last executing test programs: 1m14.199650645s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 1m1.019771935s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 46.4257971s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 31.473824991s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 17.82553247s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 3.429402244s ago: executing program 4 (id=1047): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="44010000100001000000000019002000fe800000000000000000000000000000ac1e000100000000000000000000000000000000000000000000000032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000032000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013500000a000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00"], 0x144}}, 0x0) 3.018163154s ago: executing program 4 (id=1051): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000001b00000373010b000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) 2.837883971s ago: executing program 3 (id=1054): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x29, 0x38, 0x0, 0x0) 2.712601028s ago: executing program 4 (id=1056): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f0000000040)=0x3, 0x3) 2.59381985s ago: executing program 1 (id=1057): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) recvfrom$rose(r0, 0x0, 0x0, 0x40010000, 0x0, 0x0) 2.593568152s ago: executing program 3 (id=1058): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x20, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x22, 0x0, &(0x7f0000000440)="f6f4e9a100000000002a8bc686ddb7dbfc007024116f0bfcb6bdfdfd407a3f19d468", 0x0, 0x4, 0x0, 0x2, 0x0, &(0x7f0000000940)="0102", 0x0}, 0x50) 2.508885039s ago: executing program 2 (id=1059): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.487805589s ago: executing program 4 (id=1060): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000087000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.403771728s ago: executing program 1 (id=1061): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="380000000203010100000000000000000000001008000100010000150900000008000340ff", @ANYBLOB, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x40001}, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880) 2.401719435s ago: executing program 3 (id=1062): syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8001}}}}}}, 0x0) 2.321921354s ago: executing program 2 (id=1063): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x6}}], {0x14}}, 0x3c}}, 0x0) 2.247490797s ago: executing program 3 (id=1064): unshare(0x2c020400) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) 2.169614915s ago: executing program 0 (id=201): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000045e40000000003000000050001000600000005000400000000000900020073797a3000000000050005000200000011000300686173683a69702c706f7274000000001400078005"], 0x60}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00', @ANYRES16=r1, @ANYBLOB="0103"], 0x34}}, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x5}]}) 660.591952ms ago: executing program 1 (id=1065): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001080), r0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000880)={0x1c, r1, 0x1, 0x70bd24, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4040840) 660.150785ms ago: executing program 2 (id=1066): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r0, 0x2000000, 0x2f, 0x0, &(0x7f00000000c0)="13435cb8b9f6ff004954ea5207e3137c3c9e9fbe2134504b468883902643b332fa8cac3c94fec8d3269bb867000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 659.261701ms ago: executing program 3 (id=1067): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000"], 0xdc}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2a, &(0x7f0000000540)={@broadcast, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x1, 0x1c, 0x1c, 0x68, 0x1c, 0x8, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}, @loopback}, {0x4e22, 0x4e22, 0x8}}}}}, 0x0) 657.525038ms ago: executing program 4 (id=1068): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x3, &(0x7f0000000000)=[{0x15, 0x1, 0x6, 0x1}, {0x60, 0x4, 0xfd}, {0x6}]}) 514.953502ms ago: executing program 1 (id=1069): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000280)=ANY=[], 0x8) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='`\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x00\v\x00\x00\x00\x00\b'], 0x60}, 0x0) 417.813055ms ago: executing program 2 (id=1070): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r0, 0x0, 0x0) 292.379192ms ago: executing program 1 (id=1071): bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) 272.135216ms ago: executing program 4 (id=1072): unshare(0x22020600) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0x1, 0x4) 173.926187ms ago: executing program 2 (id=1073): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 61.059195ms ago: executing program 3 (id=1074): syz_emit_ethernet(0x110, &(0x7f0000000400)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0xda, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8001, [{0x18, 0xf, "00000000000053bff4db7fb847a98ef6c30aef8bffd4310d8c8cfb14b480e2a94adfdcf5ad49792ea9afa9553dcd662ba2d88bd99d1d5b4148ec634cecbd27c915b46fb691f6fce638f848a4e18c02bf95848d398ec9dba34d082016dcb10b44b93da65d02ba88666428204a908ad971c24912667b99"}, {0x1e, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}]}}}}}}, 0x0) 19.665856ms ago: executing program 1 (id=1075): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0) read$alg(r0, &(0x7f0000003780)=""/4096, 0x1000) 0s ago: executing program 2 (id=1076): r0 = socket$igmp6(0xa, 0x3, 0x2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) kernel console output (not intermixed with test programs): parsing attributes in process `syz.3.362'. [ 145.161139][ T7108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.306917][ T7108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.450854][ T7108] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.925286][ T7329] netlink: 'syz.2.372': attribute type 11 has an invalid length. [ 145.969266][ T7329] netlink: 224 bytes leftover after parsing attributes in process `syz.2.372'. [ 146.171400][ T7108] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.193320][ T7339] netlink: 'syz.4.376': attribute type 11 has an invalid length. [ 146.222079][ T7343] geneve2: entered promiscuous mode [ 146.227422][ T7343] geneve2: entered allmulticast mode [ 146.246138][ T7108] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 146.288881][ T7108] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 146.368731][ T7108] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 146.841175][ T7108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.858002][ T5151] Bluetooth: hci0: command tx timeout [ 147.096367][ T7108] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.486676][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.494038][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.576283][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.584228][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.782777][ T7108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 147.925940][ T7395] netlink: 'syz.1.390': attribute type 11 has an invalid length. [ 147.981265][ T7395] __nla_validate_parse: 4 callbacks suppressed [ 147.981294][ T7395] netlink: 224 bytes leftover after parsing attributes in process `syz.1.390'. [ 148.262297][ T7402] netlink: 'syz.3.391': attribute type 11 has an invalid length. [ 148.300383][ T7402] netlink: 224 bytes leftover after parsing attributes in process `syz.3.391'. [ 148.540263][ T7108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.794682][ T7108] veth0_vlan: entered promiscuous mode [ 148.853417][ T7108] veth1_vlan: entered promiscuous mode [ 149.069877][ T7108] veth0_macvtap: entered promiscuous mode [ 149.114780][ T7429] netlink: 44 bytes leftover after parsing attributes in process `syz.2.401'. [ 149.120415][ T7108] veth1_macvtap: entered promiscuous mode [ 149.175988][ T7430] netlink: 24 bytes leftover after parsing attributes in process `syz.2.401'. [ 149.285703][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.334599][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.353257][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.400051][ T7439] netlink: 'syz.3.405': attribute type 11 has an invalid length. [ 149.400423][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.427583][ T7439] netlink: 224 bytes leftover after parsing attributes in process `syz.3.405'. [ 149.460614][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.494698][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.530206][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.564361][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.592388][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.694067][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.745342][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.765940][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.791409][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.802495][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.813682][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.825233][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.840102][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.857616][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.939540][ T7108] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.956863][ T7108] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.982739][ T7108] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.013309][ T7108] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.371499][ T7457] tipc: Started in network mode [ 150.377473][ T7457] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 150.410009][ T7457] tipc: Enabled bearer , priority 10 [ 150.683609][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.698689][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.836050][ T7467] GUP no longer grows the stack in syz.3.415 (7467): 200000006000-20000000a000 (200000005000) [ 150.850181][ T7467] CPU: 0 UID: 0 PID: 7467 Comm: syz.3.415 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 150.850213][ T7467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.850226][ T7467] Call Trace: [ 150.850235][ T7467] [ 150.850245][ T7467] dump_stack_lvl+0x241/0x360 [ 150.850304][ T7467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.850337][ T7467] ? __pfx__printk+0x10/0x10 [ 150.850362][ T7467] ? find_vma+0xfa/0x170 [ 150.850410][ T7467] __get_user_pages+0x3b46/0x4180 [ 150.850481][ T7467] ? __lock_acquire+0xad5/0xd80 [ 150.850508][ T7467] ? __pfx___get_user_pages+0x10/0x10 [ 150.850537][ T7467] ? __gup_longterm_locked+0xd86/0x1850 [ 150.850572][ T7467] ? __pfx_down_read_killable+0x10/0x10 [ 150.850605][ T7467] ? __lock_acquire+0xad5/0xd80 [ 150.850646][ T7467] __gup_longterm_locked+0xec1/0x1850 [ 150.850697][ T7467] ? try_get_folio+0xfd/0x6a0 [ 150.850720][ T7467] ? try_grab_folio_fast+0x1d6/0x500 [ 150.850740][ T7467] ? __pfx___gup_longterm_locked+0x10/0x10 [ 150.850784][ T7467] ? gup_fast_fallback+0x203f/0x2980 [ 150.850820][ T7467] gup_fast_fallback+0x2227/0x2980 [ 150.850898][ T7467] ? __pfx_gup_fast_fallback+0x10/0x10 [ 150.850943][ T7467] ? kvm_sched_clock_read+0x11/0x20 [ 150.850990][ T7467] ? __lock_acquire+0xad5/0xd80 [ 150.851017][ T7467] ? is_valid_gup_args+0x124/0x200 [ 150.851053][ T7467] get_user_pages_fast+0xd2/0x160 [ 150.851089][ T7467] ? __pfx_get_user_pages_fast+0x10/0x10 [ 150.851123][ T7467] ? rcu_is_watching+0x15/0xb0 [ 150.851152][ T7467] ? trace_contention_end+0x3c/0x120 [ 150.851186][ T7467] __iov_iter_get_pages_alloc+0x39d/0xa90 [ 150.851229][ T7467] ? __se_sys_vmsplice+0x4bc/0x1430 [ 150.851266][ T7467] iov_iter_get_pages2+0xd1/0x130 [ 150.851300][ T7467] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 150.851344][ T7467] __se_sys_vmsplice+0x6c6/0x1430 [ 150.851403][ T7467] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 150.851438][ T7467] ? __pfx_futex_wake+0x10/0x10 [ 150.851470][ T7467] ? __lock_acquire+0xad5/0xd80 [ 150.851553][ T7467] ? do_syscall_64+0xb6/0x230 [ 150.851584][ T7467] do_syscall_64+0xf3/0x230 [ 150.851612][ T7467] ? clear_bhb_loop+0x45/0xa0 [ 150.851637][ T7467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.851657][ T7467] RIP: 0033:0x7fa46e78d169 [ 150.851676][ T7467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.851693][ T7467] RSP: 002b:00007fa46f64a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 150.851716][ T7467] RAX: ffffffffffffffda RBX: 00007fa46e9a5fa0 RCX: 00007fa46e78d169 [ 150.851731][ T7467] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000c [ 150.851744][ T7467] RBP: 00007fa46e80e990 R08: 0000000000000000 R09: 0000000000000000 [ 150.851757][ T7467] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 150.851769][ T7467] R13: 0000000000000000 R14: 00007fa46e9a5fa0 R15: 00007ffce6996638 [ 150.851803][ T7467] [ 151.187013][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.195625][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.365970][ T7473] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 151.439255][ T974] tipc: Node number set to 4269801488 [ 152.913875][ T7500] netlink: 'syz.2.424': attribute type 5 has an invalid length. [ 153.077011][ T7503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.426'. [ 153.488669][ T7512] netlink: 'syz.4.429': attribute type 11 has an invalid length. [ 153.496662][ T7512] netlink: 224 bytes leftover after parsing attributes in process `syz.4.429'. [ 153.668451][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 153.687188][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 153.699697][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 153.721813][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 153.731585][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 154.025134][ T7529] bridge5: entered promiscuous mode [ 154.078275][ T7529] bridge5: entered allmulticast mode [ 154.178185][ T7533] netlink: 'syz.2.433': attribute type 11 has an invalid length. [ 154.186096][ T7533] netlink: 224 bytes leftover after parsing attributes in process `syz.2.433'. [ 154.482779][ T7543] netlink: 'syz.1.435': attribute type 15 has an invalid length. [ 155.121281][ T7514] chnl_net:caif_netlink_parms(): no params data found [ 155.726547][ T7591] netlink: 'syz.3.441': attribute type 11 has an invalid length. [ 155.822217][ T55] Bluetooth: hci0: command tx timeout [ 155.828711][ T7591] netlink: 224 bytes leftover after parsing attributes in process `syz.3.441'. [ 156.146539][ T7514] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.172802][ T7514] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.198940][ T7514] bridge_slave_0: entered allmulticast mode [ 156.240885][ T7514] bridge_slave_0: entered promiscuous mode [ 156.356730][ T7624] bridge9: entered promiscuous mode [ 156.385103][ T7624] bridge9: entered allmulticast mode [ 156.412375][ T7514] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.433180][ T7514] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.458332][ T7514] bridge_slave_1: entered allmulticast