4: (slave macvlan0): Releasing backup interface [ 342.023957][T14713] veth0_macvtap: entered promiscuous mode [ 342.053154][T14713] veth1_macvtap: entered promiscuous mode [ 342.143172][T14713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 342.187741][T14713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 342.246757][T14713] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.276155][T14713] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.318037][T14713] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.377963][T14713] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.565684][T15020] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2430'. [ 342.733962][T15023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2430'. [ 342.821596][T15023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2430'. [ 343.096896][ T1327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.149730][ T1327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.534333][ T1316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.581605][ T1316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.120608][T15051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2436'. [ 344.290493][T15049] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2436'. [ 345.140261][ T9869] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.202431][ T9869] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.210656][ T6374] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.284585][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.346926][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.412749][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.515829][ T6374] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.622129][ T5882] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 345.732151][T15058] __nla_validate_parse: 28 callbacks suppressed [ 345.732176][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.817460][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.873530][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 345.952148][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 346.025809][T15076] netlink: 'syz.3.2442': attribute type 10 has an invalid length. [ 346.116310][T15082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2442'. [ 346.265418][T15084] netlink: 'syz.2.2444': attribute type 12 has an invalid length. [ 346.294656][T15086] tls_set_device_offload: netdev not found [ 347.523395][ T1327] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.582225][T15058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2437'. [ 347.839851][ T1327] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.179441][T15092] x_tables: duplicate underflow at hook 1 [ 348.194552][ T1327] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.292136][T15099] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2447'. [ 348.635409][ T1327] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.442648][ T1327] bridge_slave_1: left allmulticast mode [ 349.475609][ T1327] bridge_slave_1: left promiscuous mode [ 349.518190][ T1327] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.612629][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 349.655651][ T1327] bridge_slave_0: left allmulticast mode [ 349.661351][ T1327] bridge_slave_0: left promiscuous mode [ 349.731584][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 349.746236][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 349.762437][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 349.815687][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 349.823411][ T1327] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.852078][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 349.859645][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 349.937175][ T17] sched: DL replenish lagged too much [ 350.035640][T15131] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2455'. [ 350.107475][T15131] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2455'. [ 350.245952][T15134] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2453'. [ 