last executing test programs: 1m7.282915355s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) 55.758944128s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) 40.760678103s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) 27.450069523s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) 13.31599548s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) 1.431881066s ago: executing program 0 (id=2147): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x4}, 0x6) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="4900030007"], 0xd) 1.325279238s ago: executing program 1 (id=2149): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x1000}]}, 0x34}}, 0x0) 1.324921359s ago: executing program 0 (id=2150): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001100)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000001200), 0x10) 1.232456841s ago: executing program 1 (id=2152): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x16, 0x6, &(0x7f0000000d40)=@framed={{}, [@map_idx_val, @exit]}, &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.126343015s ago: executing program 1 (id=2155): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002100"], 0x1c}}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) listen(r0, 0x80000000) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r2, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="88", 0x1}], 0x1}}], 0x1, 0x0) 859.499533ms ago: executing program 4 (id=2161): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x60, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x60}}, 0x0) 800.219166ms ago: executing program 4 (id=2162): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0xfffffffd}]}}}]}]}], {0x14}}, 0x78}}, 0x0) 744.852323ms ago: executing program 2 (id=2163): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000001680)=ANY=[@ANYBLOB="20000000000000008400000002000000000041000000000000000000", @ANYRES32=0x0, @ANYBLOB="30000000000000008400000001"], 0x50}, 0x0) 723.123778ms ago: executing program 2 (id=2164): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754da5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b53c3fca5206cb000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000024000000180001801400020073797a5f74756e"], 0x2c}}, 0x0) 692.060363ms ago: executing program 4 (id=2165): r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0x3f, 0x0, 0x4) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r1 = socket(0x11, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000100), &(0x7f0000000180)=0x80) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000580)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) bind$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="84fd99e47ec0"}, 0x14) 585.278044ms ago: executing program 2 (id=2166): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00'}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x80) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000001c0)='sched_process_wait\x00', r5}, 0x10) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r7, r4, 0x0, r7}, 0x10) 585.044173ms ago: executing program 4 (id=2167): bpf$MAP_CREATE(0x0, &(0x7f0000000180), 0x48) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r2, &(0x7f0000000180)='`', 0xca, 0x0, &(0x7f0000000240)={0x2f, 0x0, r1, 0x1, 0x0, 0x6, @random="4a99fee2a74d"}, 0x14) 557.462262ms ago: executing program 2 (id=2168): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0xa, &(0x7f0000000100)=[{&(0x7f0000000200)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a118001500060014000000001208000a0043000040a80016000400014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4260000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd", 0xd8}], 0x1}, 0x0) 534.900929ms ago: executing program 4 (id=2169): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x1}, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x2000}, 0x4) 465.561639ms ago: executing program 4 (id=2170): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 373.86771ms ago: executing program 0 (id=2171): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001500)=ANY=[], 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='batadv0\x00', 0x10) write(r0, &(0x7f00000000c0)="822a0a65bd8c022b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 360.809329ms ago: executing program 0 (id=2172): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004000)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x603}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1e13}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}], [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x20000000) 306.86071ms ago: executing program 0 (id=2173): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000007100)=[{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000640)="5bf31cab446f68cb218a82ecc105f8ad29bb12de36cf176b6a366558c6c40bee4a132f4f20c6ce7024f576b6a8cfcce707e6347b274e0d8fd0e1cf16c54e97351e58ac567bee5a9d73288a3e04b1ad24a4c1944bed793e8be60c441bbc112f57570fb448bd0296f52d09ebb437b7bbc7c89cb87af3cf2a665ed34ee07bd33ca2", 0x80}], 0x1, &(0x7f0000001100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f000000a040)=[{{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000500)=""/99, 0x63}, {&(0x7f00000003c0)=""/241, 0xf1}], 0x2}}], 0x1, 0x40002043, 0x0) 306.60107ms ago: executing program 2 (id=2174): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000500)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007baaf8ff00000000b609000068000000dbaaf8ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 169.231348ms ago: executing program 1 (id=2175): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000640)={{{@in=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x32}, 0x0, @in=@multicast2}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) 134.277869ms ago: executing program 2 (id=2176): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x2, &(0x7f0000000300)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="03011400018389290e358000ad0001140000002f0600ac141418e0000003808a8972bd0b72e410820c520f061fe4fdfe4b889430ebb52997e36e039b1c598825f80100e3c06376c33076a167d514fa570a440261a67a34a07605c93a194946bc6283f4"], 0xdd12}], 0x1}, 0x0) 103.285957ms ago: executing program 0 (id=2177): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) recvmsg(r0, &(0x7f0000001140)={0x0, 0x0, 0x0}, 0x12122) sendmsg(r0, &(0x7f0000006b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x1b0}, 0x0) 49.238889ms ago: executing program 1 (id=2178): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711229000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90) 26.604562ms ago: executing program 1 (id=2179): r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2}, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r2}, @ldst={0x1, 0x2, 0x3}]}, &(0x7f0000000d40)='syzkaller\x00'}, 0x90) r4 = socket$igmp(0x2, 0x3, 0x2) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1, @ANYBLOB="08001f"], 0x40}}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r0}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x5, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x2}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @remote}]}}}]}, 0x48}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r2, 0x58, &(0x7f0000000280)}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000340)) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000400)={'ip_vti0\x00', 0x0, 0x8, 0x88, 0x3, 0x5, {{0x4d, 0x4, 0x1, 0x5, 0x134, 0x67, 0x0, 0xb, 0x4, 0x0, @rand_addr=0x64010101, @loopback, {[@cipso={0x86, 0x68, 0x1, [{0x5, 0x9, "0aa19e60566979"}, {0x6, 0x12, "b6b30f65d62e35c055e71398723038b8"}, {0x2, 0x11, "5d1ebaa6a1c4c0649638e6b8d76fb5"}, {0x1, 0xd, "7f000aedaa3984ba12f60b"}, {0x0, 0x8, "aa9f05dd672c"}, {0x0, 0x3, 'V'}, {0x1, 0x4, "12bb"}, {0x0, 0xe, "14216722c2b9d6da4e30a25e"}, {0x1, 0x8, "6e6816dd732f"}, {0x2, 0x4, "fd7c"}]}, @lsrr={0x83, 0x17, 0xd4, [@rand_addr=0x64010101, @rand_addr=0x64010101, @multicast2, @empty, @empty]}, @cipso={0x86, 0x4c, 0x2, [{0x2, 0x6, "b0233321"}, {0x1, 0xa, "7ebda5911c85b1a0"}, {0x1, 0x8, "a16222986663"}, {0x6, 0x3, '|'}, {0x0, 0xc, "a2ffb3d53df8b5c2cfed"}, {0x2, 0x9, "9de4d865cf7bc6"}, {0x0, 0x9, "49a297a7a560c1"}, {0x0, 0xd, "3c70ccfe36b375513f0eae"}]}, @noop, @generic={0x7, 0xf, "000634b0104a6ea8e1f8a4e6c2"}, @rr={0x7, 0x1b, 0x72, [@rand_addr=0x64010102, @broadcast, @multicast2, @empty, @rand_addr=0x64010100, @remote]}, @timestamp={0x44, 0x28, 0x7a, 0x0, 0x1, [0x7c, 0x10, 0x40, 0x4e8, 0x3, 0x5, 0xffff, 0x70, 0x3]}]}}}}}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={r3, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, &(0x7f00000005c0)=[0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0], 0x0, 0x13, &(0x7f0000000680)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0xca, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) 0s ago: executing program 3 (id=177): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400760027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) kernel console output (not intermixed with test programs): .176279][ T9259] netlink: 200 bytes leftover after parsing attributes in process `syz.2.1076'. [ 202.210721][ T9126] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.228487][ T9126] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.252749][ T9126] bridge_slave_0: entered allmulticast mode [ 202.264330][ T9126] bridge_slave_0: entered promiscuous mode [ 202.298192][ T9126] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.305496][ T9126] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.334429][ T9126] bridge_slave_1: entered allmulticast mode [ 202.348447][ T9126] bridge_slave_1: entered promiscuous mode [ 202.566342][ T9276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1082'. [ 202.611122][ T9276] macvlan2: entered promiscuous mode [ 202.627880][ T9276] macvlan2: entered allmulticast mode [ 202.633599][ T9276] syz_tun: entered allmulticast mode [ 202.696824][ T9126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.739840][ T9126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.955997][ T9126] team0: Port device team_slave_0 added [ 202.995613][ T9126] team0: Port device team_slave_1 added [ 203.022434][ T9294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 203.122471][ T9126] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.149663][ T9297] netlink: 'syz.4.1089': attribute type 9 has an invalid length. [ 203.155938][ T9126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.176481][ T9297] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.1089'. [ 203.216196][ T9306] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1090'. [ 203.225473][ T9126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.290695][ T9126] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.303050][ T9126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.349913][ T9126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.588350][ T9126] hsr_slave_0: entered promiscuous mode [ 203.608933][ T9126] hsr_slave_1: entered promiscuous mode [ 203.932543][ T9337] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1101'. [ 203.978435][ T5101] Bluetooth: hci2: command tx timeout [ 204.431340][ T9362] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1106'. [ 204.457831][ T9363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1108'. [ 204.515782][ T9363] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1108'. [ 204.612921][ T9362] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 204.824695][ T9363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1108'. [ 205.070295][ T9380] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1112'. [ 205.264711][ T9394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1118'. [ 205.469547][ T9405] netlink: 'syz.2.1123': attribute type 10 has an invalid length. [ 205.495603][ T9405] netlink: 'syz.2.1123': attribute type 10 has an invalid length. [ 205.527593][ T9405] bridge0: port 