mode [ 156.466552][ T7514] bridge_slave_1: entered promiscuous mode [ 156.585666][ T7637] netlink: 'syz.3.448': attribute type 11 has an invalid length. [ 156.601555][ T7632] bridge7: entered promiscuous mode [ 156.606946][ T7632] bridge7: entered allmulticast mode [ 156.632754][ T7637] netlink: 224 bytes leftover after parsing attributes in process `syz.3.448'. [ 156.692883][ T7514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.869680][ T7514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.952787][ T7651] netlink: 'syz.2.450': attribute type 11 has an invalid length. [ 157.005327][ T7651] netlink: 224 bytes leftover after parsing attributes in process `syz.2.450'. [ 157.096711][ T7514] team0: Port device team_slave_0 added [ 157.225825][ T7514] team0: Port device team_slave_1 added [ 157.450263][ T7514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.484216][ T7514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.520083][ T7514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.592908][ T7514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.622789][ T7514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.676832][ T7514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.898588][ T55] Bluetooth: hci0: command tx timeout [ 157.907729][ T7514] hsr_slave_0: entered promiscuous mode [ 157.925375][ T7514] hsr_slave_1: entered promiscuous mode [ 157.932969][ T7514] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.941295][ T7514] Cannot create hsr debugfs directory [ 158.797398][ T7514] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.006168][ T7514] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.034109][ T7688] netlink: 'syz.1.460': attribute type 11 has an invalid length. [ 159.065597][ T7688] netlink: 224 bytes leftover after parsing attributes in process `syz.1.460'. [ 159.346410][ T7514] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.612656][ T7514] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.854816][ T7717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.469'. [ 159.978222][ T55] Bluetooth: hci0: command tx timeout [ 160.056030][ T7514] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 160.102979][ T7514] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 160.136389][ T7514] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 160.207968][ T7514] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 160.256209][ T7728] bridge0: entered promiscuous mode [ 160.275374][ T7728] bridge0: left promiscuous mode [ 160.334923][ T7739] netlink: 32 bytes leftover after parsing attributes in process `syz.2.473'. [ 160.766866][ T7746] bridge6: entered promiscuous mode [ 160.791973][ T7746] bridge6: entered allmulticast mode [ 161.515977][ T7514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.652542][ T7514] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.803679][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.811278][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.921599][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.928892][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.059896][ T55] Bluetooth: hci0: command tx timeout [ 162.236024][ T7514] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.609996][ T7796] bridge8: entered promiscuous mode [ 162.626623][ T7796] bridge8: entered allmulticast mode [ 162.833947][ T7806] macvlan2: entered promiscuous mode [ 162.866645][ T7806] macvlan2: entered allmulticast mode [ 162.890102][ T7806] bond_slave_0: entered promiscuous mode [ 162.896038][ T7806] bond_slave_1: entered promiscuous mode [ 162.908335][ T7806] bond0: entered allmulticast mode [ 162.937022][ T7806] bond_slave_0: entered allmulticast mode [ 163.008779][ T7806] bond_slave_1: entered allmulticast mode [ 163.014609][ T7806] bond0: entered promiscuous mode [ 163.026135][ T7806] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 163.069388][ T7806] team0: Port device macvlan2 added [ 163.144079][ T7818] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 163.266858][ T7514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.509138][ T7514] veth0_vlan: entered promiscuous mode [ 163.562559][ T7514] veth1_vlan: entered promiscuous mode [ 163.631326][ T7831] xt_CT: No such helper "pptp" [ 163.884200][ T7841] xt_CT: No such helper "pptp" [ 163.894756][ T7843] xt_CT: No such helper "pptp" [ 163.937017][ T7514] veth0_macvtap: entered promiscuous mode [ 164.046910][ T7514] veth1_macvtap: entered promiscuous mode [ 164.137332][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.159641][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.180047][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.198274][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.220933][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.231654][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.260086][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.274320][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.284561][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.295214][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.342147][ T7514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.424553][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.463569][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.475644][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.518034][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.547911][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.577825][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.608011][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.643530][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.674712][ T7514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.713205][ T7514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.747892][ T7514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.848507][ T7857] bridge4: entered promiscuous mode [ 164.857402][ T7857] bridge4: entered allmulticast mode [ 164.935348][ T7514] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.958593][ T7514] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.988030][ T7514] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.013265][ T7514] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.130000][ T974] IPVS: starting estimator thread 0... [ 165.138022][ T7873] IPVS: set_ctl: invalid protocol: 8 172.20.20.50:20004 [ 165.248641][ T7875] IPVS: using max 27 ests per chain, 64800 per kthread [ 165.423389][ T7879] bridge10: entered promiscuous mode [ 165.429405][ T7881] netlink: 'syz.2.509': attribute type 1 has an invalid length. [ 165.437993][ T7879] bridge10: entered allmulticast mode [ 165.455386][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.509'. [ 165.479252][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.487140][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.494651][ T7881] netlink: 32 bytes leftover after parsing attributes in process `syz.2.509'. [ 165.651058][ T7601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.697953][ T7601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.168009][ T7910] netlink: 'syz.1.518': attribute type 11 has an invalid length. [ 166.175984][ T7910] netlink: 224 bytes leftover after parsing attributes in process `syz.1.518'. [ 166.267052][ T7907] bridge9: entered promiscuous mode [ 166.273069][ T7907] bridge9: entered allmulticast mode [ 166.360307][ T7916] netlink: 'syz.3.517': attribute type 15 has an invalid length. [ 167.557266][ T7946] netlink: 'syz.3.523': attribute type 11 has an invalid length. [ 167.592774][ T7946] netlink: 224 bytes leftover after parsing attributes in process `syz.3.523'. [ 167.603420][ T7947] netlink: 40 bytes leftover after parsing attributes in process `syz.1.521'. [ 167.966043][ T7959] netlink: 188 bytes leftover after parsing attributes in process `syz.4.525'. [ 168.176739][ T7962] netlink: 52 bytes leftover after parsing attributes in process `syz.3.526'. [ 168.568864][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 168.599814][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 168.609500][ T7977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.530'. [ 168.619329][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 168.643947][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 168.660849][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 168.671457][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 168.737020][ T7977] netlink: 'syz.1.530': attribute type 1 has an invalid length. [ 168.763138][ T7977] netlink: 10 bytes leftover after parsing attributes in process `syz.1.530'. [ 168.814518][ T7977] block nbd0: Unsupported socket: shutdown callout must be supported. [ 168.877980][ T7985] netlink: 'syz.4.531': attribute type 11 has an invalid length. [ 169.406367][ T8002] netlink: 'syz.4.536': attribute type 11 has an invalid length. [ 169.798284][ T8015] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 169.955177][ T7976] chnl_net:caif_netlink_parms(): no params data found [ 170.213632][ T8022] netlink: 'syz.1.540': attribute type 13 has an invalid length. [ 170.357042][ T8022] macvtap0: entered promiscuous mode [ 170.374621][ T8022] macvtap0: refused to change device tx_queue_len [ 170.778230][ T55] Bluetooth: hci0: command tx timeout [ 170.887366][ T7976] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.932153][ T7976] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.964888][ T7976] bridge_slave_0: entered allmulticast mode [ 171.002827][ T7976] bridge_slave_0: entered promiscuous mode [ 171.037570][ T7976] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.055471][ T7976] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.065048][ T7976] bridge_slave_1: entered allmulticast mode [ 171.087142][ T7976] bridge_slave_1: entered promiscuous mode [ 171.301549][ T8053] netlink: 'syz.3.546': attribute type 11 has an invalid length. [ 171.313449][ T8053] __nla_validate_parse: 4 callbacks suppressed [ 171.313477][ T8053] netlink: 224 bytes leftover after parsing attributes in process `syz.3.546'. [ 171.490735][ T7976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.553035][ T7976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.810463][ T7976] team0: Port device team_slave_0 added [ 171.853728][ T7976] team0: Port device team_slave_1 added [ 172.010273][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.024371][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.066193][ T7976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.134779][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.167044][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.205544][ T7976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.456773][ T7976] hsr_slave_0: entered promiscuous mode [ 172.485400][ T7976] hsr_slave_1: entered promiscuous mode [ 172.508331][ T7976] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 172.535963][ T7976] Cannot create hsr debugfs directory [ 172.670594][ T8088] netlink: 'syz.3.552': attribute type 4 has an invalid length. [ 172.788187][ T8091] netlink: 20 bytes leftover after parsing attributes in process `syz.3.552'. [ 172.858292][ T55] Bluetooth: hci0: command tx timeout [ 173.436612][ T7976] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.543962][ T8106] bridge11: entered promiscuous mode [ 173.560276][ T8106] bridge11: entered allmulticast mode [ 173.652367][ T7976] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.959579][ T7976] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.181199][ T7976] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.938073][ T55] Bluetooth: hci0: command tx timeout [ 174.955498][ T7976] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 175.021168][ T7976] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 175.107202][ T7976] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 175.182241][ T8156] netlink: 28 bytes leftover after parsing attributes in process `syz.2.567'. [ 175.206291][ T7976] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 175.786787][ T7976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.825633][ T7976] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.837187][ T8168] FAULT_INJECTION: forcing a failure. [ 175.837187][ T8168] name failslab, interval 1, probability 0, space 0, times 1 [ 175.867255][ T7608] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.874651][ T7608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.885423][ T8168] CPU: 1 UID: 0 PID: 8168 Comm: syz.4.569 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 175.885451][ T8168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 175.885463][ T8168] Call Trace: [ 175.885472][ T8168] [ 175.885479][ T8168] dump_stack_lvl+0x241/0x360 [ 175.885519][ T8168] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.885571][ T8168] should_fail_ex+0x424/0x570 [ 175.885600][ T8168] should_failslab+0xac/0x100 [ 175.885634][ T8168] __kmalloc_cache_noprof+0x73/0x370 [ 175.885664][ T8168] ? ovs_ct_limit_cmd_set+0x2f9/0xaf0 [ 175.885690][ T8168] ovs_ct_limit_cmd_set+0x2f9/0xaf0 [ 175.885730][ T8168] genl_rcv_msg+0xb38/0xf00 [ 175.885768][ T8168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 175.885789][ T8168] ? __dev_queue_xmit+0x1780/0x3f60 [ 175.885813][ T8168] ? kasan_save_track+0x3f/0x80 [ 175.885836][ T8168] ? __kasan_slab_alloc+0x66/0x80 [ 175.885868][ T8168] ? do_syscall_64+0xf3/0x230 [ 175.885914][ T8168] ? __lock_acquire+0xad5/0xd80 [ 175.885938][ T8168] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 175.885975][ T8168] netlink_rcv_skb+0x208/0x480 [ 175.886006][ T8168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 175.886032][ T8168] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 175.886087][ T8168] ? netlink_deliver_tap+0x2e/0x1b0 [ 175.886126][ T8168] genl_rcv+0x28/0x40 [ 175.886148][ T8168] netlink_unicast+0x7f8/0x9a0 [ 175.886197][ T8168] ? __pfx_netlink_unicast+0x10/0x10 [ 175.886228][ T8168] ? skb_put+0x114/0x1f0 [ 175.886254][ T8168] netlink_sendmsg+0x8c3/0xcd0 [ 175.886302][ T8168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.886339][ T8168] ? aa_sock_msg_perm+0x91/0x160 [ 175.886376][ T8168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.886405][ T8168] __sock_sendmsg+0x221/0x270 [ 175.886438][ T8168] ____sys_sendmsg+0x523/0x860 [ 175.886471][ T8168] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.886491][ T8168] ? __fget_files+0x2a/0x420 [ 175.886514][ T8168] ? __fget_files+0x2a/0x420 [ 175.886543][ T8168] __sys_sendmsg+0x271/0x360 [ 175.886571][ T8168] ? __pfx___sys_sendmsg+0x10/0x10 [ 175.886652][ T8168] ? do_syscall_64+0xb6/0x230 [ 175.886683][ T8168] do_syscall_64+0xf3/0x230 [ 175.886710][ T8168] ? clear_bhb_loop+0x45/0xa0 [ 175.886734][ T8168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.886755][ T8168] RIP: 0033:0x7f45c358d169 [ 175.886773][ T8168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.886790][ T8168] RSP: 002b:00007f45c13f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.886812][ T8168] RAX: ffffffffffffffda RBX: 00007f45c37a5fa0 RCX: 00007f45c358d169 [ 175.886827][ T8168] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003 [ 175.886840][ T8168] RBP: 