351.688738][ T1327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.753891][ T1327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.797199][ T1327] bond0 (unregistering): Released all slaves [ 351.922341][T15124] lo speed is unknown, defaulting to 1000 [ 351.933536][ T5146] Bluetooth: hci4: command tx timeout [ 352.034840][T15138] bridge0: port 1(vlan0) entered blocking state [ 352.093779][T15138] bridge0: port 1(vlan0) entered disabled state [ 352.117026][T15138] vlan0: entered allmulticast mode [ 352.156131][T15138] veth0: entered allmulticast mode [ 352.183098][T15138] vlan0: entered promiscuous mode [ 352.221687][T15138] veth0: entered promiscuous mode [ 352.244308][T15123] lo speed is unknown, defaulting to 1000 [ 352.636655][T15150] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2459'. [ 353.027431][T15156] vlan0: entered promiscuous mode [ 353.615564][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2463'. [ 354.017326][ T5146] Bluetooth: hci4: command tx timeout [ 354.050602][ T1327] hsr_slave_0: left promiscuous mode [ 354.093752][ T1327] hsr_slave_1: left promiscuous mode [ 354.125928][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.172302][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.214283][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.256552][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 354.400523][ T1327] veth1_macvtap: left promiscuous mode [ 354.420641][ T1327] veth0_macvtap: left promiscuous mode [ 354.445788][ T1327] veth1_vlan: left promiscuous mode [ 354.469781][ T1327] veth0_vlan: left promiscuous mode [ 356.102163][ T5146] Bluetooth: hci4: command tx timeout [ 356.183521][ T1327] team0 (unregistering): Port device team_slave_1 removed [ 356.361193][ T1327] team0 (unregistering): Port device team_slave_0 removed [ 358.172343][ T5146] Bluetooth: hci4: command tx timeout [ 358.332037][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 359.096124][T15200] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2472'. [ 359.597568][T15206] tipc: Cannot configure node identity twice [ 359.660294][T15207] macsec2: entered allmulticast mode [ 359.762060][T15207] dummy0: entered allmulticast mode [ 359.832815][T15207] dummy0: left allmulticast mode [ 360.282401][T15218] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2476'. [ 360.978662][T15123] chnl_net:caif_netlink_parms(): no params data found [ 361.539597][T15225] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2477'. [ 361.607423][T15123] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.616546][T15123] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.662121][T15123] bridge_slave_0: entered allmulticast mode [ 361.693654][T15123] bridge_slave_0: entered promiscuous mode [ 361.734574][T15123] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.747696][T15123] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.792579][T15123] bridge_slave_1: entered allmulticast mode [ 361.822148][T15123] bridge_slave_1: entered promiscuous mode [ 361.887958][T15227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2479'. [ 361.951388][T15230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2479'. [ 362.028410][T15123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.031994][T15231] netlink: 'syz.2.2478': attribute type 21 has an invalid length. [ 362.914093][T15123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 363.303654][T15236] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2481'. [ 363.322060][T15236] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2481'. [ 363.541423][T15123] team0: Port device team_slave_0 added [ 363.593233][T15123] team0: Port device team_slave_1 added [ 363.629351][T15244] netlink: 'syz.1.2485': attribute type 1 has an invalid length. [ 363.772640][T15248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2487'. [ 363.820928][T15123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.848508][T15123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.908448][T15250] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2488'. [ 