3(team0) entered blocking state [ 205.557078][ T9405] bridge0: port 3(team0) entered disabled state [ 205.563637][ T9405] team0: entered allmulticast mode [ 205.583246][ T9405] team_slave_0: entered allmulticast mode [ 205.601489][ T9405] team_slave_1: entered allmulticast mode [ 205.612845][ T9405] team0: entered promiscuous mode [ 205.619921][ T9405] team_slave_0: entered promiscuous mode [ 205.629277][ T9405] team_slave_1: entered promiscuous mode [ 205.635696][ T9405] bridge0: port 3(team0) entered blocking state [ 205.642178][ T9405] bridge0: port 3(team0) entered forwarding state [ 205.656111][ T9409] macvlan4: entered promiscuous mode [ 205.672067][ T9409] vlan1: entered promiscuous mode [ 205.682822][ T9409] macvlan4: entered allmulticast mode [ 205.688544][ T9409] vlan1: entered allmulticast mode [ 205.695380][ T9409] veth0_vlan: entered allmulticast mode [ 205.705483][ T9409] vlan1: left allmulticast mode [ 205.710925][ T9409] veth0_vlan: left allmulticast mode [ 205.722379][ T9409] vlan1: left promiscuous mode [ 205.771985][ T9412] tipc: Enabling of bearer rejected, failed to enable media [ 205.968883][ T9126] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 205.976896][ T9423] netlink: 'syz.4.1130': attribute type 4 has an invalid length. [ 206.059404][ T5101] Bluetooth: hci2: command tx timeout [ 206.091489][ T9126] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 206.119596][ T9426] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 206.189130][ T9126] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 206.233598][ T9126] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 206.783297][ T9126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.885522][ T9126] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.958279][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.965595][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.994763][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.002060][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.325288][ T9480] dvmrp1: entered allmulticast mode [ 207.597576][ T9495] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 208.042138][ T9126] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.143228][ T9521] netlink: 'syz.2.1160': attribute type 11 has an invalid length. [ 208.178525][ T9521] __nla_validate_parse: 6 callbacks suppressed [ 208.178547][ T9521] netlink: 211132 bytes leftover after parsing attributes in process `syz.2.1160'. [ 208.256549][ T9523] netlink: 'syz.4.1159': attribute type 1 has an invalid length. [ 208.277215][ T9523] netlink: 'syz.4.1159': attribute type 2 has an invalid length. [ 208.303659][ T9528] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1162'. [ 208.344303][ T9126] veth0_vlan: entered promiscuous mode [ 208.355964][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1161'. [ 208.431539][ T9126] veth1_vlan: entered promiscuous mode [ 208.455737][ T9532] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1163'. [ 208.511168][ T9532] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 208.576336][ T9126] veth0_macvtap: entered promiscuous mode [ 208.617760][ T9535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1164'. [ 208.618846][ T9126] veth1_macvtap: entered promiscuous mode [ 208.757341][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 208.827029][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.859067][ T9557] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1169'. [ 208.868295][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 208.868326][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.868345][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 208.868362][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.870436][ T9126] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.080693][ T9567] netlink: 592 bytes leftover after parsing attributes in process `syz.4.1172'. [ 209.130348][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.169530][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.204314][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.235008][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.263823][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.287367][ T9577] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1175'. [ 209.306067][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.327903][ T9126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.346005][ T9126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.385915][ T9126] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.447986][ T9585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1176'. [ 209.505240][ T9126] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.545493][ T9126] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.564587][ T9126] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.600433][ T9126] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.845934][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.876641][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.939609][ T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.962757][ T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.870424][ T9638] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1190'. [ 210.947336][ T9642] netlink: 'syz.2.1193': attribute type 1 has an invalid length. [ 210.955714][ T9639] Κό: entered promiscuous mode [ 210.986681][ T9642] nbd: couldn't find a device at index 6488084 [ 210.993687][ T9643] syzkaller1: entered promiscuous mode [ 211.017611][ T9643] syzkaller1: entered allmulticast mode [ 211.329635][ T9660] netlink: del zone limit has 8 unknown bytes [ 211.352607][ T9660] FAULT_INJECTION: forcing a failure. [ 211.352607][ T9660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.367013][ T9660] CPU: 0 PID: 9660 Comm: syz.4.1197 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 211.377149][ T9660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 211.387446][ T9660] Call Trace: [ 211.390763][ T9660] [ 211.393898][ T9660] dump_stack_lvl+0x241/0x360 [ 211.398649][ T9660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.403901][ T9660] ? __pfx__printk+0x10/0x10 [ 211.408548][ T9660] ? snprintf+0xda/0x120 [ 211.412844][ T9660] should_fail_ex+0x3b0/0x4e0 [ 211.417595][ T9660] _copy_to_user+0x2f/0xb0 [ 211.422159][ T9660] simple_read_from_buffer+0xca/0x150 [ 211.427682][ T9660] proc_fail_nth_read+0x1e9/0x250 [ 211.432781][ T9660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.438373][ T9660] ? rw_verify_area+0x520/0x6b0 [ 211.443269][ T9660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.448960][ T9660] vfs_read+0x204/0xbc0 [ 211.453176][ T9660] ? __pfx_lock_release+0x10/0x10 [ 211.458254][ T9660] ? __pfx_vfs_read+0x10/0x10 [ 211.462977][ T9660] ? __fget_files+0x29/0x470 [ 211.467663][ T9660] ? __fget_files+0x3f6/0x470 [ 211.472501][ T9660] ksys_read+0x1a0/0x2c0 [ 211.476801][ T9660] ? __pfx_ksys_read+0x10/0x10 [ 211.481672][ T9660] ? do_syscall_64+0x100/0x230 [ 211.486510][ T9660] ? do_syscall_64+0xb6/0x230 [ 211.491246][ T9660] do_syscall_64+0xf3/0x230 [ 211.495799][ T9660] ? clear_bhb_loop+0x35/0x90 [ 211.500523][ T9660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.506473][ T9660] RIP: 0033:0x7f87fd9746bc [ 211.510928][ T9660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 211.530583][ T9660] RSP: 002b:00007f87fe822040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 211.539052][ T9660] RAX: ffffffffffffffda RBX: 00007f87fdb03f60 RCX: 00007f87fd9746bc [ 211.547079][ T9660] RDX: 000000000000000f RSI: 00007f87fe8220b0 RDI: 000000000000000e [ 211.555106][ T9660] RBP: 00007f87fe8220a0 R08: 0000000000000000 R09: 0000000000000000 [ 211.563164][ T9660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 211.571159][ T9660] R13: 000000000000000b R14: 00007f87fdb03f60 R15: 00007ffddf68e598 [ 211.579170][ T9660] [ 211.800305][ T2456] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.045178][ T2456] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.130503][ T2456] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.238590][ T2456] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.361153][ T2456] bridge_slave_1: left allmulticast mode [ 212.367064][ T2456] bridge_slave_1: left promiscuous mode [ 212.372899][ T2456] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.383479][ T2456] bridge_slave_0: left allmulticast mode [ 212.391538][ T2456] bridge_slave_0: left promiscuous mode [ 212.399727][ T2456] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.200690][ T9715] __nla_validate_parse: 4 callbacks suppressed [ 213.200713][ T9715] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1211'. [ 213.240138][ T5109] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 213.247266][ T2456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.262384][ T5109] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 213.279594][ T5109] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 213.290009][ T5109] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.300133][ T5109] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 213.300668][ T2456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.318162][ T5109] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 213.356966][ T2456] bond0 (unregistering): Released all slaves [ 213.393074][ T9716] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 213.428915][ T9716] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 213.487977][ T9724] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (48) [ 213.626209][ T9728] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1214'. [ 213.924767][ T9737] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1218'. [ 214.042959][ T9754] macvlan4: entered promiscuous mode [ 214.048517][ T9754] vlan1: entered promiscuous mode [ 214.053920][ T9754] macvlan4: entered allmulticast mode [ 214.060712][ T9754] vlan1: entered allmulticast mode [ 214.065900][ T9754] veth0_vlan: entered allmulticast mode [ 214.077781][ T9754] vlan1: left allmulticast mode [ 214.082839][ T9754] veth0_vlan: left allmulticast mode [ 214.090387][ T9754] vlan1: left promiscuous mode [ 214.125159][ T9746] netlink: 'syz.0.1222': attribute type 10 has an invalid length. [ 214.134295][ T9746] team0: left allmulticast mode [ 214.140286][ T9746] team_slave_0: left allmulticast mode [ 214.146242][ T9746] team_slave_1: left allmulticast mode [ 214.152712][ T9746] batadv1: left allmulticast mode [ 214.158353][ T9746] vlan2: left allmulticast mode [ 214.159812][ T9760] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1226'. [ 214.163563][ T9746] vlan0: left allmulticast mode [ 214.178504][ T9746] veth0_vlan: left allmulticast mode [ 214.179936][ T9760] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 214.184061][ T9746] team0: left promiscuous mode [ 214.199742][ T9746] team_slave_0: left promiscuous mode [ 214.205645][ T9760] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 214.205821][ T9746] team_slave_1: left promiscuous mode [ 214.241753][ T9746] batadv1: left promiscuous mode [ 214.248724][ T9746] vlan2: left promiscuous mode [ 214.253831][ T9746] vlan0: left promiscuous mode [ 214.261555][ T9746] bridge0: port 3(team0) entered disabled state [ 214.325847][ T9748] netlink: 'syz.0.1222': attribute type 10 has an invalid length. [ 214.334235][ T9748] bridge0: port 3(team0) entered blocking state [ 214.341435][ T9748] bridge0: port 3(team0) entered disabled state [ 214.352320][ T9748] team0: entered allmulticast mode [ 214.358873][ T9748] team_slave_0: entered allmulticast mode [ 214.365022][ T9748] team_slave_1: entered allmulticast mode [ 214.371642][ T9748] batadv1: entered allmulticast mode [ 214.382554][ T9748] vlan2: entered allmulticast mode [ 214.391341][ T9748] vlan0: entered allmulticast mode [ 214.401643][ T9748] veth0_vlan: entered allmulticast mode [ 214.413331][ T9748] team0: entered promiscuous mode [ 214.433051][ T9748] team_slave_0: entered promiscuous mode [ 214.443718][ T9748] team_slave_1: entered promiscuous mode [ 214.450347][ T9748] batadv1: entered promiscuous mode [ 214.459361][ T9748] vlan2: entered promiscuous mode [ 214.464649][ T9748] vlan0: entered promiscuous mode [ 214.472966][ T9748] bridge0: port 3(team0) entered blocking state [ 214.479514][ T9748] bridge0: port 3(team0) entered forwarding state [ 214.503313][ T9759] syzkaller0: entered promiscuous mode [ 214.515711][ T9759] syzkaller0: entered allmulticast mode [ 214.535283][ T9760] netlink: 'syz.2.1226': attribute type 10 has an invalid length. [ 214.546596][ T9760] team0: left allmulticast mode [ 214.556776][ T9760] team_slave_0: left allmulticast mode [ 214.562588][ T9760] team_slave_1: left allmulticast mode [ 214.573505][ T9760] team0: left promiscuous mode [ 214.584675][ T9760] team_slave_0: left promiscuous mode [ 214.590931][ T9760] team_slave_1: left promiscuous mode [ 214.606169][ T9760] bridge0: port 3(team0) entered disabled state [ 214.608513][ T9770] netlink: 'syz.0.1228': attribute type 1 has an invalid length. [ 214.621052][ T9770] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1228'. [ 214.633680][ T9764] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 214.781356][ T2456] hsr_slave_0: left promiscuous mode [ 214.793503][ T2456] hsr_slave_1: left promiscuous mode [ 214.820919][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.841590][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.851076][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.865552][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.899937][ T2456] veth1_macvtap: left promiscuous mode [ 214.905987][ T2456] veth0_macvtap: left promiscuous mode [ 214.912188][ T2456] veth1_vlan: left promiscuous mode [ 214.918314][ T2456] veth0_vlan: left promiscuous mode [ 215.416763][ T5109] Bluetooth: hci2: command tx timeout [ 215.695528][ T2456] team0 (unregistering): Port device team_slave_1 removed [ 215.752660][ T2456] team0 (unregistering): Port device team_slave_0 removed [ 216.470289][ T9717] chnl_net:caif_netlink_parms(): no params data found [ 216.635906][ T9801] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1240'. [ 216.672679][ T9805] FAULT_INJECTION: forcing a failure. [ 216.672679][ T9805] name failslab, interval 1, probability 0, space 0, times 0 [ 216.685444][ T9805] CPU: 0 PID: 9805 Comm: syz.1.1241 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 216.695557][ T9805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 216.705663][ T9805] Call Trace: [ 216.708989][ T9805] [ 216.711973][ T9805] dump_stack_lvl+0x241/0x360 [ 216.716718][ T9805] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.721987][ T9805] ? __pfx__printk+0x10/0x10 [ 216.726638][ T9805] ? __asan_memset+0x23/0x50 [ 216.731256][ T9805] should_fail_ex+0x3b0/0x4e0 [ 216.735976][ T9805] should_failslab+0x9/0x20 [ 216.740591][ T9805] kmalloc_node_track_caller_noprof+0xda/0x440 [ 216.746774][ T9805] ? nf_ct_ext_add+0x1a2/0x3e0 [ 216.751589][ T9805] krealloc_noprof+0x7d/0x120 [ 216.756290][ T9805] nf_ct_ext_add+0x1a2/0x3e0 [ 216.760907][ T9805] init_conntrack+0x8bf/0x1310 [ 216.765828][ T9805] ? __pfx_init_conntrack+0x10/0x10 [ 216.771174][ T9805] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 216.777176][ T9805] ? __local_bh_enable_ip+0x168/0x200 [ 216.782574][ T9805] nf_conntrack_in+0xd59/0x1880 [ 216.787470][ T9805] ? __pfx_nf_conntrack_in+0x10/0x10 [ 216.792803][ T9805] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 216.798284][ T9805] nf_hook_slow+0xc3/0x220 [ 216.802724][ T9805] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 216.807971][ T9805] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 216.813193][ T9805] NF_HOOK+0x29e/0x450 [ 216.817379][ T9805] ? skb_orphan+0x4b/0xd0 [ 216.821734][ T9805] ? NF_HOOK+0x9a/0x450 [ 216.825907][ T9805] ? __pfx_NF_HOOK+0x10/0x10 [ 216.830522][ T9805] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 216.835748][ T9805] ? __pfx_ipv6_rcv+0x10/0x10 [ 216.840458][ T9805] __netif_receive_skb+0x1ea/0x650 [ 216.845602][ T9805] ? __pfx_lock_acquire+0x10/0x10 [ 216.850647][ T9805] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 216.856925][ T9805] ? __pfx___netif_receive_skb+0x10/0x10 [ 216.862608][ T9805] ? __kasan_slab_alloc+0x66/0x80 [ 216.867662][ T9805] ? read_tsc+0x9/0x20 [ 216.871751][ T9805] ? timekeeping_get_ns+0x2c0/0x420 [ 216.877003][ T9805] ? netif_receive_skb+0x131/0x890 [ 216.882138][ T9805] ? netif_receive_skb+0x131/0x890 [ 216.887274][ T9805] netif_receive_skb+0x1e8/0x890 [ 216.892240][ T9805] ? tun_rx_batched+0x160/0x8f0 [ 216.897152][ T9805] ? __pfx_netif_receive_skb+0x10/0x10 [ 216.902648][ T9805] ? tun_rx_batched+0x160/0x8f0 [ 216.907557][ T9805] tun_rx_batched+0x1b7/0x8f0 [ 216.912257][ T9805] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 216.918607][ T9805] ? __pfx_lock_acquire+0x10/0x10 [ 216.923650][ T9805] ? __pfx_tun_rx_batched+0x10/0x10 [ 216.928980][ T9805] tun_get_user+0x2f35/0x4560 [ 216.933686][ T9805] ? tun_get_user+0x2a2f/0x4560 [ 216.938581][ T9805] ? __pfx_tun_get_user+0x10/0x10 [ 216.943811][ T9805] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 216.949301][ T9805] ? tun_get+0x1e/0x2f0 [ 216.953503][ T9805] ? tun_get+0x1e/0x2f0 [ 216.957685][ T9805] ? tun_get+0x27d/0x2f0 [ 216.961953][ T9805] tun_chr_write_iter+0x113/0x1f0 [ 216.967006][ T9805] vfs_write+0xa72/0xc90 [ 216.971276][ T9805] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 216.976869][ T9805] ? __pfx_vfs_write+0x10/0x10 [ 216.981682][ T9805] ksys_write+0x1a0/0x2c0 [ 216.986040][ T9805] ? __pfx_ksys_write+0x10/0x10 [ 216.990919][ T9805] ? do_syscall_64+0x100/0x230 [ 216.995716][ T9805] ? do_syscall_64+0xb6/0x230 [ 217.000448][ T9805] do_syscall_64+0xf3/0x230 [ 217.004990][ T9805] ? clear_bhb_loop+0x35/0x90 [ 217.009685][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.015626][ T9805] RIP: 0033:0x7f166eb7475f [ 217.020061][ T9805] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 217.039788][ T9805] RSP: 002b:00007f166f899010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 217.048233][ T9805] RAX: ffffffffffffffda RBX: 00007f166ed03f60 RCX: 00007f166eb7475f [ 217.056227][ T9805] RDX: 000000000000004a RSI: 0000000020000080 RDI: 00000000000000c8 [ 217.064247][ T9805] RBP: 00007f166f8990a0 R08: 0000000000000000 R09: 0000000000000000 [ 217.072258][ T9805] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001 [ 217.080256][ T9805] R13: 000000000000000b R14: 00007f166ed03f60 R15: 00007ffeccb81da8 [ 217.088265][ T9805] [ 217.246102][ T9811] netlink: 'syz.0.1242': attribute type 13 has an invalid length. [ 217.254792][ T9811] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1242'. [ 217.278430][ T9820] ax25_connect(): syz.4.1244 uses autobind, please contact jreuter@yaina.de [ 217.287716][ T9811] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (6) [ 217.316745][ T9717] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.341749][ T9717] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.359869][ T9717] bridge_slave_0: entered allmulticast mode [ 217.388358][ T9717] bridge_slave_0: entered promiscuous mode [ 217.450295][ T9717] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.467190][ T9717] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.491319][ T9717] bridge_slave_1: entered allmulticast mode [ 217.497649][ T5109] Bluetooth: hci2: command tx timeout [ 217.507023][ T9717] bridge_slave_1: entered promiscuous mode [ 217.515870][ T9826] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1246'. [ 217.561680][ T9833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1249'. [ 217.600473][ T9833] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1249'. [ 217.673428][ T9717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.715602][ T9717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.812534][ T9717] team0: Port device team_slave_0 added [ 217.862870][ T9717] team0: Port device team_slave_1 added [ 217.981274][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.015977][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.086022][ T9717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.089522][ T9852] netlink: 'syz.0.1257': attribute type 5 has an invalid length. [ 218.115770][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.135040][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.185339][ T9717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.214851][ T9852] macvlan3: entered allmulticast mode [ 218.269006][ T9852] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 218.285057][ T9852] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 218.324275][ T9852] bond0: (slave macvlan3): Enslaving as an active interface with an up link [ 218.360514][ T9861] netlink: 'syz.0.1257': attribute type 8 has an invalid length. [ 218.551034][ T9717] hsr_slave_0: entered promiscuous mode [ 218.570326][ T9717] hsr_slave_1: entered promiscuous mode [ 218.812630][ T9896] IPVS: set_ctl: invalid protocol: 115 255.255.255.255:20001 [ 218.824221][ T9898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1273'. [ 218.910497][ T9902] netlink: del zone limit has 8 unknown bytes [ 218.945482][ T9905] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1276'. [ 219.097510][ T9909] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1279'. [ 219.116752][ T9913] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1278'. [ 219.221434][ T9912] hsr0: entered promiscuous mode [ 219.284145][ T9909] Κό: entered promiscuous mode [ 219.430394][ T9926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1286'. [ 219.471766][ T9926] Κό: entered promiscuous mode [ 219.478243][ T9927] netlink: 'syz.2.1283': attribute type 4 has an invalid length. [ 219.576636][ T5109] Bluetooth: hci2: command tx timeout [ 219.623283][ T9936] netlink: 'syz.2.1289': attribute type 1 has an invalid length. [ 219.631199][ T9936] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1289'. [ 219.875069][ T9717] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 219.919109][ T9717] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 219.949824][ T9717] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 219.976303][ T9717] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 220.002960][ T9960] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1295'. [ 220.086616][ T9962] netlink: 'syz.2.1297': attribute type 20 has an invalid length. [ 220.321868][ T9973] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1299'. [ 220.348686][ T9717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.357000][ T9973] set match dimension is over the limit! [ 220.449625][ T9717] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.508458][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.515777][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.567187][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.574480][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.615956][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1306'. [ 220.633742][ T9987] macvlan4: entered promiscuous mode [ 220.647405][ T9987] macvlan4: entered allmulticast mode [ 220.654882][ T9987] syz_tun: entered allmulticast mode [ 220.782066][ T9717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.831813][ T9996] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1310'. [ 221.198617][ T9717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.364455][ T9717] veth0_vlan: entered promiscuous mode [ 221.404597][ T9717] veth1_vlan: entered promiscuous mode [ 221.503699][ T9717] veth0_macvtap: entered promiscuous mode [ 221.530356][ T9717] veth1_macvtap: entered promiscuous mode [ 221.629914][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.651760][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.656694][ T5109] Bluetooth: hci2: command tx timeout [ 221.666180][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.694095][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.716447][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.734508][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.783273][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.817056][T10032] pim6reg1: entered promiscuous mode [ 221.832762][T10032] pim6reg1: entered allmulticast mode [ 221.870263][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.889766][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.903554][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.920356][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.934811][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.949587][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.964025][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.976916][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.992691][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.091649][ T9717] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.102512][ T9717] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.112130][ T9717] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.129954][ T9717] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.372714][ T2893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.413572][ T2893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.480132][T10051] netlink: 'syz.0.1329': attribute type 10 has an invalid length. [ 222.499800][T10051] bridge0: port 4(dummy0) entered blocking state [ 222.515271][T10051] bridge0: port 4(dummy0) entered disabled state [ 222.522568][T10051] dummy0: entered allmulticast mode [ 222.549180][T10051] dummy0: entered promiscuous mode [ 222.555380][T10051] bridge0: port 4(dummy0) entered blocking state [ 222.561999][T10051] bridge0: port 4(dummy0) entered forwarding state [ 222.579325][ T2456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.604197][ T2456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.033477][T10078] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 223.056613][T10078] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 223.074651][T10078] netlink: 'syz.1.1338': attribute type 10 has an invalid length. [ 223.084046][T10078] team0: left allmulticast mode [ 223.089774][T10078] team_slave_0: left allmulticast mode [ 223.095506][T10078] team_slave_1: left allmulticast mode [ 223.102557][T10078] bridge0: port 3(team0) entered disabled state [ 223.218095][T10085] netlink: zone id is out of range [ 223.223642][T10085] netlink: zone id is out of range [ 223.233838][T10085] FAULT_INJECTION: forcing a failure. [ 223.233838][T10085] name failslab, interval 1, probability 0, space 0, times 0 [ 223.247003][T10085] CPU: 1 PID: 10085 Comm: syz.0.1342 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 223.257331][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 223.267572][T10085] Call Trace: [ 223.270906][T10085] [ 223.273879][T10085] dump_stack_lvl+0x241/0x360 [ 223.278613][T10085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.283928][T10085] ? __pfx__printk+0x10/0x10 [ 223.288604][T10085] ? __pfx___might_resched+0x10/0x10 [ 223.293957][T10085] should_fail_ex+0x3b0/0x4e0 [ 223.298710][T10085] ? ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 223.304151][T10085] should_failslab+0x9/0x20 [ 223.308729][T10085] kmalloc_trace_noprof+0x6c/0x2c0 [ 223.313915][T10085] ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 223.319159][T10085] genl_rcv_msg+0xb14/0xec0 [ 223.323767][T10085] ? mark_lock+0x9a/0x350 [ 223.328258][T10085] ? __pfx_genl_rcv_msg+0x10/0x10 [ 223.333327][T10085] ? __pfx_lock_acquire+0x10/0x10 [ 223.338374][T10085] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 223.344121][T10085] ? __pfx___might_resched+0x10/0x10 [ 223.349439][T10085] netlink_rcv_skb+0x1e3/0x430 [ 223.354321][T10085] ? __pfx_genl_rcv_msg+0x10/0x10 [ 223.359377][T10085] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 223.364705][T10085] ? __netlink_deliver_tap+0x77e/0x7c0 [ 223.370204][T10085] genl_rcv+0x28/0x40 [ 223.374226][T10085] netlink_unicast+0x7ea/0x980 [ 223.379111][T10085] ? __pfx_netlink_unicast+0x10/0x10 [ 223.384416][T10085] ? __virt_addr_valid+0x183/0x530 [ 223.389611][T10085] ? __check_object_size+0x49c/0x900 [ 223.394935][T10085] ? bpf_lsm_netlink_send+0x9/0x10 [ 223.400074][T10085] netlink_sendmsg+0x8db/0xcb0 [ 223.404891][T10085] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.410256][T10085] ? __import_iovec+0x536/0x820 [ 223.415591][T10085] ? aa_sock_msg_perm+0x91/0x160 [ 223.420582][T10085] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 223.425886][T10085] ? security_socket_sendmsg+0x87/0xb0 [ 223.431368][T10085] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.436679][T10085] __sock_sendmsg+0x221/0x270 [ 223.441378][T10085] ____sys_sendmsg+0x525/0x7d0 [ 223.446174][T10085] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.451581][T10085] __sys_sendmsg+0x2b0/0x3a0 [ 223.456193][T10085] ? __pfx___sys_sendmsg+0x10/0x10 [ 223.461357][T10085] ? vfs_write+0x7c4/0xc90 [ 223.465849][T10085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.472301][T10085] ? do_syscall_64+0x100/0x230 [ 223.477098][T10085] ? do_syscall_64+0xb6/0x230 [ 223.481889][T10085] do_syscall_64+0xf3/0x230 [ 223.486423][T10085] ? clear_bhb_loop+0x35/0x90 [ 223.491119][T10085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.497036][T10085] RIP: 0033:0x7f49ae175bd9 [ 223.501466][T10085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.521182][T10085] RSP: 002b:00007f49af01e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.529639][T10085] RAX: ffffffffffffffda RBX: 00007f49ae303f60 RCX: 00007f49ae175bd9 [ 223.537803][T10085] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 223.545811][T10085] RBP: 00007f49af01e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 223.553797][T10085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 223.561869][T10085] R13: 000000000000000b R14: 00007f49ae303f60 R15: 00007ffce8f2c6f8 [ 223.569962][T10085] [ 223.734755][T10090] netlink: 'syz.4.1343': attribute type 7 has an invalid length. [ 223.751791][T10092] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 224.212039][T10114] __nla_validate_parse: 8 callbacks suppressed [ 224.212061][T10114] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1354'. [ 224.235705][T10112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'. [ 224.289444][T10116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1355'. [ 224.474082][T10129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1359'. [ 224.662976][T10146] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1364'. [ 224.677536][T10145] FAULT_INJECTION: forcing a failure. [ 224.677536][T10145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.725833][T10145] CPU: 1 PID: 10145 Comm: syz.2.1365 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 224.736430][T10145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 224.746533][T10145] Call Trace: [ 224.749849][T10145] [ 224.752818][T10145] dump_stack_lvl+0x241/0x360 [ 224.757566][T10145] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.762832][T10145] ? __pfx__printk+0x10/0x10 [ 224.767493][T10145] ? snprintf+0xda/0x120 [ 224.771802][T10145] should_fail_ex+0x3b0/0x4e0 [ 224.776640][T10145] _copy_to_user+0x2f/0xb0 [ 224.781121][T10145] simple_read_from_buffer+0xca/0x150 [ 224.786599][T10145] proc_fail_nth_read+0x1e9/0x250 [ 224.791693][T10145] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 224.797314][T10145] ? rw_verify_area+0x520/0x6b0 [ 224.802230][T10145] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 224.807835][T10145] vfs_read+0x204/0xbc0 [ 224.812046][T10145] ? __pfx_lock_release+0x10/0x10 [ 224.817139][T10145] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 224.822840][T10145] ? __pfx_vfs_read+0x10/0x10 [ 224.827576][T10145] ? __fget_files+0x29/0x470 [ 224.832238][T10145] ? __fget_files+0x3f6/0x470 [ 224.836995][T10145] ksys_read+0x1a0/0x2c0 [ 224.841294][T10145] ? __pfx_ksys_read+0x10/0x10 [ 224.846090][T10145] ? do_syscall_64+0x100/0x230 [ 224.850890][T10145] ? do_syscall_64+0xb6/0x230 [ 224.855615][T10145] do_syscall_64+0xf3/0x230 [ 224.860172][T10145] ? clear_bhb_loop+0x35/0x90 [ 224.864876][T10145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.870823][T10145] RIP: 0033:0x7f2cfc5746bc [ 224.875254][T10145] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 224.894888][T10145] RSP: 002b:00007f2cfd380040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 224.903419][T10145] RAX: ffffffffffffffda RBX: 00007f2cfc703f60 RCX: 00007f2cfc5746bc [ 224.911408][T10145] RDX: 000000000000000f RSI: 00007f2cfd3800b0 RDI: 0000000000000004 [ 224.919403][T10145] RBP: 00007f2cfd3800a0 R08: 0000000000000000 R09: 0000000000000000 [ 224.927395][T10145] R10: 000000000000004a R11: 0000000000000246 R12: 0000000000000001 [ 224.935391][T10145] R13: 000000000000000b R14: 00007f2cfc703f60 R15: 00007ffe5e733728 [ 224.943408][T10145] [ 225.017815][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1368'. [ 225.030331][T10153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1368'. [ 225.335698][T10170] pimreg: entered allmulticast mode [ 225.413941][T10171] trusted_key: syz.0.1373 sent an empty control message without MSG_MORE. [ 225.747004][T10193] netlink: 'syz.2.1382': attribute type 4 has an invalid length. [ 225.841796][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.932747][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.115758][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.176163][T10219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1389'. [ 227.189702][T10219] netlink: 'syz.0.1389': attribute type 1 has an invalid length. [ 227.213203][T10219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1389'. [ 227.226082][T10219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1389'. [ 227.247931][ T5101] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 227.279175][ T5101] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 227.294834][ T5101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 227.301087][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.326826][ T5101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 227.326938][T10224] netlink: 'syz.2.1392': attribute type 4 has an invalid length. [ 227.343461][ T5101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 227.353817][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 227.690699][ T51] bridge_slave_1: left allmulticast mode [ 227.712379][ T51] bridge_slave_1: left promiscuous mode [ 227.743389][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.769844][ T51] bridge_slave_0: left allmulticast mode [ 227.775928][ T51] bridge_slave_0: left promiscuous mode [ 227.783626][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.320663][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.335290][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.352689][ T51] bond0 (unregistering): Released all slaves [ 228.384352][T10222] chnl_net:caif_netlink_parms(): no params data found [ 228.743525][T10265] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 228.753449][T10265] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 228.762690][T10265] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 228.771925][T10265] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 228.827740][T10222] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.835985][T10222] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.864779][T10222] bridge_slave_0: entered allmulticast mode [ 228.876196][T10222] bridge_slave_0: entered promiscuous mode [ 228.962024][T10222] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.971764][T10222] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.986311][T10222] bridge_slave_1: entered allmulticast mode [ 228.994279][T10222] bridge_slave_1: entered promiscuous mode [ 229.022532][T10274] tap0: tun_chr_ioctl cmd 1074025677 [ 229.031580][T10274] tap0: linktype set to 65534 [ 229.098220][T10222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 229.151276][ T51] hsr_slave_0: left promiscuous mode [ 229.164799][ T51] hsr_slave_1: left promiscuous mode [ 229.176348][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.193819][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.202892][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.211217][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.238278][ T51] veth1_macvtap: left promiscuous mode [ 229.245025][ T51] veth0_macvtap: left promiscuous mode [ 229.252041][ T51] veth1_vlan: left promiscuous mode [ 229.257669][ T51] veth0_vlan: left promiscuous mode [ 229.427167][ T5101] Bluetooth: hci2: command tx timeout [ 229.980408][ T51] team0 (unregistering): Port device team_slave_1 removed [ 230.054616][ T51] team0 (unregistering): Port device team_slave_0 removed [ 230.623922][T10222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 230.734951][T10222] team0: Port device team_slave_0 added [ 230.748783][T10222] team0: Port device team_slave_1 added [ 230.819991][T10293] __nla_validate_parse: 5 callbacks suppressed [ 230.820015][T10293] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1413'. [ 230.863709][T10295] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1414'. [ 230.876357][T10222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 230.884578][T10222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 230.924241][T10222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 230.970344][T10222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 230.977471][T10222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.013705][T10222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.172208][T10222] hsr_slave_0: entered promiscuous mode [ 231.193960][T10222] hsr_slave_1: entered promiscuous mode [ 231.272039][T10302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1418'. [ 231.298350][T10302] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.1418'. [ 231.309476][T10303] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1417'. [ 231.319259][T10302] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1418'. [ 231.350659][T10302] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.1418'. [ 231.496926][ T5101] Bluetooth: hci2: command tx timeout [ 232.256801][T10222] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 232.288143][T10222] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 232.322164][T10222] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 232.372796][T10222] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 232.449465][T10355] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1438'. [ 232.619963][T10222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.650449][T10359] netlink: 'syz.2.1440': attribute type 11 has an invalid length. [ 232.659857][T10359] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1440'. [ 232.669645][T10366] netlink: 'syz.2.1440': attribute type 11 has an invalid length. [ 232.679124][T10366] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1440'. [ 232.714099][T10222] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.748746][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.756218][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.820978][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.828244][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.999825][T10378] netlink: 'syz.1.1448': attribute type 4 has an invalid length. [ 233.527270][T10222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.577368][ T5101] Bluetooth: hci2: command tx timeout [ 233.641253][T10222] veth0_vlan: entered promiscuous mode [ 233.678049][T10222] veth1_vlan: entered promiscuous mode [ 233.752968][T10222] veth0_macvtap: entered promiscuous mode [ 233.764367][T10222] veth1_macvtap: entered promiscuous mode [ 233.787450][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.799992][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.810062][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.821238][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.831287][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.842039][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.861459][T10222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.873197][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.884493][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.894920][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.915961][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.926042][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.936853][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.954971][T10222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.965739][T10222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.978330][T10222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.001778][T10222] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.013655][T10222] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.029334][T10222] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.038699][T10222] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.043640][T10425] netlink: 'syz.2.1464': attribute type 16 has an invalid length. [ 234.221410][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.246862][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.308140][ T2456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.316054][ T2456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.452724][T10435] netlink: zone id is out of range [ 234.465540][T10435] netlink: zone id is out of range [ 234.500560][T10435] FAULT_INJECTION: forcing a failure. [ 234.500560][T10435] name failslab, interval 1, probability 0, space 0, times 0 [ 234.521087][T10435] CPU: 0 PID: 10435 Comm: syz.1.1468 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 234.531445][T10435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 234.541587][T10435] Call Trace: [ 234.544925][T10435] [ 234.547903][T10435] dump_stack_lvl+0x241/0x360 [ 234.552669][T10435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.557944][T10435] ? __pfx__printk+0x10/0x10 [ 234.562604][T10435] ? __pfx___might_resched+0x10/0x10 [ 234.567962][T10435] should_fail_ex+0x3b0/0x4e0 [ 234.572713][T10435] ? ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 234.578157][T10435] should_failslab+0x9/0x20 [ 234.582740][T10435] kmalloc_trace_noprof+0x6c/0x2c0 [ 234.587929][T10435] ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 234.593202][T10435] genl_rcv_msg+0xb14/0xec0 [ 234.597738][T10435] ? mark_lock+0x9a/0x350 [ 234.602106][T10435] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.607174][T10435] ? __pfx_lock_acquire+0x10/0x10 [ 234.612212][T10435] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 234.618040][T10435] ? __pfx___might_resched+0x10/0x10 [ 234.623376][T10435] netlink_rcv_skb+0x1e3/0x430 [ 234.628178][T10435] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.633235][T10435] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 234.638950][T10435] ? __netlink_deliver_tap+0x77e/0x7c0 [ 234.644841][T10435] genl_rcv+0x28/0x40 [ 234.648880][T10435] netlink_unicast+0x7ea/0x980 [ 234.653880][T10435] ? __pfx_netlink_unicast+0x10/0x10 [ 234.660033][T10435] ? __virt_addr_valid+0x183/0x530 [ 234.665187][T10435] ? __check_object_size+0x49c/0x900 [ 234.670607][T10435] ? bpf_lsm_netlink_send+0x9/0x10 [ 234.675893][T10435] netlink_sendmsg+0x8db/0xcb0 [ 234.681316][T10435] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.687195][T10435] ? __import_iovec+0x536/0x820 [ 234.694325][T10435] ? aa_sock_msg_perm+0x91/0x160 [ 234.699656][T10435] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 234.705166][T10435] ? security_socket_sendmsg+0x87/0xb0 [ 234.710881][T10435] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.716811][T10435] __sock_sendmsg+0x221/0x270 [ 234.721527][T10435] ____sys_sendmsg+0x525/0x7d0 [ 234.726415][T10435] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.731862][T10435] __sys_sendmsg+0x2b0/0x3a0 [ 234.736487][T10435] ? __pfx___sys_sendmsg+0x10/0x10 [ 234.741743][T10435] ? vfs_write+0x7c4/0xc90 [ 234.746238][T10435] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 234.752611][T10435] ? do_syscall_64+0x100/0x230 [ 234.757564][T10435] ? do_syscall_64+0xb6/0x230 [ 234.762292][T10435] do_syscall_64+0xf3/0x230 [ 234.766916][T10435] ? clear_bhb_loop+0x35/0x90 [ 234.771615][T10435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.777652][T10435] RIP: 0033:0x7f166eb75bd9 [ 234.782120][T10435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.801841][T10435] RSP: 002b:00007f166f899048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 234.810280][T10435] RAX: ffffffffffffffda RBX: 00007f166ed03f60 RCX: 00007f166eb75bd9 [ 234.818870][T10435] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 234.826981][T10435] RBP: 00007f166f8990a0 R08: 0000000000000000 R09: 0000000000000000 [ 234.834972][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 234.842964][T10435] R13: 000000000000000b R14: 00007f166ed03f60 R15: 00007ffeccb81da8 [ 234.850992][T10435] [ 234.897967][T10441] tipc: Started in network mode [ 234.904002][T10441] tipc: Node identity 2d60000000004c3a0000400000000001, cluster identity 4711 [ 234.918589][T10441] tipc: Enabling of bearer rejected, failed to enable media [ 235.084096][T10452] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 235.285260][T10462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.928975][T10482] netlink: 'syz.2.1488': attribute type 1 has an invalid length. [ 235.956975][T10482] __nla_validate_parse: 6 callbacks suppressed [ 235.956999][T10482] netlink: 9344 bytes leftover after parsing attributes in process `syz.2.1488'. [ 235.993593][T10482] netlink: 'syz.2.1488': attribute type 1 has an invalid length. [ 236.002884][T10484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 236.051638][T10488] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1490'. [ 236.051900][ T5109] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 236.072616][ T5109] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 236.081424][ T5109] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 236.096967][ T5109] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 236.107108][ T5109] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 236.114721][ T5109] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 236.583293][T10489] chnl_net:caif_netlink_parms(): no params data found [ 236.712460][T10515] geneve2: entered promiscuous mode [ 236.719282][T10515] geneve2: entered allmulticast mode [ 236.910982][T10489] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.918777][T10489] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.931115][T10489] bridge_slave_0: entered allmulticast mode [ 236.942330][T10489] bridge_slave_0: entered promiscuous mode [ 236.952133][T10489] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.963601][T10489] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.968742][T10529] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1503'. [ 236.971132][T10489] bridge_slave_1: entered allmulticast mode [ 236.989144][T10489] bridge_slave_1: entered promiscuous mode [ 237.021276][T10533] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1503'. [ 237.061837][T10529] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1503'. [ 237.078297][T10489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.104514][T10489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.243671][T10489] team0: Port device team_slave_0 added [ 237.375435][ T7798] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.453522][T10489] team0: Port device team_slave_1 added [ 237.512229][T10489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.520568][T10489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.548365][T10489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.561691][T10489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.571093][T10489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.597861][T10489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.651472][T10489] hsr_slave_0: entered promiscuous mode [ 237.658722][T10489] hsr_slave_1: entered promiscuous mode [ 237.665554][T10489] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 237.674446][T10489] Cannot create hsr debugfs directory [ 237.849638][T10489] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.942777][T10489] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.023676][T10489] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.097444][T10489] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.227485][ T5109] Bluetooth: hci2: command tx timeout [ 238.240386][T10489] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 238.250889][T10489] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 238.262908][T10489] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 238.274406][T10489] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 238.445146][T10489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.460397][T10547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1507'. [ 238.563135][T10489] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.606924][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.614550][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.688686][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.696118][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.056704][ T5101] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 239.070542][ T5101] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 239.091534][ T5101] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 239.117231][T10575] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1516'. [ 239.128025][ T5101] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 239.139571][ T5101] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 239.147517][ T5101] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 239.265566][T10580] netlink: 'syz.1.1520': attribute type 4 has an invalid length. [ 239.310424][ T7798] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.328604][T10584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1521'. [ 239.344048][T10584] netlink: 'syz.1.1521': attribute type 1 has an invalid length. [ 239.352690][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1519'. [ 239.452687][ T7798] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.528445][T10587] openvswitch: Κό: Dropping previously announced user features [ 239.760292][ T7798] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.179004][T10611] netlink: 'syz.2.1530': attribute type 1 has an invalid length. [ 240.217162][T10611] nbd: couldn't find a device at index 6488084 [ 240.231511][T10489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.290783][T10616] pimreg12: entered allmulticast mode [ 240.307423][ T5101] Bluetooth: hci2: command tx timeout [ 240.735280][ T7798] bridge_slave_1: left allmulticast mode [ 240.743567][ T7798] bridge_slave_1: left promiscuous mode [ 240.756835][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.806602][ T7798] bridge_slave_0: left allmulticast mode [ 240.812341][ T7798] bridge_slave_0: left promiscuous mode [ 240.825175][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.267175][ T5109] Bluetooth: hci5: command tx timeout [ 241.336325][ T7798] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.352948][ T7798] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.369447][ T7798] bond0 (unregistering): Released all slaves [ 241.492275][T10569] chnl_net:caif_netlink_parms(): no params data found [ 241.772812][T10665] __nla_validate_parse: 4 callbacks suppressed [ 241.772839][T10665] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1546'. [ 241.832804][T10667] netlink: 'syz.2.1545': attribute type 20 has an invalid length. [ 241.886002][T10674] netlink: 'syz.0.1548': attribute type 3 has an invalid length. [ 241.911726][T10674] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1548'. [ 242.018527][T10569] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.027782][T10569] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.035095][T10569] bridge_slave_0: entered allmulticast mode [ 242.043828][T10569] bridge_slave_0: entered promiscuous mode [ 242.058036][T10569] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.092340][T10569] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.106879][T10569] bridge_slave_1: entered allmulticast mode [ 242.114695][T10569] bridge_slave_1: entered promiscuous mode [ 242.253895][ T7798] hsr_slave_0: left promiscuous mode [ 242.269612][ T7798] hsr_slave_1: left promiscuous mode [ 242.278647][ T7798] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.286333][ T7798] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.307652][ T7798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.315390][ T7798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.375802][ T7798] veth1_macvtap: left promiscuous mode [ 242.384164][ T5109] Bluetooth: hci2: command tx timeout [ 242.396595][ T7798] veth0_macvtap: left promiscuous mode [ 242.402353][ T7798] veth1_vlan: left promiscuous mode [ 242.408121][ T7798] veth0_vlan: left promiscuous mode [ 242.492670][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1555'. [ 242.511969][T10693] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1555'. [ 243.095788][ T7798] team0 (unregistering): Port device team_slave_1 removed [ 243.155997][ T7798] team0 (unregistering): Port device team_slave_0 removed [ 243.346876][ T5109] Bluetooth: hci5: command 0x041b tx timeout [ 243.752747][T10569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.778918][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1555'. [ 243.824807][T10569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.873683][T10696] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1556'. [ 243.950108][T10489] veth0_vlan: entered promiscuous mode [ 243.991277][T10701] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1558'. [ 244.056252][T10569] team0: Port device team_slave_0 added [ 244.110169][T10569] team0: Port device team_slave_1 added [ 244.230104][T10569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.242024][T10712] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1562'. [ 244.256829][T10569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.286849][T10569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.300047][T10709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1561'. [ 244.328388][T10569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.335504][T10569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.385082][T10569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.428366][T10489] veth1_vlan: entered promiscuous mode [ 244.472890][ T5101] Bluetooth: hci2: command tx timeout [ 244.571796][T10569] hsr_slave_0: entered promiscuous mode [ 244.597445][T10569] hsr_slave_1: entered promiscuous mode [ 244.701596][T10719] netlink: 'syz.0.1565': attribute type 9 has an invalid length. [ 244.726972][T10719] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1565'. [ 244.780263][T10717] netlink: 'syz.2.1563': attribute type 25 has an invalid length. [ 244.828478][T10489] veth0_macvtap: entered promiscuous mode [ 244.898766][T10489] veth1_macvtap: entered promiscuous mode [ 244.997497][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.009926][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.045882][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.056932][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.068176][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.080708][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.108308][T10489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.150896][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.177967][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.206775][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.223341][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.234025][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.245456][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.255785][T10489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.272321][T10489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.299709][T10489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.417932][ T5101] Bluetooth: hci5: command 0x041b tx timeout [ 245.478954][T10489] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.501342][T10489] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.518316][T10489] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.526161][T10748] netlink: 'syz.1.1577': attribute type 4 has an invalid length. [ 245.538843][T10489] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.563420][T10738] netlink: 'syz.0.1573': attribute type 10 has an invalid length. [ 245.577871][T10738] team0: Device ipvlan1 is up. Set it down before adding it as a team port [ 246.027008][ T2853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.052516][ T2853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.166795][ T2853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.174696][ T2853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.505477][T10569] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 246.554077][T10569] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 246.593311][T10569] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 246.635256][T10569] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 246.907499][T10806] __nla_validate_parse: 4 callbacks suppressed [ 246.907523][T10806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1594'. [ 246.946669][T10806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1594'. [ 246.960890][T10806] netlink: 'syz.0.1594': attribute type 3 has an invalid length. [ 247.156072][T10569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.199449][T10815] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1599'. [ 247.281114][T10569] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.377366][T10827] tipc: Enabling of bearer rejected, failed to enable media [ 247.396221][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.403921][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.479548][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.487161][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.506500][ T5101] Bluetooth: hci5: command 0x041b tx timeout [ 247.582368][T10569] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 247.607878][T10830] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1604'. [ 247.654946][T10835] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1605'. [ 247.682526][T10835] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 248.083065][T10857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1610'. [ 248.173223][T10864] macvlan5: entered promiscuous mode [ 248.199870][T10864] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 248.230404][T10864] macvlan5: entered allmulticast mode [ 248.245883][T10864] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 248.255560][T10864] team0: Port device macvlan5 added [ 248.345750][T10569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.376312][T10871] netlink: 'syz.2.1615': attribute type 1 has an invalid length. [ 248.542449][T10569] veth0_vlan: entered promiscuous mode [ 248.593786][T10569] veth1_vlan: entered promiscuous mode [ 248.667408][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1617'. [ 248.820852][T10569] veth0_macvtap: entered promiscuous mode [ 248.830787][T10887] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1620'. [ 248.885553][T10569] veth1_macvtap: entered promiscuous mode [ 248.975917][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.020005][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.045997][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.072665][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.095736][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.121568][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.136316][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 