00007f45c13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 175.886851][ T8168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 175.886863][ T8168] R13: 0000000000000000 R14: 00007f45c37a5fa0 R15: 00007ffd07598218 [ 175.886895][ T8168] [ 176.198967][ T8171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.570'. [ 176.247146][ T7976] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.258488][ T7976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.281810][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.289061][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.727335][ T7976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.923819][ T7976] veth0_vlan: entered promiscuous mode [ 176.952733][ T7976] veth1_vlan: entered promiscuous mode [ 177.025736][ T55] Bluetooth: hci0: command tx timeout [ 177.084382][ T7976] veth0_macvtap: entered promiscuous mode [ 177.097352][ T7976] veth1_macvtap: entered promiscuous mode [ 177.170949][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.195979][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.206621][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.220918][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.242515][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.271288][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.297886][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.308987][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.320427][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.336381][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.360434][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.376023][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.389646][ T7976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.542308][ T8217] ipvlan2: entered promiscuous mode [ 177.632324][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.650145][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.668384][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.679703][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.692227][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.703059][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.713218][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.731759][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.742312][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.753260][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.763524][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.774441][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.809767][ T7976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.842358][ T8222] macvlan3: entered promiscuous mode [ 177.847727][ T8222] macvlan3: entered allmulticast mode [ 177.887341][ T7976] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.902252][ T7976] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.917956][ T7976] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.937308][ T7976] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.584254][ T7608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.625171][ T7608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.821539][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.851101][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.457579][ T8275] netlink: 408 bytes leftover after parsing attributes in process `syz.3.593'. [ 179.506368][ T8275] netlink: 104 bytes leftover after parsing attributes in process `syz.3.593'. [ 181.004929][ T8336] netlink: 28 bytes leftover after parsing attributes in process `syz.4.598'. [ 181.948873][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.965032][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 181.974361][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 181.998188][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 182.012140][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 182.133855][ T8368] bridge_slave_0: left allmulticast mode [ 182.168308][ T8368] bridge_slave_0: left promiscuous mode [ 182.179076][ T8368] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.224297][ T8368] bridge_slave_1: left allmulticast mode [ 182.237932][ T8368] bridge_slave_1: left promiscuous mode [ 182.250017][ T8368] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.293440][ T8368] bond0: (slave bond_slave_0): Releasing backup interface [ 182.306136][ T8368] bond_slave_0: left allmulticast mode [ 182.340883][ T8368] bond_slave_0: left promiscuous mode [ 182.354849][ T8368] bond0: (slave bond_slave_1): Releasing backup interface [ 182.382492][ T8368] bond_slave_1: left allmulticast mode [ 182.392850][ T8368] bond_slave_1: left promiscuous mode [ 182.424493][ T8368] team0: Port device team_slave_0 removed [ 182.444401][ T8368] team0: Port device team_slave_1 removed [ 182.460998][ T8368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.470037][ T8368] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.481086][ T8368] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.489231][ T8368] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.545156][ T8368] bond0: left allmulticast mode [ 182.568473][ T8368] bond0: left promiscuous mode [ 182.595081][ T8368] team0: Port device macvlan2 removed [ 182.615865][ T8375] FAULT_INJECTION: forcing a failure. [ 182.615865][ T8375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.667329][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.3.605 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 182.667360][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.667372][ T8375] Call Trace: [ 182.667380][ T8375] [ 182.667389][ T8375] dump_stack_lvl+0x241/0x360 [ 182.667428][ T8375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.667457][ T8375] ? __pfx__printk+0x10/0x10 [ 182.667498][ T8375] should_fail_ex+0x424/0x570 [ 182.667526][ T8375] _copy_to_user+0x31/0xb0 [ 182.667581][ T8375] simple_read_from_buffer+0xc4/0x170 [ 182.667616][ T8375] proc_fail_nth_read+0x1ef/0x260 [ 182.667641][ T8375] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.667666][ T8375] ? rw_verify_area+0x246/0x630 [ 182.667693][ T8375] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.667716][ T8375] vfs_read+0x21f/0xb90 [ 182.667745][ T8375] ? __pfx___mutex_lock+0x10/0x10 [ 182.667776][ T8375] ? __pfx_vfs_read+0x10/0x10 [ 182.667803][ T8375] ? __fget_files+0x2a/0x420 [ 182.667823][ T8375] ? __fget_files+0x39d/0x420 [ 182.667847][ T8375] ? __fget_files+0x2a/0x420 [ 182.667877][ T8375] ksys_read+0x19d/0x2d0 [ 182.667911][ T8375] ? __pfx_ksys_read+0x10/0x10 [ 182.667942][ T8375] ? do_syscall_64+0xb6/0x230 [ 182.667972][ T8375] do_syscall_64+0xf3/0x230 [ 182.667999][ T8375] ? clear_bhb_loop+0x45/0xa0 [ 182.668024][ T8375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.668044][ T8375] RIP: 0033:0x7fa46e78bb7c [ 182.668062][ T8375] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 182.668079][ T8375] RSP: 002b:00007fa46f64a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 182.668100][ T8375] RAX: ffffffffffffffda RBX: 00007fa46e9a5fa0 RCX: 00007fa46e78bb7c [ 182.668115][ T8375] RDX: 000000000000000f RSI: 00007fa46f64a0a0 RDI: 0000000000000005 [ 182.668127][ T8375] RBP: 00007fa46f64a090 R08: 0000000000000000 R09: 0000000000000000 [ 182.668139][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 182.668151][ T8375] R13: 0000000000000000 R14: 00007fa46e9a5fa0 R15: 00007ffce6996638 [ 182.668183][ T8375] [ 182.706865][ T8378] netlink: 24 bytes leftover after parsing attributes in process `syz.2.606'. [ 183.307696][ T8396] netlink: 'syz.3.612': attribute type 5 has an invalid length. [ 183.370753][ T8398] bridge10: entered promiscuous mode [ 183.405636][ T8398] bridge10: entered allmulticast mode [ 183.669187][ T8409] FAULT_INJECTION: forcing a failure. [ 183.669187][ T8409] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.689790][ T8409] CPU: 1 UID: 0 PID: 8409 Comm: syz.3.614 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 183.689821][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 183.689834][ T8409] Call Trace: [ 183.689842][ T8409] [ 183.689850][ T8409] dump_stack_lvl+0x241/0x360 [ 183.689890][ T8409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.689920][ T8409] ? __pfx__printk+0x10/0x10 [ 183.689965][ T8409] should_fail_ex+0x424/0x570 [ 183.689993][ T8409] _copy_from_user+0x2d/0xb0 [ 183.690024][ T8409] copy_msghdr_from_user+0xb3/0x580 [ 183.690060][ T8409] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 183.690106][ T8409] do_recvmmsg+0x3bf/0xab0 [ 183.690143][ T8409] ? __pfx_do_recvmmsg+0x10/0x10 [ 183.690184][ T8409] ? rcu_read_lock_any_held+0xbb/0x160 [ 183.690213][ T8409] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 183.690245][ T8409] ? vfs_write+0xb29/0xd10 [ 183.690280][ T8409] ? ksys_write+0x24e/0x2d0 [ 183.690308][ T8409] ? __mutex_unlock_slowpath+0x229/0x800 [ 183.690346][ T8409] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 183.690372][ T8409] ? __fget_files+0x2a/0x420 [ 183.690409][ T8409] __x64_sys_recvmmsg+0x1ab/0x260 [ 183.690437][ T8409] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 183.690468][ T8409] ? do_syscall_64+0xb6/0x230 [ 183.690498][ T8409] do_syscall_64+0xf3/0x230 [ 183.690525][ T8409] ? clear_bhb_loop+0x45/0xa0 [ 183.690550][ T8409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.690570][ T8409] RIP: 0033:0x7fa46e78d169 [ 183.690588][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.690604][ T8409] RSP: 002b:00007fa46f64a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 183.690627][ T8409] RAX: ffffffffffffffda RBX: 00007fa46e9a5fa0 RCX: 00007fa46e78d169 [ 183.690641][ T8409] RDX: 0000000000001800 RSI: 0000200000001dc0 RDI: 0000000000000008 [ 183.690660][ T8409] RBP: 00007fa46f64a090 R08: 0000000000000000 R09: 0000000000000000 [ 183.690679][ T8409] R10: 0000000000002002 R11: 0000000000000246 R12: 0000000000000002 [ 183.690692][ T8409] R13: 0000000000000000 R14: 00007fa46e9a5fa0 R15: 00007ffce6996638 [ 183.690725][ T8409] [ 184.039113][ T8423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.617'. [ 184.059301][ T55] Bluetooth: hci0: command tx timeout [ 184.173529][ T8427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.617'. [ 184.363995][ T8363] chnl_net:caif_netlink_parms(): no params data found [ 184.917050][ T8441] sctp: [Deprecated]: syz.3.621 (pid 8441) Use of int in maxseg socket option. [ 184.917050][ T8441] Use struct sctp_assoc_value instead [ 184.983317][ T8363] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.998122][ T8363] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.015063][ T8363] bridge_slave_0: entered allmulticast mode [ 185.024243][ T8363] bridge_slave_0: entered promiscuous mode [ 185.089281][ T8363] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.106860][ T8363] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.132851][ T8363] bridge_slave_1: entered allmulticast mode [ 185.152850][ T8363] bridge_slave_1: entered promiscuous mode [ 185.190959][ T8450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.284102][ T8363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.346827][ T8363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.462704][ T8457] netlink: 12 bytes leftover after parsing attributes in process `syz.2.625'. [ 185.486638][ T8457] netlink: 15 bytes leftover after parsing attributes in process `syz.2.625'. [ 185.506869][ T8457] netlink: 15 bytes leftover after parsing attributes in process `syz.2.625'. [ 185.523939][ T8363] team0: Port device team_slave_0 added [ 185.554955][ T8457] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 185.593889][ T8363] team0: Port device team_slave_1 added [ 185.635975][ T8462] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 185.717432][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.747935][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.815201][ T8363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.846464][ T8462] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 185.953951][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.968534][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.000236][ T8363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.138025][ T55] Bluetooth: hci0: command tx timeout [ 186.229881][ T8476] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 186.385451][ T8363] hsr_slave_0: entered promiscuous mode [ 186.404994][ T8363] hsr_slave_1: entered promiscuous mode [ 186.419345][ T8363] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.447317][ T8363] Cannot create hsr debugfs directory [ 186.522163][ T8489] netlink: 76 bytes leftover after parsing attributes in process `syz.4.630'. [ 186.913155][ T8500] netlink: 32 bytes leftover after parsing attributes in process `syz.4.633'. [ 186.954705][ T8502] netlink: 'syz.2.635': attribute type 11 has an invalid length. [ 186.965290][ T8502] netlink: 224 bytes leftover after parsing attributes in process `syz.2.635'. [ 187.271219][ T8363] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.389782][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.4.638'. [ 187.432278][ T8363] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.651040][ T8363] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.850652][ T8363] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.959130][ T8535] netlink: 96 bytes leftover after parsing attributes in process `syz.4.644'. [ 188.218215][ T8544] netlink: 132 bytes leftover after parsing attributes in process `syz.3.646'. [ 188.223602][ T55] Bluetooth: hci0: command tx timeout [ 188.383275][ T8363] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 188.415939][ T8363] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 188.423870][ T8553] netlink: 'syz.4.649': attribute type 11 has an invalid length. [ 188.463009][ T8363] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 188.472705][ T8553] netlink: 224 bytes leftover after parsing attributes in process `syz.4.649'. [ 188.500998][ T8363] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 188.981416][ T8575] FAULT_INJECTION: forcing a failure. [ 188.981416][ T8575] name failslab, interval 1, probability 0, space 0, times 0 [ 189.026785][ T8575] CPU: 1 UID: 0 PID: 8575 Comm: syz.2.654 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 189.026816][ T8575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 189.026828][ T8575] Call Trace: [ 189.026836][ T8575] [ 189.026845][ T8575] dump_stack_lvl+0x241/0x360 [ 189.026884][ T8575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.026914][ T8575] ? __pfx__printk+0x10/0x10 [ 189.026942][ T8575] ? sctp_v4_get_dst+0x6ef/0x1660 [ 189.026974][ T8575] ? __pfx___might_resched+0x10/0x10 [ 189.027005][ T8575] should_fail_ex+0x424/0x570 [ 189.027034][ T8575] should_failslab+0xac/0x100 [ 189.027065][ T8575] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 189.027095][ T8575] ? __alloc_skb+0x1c2/0x480 [ 189.027119][ T8575] __alloc_skb+0x1c2/0x480 [ 189.027139][ T8575] ? __lock_acquire+0xad5/0xd80 [ 189.027163][ T8575] ? __pfx___alloc_skb+0x10/0x10 [ 189.027184][ T8575] ? sctp_transport_pmtu+0x40d/0x610 [ 189.027216][ T8575] sctp_packet_transmit+0x30c/0x2cd0 [ 189.027247][ T8575] ? __lock_acquire+0xad5/0xd80 [ 189.027291][ T8575] ? sctp_outq_flush+0x1124/0x3e20 [ 189.027314][ T8575] ? sctp_outq_flush+0x1124/0x3e20 [ 189.027339][ T8575] sctp_outq_flush+0x142c/0x3e20 [ 189.027361][ T8575] ? sctp_outq_flush+0x1124/0x3e20 [ 189.027403][ T8575] ? do_ulpq_tail_event+0x163/0x1d0 [ 189.027429][ T8575] ? __pfx___alloc_skb+0x10/0x10 [ 189.027449][ T8575] ? __pfx_do_ulpq_tail_event+0x10/0x10 [ 189.027475][ T8575] ? __pfx_sctp_outq_flush+0x10/0x10 [ 189.027513][ T8575] ? sctp_outq_uncork+0x4f/0xb0 [ 189.027541][ T8575] sctp_do_sm+0x1b25/0x60e0 [ 189.027590][ T8575] ? __pfx_sctp_do_sm+0x10/0x10 [ 189.027657][ T8575] ? sctp_make_abort_user+0x4e8/0x6a0 [ 189.027694][ T8575] ? __pfx_sctp_make_abort_user+0x10/0x10 [ 189.027730][ T8575] sctp_primitive_ABORT+0x98/0xc0 [ 189.027761][ T8575] sctp_sendmsg_check_sflags+0x1db/0x2c0 [ 189.027787][ T8575] sctp_sendmsg+0x2185/0x3620 [ 189.027834][ T8575] ? __pfx_sctp_sendmsg+0x10/0x10 [ 189.027858][ T8575] ? aa_sk_perm+0x96f/0xac0 [ 189.027905][ T8575] ? inet_sendmsg+0x330/0x390 [ 189.027935][ T8575] __sock_sendmsg+0x1a6/0x270 [ 189.027967][ T8575] ____sys_sendmsg+0x523/0x860 [ 189.027999][ T8575] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.028017][ T8575] ? __fget_files+0x2a/0x420 [ 189.028040][ T8575] ? __fget_files+0x2a/0x420 [ 189.028069][ T8575] __sys_sendmsg+0x271/0x360 [ 189.028097][ T8575] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.028179][ T8575] ? do_syscall_64+0xb6/0x230 [ 189.028209][ T8575] do_syscall_64+0xf3/0x230 [ 189.028235][ T8575] ? clear_bhb_loop+0x45/0xa0 [ 189.028267][ T8575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.028287][ T8575] RIP: 0033:0x7fc40998d169 [ 189.028304][ T8575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.028320][ T8575] RSP: 002b:00007fc40a750038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.028342][ T8575] RAX: ffffffffffffffda RBX: 00007fc409ba6080 RCX: 00007fc40998d169 [ 189.028357][ T8575] RDX: 0000000000000006 RSI: 0000200000000400 RDI: 0000000000000003 [ 189.028370][ T8575] RBP: 00007fc40a750090 R08: 0000000000000000 R09: 0000000000000000 [ 189.028382][ T8575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.028394][ T8575] R13: 0000000000000000 R14: 00007fc409ba6080 R15: 00007ffe4a0017b8 [ 189.028428][ T8575] [ 189.359999][ T8574] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 189.407473][ T8363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.513353][ T8363] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.610164][ T7595] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.617370][ T7595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.651573][ T7603] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.658802][ T7603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.893434][ T8597] FAULT_INJECTION: forcing a failure. [ 189.893434][ T8597] name failslab, interval 1, probability 0, space 0, times 0 [ 189.951547][ T8593] FAULT_INJECTION: forcing a failure. [ 189.951547][ T8593] name failslab, interval 1, probability 0, space 0, times 0 [ 189.993689][ T8597] CPU: 0 UID: 0 PID: 8597 Comm: syz.4.661 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 189.993723][ T8597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 189.993735][ T8597] Call Trace: [ 189.993743][ T8597] [ 189.993751][ T8597] dump_stack_lvl+0x241/0x360 [ 189.993790][ T8597] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.993821][ T8597] ? __pfx__printk+0x10/0x10 [ 189.993856][ T8597] ? __pfx___might_resched+0x10/0x10 [ 189.993888][ T8597] should_fail_ex+0x424/0x570 [ 189.993918][ T8597] should_failslab+0xac/0x100 [ 189.993950][ T8597] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 189.993980][ T8597] ? __alloc_skb+0x1c2/0x480 [ 189.993999][ T8597] ? stack_trace_save+0x11a/0x1d0 [ 189.994033][ T8597] __alloc_skb+0x1c2/0x480 [ 189.994059][ T8597] ? __pfx___alloc_skb+0x10/0x10 [ 189.994090][ T8597] tipc_nl_compat_doit+0x172/0x610 [ 189.994114][ T8597] ? __pfx_aa_get_newest_label+0x10/0x10 [ 189.994142][ T8597] ? __lock_acquire+0xad5/0xd80 [ 189.994213][ T8597] ? __pfx_aa_get_newest_label+0x10/0x10 [ 189.994243][ T8597] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 189.994281][ T8597] ? bpf_lsm_capable+0x9/0x10 [ 189.994305][ T8597] ? security_capable+0x7e/0x2d0 [ 189.994342][ T8597] tipc_nl_compat_recv+0xec7/0x1590 [ 189.994372][ T8597] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 189.994392][ T8597] ? genl_get_cmd+0x612/0xce0 [ 189.994416][ T8597] ? __pfx___mutex_lock+0x10/0x10 [ 189.994442][ T8597] ? __pfx_tipc_nl_node_reset_link_stats+0x10/0x10 [ 189.994470][ T8597] ? __pfx_tipc_nl_compat_link_reset_stats+0x10/0x10 [ 189.994492][ T8597] ? __pfx_genl_get_cmd+0x10/0x10 [ 189.994520][ T8597] ? __local_bh_enable_ip+0x168/0x200 [ 189.994540][ T8597] ? lockdep_hardirqs_on+0x9d/0x150 [ 189.994575][ T8597] genl_rcv_msg+0xb38/0xf00 [ 189.994609][ T8597] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.994637][ T8597] ? __dev_queue_xmit+0x1780/0x3f60 [ 189.994659][ T8597] ? kasan_save_track+0x3f/0x80 [ 189.994681][ T8597] ? __kasan_slab_alloc+0x66/0x80 [ 189.994713][ T8597] ? do_syscall_64+0xf3/0x230 [ 189.994760][ T8597] ? __lock_acquire+0xad5/0xd80 [ 189.994784][ T8597] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 189.994823][ T8597] netlink_rcv_skb+0x208/0x480 [ 189.994855][ T8597] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.994881][ T8597] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 189.994937][ T8597] ? netlink_deliver_tap+0x2e/0x1b0 [ 189.994976][ T8597] genl_rcv+0x28/0x40 [ 189.994997][ T8597] netlink_unicast+0x7f8/0x9a0 [ 189.995035][ T8597] ? __pfx_netlink_unicast+0x10/0x10 [ 189.995065][ T8597] ? skb_put+0x114/0x1f0 [ 189.995095][ T8597] netlink_sendmsg+0x8c3/0xcd0 [ 189.995142][ T8597] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.995186][ T8597] ? aa_sock_msg_perm+0x91/0x160 [ 189.995222][ T8597] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.995251][ T8597] __sock_sendmsg+0x221/0x270 [ 189.995285][ T8597] ____sys_sendmsg+0x523/0x860 [ 189.995318][ T8597] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.995336][ T8597] ? __fget_files+0x2a/0x420 [ 189.995356][ T8597] ? __fget_files+0x2a/0x420 [ 189.995381][ T8597] __sys_sendmsg+0x271/0x360 [ 189.995405][ T8597] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.995477][ T8597] ? do_syscall_64+0xb6/0x230 [ 189.995503][ T8597] do_syscall_64+0xf3/0x230 [ 189.995526][ T8597] ? clear_bhb_loop+0x45/0xa0 [ 189.995548][ T8597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.995565][ T8597] RIP: 0033:0x7f45c358d169 [ 189.995581][ T8597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.995596][ T8597] RSP: 002b:00007f45c13f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.995615][ T8597] RAX: ffffffffffffffda RBX: 00007f45c37a5fa0 RCX: 00007f45c358d169 [ 189.995628][ T8597] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 189.995638][ T8597] RBP: 00007f45c13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 189.995649][ T8597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.995659][ T8597] R13: 0000000000000000 R14: 00007f45c37a5fa0 R15: 00007ffd07598218 [ 189.995687][ T8597] [ 189.995697][ T8593] CPU: 1 UID: 0 PID: 8593 Comm: syz.2.659 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 189.995722][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 189.995734][ T8593] Call Trace: [ 189.995742][ T8593] [ 189.995749][ T8593] dump_stack_lvl+0x241/0x360 [ 189.995784][ T8593] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.995815][ T8593] ? __pfx__printk+0x10/0x10 [ 189.995848][ T8593] ? __pfx___might_resched+0x10/0x10 [ 189.995878][ T8593] should_fail_ex+0x424/0x570 [ 189.995903][ T8593] should_failslab+0xac/0x100 [ 189.995933][ T8593] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 189.995964][ T8593] ? __alloc_skb+0x1c2/0x480 [ 189.995987][ T8593] __alloc_skb+0x1c2/0x480 [ 189.996012][ T8593] ? __pfx___alloc_skb+0x10/0x10 [ 189.996034][ T8593] ? __pfx_call_rcu+0x10/0x10 [ 189.996063][ T8593] nf_tables_table_notify+0xa4/0x450 [ 189.996098][ T8593] nf_tables_commit+0x232b/0x9160 [ 189.996172][ T8593] ? __pfx_nf_tables_commit+0x10/0x10 [ 189.996206][ T8593] ? nft_trans_commit_list_add_tail+0x190/0x550 [ 189.996235][ T8593] ? nft_flush_table+0xd4f/0xee0 [ 189.996267][ T8593] ? nf_tables_deltable+0x829/0x1170 [ 189.996310][ T8593] ? __pfx_nf_tables_deltable+0x10/0x10 [ 189.996357][ T8593] ? __nla_parse+0x40/0x60 [ 189.996387][ T8593] nfnetlink_rcv+0x1ccf/0x28f0 [ 189.996456][ T8593] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 189.996539][ T8593] ? skb_clone+0x240/0x390 [ 189.996575][ T8593] ? netlink_deliver_tap+0x2e/0x1b0 [ 189.996609][ T8593] ? netlink_deliver_tap+0x2e/0x1b0 [ 189.996642][ T8593] netlink_unicast+0x7f8/0x9a0 [ 189.996680][ T8593] ? __pfx_netlink_unicast+0x10/0x10 [ 189.996710][ T8593] ? skb_put+0x114/0x1f0 [ 189.996735][ T8593] netlink_sendmsg+0x8c3/0xcd0 [ 189.996780][ T8593] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.996816][ T8593] ? aa_sock_msg_perm+0x91/0x160 [ 189.996852][ T8593] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.996880][ T8593] __sock_sendmsg+0x221/0x270 [ 189.996912][ T8593] ____sys_sendmsg+0x523/0x860 [ 189.996944][ T8593] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.996964][ T8593] ? __fget_files+0x2a/0x420 [ 189.996987][ T8593] ? __fget_files+0x2a/0x420 [ 189.997017][ T8593] __sys_sendmsg+0x271/0x360 [ 189.997046][ T8593] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.997129][ T8593] ? do_syscall_64+0xb6/0x230 [ 189.997159][ T8593] do_syscall_64+0xf3/0x230 [ 189.997187][ T8593] ? clear_bhb_loop+0x45/0xa0 [ 189.997212][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.997232][ T8593] RIP: 0033:0x7fc40998d169 [ 189.997250][ T8593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.997266][ T8593] RSP: 002b:00007fc40a771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.997288][ T8593] RAX: ffffffffffffffda RBX: 00007fc409ba5fa0 RCX: 00007fc40998d169 [ 189.997303][ T8593] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000008 [ 189.997316][ T8593] RBP: 00007fc40a771090 R08: 0000000000000000 R09: 0000000000000000 [ 189.997329][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 189.997341][ T8593] R13: 0000000000000000 R14: 00007fc409ba5fa0 R15: 00007ffe4a0017b8 [ 189.997374][ T8593] [ 190.751895][ T55] Bluetooth: hci0: command tx timeout [ 190.919403][ T8610] netlink: 'syz.1.663': attribute type 11 has an invalid length. [ 190.937539][ T8363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.003557][ T8363] veth0_vlan: entered promiscuous mode [ 191.016952][ T8363] veth1_vlan: entered promiscuous mode [ 191.045166][ T8610] __nla_validate_parse: 2 callbacks suppressed [ 191.045184][ T8610] netlink: 224 bytes leftover after parsing attributes in process `syz.1.663'. [ 191.079602][ T8363] veth0_macvtap: entered promiscuous mode [ 191.155872][ T8363] veth1_macvtap: entered promiscuous mode [ 191.335787][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.348801][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.358723][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.369583][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.379526][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.390105][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.400486][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.414195][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.424807][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.435471][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.445783][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.456365][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.468289][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.560402][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.571566][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.592274][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.606684][ T8635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.667'. [ 191.634840][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.695364][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.759068][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.787910][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.814095][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.837701][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.867982][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.888105][ T8363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.908847][ T8363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.950039][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.984840][ T8363] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.037940][ T8363] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.053573][ T8363] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.063548][ T8363] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.082530][ T8649] netlink: 16 bytes leftover after parsing attributes in process `syz.1.672'. [ 192.507185][ T7595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.537867][ T7595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.678872][ T8676] FAULT_INJECTION: forcing a failure. [ 192.678872][ T8676] name failslab, interval 1, probability 0, space 0, times 0 [ 192.727379][ T8676] CPU: 0 UID: 0 PID: 8676 Comm: syz.2.681 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 192.727417][ T8676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 192.727430][ T8676] Call Trace: [ 192.727438][ T8676] [ 192.727447][ T8676] dump_stack_lvl+0x241/0x360 [ 192.727485][ T8676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.727515][ T8676] ? __pfx__printk+0x10/0x10 [ 192.727549][ T8676] ? __pfx___might_resched+0x10/0x10 [ 192.727580][ T8676] should_fail_ex+0x424/0x570 [ 192.727608][ T8676] should_failslab+0xac/0x100 [ 192.727639][ T8676] __kmalloc_node_noprof+0xe7/0x4d0 [ 192.727667][ T8676] ? alloc_slab_obj_exts+0x3a/0xa0 [ 192.727699][ T8676] alloc_slab_obj_exts+0x3a/0xa0 [ 192.727726][ T8676] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 192.727758][ T8676] ? kasan_unpoison+0x48/0x70 [ 192.727782][ T8676] __kvmalloc_node_noprof+0x413/0x5a0 [ 192.727811][ T8676] ? alloc_netdev_mqs+0x92c/0x1210 [ 192.727842][ T8676] alloc_netdev_mqs+0x92c/0x1210 [ 192.727876][ T8676] rtnl_create_link+0x2f7/0xea0 [ 192.727911][ T8676] rtnl_newlink_create+0x2f2/0xcb0 [ 192.727931][ T8676] ? __mutex_lock+0x380/0x10c0 [ 192.727970][ T8676] ? __pfx_aa_get_newest_label+0x10/0x10 [ 192.728003][ T8676] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 192.728026][ T8676] ? __pfx___mutex_lock+0x10/0x10 [ 192.728063][ T8676] ? ns_capable+0x8a/0xf0 [ 192.728088][ T8676] rtnl_newlink+0x18b0/0x1fe0 [ 192.728138][ T8676] ? __pfx_rtnl_newlink+0x10/0x10 [ 192.728164][ T8676] ? dev_hard_start_xmit+0x2d9/0x830 [ 192.728185][ T8676] ? __dev_queue_xmit+0x1b80/0x3f60 [ 192.728206][ T8676] ? __netlink_deliver_tap+0x561/0x7f0 [ 192.728234][ T8676] ? netlink_deliver_tap+0x19d/0x1b0 [ 192.728262][ T8676] ? netlink_unicast+0x7c6/0x9a0 [ 192.728303][ T8676] ? netlink_sendmsg+0x8c3/0xcd0 [ 192.728331][ T8676] ? __sock_sendmsg+0x221/0x270 [ 192.728356][ T8676] ? ____sys_sendmsg+0x523/0x860 [ 192.728375][ T8676] ? __sys_sendmsg+0x271/0x360 [ 192.728394][ T8676] ? do_syscall_64+0xf3/0x230 [ 192.728431][ T8676] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.728492][ T8676] ? kasan_quarantine_put+0xdc/0x230 [ 192.728512][ T8676] ? lockdep_hardirqs_on+0x9d/0x150 [ 192.728540][ T8676] ? nlmon_xmit+0xaf/0x100 [ 192.728578][ T8676] ? __local_bh_enable_ip+0x168/0x200 [ 192.728598][ T8676] ? lockdep_hardirqs_on+0x9d/0x150 [ 192.728632][ T8676] ? aa_get_newest_label+0x101/0x6f0 [ 192.728667][ T8676] ? __lock_acquire+0xad5/0xd80 [ 192.728713][ T8676] ? __pfx_rtnl_newlink+0x10/0x10 [ 192.728744][ T8676] rtnetlink_rcv_msg+0x80f/0xd70 [ 192.728771][ T8676] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 192.728805][ T8676] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 192.728843][ T8676] ? ref_tracker_free+0x63e/0x7e0 [ 192.728875][ T8676] netlink_rcv_skb+0x208/0x480 [ 192.728906][ T8676] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 192.728938][ T8676] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 192.728994][ T8676] ? netlink_deliver_tap+0x2e/0x1b0 [ 192.729027][ T8676] ? netlink_deliver_tap+0x2e/0x1b0 [ 192.729060][ T8676] netlink_unicast+0x7f8/0x9a0 [ 192.729098][ T8676] ? __pfx_netlink_unicast+0x10/0x10 [ 192.729127][ T8676] ? skb_put+0x114/0x1f0 [ 192.729152][ T8676] netlink_sendmsg+0x8c3/0xcd0 [ 192.729216][ T8676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.729253][ T8676] ? aa_sock_msg_perm+0x91/0x160 [ 192.729289][ T8676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.729319][ T8676] __sock_sendmsg+0x221/0x270 [ 192.729351][ T8676] ____sys_sendmsg+0x523/0x860 [ 192.729385][ T8676] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.729404][ T8676] ? __fget_files+0x2a/0x420 [ 192.729428][ T8676] ? __fget_files+0x2a/0x420 [ 192.729458][ T8676] __sys_sendmsg+0x271/0x360 [ 192.729488][ T8676] ? __pfx___sys_sendmsg+0x10/0x10 [ 192.729576][ T8676] ? do_syscall_64+0xb6/0x230 [ 192.729607][ T8676] do_syscall_64+0xf3/0x230 [ 192.729635][ T8676] ? clear_bhb_loop+0x45/0xa0 [ 192.729671][ T8676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.729691][ T8676] RIP: 0033:0x7fc40998d169 [ 192.729710][ T8676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.729727][ T8676] RSP: 002b:00007fc40a771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.729748][ T8676] RAX: ffffffffffffffda RBX: 00007fc409ba5fa0 RCX: 00007fc40998d169 [ 192.729763][ T8676] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 192.729776][ T8676] RBP: 00007fc40a771090 R08: 0000000000000000 R09: 0000000000000000 [ 192.729788][ T8676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 192.729800][ T8676] R13: 0000000000000000 R14: 00007fc409ba5fa0 R15: 00007ffe4a0017b8 [ 192.729833][ T8676] [ 193.220119][ T8676] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 193.230007][ T8676] team0: Port device macvlan3 added [ 193.230034][ T8681] netlink: 168 bytes leftover after parsing attributes in process `syz.4.683'. [ 193.438365][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.477838][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.901450][ T8712] netlink: 24 bytes leftover after parsing attributes in process `syz.1.689'. [ 193.932564][ T8715] netlink: 36 bytes leftover after parsing attributes in process `syz.2.690'. [ 194.005348][ T8715] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:000e with DS=0x9 [ 194.135966][ T8715] netlink: 'syz.2.690': attribute type 39 has an invalid length. [ 194.341749][ T8726] tipc: Can't bind to reserved service type 1 [ 195.807225][ T8772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.700'. [ 195.949008][ T8779] FAULT_INJECTION: forcing a failure. [ 195.949008][ T8779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.107858][ T8779] CPU: 1 UID: 0 PID: 8779 Comm: syz.3.702 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 196.107894][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 196.107907][ T8779] Call Trace: [ 196.107916][ T8779] [ 196.107924][ T8779] dump_stack_lvl+0x241/0x360 [ 196.107962][ T8779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.107994][ T8779] ? __pfx__printk+0x10/0x10 [ 196.108038][ T8779] should_fail_ex+0x424/0x570 [ 196.108067][ T8779] _copy_from_user+0x2d/0xb0 [ 196.108099][ T8779] kstrtouint_from_user+0xce/0x1a0 [ 196.108127][ T8779] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 196.108156][ T8779] ? __lock_acquire+0xad5/0xd80 [ 196.108188][ T8779] proc_fail_nth_write+0xac/0x2d0 [ 196.108210][ T8779] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 196.108240][ T8779] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.108268][ T8779] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 196.108291][ T8779] vfs_write+0x2bc/0xd10 [ 196.108322][ T8779] ? fdget_pos+0x247/0x310 [ 196.108346][ T8779] ? __pfx_vfs_write+0x10/0x10 [ 196.108373][ T8779] ? __fget_files+0x2a/0x420 [ 196.108394][ T8779] ? __fget_files+0x39d/0x420 [ 196.108410][ T8779] ? __fget_files+0x2a/0x420 [ 196.108440][ T8779] ksys_write+0x19d/0x2d0 [ 196.108467][ T8779] ? __pfx_ksys_write+0x10/0x10 [ 196.108496][ T8779] ? do_syscall_64+0xb6/0x230 [ 196.108527][ T8779] do_syscall_64+0xf3/0x230 [ 196.108554][ T8779] ? clear_bhb_loop+0x45/0xa0 [ 196.108594][ T8779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.108615][ T8779] RIP: 0033:0x7fa46e78bc1f [ 196.108634][ T8779] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 196.108651][ T8779] RSP: 002b:00007fa46f629030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 196.108673][ T8779] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa46e78bc1f [ 196.108687][ T8779] RDX: 0000000000000001 RSI: 00007fa46f6290a0 RDI: 0000000000000004 [ 196.108700][ T8779] RBP: 00007fa46f629090 R08: 0000000000000000 R09: 0000000000000000 [ 196.108712][ T8779] R10: 0000000000040000 R11: 0000000000000293 R12: 0000000000000001 [ 196.108724][ T8779] R13: 0000000000000001 R14: 00007fa46e9a6080 R15: 00007ffce6996638 [ 196.108764][ T8779] [ 196.372503][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.4.704'. [ 196.534536][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 196.544832][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 196.554436][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 196.563212][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 196.586769][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 197.225849][ T8823] FAULT_INJECTION: forcing a failure. [ 197.225849][ T8823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.242601][ T8823] CPU: 0 UID: 0 PID: 8823 Comm: syz.2.715 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 197.242644][ T8823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 197.242657][ T8823] Call Trace: [ 197.242666][ T8823] [ 197.242675][ T8823] dump_stack_lvl+0x241/0x360 [ 197.242716][ T8823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.242747][ T8823] ? __pfx__printk+0x10/0x10 [ 197.242791][ T8823] should_fail_ex+0x424/0x570 [ 197.242819][ T8823] _copy_from_iter+0x211/0x1c70 [ 197.242854][ T8823] ? __build_skb_around+0x247/0x3d0 [ 197.242892][ T8823] ? __alloc_skb+0x298/0x480 [ 197.242910][ T8823] ? __pfx__copy_from_iter+0x10/0x10 [ 197.242941][ T8823] ? __pfx___alloc_skb+0x10/0x10 [ 197.242963][ T8823] ? skb_put+0x114/0x1f0 [ 197.242988][ T8823] netlink_sendmsg+0x73c/0xcd0 [ 197.243034][ T8823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.243069][ T8823] ? aa_sock_msg_perm+0x91/0x160 [ 197.243104][ T8823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.243134][ T8823] __sock_sendmsg+0x221/0x270 [ 197.243165][ T8823] ____sys_sendmsg+0x523/0x860 [ 197.243198][ T8823] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.243215][ T8823] ? __fget_files+0x2a/0x420 [ 197.243236][ T8823] ? __fget_files+0x2a/0x420 [ 197.243264][ T8823] __sys_sendmsg+0x271/0x360 [ 197.243291][ T8823] ? __pfx___sys_sendmsg+0x10/0x10 [ 197.243371][ T8823] ? do_syscall_64+0xb6/0x230 [ 197.243402][ T8823] do_syscall_64+0xf3/0x230 [ 197.243429][ T8823] ? clear_bhb_loop+0x45/0xa0 [ 197.243455][ T8823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.243475][ T8823] RIP: 0033:0x7fc40998d169 [ 197.243494][ T8823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.243513][ T8823] RSP: 002b:00007fc40a771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.243535][ T8823] RAX: ffffffffffffffda RBX: 00007fc409ba5fa0 RCX: 00007fc40998d169 [ 197.243551][ T8823] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006 [ 197.243564][ T8823] RBP: 00007fc40a771090 R08: 0000000000000000 R09: 0000000000000000 [ 197.243578][ T8823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.243591][ T8823] R13: 0000000000000000 R14: 00007fc409ba5fa0 R15: 00007ffe4a0017b8 [ 197.243629][ T8823] [ 197.363357][ T8796] chnl_net:caif_netlink_parms(): no params data found [ 197.932265][ T8846] Bluetooth: MGMT ver 1.23 [ 198.000255][ T8796] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.007879][ T8796] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.015215][ T8796] bridge_slave_0: entered allmulticast mode [ 198.045570][ T8796] bridge_slave_0: entered promiscuous mode [ 198.090628][ T8796] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.119726][ T8796] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.146949][ T8796] bridge_slave_1: entered allmulticast mode [ 198.179387][ T8796] bridge_slave_1: entered promiscuous mode [ 198.238731][ T8855] macvtap1: entered allmulticast mode [ 198.246151][ T8855] veth0_macvtap: entered allmulticast mode [ 198.316989][ T8862] veth3: entered promiscuous mode [ 198.425919][ T8864] netlink: 40 bytes leftover after parsing attributes in process `syz.2.725'. [ 198.459611][ T8796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.515272][ T8796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.701415][ T5151] Bluetooth: hci0: command tx timeout [ 198.758273][ T8882] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input5 [ 198.803607][ T8881] netlink: 132 bytes leftover after parsing attributes in process `syz.2.726'. [ 198.901133][ T8796] team0: Port device team_slave_0 added [ 198.926682][ T8796] team0: Port device team_slave_1 added [ 198.994093][ T8895] openvswitch: netlink: VXLAN extension 173 out of range max 1 [ 199.196189][ T8796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.215468][ T8796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.334153][ T8796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.372966][ T8796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.386606][ T8796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.428013][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.434608][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.494341][ T8796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.769843][ T8796] hsr_slave_0: entered promiscuous mode [ 199.777251][ T8796] hsr_slave_1: entered promiscuous mode [ 199.799473][ T8796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.809737][ T8796] Cannot create hsr debugfs directory [ 200.085903][ T8935] netlink: 'syz.4.741': attribute type 11 has an invalid length. [ 200.094135][ T8935] netlink: 224 bytes leftover after parsing attributes in process `syz.4.741'. [ 200.542293][ T8950] CĂ: renamed from team_slave_0 [ 200.561837][ T8950] netlink: 'syz.4.745': attribute type 3 has an invalid length. [ 200.583033][ T8950] netlink: 152 bytes leftover after parsing attributes in process `syz.4.745'. [ 200.602188][ T8950] A link change request failed with some changes committed already. Interface CĂ may have been left with an inconsistent configuration, please check. [ 200.636585][ T8954] netlink: 48 bytes leftover after parsing attributes in process `syz.1.747'. [ 200.670895][ T8954] vti0: entered promiscuous mode [ 200.761599][ T8796] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.778578][ T5151] Bluetooth: hci0: command tx timeout [ 201.032377][ T8796] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.244704][ T5151] block nbd0: Receive control failed (result -107) [ 201.247737][ T8796] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.317575][ T8968] nbd0: detected capacity change from 0 to 32 [ 201.406200][ T5893] block nbd0: Dead connection, failed to find a fallback [ 201.406717][ T9002] vlan2: entered allmulticast mode [ 201.429799][ T9002] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 201.449464][ T5893] block nbd0: shutting down sockets [ 201.456060][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.466722][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.475842][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.485660][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.508492][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.523346][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.548506][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.577245][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.596299][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.626031][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.652614][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.658498][ T8796] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.688984][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.697506][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.729443][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.745921][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.785023][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.815077][ T5893] ldm_validate_partition_table(): Disk read failed. [ 201.851520][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.905954][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 201.946099][ T5893] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 201.997928][ T5893] Buffer I/O error on dev nbd0, logical block 0, async page read [ 202.018340][ T5893] Dev nbd0: unable to read RDB block 0 [ 202.024924][ T5893] nbd0: unable to read partition table [ 202.059541][ T9012] netlink: 'syz.4.759': attribute type 11 has an invalid length. [ 202.070729][ T5893] ldm_validate_partition_table(): Disk read failed. [ 202.088590][ T5893] Dev nbd0: unable to read RDB block 0 [ 202.094731][ T5893] nbd0: unable to read partition table [ 202.101022][ T9012] netlink: 224 bytes leftover after parsing attributes in process `syz.4.759'. [ 202.110688][ T9014] x_tables: duplicate underflow at hook 2 [ 202.347086][ T8796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 202.431668][ T8796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 202.497894][ T8796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 202.523129][ T8796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 202.859338][ T5151] Bluetooth: hci0: command tx timeout [ 202.894144][ T8796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.944370][ T8796] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.003373][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.010631][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.069215][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.076749][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.352639][ T8796] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.385112][ T9052] netlink: 'syz.1.770': attribute type 4 has an invalid length. [ 203.501972][ T9052] netlink: 'syz.1.770': attribute type 4 has an invalid length. [ 203.583860][ T9059] netlink: 'syz.4.773': attribute type 11 has an invalid length. [ 203.615288][ T9059] netlink: 224 bytes leftover after parsing attributes in process `syz.4.773'. [ 203.633775][ T9067] netlink: 'syz.3.772': attribute type 7 has an invalid length. [ 203.883159][ T9073] netlink: 'syz.2.774': attribute type 11 has an invalid length. [ 203.910052][ T9073] netlink: 224 bytes leftover after parsing attributes in process `syz.2.774'. [ 204.053757][ T9077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.776'. [ 204.117145][ T9081] netlink: 'syz.4.777': attribute type 11 has an invalid length. [ 204.125759][ T9081] netlink: 224 bytes leftover after parsing attributes in process `syz.4.777'. [ 204.200653][ T8796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.314408][ T9086] netlink: 16 bytes leftover after parsing attributes in process `syz.1.778'. [ 204.519537][ T8796] veth0_vlan: entered promiscuous mode [ 204.573944][ T8796] veth1_vlan: entered promiscuous mode [ 204.677449][ T8796] veth0_macvtap: entered promiscuous mode [ 204.702241][ T9098] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 204.723217][ T8796] veth1_macvtap: entered promiscuous mode [ 204.788934][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.838031][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.849961][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.872983][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.894149][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.918224][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.938061][ T5151] Bluetooth: hci0: command tx timeout [ 204.944765][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.960598][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.970986][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.982045][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.993702][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.005224][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.017384][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.030867][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.043968][ T8796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.125229][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.180239][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.191033][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.211874][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.254889][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.268692][ T9117] FAULT_INJECTION: forcing a failure. [ 205.268692][ T9117] name failslab, interval 1, probability 0, space 0, times 0 [ 205.275775][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.300430][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.316638][ T9117] CPU: 0 UID: 0 PID: 9117 Comm: syz.3.790 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 205.316681][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 205.316695][ T9117] Call Trace: [ 205.316704][ T9117] [ 205.316712][ T9117] dump_stack_lvl+0x241/0x360 [ 205.316752][ T9117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.316783][ T9117] ? __pfx__printk+0x10/0x10 [ 205.316817][ T9117] ? ref_tracker_alloc+0x316/0x4c0 [ 205.316845][ T9117] should_fail_ex+0x424/0x570 [ 205.316872][ T9117] should_failslab+0xac/0x100 [ 205.316904][ T9117] kmem_cache_alloc_noprof+0x78/0x390 [ 205.316933][ T9117] ? skb_clone+0x20c/0x390 [ 205.316962][ T9117] skb_clone+0x20c/0x390 [ 205.316990][ T9117] __netlink_deliver_tap+0x3c4/0x7f0 [ 205.317034][ T9117] ? netlink_deliver_tap+0x2e/0x1b0 [ 205.317063][ T9117] netlink_deliver_tap+0x19d/0x1b0 [ 205.317095][ T9117] netlink_sendskb+0x68/0x140 [ 205.317124][ T9117] netlink_unicast+0x39f/0x9a0 [ 205.317149][ T9117] ? __asan_memcpy+0x40/0x70 [ 205.317180][ T9117] ? __pfx_netlink_unicast+0x10/0x10 [ 205.317219][ T9117] netlink_rcv_skb+0x296/0x480 [ 205.317250][ T9117] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.317275][ T9117] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.317329][ T9117] ? netlink_deliver_tap+0x2e/0x1b0 [ 205.317367][ T9117] genl_rcv+0x28/0x40 [ 205.317387][ T9117] netlink_unicast+0x7f8/0x9a0 [ 205.317431][ T9117] ? __pfx_netlink_unicast+0x10/0x10 [ 205.317460][ T9117] ? skb_put+0x114/0x1f0 [ 205.317482][ T9117] netlink_sendmsg+0x8c3/0xcd0 [ 205.317524][ T9117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.317559][ T9117] ? aa_sock_msg_perm+0x91/0x160 [ 205.317596][ T9117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.317625][ T9117] __sock_sendmsg+0x221/0x270 [ 205.317656][ T9117] ____sys_sendmsg+0x523/0x860 [ 205.317689][ T9117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.317709][ T9117] ? __fget_files+0x2a/0x420 [ 205.317732][ T9117] ? __fget_files+0x2a/0x420 [ 205.317765][ T9117] __sys_sendmsg+0x271/0x360 [ 205.317793][ T9117] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.317875][ T9117] ? do_syscall_64+0xb6/0x230 [ 205.317906][ T9117] do_syscall_64+0xf3/0x230 [ 205.317932][ T9117] ? clear_bhb_loop+0x45/0xa0 [ 205.317956][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.317976][ T9117] RIP: 0033:0x7fa46e78d169 [ 205.317995][ T9117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.318011][ T9117] RSP: 002b:00007fa46f64a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.318051][ T9117] RAX: ffffffffffffffda RBX: 00007fa46e9a5fa0 RCX: 00007fa46e78d169 [ 205.318067][ T9117] RDX: 0000000000000c00 RSI: 0000200000000100 RDI: 0000000000000003 [ 205.318080][ T9117] RBP: 00007fa46f64a090 R08: 0000000000000000 R09: 0000000000000000 [ 205.318093][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.318105][ T9117] R13: 0000000000000000 R14: 00007fa46e9a5fa0 R15: 00007ffce6996638 [ 205.318139][ T9117] [ 205.615943][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.627022][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.637572][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.649007][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.661570][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.671474][ T8796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.681991][ T8796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.694371][ T8796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.706376][ T8796] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.715151][ T8796] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.723934][ T8796] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.732724][ T8796] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.018768][ T9127] netlink: 'syz.3.792': attribute type 11 has an invalid length. [ 206.026718][ T9127] netlink: 224 bytes leftover after parsing attributes in process `syz.3.792'. [ 208.006085][ T9137] netlink: 'syz.3.796': attribute type 10 has an invalid length. [ 208.014610][ T9137] netlink: 40 bytes leftover after parsing attributes in process `syz.3.796'. [ 208.095491][ T9141] netlink: 'syz.1.798': attribute type 11 has an invalid length. [ 208.105141][ T9141] netlink: 224 bytes leftover after parsing attributes in process `syz.1.798'. [ 208.122644][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.132908][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.389490][ T7605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.427855][ T7605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.510874][ T9149] netlink: 'syz.1.800': attribute type 11 has an invalid length. [ 208.538465][ T9149] netlink: 224 bytes leftover after parsing attributes in process `syz.1.800'. [ 209.336017][ T9169] Bluetooth: MGMT ver 1.23 [ 209.361321][ T9171] netlink: 'syz.4.808': attribute type 11 has an invalid length. [ 209.369887][ T9171] netlink: 224 bytes leftover after parsing attributes in process `syz.4.808'. [ 210.752399][ T9182] netlink: 'syz.2.810': attribute type 11 has an invalid length. [ 210.790054][ T9182] netlink: 224 bytes leftover after parsing attributes in process `syz.2.810'. [ 211.237700][ T9191] tipc: Started in network mode [ 211.257068][ T9194] FAULT_INJECTION: forcing a failure. [ 211.257068][ T9194] name failslab, interval 1, probability 0, space 0, times 0 [ 211.269374][ T9191] tipc: Node identity ac14140f, cluster identity 4711 [ 211.270711][ T9194] CPU: 1 UID: 0 PID: 9194 Comm: syz.2.815 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 211.270742][ T9194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 211.270757][ T9194] Call Trace: [ 211.270765][ T9194] [ 211.270776][ T9194] dump_stack_lvl+0x241/0x360 [ 211.270819][ T9194] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.270851][ T9194] ? __pfx__printk+0x10/0x10 [ 211.270895][ T9194] ? __pfx___might_resched+0x10/0x10 [ 211.270929][ T9194] should_fail_ex+0x424/0x570 [ 211.270960][ T9194] should_failslab+0xac/0x100 [ 211.270993][ T9194] __kmalloc_cache_noprof+0x73/0x370 [ 211.271025][ T9194] ? nft_trans_flowtable_add+0x5b/0x460 [ 211.271058][ T9194] nft_trans_flowtable_add+0x5b/0x460 [ 211.271092][ T9194] nf_tables_newflowtable+0x1a40/0x2470 [ 211.271135][ T9194] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 211.271186][ T9194] ? __nla_parse+0x40/0x60 [ 211.271221][ T9194] nfnetlink_rcv+0x12eb/0x28f0 [ 211.271291][ T9194] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 211.271379][ T9194] ? skb_clone+0x240/0x390 [ 211.271419][ T9194] ? netlink_deliver_tap+0x2e/0x1b0 [ 211.271455][ T9194] ? netlink_deliver_tap+0x2e/0x1b0 [ 211.271491][ T9194] netlink_unicast+0x7f8/0x9a0 [ 211.271533][ T9194] ? __pfx_netlink_unicast+0x10/0x10 [ 211.271565][ T9194] ? skb_put+0x114/0x1f0 [ 211.271592][ T9194] netlink_sendmsg+0x8c3/0xcd0 [ 211.271641][ T9194] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.271681][ T9194] ? aa_sock_msg_perm+0x91/0x160 [ 211.271720][ T9194] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.271750][ T9194] __sock_sendmsg+0x221/0x270 [ 211.271785][ T9194] ____sys_sendmsg+0x523/0x860 [ 211.271819][ T9194] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.271841][ T9194] ? __fget_files+0x2a/0x420 [ 211.271866][ T9194] ? __fget_files+0x2a/0x420 [ 211.271903][ T9194] __sys_sendmsg+0x271/0x360 [ 211.271935][ T9194] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.272025][ T9194] ? do_syscall_64+0xb6/0x230 [ 211.272058][ T9194] do_syscall_64+0xf3/0x230 [ 211.272087][ T9194] ? clear_bhb_loop+0x45/0xa0 [ 211.272114][ T9194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.272135][ T9194] RIP: 0033:0x7fc40998d169 [ 211.272156][ T9194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.272175][ T9194] RSP: 002b:00007fc40a771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.272199][ T9194] RAX: ffffffffffffffda RBX: 00007fc409ba5fa0 RCX: 00007fc40998d169 [ 211.272216][ T9194] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 211.272231][ T9194] RBP: 00007fc40a771090 R08: 0000000000000000 R09: 0000000000000000 [ 211.272245][ T9194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 211.272258][ T9194] R13: 0000000000000000 R14: 00007fc409ba5fa0 R15: 00007ffe4a0017b8 [ 211.272294][ T9194] [ 211.571241][ T9191] tipc: New replicast peer: 255.255.255.255 [ 211.598238][ T9191] tipc: Enabled bearer , priority 10 [ 211.650925][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 211.680291][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 211.699703][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 211.720556][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 211.730202][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 211.742274][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 211.749010][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 211.755055][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 211.761221][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 211.868682][ T9207] tipc: Started in network mode [ 211.873636][ T9207] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711 [ 211.892485][ T9211] FAULT_INJECTION: forcing a failure. [ 211.892485][ T9211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.907372][ T9211] CPU: 1 UID: 0 PID: 9211 Comm: syz.1.820 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 211.907402][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 211.907415][ T9211] Call Trace: [ 211.907424][ T9211] [ 211.907433][ T9211] dump_stack_lvl+0x241/0x360 [ 211.907472][ T9211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.907503][ T9211] ? __pfx__printk+0x10/0x10 [ 211.907545][ T9211] should_fail_ex+0x424/0x570 [ 211.907573][ T9211] _copy_to_user+0x31/0xb0 [ 211.907607][ T9211] simple_read_from_buffer+0xc4/0x170 [ 211.907642][ T9211] proc_fail_nth_read+0x1ef/0x260 [ 211.907668][ T9211] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.907693][ T9211] ? rw_verify_area+0x246/0x630 [ 211.907715][ T9211] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.907739][ T9211] vfs_read+0x21f/0xb90 [ 211.907775][ T9211] ? __pfx___mutex_lock+0x10/0x10 [ 211.907803][ T9211] ? __pfx_vfs_read+0x10/0x10 [ 211.907829][ T9211] ? __fget_files+0x2a/0x420 [ 211.907850][ T9211] ? __fget_files+0x39d/0x420 [ 211.907875][ T9211] ? __fget_files+0x2a/0x420 [ 211.907903][ T9211] ksys_read+0x19d/0x2d0 [ 211.907928][ T9211] ? __pfx_ksys_read+0x10/0x10 [ 211.907959][ T9211] ? do_syscall_64+0xb6/0x230 [ 211.907991][ T9211] do_syscall_64+0xf3/0x230 [ 211.908018][ T9211] ? clear_bhb_loop+0x45/0xa0 [ 211.908043][ T9211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.908064][ T9211] RIP: 0033:0x7fbc2238bb7c [ 211.908083][ T9211] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 211.908100][ T9211] RSP: 002b:00007fbc2327b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 211.908123][ T9211] RAX: ffffffffffffffda RBX: 00007fbc225a5fa0 RCX: 00007fbc2238bb7c [ 211.908138][ T9211] RDX: 000000000000000f RSI: 00007fbc2327b0a0 RDI: 0000000000000004 [ 211.908151][ T9211] RBP: 00007fbc2327b090 R08: 0000000000000000 R09: 0000000000000000 [ 211.908165][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.908177][ T9211] R13: 0000000000000000 R14: 00007fbc225a5fa0 R15: 00007fffbb547da8 [ 211.908210][ T9211] [ 212.149694][ T9207] tipc: Enabling of bearer rejected, failed to enable media [ 212.173838][ T9216] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 212.261206][ T9224] netlink: 'syz.2.822': attribute type 11 has an invalid length. [ 212.290751][ T9224] netlink: 224 bytes leftover after parsing attributes in process `syz.2.822'. [ 212.717876][ T5891] tipc: Node number set to 2886997007 [ 212.738779][ T9238] netlink: 'syz.1.826': attribute type 11 has an invalid length. [ 212.773366][ T9238] netlink: 224 bytes leftover after parsing attributes in process `syz.1.826'. [ 213.114596][ T9255] netlink: 'syz.4.831': attribute type 4 has an invalid length. [ 213.254207][ T9204] chnl_net:caif_netlink_parms(): no params data found [ 213.300242][ T9263] IPVS: length: 51 != 24 [ 213.619039][ T9204] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.658070][ T9204] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.671505][ T9204] bridge_slave_0: entered allmulticast mode [ 213.695501][ T9204] bridge_slave_0: entered promiscuous mode [ 213.736722][ T9278] netlink: 36 bytes leftover after parsing attributes in process `syz.2.837'. [ 213.804939][ T9204] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.850805][ T9204] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.894113][ T9204] bridge_slave_1: entered allmulticast mode [ 213.909398][ T9204] bridge_slave_1: entered promiscuous mode [ 214.076250][ T9204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 214.086042][ T9286] netlink: 8 bytes leftover after parsing attributes in process `syz.4.841'. [ 214.124771][ T9204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 214.154692][ T9286] ip6tnl1: entered promiscuous mode [ 214.160950][ T9286] ip6tnl1: entered allmulticast mode [ 214.298099][ T5855] Bluetooth: hci0: command tx timeout [ 214.327100][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.844'. [ 214.331436][ T9204] team0: Port device team_slave_0 added [ 214.360046][ T9204] team0: Port device team_slave_1 added [ 214.483183][ T9204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.491417][ T9204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.569442][ T9204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.600342][ T9204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.607353][ T9204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.667580][ T9204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.725593][ T9306] netlink: 'syz.4.851': attribute type 1 has an invalid length. [ 214.834182][ T9204] hsr_slave_0: entered promiscuous mode [ 214.853821][ T9204] hsr_slave_1: entered promiscuous mode [ 214.864784][ T9204] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.883674][ T9204] Cannot create hsr debugfs directory [ 214.885889][ T9310] netlink: 'syz.3.853': attribute type 1 has an invalid length. [ 215.140708][ T9315] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.205968][ T9317] bond0: entered promiscuous mode [ 215.260021][ T9325] netlink: 'syz.4.859': attribute type 1 has an invalid length. [ 215.277910][ T9317] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 215.307198][ T9317] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 215.322220][ T9317] bond1: (slave macvlan3): Enslaving as a backup interface with an up link [ 215.385803][ T7605] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 215.513023][ T7595] bond1: (slave macvlan3): link status up again after 0 ms [ 215.522035][ T7595] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 215.538844][ T7595] bond1: (slave macvlan3): link status up again after 0 ms [ 215.588970][ T4494] bond1: (slave macvlan3): link status up again after 0 ms [ 215.607943][ T4494] bond1: (slave macvlan3): link status up again after 0 ms [ 215.640309][ T7595] bond1: (slave macvlan3): link status up again after 0 ms [ 215.719196][ T4494] bond1: (slave macvlan3): link status up again after 0 ms [ 215.757147][ T9345] netlink: 32 bytes leftover after parsing attributes in process `syz.4.864'. [ 215.762488][ T53] bond1: (slave macvlan3): link status up again after 0 ms [ 215.811545][ T7605] bond1: (slave macvlan3): link status up again after 0 ms [ 216.038476][ T9349] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'. [ 216.115104][ T9204] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.342392][ T9204] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.381837][ T5855] Bluetooth: hci0: command tx timeout [ 216.548890][ T9204] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.626664][ T9377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.875'. [ 216.648156][ T9377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.875'. [ 216.663690][ T9380] netlink: 28 bytes leftover after parsing attributes in process `syz.2.873'. [ 216.794764][ T9204] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.332052][ T9204] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 217.414992][ T9204] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 217.486631][ T9204] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 217.532998][ T9204] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 217.948933][ T9204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.013028][ T9204] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.085701][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.093022][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.197710][ T4494] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.204978][ T4494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.337595][ T9443] netlink: 36 bytes leftover after parsing attributes in process `syz.2.896'. [ 218.458666][ T5855] Bluetooth: hci0: command tx timeout [ 219.113094][ T9204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.339472][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.904'. [ 219.650288][ T9204] veth0_vlan: entered promiscuous mode [ 219.676865][ T9494] FAULT_INJECTION: forcing a failure. [ 219.676865][ T9494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.690418][ T9494] CPU: 0 UID: 0 PID: 9494 Comm: syz.3.906 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 219.690447][ T9494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 219.690460][ T9494] Call Trace: [ 219.690468][ T9494] [ 219.690476][ T9494] dump_stack_lvl+0x241/0x360 [ 219.690515][ T9494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.690546][ T9494] ? __pfx__printk+0x10/0x10 [ 219.690589][ T9494] should_fail_ex+0x424/0x570 [ 219.690616][ T9494] _copy_from_user+0x2d/0xb0 [ 219.690647][ T9494] __sys_bpf+0x1c5/0x8b0 [ 219.690672][ T9494] ? __pfx___sys_bpf+0x10/0x10 [ 219.690708][ T9494] ? ksys_write+0x275/0x2d0 [ 219.690746][ T9494] __x64_sys_bpf+0x7c/0x90 [ 219.690779][ T9494] do_syscall_64+0xf3/0x230 [ 219.690806][ T9494] ? clear_bhb_loop+0x45/0xa0 [ 219.690832][ T9494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.690852][ T9494] RIP: 0033:0x7fa46e78d169 [ 219.690870][ T9494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.690888][ T9494] RSP: 002b:00007fa46f64a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 219.690909][ T9494] RAX: ffffffffffffffda RBX: 00007fa46e9a5fa0 RCX: 00007fa46e78d169 [ 219.690924][ T9494] RDX: 0000000000000070 RSI: 00002000000000c0 RDI: 0000000000000005 [ 219.690936][ T9494] RBP: 00007fa46f64a090 R08: 0000000000000000 R09: 0000000000000000 [ 219.690948][ T9494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.690960][ T9494] R13: 0000000000000000 R14: 00007fa46e9a5fa0 R15: 00007ffce6996638 [ 219.690993][ T9494] [ 219.695449][ T9204] veth1_vlan: entered promiscuous mode [ 220.127227][ T9502] Cannot find add_set index 4 as target [ 220.186175][ T9204] veth0_macvtap: entered promiscuous mode [ 220.230672][ T9204] veth1_macvtap: entered promiscuous mode [ 220.358040][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.395651][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.431068][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.455786][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.474972][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.486255][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.542249][ T5855] Bluetooth: hci0: command tx timeout [ 220.554935][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.569359][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.585616][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.630461][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.658189][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.697926][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.718277][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.737815][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.777339][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.810659][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.835428][ T9204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.878757][ T4494] net_ratelimit: 24 callbacks suppressed [ 220.878795][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 220.938330][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.997874][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.037868][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.061334][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.075500][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.096755][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.112448][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.124208][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.134756][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.145613][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.155782][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.166528][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.176760][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.189600][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.199897][ T9204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.230681][ T9204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.250486][ T9204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.350799][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 221.371328][ T9204] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.407317][ T9204] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.419712][ T9204] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.428696][ T9204] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.683686][ T9533] netlink: 'syz.1.920': attribute type 7 has an invalid length. [ 221.691512][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 221.761122][ T9533] netlink: 'syz.1.920': attribute type 5 has an invalid length. [ 221.775358][ T9533] netlink: 17 bytes leftover after parsing attributes in process `syz.1.920'. [ 221.869589][ T7605] bond1: (slave macvlan3): failed to get link speed/duplex [ 221.918919][ T7605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.949275][ T7605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.060669][ T7605] bond1: (slave macvlan3): failed to get link speed/duplex [ 222.119254][ T3451] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.127146][ T3451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.177921][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 222.298509][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 222.429248][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 222.490708][ T9553] batadv0: entered promiscuous mode [ 222.533667][ T9553] batadv0: left promiscuous mode [ 222.670476][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 222.797948][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 224.473997][ T9614] ip6gre1: entered promiscuous mode [ 225.185958][ T9642] netlink: 12 bytes leftover after parsing attributes in process `syz.1.945'. [ 225.246170][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 225.256680][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 225.267466][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 225.277644][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 225.290768][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 225.940687][ T4494] net_ratelimit: 23 callbacks suppressed [ 225.940708][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 225.989615][ T9643] chnl_net:caif_netlink_parms(): no params data found [ 226.171835][ T9665] bridge0: entered promiscuous mode [ 226.181067][ T9665] bridge0: entered allmulticast mode [ 226.232104][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 226.489438][ T9643] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.513358][ T9643] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.536144][ T9643] bridge_slave_0: entered allmulticast mode [ 226.560265][ T9643] bridge_slave_0: entered promiscuous mode [ 226.590582][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.607524][ T9643] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.620965][ T9643] bridge_slave_1: entered allmulticast mode [ 226.644767][ T9643] bridge_slave_1: entered promiscuous mode [ 226.711582][ T9643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.726207][ T9643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.860396][ T9643] team0: Port device team_slave_0 added [ 226.884308][ T9643] team0: Port device team_slave_1 added [ 226.973754][ T9643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.985217][ T9643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.032551][ T9643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.062376][ T9643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.070700][ T9643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.113453][ T9643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.252486][ T9643] hsr_slave_0: entered promiscuous mode [ 227.269230][ T9643] hsr_slave_1: entered promiscuous mode [ 227.286338][ T9643] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.327993][ T9643] Cannot create hsr debugfs directory [ 227.342386][ T5845] Bluetooth: hci0: command tx timeout [ 227.356862][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 227.608238][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 227.950034][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 228.145213][ T9643] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.221165][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 228.314472][ T9737] bond0: entered promiscuous mode [ 228.328993][ T9737] bond_slave_0: entered promiscuous mode [ 228.337475][ T9737] bond_slave_1: entered promiscuous mode [ 228.359758][ T9737] batadv0: entered promiscuous mode [ 228.386843][ T9737] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 228.415059][ T9737] bond0: left promiscuous mode [ 228.420935][ T9737] bond_slave_0: left promiscuous mode [ 228.443376][ T9737] bond_slave_1: left promiscuous mode [ 228.458344][ T9737] batadv0: left promiscuous mode [ 228.551596][ T9643] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.628765][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 228.707622][ T9643] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.821736][ T9643] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.938669][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 229.113330][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 229.382573][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 229.418004][ T9770] netlink: 'syz.1.979': attribute type 4 has an invalid length. [ 229.426867][ T5845] Bluetooth: hci0: command tx timeout [ 229.439169][ T9643] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 229.463032][ T9643] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 229.476848][ T9770] netlink: 17 bytes leftover after parsing attributes in process `syz.1.979'. [ 229.522567][ T9643] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 229.631068][ T9643] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 229.973947][ T9791] tipc: Enabled bearer , priority 0 [ 230.278294][ T9791] syzkaller0: entered promiscuous mode [ 230.284044][ T9791] syzkaller0: entered allmulticast mode [ 230.294726][ T9791] tipc: Resetting bearer [ 230.330019][ T9789] tipc: Resetting bearer [ 231.510058][ T5855] Bluetooth: hci0: command tx timeout [ 232.873911][ T9789] tipc: Disabling bearer [ 232.934876][ T9819] smc: net device bond0 applied user defined pnetid SYZ0 [ 232.938815][ T4494] net_ratelimit: 4 callbacks suppressed [ 232.938842][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 232.988548][ T9822] smc: net device bond0 erased user defined pnetid SYZ0 [ 233.157527][ T9643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.228816][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 233.303517][ T9836] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1002'. [ 233.326544][ T9643] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.370722][ T7595] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.378027][ T7595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.418704][ T4494] bond1: (slave macvlan3): failed to get link speed/duplex [ 233.454258][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.461497][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.553715][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 233.578177][ T5855] Bluetooth: hci0: command 0x0419 tx timeout [ 233.698501][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 233.827964][ T7605] bond1: (slave macvlan3): failed to get link speed/duplex [ 233.959815][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 234.079253][ T7595] bond1: (slave macvlan3): failed to get link speed/duplex [ 234.230133][ T12] bond1: (slave macvlan3): failed to get link speed/duplex [ 234.266716][ T9643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.399641][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 234.434532][ T9877] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1013'. [ 234.539445][ T9877] netlink: 'syz.3.1013': attribute type 2 has an invalid length. [ 234.564658][ T9643] veth0_vlan: entered promiscuous mode [ 234.639266][ T9643] veth1_vlan: entered promiscuous mode [ 234.850992][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1017'. [ 234.875063][ T9643] veth0_macvtap: entered promiscuous mode [ 234.911579][ T9643] veth1_macvtap: entered promiscuous mode [ 234.998228][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.036150][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.072695][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.109070][ T9899] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1023'. [ 235.140947][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.178615][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.212463][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.249823][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.317936][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.350312][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.391440][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.429092][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.453621][ T9913] xt_hashlimit: size too large, truncated to 1048576 [ 235.472114][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.493913][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.515990][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.565950][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.600781][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.631891][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.657928][ T5845] Bluetooth: hci0: command 0x0419 tx timeout [ 235.678588][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.733898][ T9643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.897188][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.958096][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.983355][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.027970][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.061834][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.087943][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.107894][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.129062][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.167728][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.196347][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.248276][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.278135][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.299973][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.322586][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.345452][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1035'. [ 236.389953][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1035'. [ 236.399218][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.424814][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.457683][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.497408][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.532938][ T9643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.638420][ T9643] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.668136][ T9643] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.687728][ T9643] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.696796][ T9643] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.311966][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.332723][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.519763][ T7595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.536138][ T9979] nbd: must specify at least one socket [ 237.551750][ T7595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.972217][ T12] net_ratelimit: 12 callbacks suppressed [ 237.972239][ T12] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.290709][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.352804][T10013] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1061'. [ 238.402420][T10013] bond0: entered promiscuous mode [ 238.423414][T10013] bond_slave_0: entered promiscuous mode [ 238.442940][T10013] bond_slave_1: entered promiscuous mode [ 238.502567][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.649177][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.757981][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.868146][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 238.978473][ T3451] bond1: (slave macvlan3): failed to get link speed/duplex [ 239.107697][ T53] bond1: (slave macvlan3): failed to get link speed/duplex [ 239.238215][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 239.347978][ T7610] bond1: (slave macvlan3): failed to get link speed/duplex [ 240.058870][T10060] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1067'. [ 240.208719][T10060] bridge0: port 1(syz_tun) entered blocking state [ 240.227974][T10060] bridge0: port 1(syz_tun) entered disabled state [ 240.278774][T10060] syz_tun: entered allmulticast mode [ 240.312120][T10060] syz_tun: entered promiscuous mode [ 240.332813][T10060] bridge0: port 1(syz_tun) entered blocking state [ 240.339733][T10060] bridge0: port 1(syz_tun) entered forwarding state [ 240.733020][T10074] ------------[ cut here ]------------ [ 240.739810][T10074] WARNING: CPU: 1 PID: 10074 at net/ipv4/udp_offload.c:123 udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 240.750462][T10074] Modules linked in: [ 240.754683][T10074] CPU: 1 UID: 0 PID: 10074 Comm: syz.4.1072 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 240.769464][T10074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 240.782133][T10074] RIP: 0010:udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 240.789058][T10074] Code: 00 00 e8 c6 f6 2e f7 48 c1 e5 04 48 8d b5 60 83 c7 9a ba 10 00 00 00 4c 89 ff e8 6e 22 99 f7 e9 ce 00 00 00 e8 a4 f6 2e f7 90 <0f> 0b 90 e9 de fd ff ff bf 01 00 00 00 89 ee e8 cf fa 2e f7 85 ed [ 240.809132][T10074] RSP: 0018:ffffc9000b4b77f8 EFLAGS: 00010293 [ 240.815267][T10074] RAX: ffffffff8a94702c RBX: 0000000000000001 RCX: ffff88802bec9e00 [ 240.823864][T10074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 240.831974][T10074] RBP: 0000000000000000 R08: ffffffff8a946d0e R09: 1ffffffff20bfd4e [ 240.840042][T10074] R10: dffffc0000000000 R11: fffffbfff20bfd4f R12: ffffffff86de4a40 [ 240.848408][T10074] R13: dffffc0000000000 R14: ffff888079c6b500 R15: 0000000000000000 [ 240.856827][T10074] FS: 0000000000000000(0000) GS:ffff888125093000(0000) knlGS:0000000000000000 [ 240.867208][T10074] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 240.876335][T10074] CR2: 0000001b30b1cff8 CR3: 000000000eb38000 CR4: 00000000003526f0 [ 240.887034][T10074] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 240.895498][T10074] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 240.904301][T10074] Call Trace: [ 240.907626][T10074] [ 240.910971][T10074] ? sk_common_release+0x71/0x2e0 [ 240.916053][T10074] udp_destroy_sock+0x2a2/0x300 [ 240.921129][T10074] ? __pfx_udp_destroy_sock+0x10/0x10 [ 240.926556][T10074] sk_common_release+0x71/0x2e0 [ 240.931712][T10074] inet_release+0x17d/0x200 [ 240.936920][T10074] sock_close+0xbc/0x240 [ 240.941572][T10074] ? __pfx_sock_close+0x10/0x10 [ 240.946484][T10074] __fput+0x3e9/0x9f0 [ 240.950566][T10074] task_work_run+0x251/0x310 [ 240.955215][T10074] ? __pfx_task_work_run+0x10/0x10 [ 240.960440][T10074] ? do_exit+0xa0c/0x27f0 [ 240.964837][T10074] ? do_exit+0xa0c/0x27f0 [ 240.972013][T10074] do_exit+0xa11/0x27f0 [ 240.976251][T10074] ? do_raw_spin_lock+0x151/0x370 [ 240.983023][T10074] ? __pfx_do_exit+0x10/0x10 [ 240.987672][T10074] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 240.993190][T10074] do_group_exit+0x207/0x2c0 [ 240.998255][T10074] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.003502][T10074] ? lockdep_hardirqs_on+0x9d/0x150 [ 241.008846][T10074] get_signal+0x1696/0x1730 [ 241.013457][T10074] ? __pfx_get_signal+0x10/0x10 [ 241.020057][T10074] arch_do_signal_or_restart+0x98/0x840 [ 241.025704][T10074] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 241.032737][T10074] ? syscall_exit_to_user_mode+0xa3/0x340 [ 241.039027][T10074] syscall_exit_to_user_mode+0xce/0x340 [ 241.044666][T10074] do_syscall_64+0x100/0x230 [ 241.049375][T10074] ? clear_bhb_loop+0x45/0xa0 [ 241.054121][T10074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.060204][T10074] RIP: 0033:0x7f45c358d169 [ 241.064682][T10074] Code: Unable to access opcode bytes at 0x7f45c358d13f. [ 241.074437][T10074] RSP: 002b:00007f45c13f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 241.084676][T10074] RAX: fffffffffffffe00 RBX: 00007f45c37a5fa8 RCX: 00007f45c358d169 [ 241.092816][T10074] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f45c37a5fa8 [ 241.101806][T10074] RBP: 00007f45c37a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 241.109908][T10074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45c37a5fac [ 241.118001][T10074] R13: 0000000000000000 R14: 00007ffd07598130 R15: 00007ffd07598218 [ 241.126097][T10074] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 241.129532][T10074] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 241.136866][T10074] CPU: 1 UID: 0 PID: 10074 Comm: syz.4.1072 Not tainted 6.15.0-rc1-syzkaller-00207-g0c49baf099ba #0 PREEMPT(full) [ 241.148968][T10074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 241.159072][T10074] Call Trace: [ 241.162391][T10074] [ 241.165355][T10074] dump_stack_lvl+0x241/0x360 [ 241.170265][T10074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.175609][T10074] ? __pfx__printk+0x10/0x10 [ 241.180256][T10074] ? vscnprintf+0x5d/0x90 [ 241.184637][T10074] panic+0x349/0x880 [ 241.188602][T10074] ? __warn+0x174/0x4d0 [ 241.192814][T10074] ? __pfx_panic+0x10/0x10 [ 241.197307][T10074] __warn+0x344/0x4d0 [ 241.201425][T10074] ? udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 241.207278][T10074] report_bug+0x2b3/0x500 [ 241.211652][T10074] ? udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 241.217509][T10074] ? udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 241.223357][T10074] ? udp_tunnel_update_gro_rcv+0x28f/0x4c0 [ 241.229187][T10074] handle_bug+0x89/0x170 [ 241.233454][T10074] exc_invalid_op+0x1a/0x50 [ 241.237974][T10074] asm_exc_invalid_op+0x1a/0x20 [ 241.242837][T10074] RIP: 0010:udp_tunnel_update_gro_rcv+0x28d/0x4c0 [ 241.249265][T10074] Code: 00 00 e8 c6 f6 2e f7 48 c1 e5 04 48 8d b5 60 83 c7 9a ba 10 00 00 00 4c 89 ff e8 6e 22 99 f7 e9 ce 00 00 00 e8 a4 f6 2e f7 90 <0f> 0b 90 e9 de fd ff ff bf 01 00 00 00 89 ee e8 cf fa 2e f7 85 ed [ 241.268891][T10074] RSP: 0018:ffffc9000b4b77f8 EFLAGS: 00010293 [ 241.275002][T10074] RAX: ffffffff8a94702c RBX: 0000000000000001 RCX: ffff88802bec9e00 [ 241.283165][T10074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 241.291267][T10074] RBP: 0000000000000000 R08: ffffffff8a946d0e R09: 1ffffffff20bfd4e [ 241.299255][T10074] R10: dffffc0000000000 R11: fffffbfff20bfd4f R12: ffffffff86de4a40 [ 241.307237][T10074] R13: dffffc0000000000 R14: ffff888079c6b500 R15: 0000000000000000 [ 241.315222][T10074] ? __pfx_geneve_gro_receive+0x10/0x10 [ 241.320787][T10074] ? udp_tunnel_update_gro_rcv+0xce/0x4c0 [ 241.326541][T10074] ? udp_tunnel_update_gro_rcv+0x3ec/0x4c0 [ 241.332391][T10074] ? udp_tunnel_update_gro_rcv+0x3ec/0x4c0 [ 241.338225][T10074] ? sk_common_release+0x71/0x2e0 [ 241.343274][T10074] udp_destroy_sock+0x2a2/0x300 [ 241.348152][T10074] ? __pfx_udp_destroy_sock+0x10/0x10 [ 241.353543][T10074] sk_common_release+0x71/0x2e0 [ 241.358435][T10074] inet_release+0x17d/0x200 [ 241.362955][T10074] sock_close+0xbc/0x240 [ 241.367235][T10074] ? __pfx_sock_close+0x10/0x10 [ 241.372130][T10074] __fput+0x3e9/0x9f0 [ 241.376149][T10074] task_work_run+0x251/0x310 [ 241.380781][T10074] ? __pfx_task_work_run+0x10/0x10 [ 241.385913][T10074] ? do_exit+0xa0c/0x27f0 [ 241.390266][T10074] ? do_exit+0xa0c/0x27f0 [ 241.394623][T10074] do_exit+0xa11/0x27f0 [ 241.398809][T10074] ? do_raw_spin_lock+0x151/0x370 [ 241.403860][T10074] ? __pfx_do_exit+0x10/0x10 [ 241.408504][T10074] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 241.413916][T10074] do_group_exit+0x207/0x2c0 [ 241.418529][T10074] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.423739][T10074] ? lockdep_hardirqs_on+0x9d/0x150 [ 241.428971][T10074] get_signal+0x1696/0x1730 [ 241.433937][T10074] ? __pfx_get_signal+0x10/0x10 [ 241.438809][T10074] arch_do_signal_or_restart+0x98/0x840 [ 241.444381][T10074] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 241.450573][T10074] ? syscall_exit_to_user_mode+0xa3/0x340 [ 241.456326][T10074] syscall_exit_to_user_mode+0xce/0x340 [ 241.461892][T10074] do_syscall_64+0x100/0x230 [ 241.466503][T10074] ? clear_bhb_loop+0x45/0xa0 [ 241.471198][T10074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.477102][T10074] RIP: 0033:0x7f45c358d169 [ 241.481539][T10074] Code: Unable to access opcode bytes at 0x7f45c358d13f. [ 241.488579][T10074] RSP: 002b:00007f45c13f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 241.497025][T10074] RAX: fffffffffffffe00 RBX: 00007f45c37a5fa8 RCX: 00007f45c358d169 [ 241.505206][T10074] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f45c37a5fa8 [ 241.513274][T10074] RBP: 00007f45c37a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 241.521252][T10074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45c37a5fac [ 241.529249][T10074] R13: 0000000000000000 R14: 00007ffd07598130 R15: 00007ffd07598218 [ 241.537263][T10074] [ 241.540623][T10074] Kernel Offset: disabled [ 241.544973][T10074] Rebooting in 86400 seconds..