363.946079][T15123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.062612][T15123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.069606][T15123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.217745][T15123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.428491][T15123] hsr_slave_0: entered promiscuous mode [ 364.447518][T15123] hsr_slave_1: entered promiscuous mode [ 364.469078][T15123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 364.558965][T15123] Cannot create hsr debugfs directory [ 364.975772][T15277] xt_hashlimit: size too large, truncated to 1048576 [ 365.437910][T15284] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2504'. [ 365.880017][T15292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'. [ 365.894045][T15294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2509'. [ 366.387146][T15302] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2512'. [ 366.412111][T15304] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2513'. [ 366.452102][T15305] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2514'. [ 366.717202][T15123] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 366.734134][T15308] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2516'. [ 366.784237][T15311] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2518'. [ 366.803357][T15123] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 366.851292][T15123] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 366.970788][T15123] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 367.358815][T15123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.436589][T15123] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.489503][ T7884] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.496699][ T7884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 367.560370][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.567564][ T7884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.524895][T15123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.748779][T15123] veth0_vlan: entered promiscuous mode [ 368.839445][T15123] veth1_vlan: entered promiscuous mode [ 368.986654][T15123] veth0_macvtap: entered promiscuous mode [ 369.258805][T15123] veth1_macvtap: entered promiscuous mode [ 369.355413][T15123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 369.420215][T15123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.528667][T15123] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.583807][T15123] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.612354][T15123] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.621104][T15123] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.088854][ T7881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.136802][ T7881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.359866][T15389] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2551'. [ 370.370669][ T9868] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.414848][ T9868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.439464][T15413] [ 371.441835][T15413] ====================================================== [ 371.448858][T15413] WARNING: possible circular locking dependency detected [ 371.455971][T15413] 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 Not tainted [ 371.463078][T15413] ------------------------------------------------------ [ 371.470092][T15413] syz.4.2561/15413 is trying to acquire lock: [ 371.476158][T15413] ffff88804fc54d28 (&dev_instance_lock_key#2){+.+.}-{4:4}, at: __dev_open+0x5cb/0x8a0 [ 371.485764][T15413] [ 371.485764][T15413] but task is already holding lock: [ 371.493128][T15413] ffff88807d430e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave+0xb3/0x28a0 [ 371.502637][T15413] [ 371.502637][T15413] which lock already depends on the new lock. [ 371.502637][T15413] [ 371.513043][T15413] [ 371.513043][T15413] the existing dependency chain (in reverse order) is: [ 371.522058][T15413] [ 371.522058][T15413] -> #2 (team->team_lock_key){+.+.}-{4:4}: [ 371.530070][T15413] lock_acquire+0x1ed/0x550 [ 371.535113][T15413] __mutex_lock+0x19c/0x1010 [ 371.540236][T15413] team_set_mac_address+0x122/0x280 [ 371.545967][T15413] netif_set_mac_address+0x327/0x510 [ 371.551780][T15413] do_setlink+0xaa6/0x40f0 [ 371.556724][T15413] rtnl_newlink+0x15a6/0x1d90 [ 371.561936][T15413] rtnetlink_rcv_msg+0x791/0xcf0 [ 371.567405][T15413] netlink_rcv_skb+0x206/0x480 [ 371.572700][T15413] netlink_unicast+0x7f6/0x990 [ 371.577995][T15413] netlink_sendmsg+0x8de/0xcb0 [ 371.583400][T15413] __sock_sendmsg+0x221/0x270 [ 371.588625][T15413] __sys_sendto+0x363/0x4c0 [ 371.593662][T15413] __x64_sys_sendto+0xde/0x100 [ 371.598955][T15413] do_syscall_64+0xf3/0x230 [ 371.603992][T15413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.610420][T15413] [ 371.610420][T15413] -> #1 (&dev_instance_lock_key#12){+.+.}-{4:4}: [ 371.618961][T15413] lock_acquire+0x1ed/0x550 [ 371.624000][T15413] __mutex_lock+0x19c/0x1010 [ 371.629125][T15413] dev_set_mac_address+0x2a/0x50 [ 371.634591][T15413] bond_set_mac_address+0x28e/0x830 [ 371.640328][T15413] netif_set_mac_address+0x327/0x510 [ 371.646147][T15413] do_setlink+0xaa6/0x40f0 [ 371.651178][T15413] rtnl_newlink+0x15a6/0x1d90 [ 371.656388][T15413] rtnetlink_rcv_msg+0x791/0xcf0 [ 371.661858][T15413] netlink_rcv_skb+0x206/0x480 [ 371.667153][T15413] netlink_unicast+0x7f6/0x990 [ 371.672451][T15413] netlink_sendmsg+0x8de/0xcb0 [ 371.677746][T15413] __sock_sendmsg+0x221/0x270 [ 371.682954][T15413] ____sys_sendmsg+0x53a/0x860 [ 371.688245][T15413] __sys_sendmsg+0x269/0x350 [ 371.693366][T15413] do_syscall_64+0xf3/0x230 [ 371.698402][T15413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.704829][T15413] [ 371.704829][T15413] -> #0 (&dev_instance_lock_key#2){+.+.}-{4:4}: [ 371.713374][T15413] validate_chain+0x18ef/0x5920 [ 371.718755][T15413] __lock_acquire+0x1397/0x2100 [ 371.724136][T15413] lock_acquire+0x1ed/0x550 [ 371.729167][T15413] __mutex_lock+0x19c/0x1010 [ 371.734287][T15413] __dev_open+0x5cb/0x8a0 [ 371.739148][T15413] netif_open+0xae/0x1b0 [ 371.743918][T15413] dev_open+0x13e/0x260 [ 371.748611][T15413] team_add_slave+0xabe/0x28a0 [ 371.753911][T15413] do_set_master+0x579/0x730 [ 371.759025][T15413] rtnl_newlink_create+0x6e6/0xbd0 [ 371.764662][T15413] rtnl_newlink+0x167a/0x1d90 [ 371.769869][T15413] rtnetlink_rcv_msg+0x791/0xcf0 [ 371.775351][T15413] netlink_rcv_skb+0x206/0x480 [ 371.780651][T15413] netlink_unicast+0x7f6/0x990 [ 371.785943][T15413] netlink_sendmsg+0x8de/0xcb0 [ 371.791239][T15413] __sock_sendmsg+0x221/0x270 [ 371.796447][T15413] ____sys_sendmsg+0x53a/0x860 [ 371.801736][T15413] __sys_sendmsg+0x269/0x350 [ 371.806851][T15413] do_syscall_64+0xf3/0x230 [ 371.811886][T15413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.818313][T15413] [ 371.818313][T15413] other info that might help us debug this: [ 371.818313][T15413] [ 371.828543][T15413] Chain exists of: [ 371.828543][T15413] &dev_instance_lock_key#2 --> &dev_instance_lock_key#12 --> team->team_lock_key [ 371.828543][T15413] [ 371.843624][T15413] Possible unsafe locking scenario: [ 371.843624][T15413] [ 371.851073][T15413] CPU0 CPU1 [ 371.856438][T15413] ---- ---- [ 371.861798][T15413] lock(team->team_lock_key); [ 371.866571][T15413] lock(&dev_instance_lock_key#12); [ 371.874402][T15413] lock(team->team_lock_key); [ 371.881697][T15413] lock(&dev_instance_lock_key#2); [ 371.886913][T15413] [ 371.886913][T15413] *** DEADLOCK *** [ 371.886913][T15413] [ 371.895059][T15413] 3 locks held by syz.4.2561/15413: [ 371.900254][T15413] #0: ffffffff903d4aa0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250 [ 371.909779][T15413] #1: ffffffff8fed6cc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 371.918857][T15413] #2: ffff88807d430e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave+0xb3/0x28a0 [ 371.928804][T15413] [ 371.928804][T15413] stack backtrace: [ 371.934691][T15413] CPU: 0 UID: 0 PID: 15413 Comm: syz.4.2561 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 371.934713][T15413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 371.934725][T15413] Call Trace: [ 371.934731][T15413] [ 371.934740][T15413] dump_stack_lvl+0x241/0x360 [ 371.934764][T15413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.934782][T15413] ? __pfx__printk+0x10/0x10 [ 371.934804][T15413] print_circular_bug+0x13a/0x1b0 [ 371.934825][T15413] check_noncircular+0x36a/0x4a0 [ 371.934846][T15413] ? __pfx_check_noncircular+0x10/0x10 [ 371.934866][T15413] ? lockdep_lock+0x123/0x2b0 [ 371.934893][T15413] validate_chain+0x18ef/0x5920 [ 371.934919][T15413] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 371.934939][T15413] ? __pfx_validate_chain+0x10/0x10 [ 371.934960][T15413] ? stack_depot_save_flags+0x7b4/0x940 [ 371.934988][T15413] ? kasan_save_track+0x51/0x80 [ 371.935007][T15413] ? kasan_save_track+0x3f/0x80 [ 371.935023][T15413] ? __kasan_kmalloc+0x98/0xb0 [ 371.935040][T15413] ? __kmalloc_noprof+0x285/0x4c0 [ 371.935061][T15413] ? bond_update_slave_arr+0x150/0xd50 [ 371.935079][T15413] ? bond_open+0xe36/0xfa0 [ 371.935096][T15413] ? __dev_open+0x45a/0x8a0 [ 371.935117][T15413] ? netif_open+0xae/0x1b0 [ 371.935137][T15413] ? dev_open+0x13e/0x260 [ 371.935151][T15413] ? team_add_slave+0xabe/0x28a0 [ 371.935171][T15413] ? do_set_master+0x579/0x730 [ 371.935187][T15413] ? rtnl_newlink_create+0x6e6/0xbd0 [ 371.935203][T15413] ? rtnl_newlink+0x167a/0x1d90 [ 371.935224][T15413] ? rtnetlink_rcv_msg+0x791/0xcf0 [ 371.935246][T15413] ? netlink_rcv_skb+0x206/0x480 [ 371.935267][T15413] ? netlink_unicast+0x7f6/0x990 [ 371.935286][T15413] ? netlink_sendmsg+0x8de/0xcb0 [ 371.935309][T15413] ? ____sys_sendmsg+0x53a/0x860 [ 371.935326][T15413] ? __sys_sendmsg+0x269/0x350 [ 371.935345][T15413] ? mark_lock+0x9a/0x360 [ 371.935362][T15413] __lock_acquire+0x1397/0x2100 [ 371.935392][T15413] lock_acquire+0x1ed/0x550 [ 371.935414][T15413] ? __dev_open+0x5cb/0x8a0 [ 371.935439][T15413] ? __pfx_lock_acquire+0x10/0x10 [ 371.935461][T15413] ? lockdep_rtnl_is_held+0x26/0x40 [ 371.935480][T15413] ? __pfx___might_resched+0x10/0x10 [ 371.935501][T15413] ? bond_update_slave_arr+0x844/0xd50 [ 371.935524][T15413] __mutex_lock+0x19c/0x1010 [ 371.935543][T15413] ? __dev_open+0x5cb/0x8a0 [ 371.935566][T15413] ? bond_alb_initialize+0x4c3/0x5f0 [ 371.935592][T15413] ? __dev_open+0x5cb/0x8a0 [ 371.935614][T15413] ? __pfx___mutex_lock+0x10/0x10 [ 371.935642][T15413] __dev_open+0x5cb/0x8a0 [ 371.935667][T15413] ? __pfx___dev_open+0x10/0x10 [ 371.935691][T15413] ? ref_tracker_alloc+0x332/0x490 [ 371.935708][T15413] netif_open+0xae/0x1b0 [ 371.935730][T15413] ? __pfx_netif_open+0x10/0x10 [ 371.935757][T15413] dev_open+0x13e/0x260 [ 371.935776][T15413] team_add_slave+0xabe/0x28a0 [ 371.935804][T15413] ? __pfx_team_add_slave+0x10/0x10 [ 371.935825][T15413] ? nlmsg_notify+0x14c/0x1c0 [ 371.935848][T15413] ? __dev_notify_flags+0x316/0x400 [ 371.935865][T15413] ? dev_set_rx_mode+0xb8/0x2e0 [ 371.935883][T15413] ? __pfx___dev_notify_flags+0x10/0x10 [ 371.935899][T15413] ? __dev_change_flags+0x515/0x6f0 [ 371.935918][T15413] ? mutex_is_locked+0x17/0x50 [ 371.935936][T15413] do_set_master+0x579/0x730 [ 371.935956][T15413] rtnl_newlink_create+0x6e6/0xbd0 [ 371.935978][T15413] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 371.935997][T15413] ? __pfx___mutex_lock+0x10/0x10 [ 371.936021][T15413] ? ns_capable+0x8a/0xf0 [ 371.936041][T15413] rtnl_newlink+0x167a/0x1d90 [ 371.936072][T15413] ? __pfx_rtnl_newlink+0x10/0x10 [ 371.936094][T15413] ? __pfx_validate_chain+0x10/0x10 [ 371.936121][T15413] ? validate_chain+0x11e/0x5920 [ 371.936138][T15413] ? __pfx_lock_acquire+0x10/0x10 [ 371.936161][T15413] ? __pfx_lock_release+0x10/0x10 [ 371.936185][T15413] ? __pfx_validate_chain+0x10/0x10 [ 371.936203][T15413] ? mark_lock+0x9a/0x360 [ 371.936219][T15413] ? __lock_acquire+0x1397/0x2100 [ 371.936255][T15413] ? __pfx_lock_release+0x10/0x10 [ 371.936283][T15413] ? __pfx_rtnl_newlink+0x10/0x10 [ 371.936306][T15413] rtnetlink_rcv_msg+0x791/0xcf0 [ 371.936328][T15413] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 371.936351][T15413] ? __lock_acquire+0x1397/0x2100 [ 371.936374][T15413] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 371.936404][T15413] netlink_rcv_skb+0x206/0x480 [ 371.936427][T15413] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 371.936451][T15413] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 371.936482][T15413] ? netlink_deliver_tap+0x2e/0x1b0 [ 371.936507][T15413] netlink_unicast+0x7f6/0x990 [ 371.936531][T15413] ? __pfx_netlink_unicast+0x10/0x10 [ 371.936550][T15413] ? __virt_addr_valid+0x45f/0x530 [ 371.936566][T15413] ? __phys_addr_symbol+0x2f/0x70 [ 371.936587][T15413] ? __check_object_size+0x47a/0x730 [ 371.936610][T15413] netlink_sendmsg+0x8de/0xcb0 [ 371.936638][T15413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 371.936663][T15413] ? aa_sock_msg_perm+0x91/0x160 [ 371.936688][T15413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 371.936710][T15413] __sock_sendmsg+0x221/0x270 [ 371.936734][T15413] ____sys_sendmsg+0x53a/0x860 [ 371.936756][T15413] ? __pfx_____sys_sendmsg+0x10/0x10 [ 371.936774][T15413] ? __fget_files+0x2a/0x410 [ 371.936798][T15413] ? __fget_files+0x2a/0x410 [ 371.936823][T15413] __sys_sendmsg+0x269/0x350 [ 371.936844][T15413] ? __pfx___sys_sendmsg+0x10/0x10 [ 371.936881][T15413] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 371.936905][T15413] ? do_syscall_64+0x100/0x230 [ 371.936926][T15413] ? do_syscall_64+0xb6/0x230 [ 371.936947][T15413] do_syscall_64+0xf3/0x230 [ 371.936967][T15413] ? clear_bhb_loop+0x35/0x90 [ 371.936991][T15413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.937013][T15413] RIP: 0033:0x7f4f3b98d169 [ 371.937028][T15413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.937043][T15413] RSP: 002b:00007f4f3c741038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 371.937060][T15413] RAX: ffffffffffffffda RBX: 00007f4f3bba5fa0 RCX: 00007f4f3b98d169 [ 371.937073][T15413] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000003 [ 371.937084][T15413] RBP: 00007f4f3ba0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 371.937093][T15413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.937101][T15413] R13: 0000000000000000 R14: 00007f4f3bba5fa0 R15: 00007ffc04333558 [ 371.937118][T15413] [ 372.569161][T15413] 8021q: adding VLAN 0 to HW filter on device bond3 [ 372.576820][T15413] bond3: entered promiscuous mode [ 372.582341][T15413] team0: Port device bond3 added [ 373.138946][ T1327] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.246013][ T1327] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.327354][ T1327] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.397259][ T1327] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.515917][ T1327] bridge_slave_1: left allmulticast mode [ 373.521597][ T1327] bridge_slave_1: left promiscuous mode [ 373.543966][ T1327] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.569731][ T1327] bridge_slave_0: left allmulticast mode [ 373.582135][ T1327] bridge_slave_0: left promiscuous mode [ 373.587836][ T1327] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.137993][ T1327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.170751][ T1327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.195742][ T1327] bond0 (unregistering): Released all slaves [ 374.610236][ T1327] hsr_slave_0: left promiscuous mode [ 374.648846][ T1327] hsr_slave_1: left promiscuous mode [ 374.662274][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.669679][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.698901][ T1327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.721961][ T1327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.746778][ T1327] veth1_macvtap: left promiscuous mode [ 374.762012][ T1327] veth0_macvtap: left promiscuous mode [ 374.767574][ T1327] veth1_vlan: left promiscuous mode [ 374.781969][ T1327] veth0_vlan: left promiscuous mode [ 375.272249][ T1327] team0 (unregistering): Port device team_slave_1 removed [ 375.347735][ T1327] team0 (unregistering): Port device team_slave_0 removed [ 376.251922][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 378.816971][ T1298] ieee802154 phy0 wpan0: encryption failed: -22