249.161275][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.174858][T10569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.245975][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.290229][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.313233][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.335195][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.361684][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.376117][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.395861][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.416054][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.434103][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 249.444829][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.458786][T10569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.491051][T10569] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.521388][T10569] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.542975][T10569] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.586454][ T5101] Bluetooth: hci5: command 0x041b tx timeout [ 249.601317][T10569] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.771128][T10924] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1633'. [ 249.903722][ T7798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.914990][ T7798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.005424][ T7798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.046728][ T7798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.054965][T10933] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1638'. [ 250.246018][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.246018][T10940] Use struct sctp_sack_info instead [ 250.300933][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.300933][T10940] Use struct sctp_sack_info instead [ 250.325296][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.325296][T10940] Use struct sctp_sack_info instead [ 250.356301][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.356301][T10940] Use struct sctp_sack_info instead [ 250.379497][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.379497][T10940] Use struct sctp_sack_info instead [ 250.403797][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.403797][T10940] Use struct sctp_sack_info instead [ 250.421080][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.421080][T10940] Use struct sctp_sack_info instead [ 250.470267][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.470267][T10940] Use struct sctp_sack_info instead [ 250.545341][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.545341][T10940] Use struct sctp_sack_info instead [ 250.584317][T10940] sctp: [Deprecated]: syz.0.1640 (pid 10940) Use of struct sctp_assoc_value in delayed_ack socket option. [ 250.584317][T10940] Use struct sctp_sack_info instead [ 251.127578][T10977] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 251.755360][T11016] netlink: 'syz.4.1668': attribute type 4 has an invalid length. [ 251.846046][T11019] netlink: 'syz.2.1669': attribute type 8 has an invalid length. [ 251.887563][T11023] netlink: 'syz.4.1671': attribute type 1 has an invalid length. [ 251.947890][T11025] __nla_validate_parse: 10 callbacks suppressed [ 251.947916][T11025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1672'. [ 252.019667][T11030] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1674'. [ 252.118214][T11032] xt_TCPMSS: Only works on TCP SYN packets [ 252.139514][T11032] netlink: 'syz.4.1675': attribute type 6 has an invalid length. [ 252.154540][T11032] netlink: 'syz.4.1675': attribute type 1 has an invalid length. [ 252.167669][T11032] netlink: 181400 bytes leftover after parsing attributes in process `syz.4.1675'. [ 252.202253][T11036] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1676'. [ 252.241254][T11038] IPVS: set_ctl: invalid protocol: 59 224.0.0.1:20004 [ 252.374424][ T954] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.435326][T11036] openvswitch: Κό: Dropping previously announced user features [ 252.905180][ T954] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.977901][ T954] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.032119][ T954] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.154074][ T954] bridge_slave_1: left allmulticast mode [ 253.159995][ T954] bridge_slave_1: left promiscuous mode [ 253.165793][ T954] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.175624][ T954] bridge_slave_0: left allmulticast mode [ 253.182571][ T954] bridge_slave_0: left promiscuous mode [ 253.189763][ T954] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.814964][ T954] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.864177][ T954] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.892004][ T954] bond0 (unregistering): Released all slaves [ 254.267974][ T5109] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 254.279151][ T5109] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 254.287879][ T5109] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 254.296319][ T5109] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 254.305100][ T5109] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 254.312894][ T5109] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 254.889298][T11098] netlink: 'syz.2.1694': attribute type 20 has an invalid length. [ 255.129168][ T954] hsr_slave_0: left promiscuous mode [ 255.135543][ T954] hsr_slave_1: left promiscuous mode [ 255.152911][ T954] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.175633][ T954] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.189120][T11109] xt_CT: You must specify a L4 protocol and not use inversions on it [ 255.198940][ T954] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.209318][ T954] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.243024][ T954] veth1_macvtap: left promiscuous mode [ 255.248954][ T954] veth0_macvtap: left promiscuous mode [ 255.255206][ T954] veth1_vlan: left promiscuous mode [ 255.266992][ T954] veth0_vlan: left promiscuous mode [ 255.952756][ T954] team0 (unregistering): Port device team_slave_1 removed [ 256.010603][ T954] team0 (unregistering): Port device team_slave_0 removed [ 256.380025][ T5109] Bluetooth: hci5: command tx timeout [ 256.616153][T11105] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1697'. [ 256.637556][T11111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1699'. [ 256.676553][T11109] netlink: 'syz.2.1697': attribute type 27 has an invalid length. [ 256.715908][T11109] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1697'. [ 256.871515][T11061] chnl_net:caif_netlink_parms(): no params data found [ 257.383861][T11061] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.424619][T11061] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.436188][T11061] bridge_slave_0: entered allmulticast mode [ 257.453619][T11061] bridge_slave_0: entered promiscuous mode [ 257.470154][T11061] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.511467][T11061] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.536113][T11061] bridge_slave_1: entered allmulticast mode [ 257.547680][T11061] bridge_slave_1: entered promiscuous mode [ 257.572059][T11158] netlink: 'syz.0.1718': attribute type 4 has an invalid length. [ 257.728488][T11061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.793030][T11061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.826835][T11160] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1720'. [ 257.992867][T11061] team0: Port device team_slave_0 added [ 258.024430][T11180] netlink: 'syz.2.1725': attribute type 21 has an invalid length. [ 258.045140][T11180] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.1725'. [ 258.074034][T11061] team0: Port device team_slave_1 added [ 258.206329][T11061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.216591][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.266747][T11061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.309917][T11197] veth1_virt_wifi: entered promiscuous mode [ 258.319547][T11197] veth1_virt_wifi: left promiscuous mode [ 258.358475][T11061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.366229][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.400394][T11061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.456907][ T5109] Bluetooth: hci5: command tx timeout [ 258.633313][T11061] hsr_slave_0: entered promiscuous mode [ 258.661113][T11061] hsr_slave_1: entered promiscuous mode [ 258.712002][T11220] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1738'. [ 258.782489][T11218] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 259.210955][T11236] tipc: Enabling of bearer rejected, failed to enable media [ 259.514213][T11247] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (48) [ 259.639180][T11249] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1749'. [ 259.682969][T11249] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 259.699558][T11253] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1751'. [ 260.178945][T11061] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 260.196185][T11280] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1759'. [ 260.217948][T11061] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 260.240468][T11061] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 260.285350][T11061] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 260.529292][T11292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1765'. [ 260.538682][ T5109] Bluetooth: hci5: command tx timeout [ 260.595994][T11292] netlink: 'syz.4.1765': attribute type 10 has an invalid length. [ 260.653382][T11292] team0: Port device netdevsim0 added [ 260.675348][T11295] netlink: 'syz.4.1765': attribute type 10 has an invalid length. [ 260.745720][T11295] team0: Port device netdevsim0 removed [ 260.766132][T11295] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 260.777887][T11302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1769'. [ 260.962128][T11061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.105157][T11309] netlink: 'syz.4.1771': attribute type 10 has an invalid length. [ 261.114636][T11316] netlink: 'syz.4.1771': attribute type 10 has an invalid length. [ 261.131118][T11316] bridge0: port 3(team0) entered blocking state [ 261.142154][T11316] bridge0: port 3(team0) entered disabled state [ 261.153826][T11316] team0: entered allmulticast mode [ 261.165498][T11316] team_slave_0: entered allmulticast mode [ 261.181978][T11316] team_slave_1: entered allmulticast mode [ 261.195946][T11316] team0: entered promiscuous mode [ 261.201833][T11316] team_slave_0: entered promiscuous mode [ 261.222012][T11316] team_slave_1: entered promiscuous mode [ 261.229087][T11316] bridge0: port 3(team0) entered blocking state [ 261.235545][T11316] bridge0: port 3(team0) entered forwarding state [ 261.313022][T11061] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.339307][T11325] netlink: 'syz.1.1774': attribute type 10 has an invalid length. [ 261.443941][T11325] team0: Device veth1_vlan failed to register rx_handler [ 261.548374][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.555663][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.611434][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.618993][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.160473][T11361] netlink: 'syz.0.1789': attribute type 1 has an invalid length. [ 262.189274][T11361] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 262.345584][T11061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 262.467795][T11382] netlink: 'syz.4.1794': attribute type 3 has an invalid length. [ 262.494316][T11382] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.1794'. [ 262.578982][T11061] veth0_vlan: entered promiscuous mode [ 262.615678][T11389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1795'. [ 262.617650][ T5101] Bluetooth: hci5: command tx timeout [ 262.656995][T11061] veth1_vlan: entered promiscuous mode [ 262.703981][T11389] dvmrp1: left allmulticast mode [ 262.710012][T11389] pimreg: left allmulticast mode [ 262.805502][T11061] veth0_macvtap: entered promiscuous mode [ 262.823998][T11061] veth1_macvtap: entered promiscuous mode [ 262.901694][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.928115][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.940024][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.951542][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.962305][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.973841][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.030947][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.066907][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.104566][T11061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.128699][T11409] netlink: 'syz.1.1798': attribute type 10 has an invalid length. [ 263.146142][T11412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1801'. [ 263.159756][T11409] team0: Device veth1_vlan failed to register rx_handler [ 263.167770][T11412] netlink: 'syz.2.1801': attribute type 1 has an invalid length. [ 263.175560][T11412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1801'. [ 263.187114][T11412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1801'. [ 263.262868][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.303120][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.323495][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.335208][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.360429][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.404827][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.425706][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.446035][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.456296][T11061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.470156][T11061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.501675][T11061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.551336][T11061] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.561495][T11061] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.588070][T11061] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.606560][T11061] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.720274][T11428] netlink: 368 bytes leftover after parsing attributes in process `syz.2.1806'. [ 263.769906][T11434] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1808'. [ 263.779617][T11434] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1808'. [ 263.942253][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.976683][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.075867][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.102119][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.265608][T11458] xt_NFQUEUE: number of total queues is 0 [ 264.304396][T11458] xt_NFQUEUE: number of total queues is 0 [ 264.455193][T11468] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1822'. [ 264.529275][T11475] netlink: 'syz.1.1821': attribute type 10 has an invalid length. [ 264.571865][T11475] team0: Device veth1_vlan failed to register rx_handler [ 264.696863][ T5101] Bluetooth: hci5: command 0x0405 tx timeout [ 264.741491][T11477] netlink: 'syz.4.1824': attribute type 1 has an invalid length. [ 264.841367][T11487] netlink: 'syz.2.1826': attribute type 30 has an invalid length. [ 264.996871][T11494] netlink: 'syz.2.1828': attribute type 20 has an invalid length. [ 265.279945][T11514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1836'. [ 265.479806][T11520] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1839'. [ 265.482639][T11524] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1841'. [ 265.680142][ T2456] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.299417][ T2456] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.378426][ T2456] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.445669][ T2456] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.550679][ T2456] bridge_slave_1: left allmulticast mode [ 266.556755][ T2456] bridge_slave_1: left promiscuous mode [ 266.562542][ T2456] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.574295][ T2456] bridge_slave_0: left allmulticast mode [ 266.580684][ T2456] bridge_slave_0: left promiscuous mode [ 266.587029][ T2456] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.342619][ T5104] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 267.354041][ T5104] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 267.363657][ T2456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.374086][ T5104] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 267.383294][ T5104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 267.392400][ T5104] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 267.401950][ T5104] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 267.410650][ T2456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.441467][ T2456] bond0 (unregistering): Released all slaves [ 267.491792][T11551] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 268.017530][T11581] openvswitch: netlink: Port 8336768 exceeds max allowable 65535 [ 268.186271][T11590] sctp: [Deprecated]: syz.2.1863 (pid 11590) Use of struct sctp_assoc_value in delayed_ack socket option. [ 268.186271][T11590] Use struct sctp_sack_info instead [ 268.201076][T11592] __nla_validate_parse: 8 callbacks suppressed [ 268.201104][T11592] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1864'. [ 268.215008][T11585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1861'. [ 268.412378][ T2456] hsr_slave_0: left promiscuous mode [ 268.421412][T11601] netlink: zone id is out of range [ 268.437472][T11601] netlink: zone id is out of range [ 268.441058][ T2456] hsr_slave_1: left promiscuous mode [ 268.445034][T11601] FAULT_INJECTION: forcing a failure. [ 268.445034][T11601] name failslab, interval 1, probability 0, space 0, times 0 [ 268.469951][T11601] CPU: 1 PID: 11601 Comm: syz.1.1868 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 268.480178][T11601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 268.490821][T11601] Call Trace: [ 268.494249][T11601] [ 268.497289][T11601] dump_stack_lvl+0x241/0x360 [ 268.502034][T11601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.507261][T11601] ? __pfx__printk+0x10/0x10 [ 268.511967][T11601] ? __pfx___might_resched+0x10/0x10 [ 268.517332][T11601] should_fail_ex+0x3b0/0x4e0 [ 268.522143][T11601] ? ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 268.527562][T11601] should_failslab+0x9/0x20 [ 268.532102][T11601] kmalloc_trace_noprof+0x6c/0x2c0 [ 268.537405][T11601] ovs_ct_limit_cmd_set+0x2f7/0xaf0 [ 268.542831][T11601] genl_rcv_msg+0xb14/0xec0 [ 268.547383][T11601] ? mark_lock+0x9a/0x350 [ 268.551745][T11601] ? __pfx_genl_rcv_msg+0x10/0x10 [ 268.556826][T11601] ? __pfx_lock_acquire+0x10/0x10 [ 268.561921][T11601] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 268.567683][T11601] ? __pfx___might_resched+0x10/0x10 [ 268.573013][T11601] netlink_rcv_skb+0x1e3/0x430 [ 268.577903][T11601] ? __pfx_genl_rcv_msg+0x10/0x10 [ 268.582984][T11601] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 268.588307][T11601] ? __netlink_deliver_tap+0x77e/0x7c0 [ 268.593813][T11601] genl_rcv+0x28/0x40 [ 268.597835][T11601] netlink_unicast+0x7ea/0x980 [ 268.602747][T11601] ? __pfx_netlink_unicast+0x10/0x10 [ 268.608053][T11601] ? __virt_addr_valid+0x183/0x530 [ 268.613744][T11601] ? __check_object_size+0x49c/0x900 [ 268.619063][T11601] ? bpf_lsm_netlink_send+0x9/0x10 [ 268.624241][T11601] netlink_sendmsg+0x8db/0xcb0 [ 268.629950][T11601] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.635386][T11601] ? __import_iovec+0x536/0x820 [ 268.640274][T11601] ? aa_sock_msg_perm+0x91/0x160 [ 268.645245][T11601] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 268.650550][T11601] ? security_socket_sendmsg+0x87/0xb0 [ 268.656306][T11601] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.661829][T11601] __sock_sendmsg+0x221/0x270 [ 268.666540][T11601] ____sys_sendmsg+0x525/0x7d0 [ 268.671357][T11601] ? __pfx_____sys_sendmsg+0x10/0x10 [ 268.676775][T11601] __sys_sendmsg+0x2b0/0x3a0 [ 268.681394][T11601] ? __pfx___sys_sendmsg+0x10/0x10 [ 268.686572][T11601] ? vfs_write+0x7c4/0xc90 [ 268.691047][T11601] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 268.698173][T11601] ? do_syscall_64+0x100/0x230 [ 268.703165][T11601] ? do_syscall_64+0xb6/0x230 [ 268.707960][T11601] do_syscall_64+0xf3/0x230 [ 268.712512][T11601] ? clear_bhb_loop+0x35/0x90 [ 268.717213][T11601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.723312][T11601] RIP: 0033:0x7f166eb75bd9 [ 268.727789][T11601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.747437][T11601] RSP: 002b:00007f166f899048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.755889][T11601] RAX: ffffffffffffffda RBX: 00007f166ed03f60 RCX: 00007f166eb75bd9 [ 268.763916][T11601] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 268.771933][T11601] RBP: 00007f166f8990a0 R08: 0000000000000000 R09: 0000000000000000 [ 268.779934][T11601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 268.787944][T11601] R13: 000000000000000b R14: 00007f166ed03f60 R15: 00007ffeccb81da8 [ 268.795957][T11601] [ 268.803551][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.811578][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.821733][ T5104] Bluetooth: hci1: command 0x0405 tx timeout [ 268.854172][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.867040][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.911151][ T2456] veth1_macvtap: left promiscuous mode [ 268.917073][ T2456] veth0_macvtap: left promiscuous mode [ 268.922826][ T2456] veth1_vlan: left promiscuous mode [ 268.928612][ T2456] veth0_vlan: left promiscuous mode [ 269.498054][ T5101] Bluetooth: hci5: command tx timeout [ 269.671823][ T2456] team0 (unregistering): Port device team_slave_1 removed [ 269.735130][ T2456] team0 (unregistering): Port device team_slave_0 removed [ 269.897211][ T5101] Bluetooth: hci3: command 0x0406 tx timeout [ 269.903470][ T5109] Bluetooth: hci3: Opcode 0x1407 failed: -110 [ 270.520356][T11552] chnl_net:caif_netlink_parms(): no params data found [ 270.701857][T11625] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1873'. [ 270.716727][T11625] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 270.777911][T11625] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 270.878409][T11635] netlink: 'syz.0.1873': attribute type 10 has an invalid length. [ 270.894719][T11635] team0: left allmulticast mode [ 270.903425][T11635] team_slave_0: left allmulticast mode [ 270.909524][T11635] team_slave_1: left allmulticast mode [ 270.915210][T11635] batadv1: left allmulticast mode [ 270.929166][T11635] vlan2: left allmulticast mode [ 270.935168][T11635] vlan0: left allmulticast mode [ 270.948562][T11635] veth0_vlan: left allmulticast mode [ 270.962190][T11635] macvlan5: left allmulticast mode [ 270.968699][T11635] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 270.976652][T11635] team0: left promiscuous mode [ 270.981846][T11635] team_slave_0: left promiscuous mode [ 270.988269][T11635] team_slave_1: left promiscuous mode [ 270.994161][T11635] batadv1: left promiscuous mode [ 271.000264][T11635] vlan2: left promiscuous mode [ 271.005294][T11635] vlan0: left promiscuous mode [ 271.010973][T11635] macvlan5: left promiscuous mode [ 271.016208][T11635] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 271.025918][T11635] bridge0: port 3(team0) entered disabled state [ 271.063834][T11552] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.079703][T11552] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.088138][T11552] bridge_slave_0: entered allmulticast mode [ 271.095882][T11552] bridge_slave_0: entered promiscuous mode [ 271.255349][T11552] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.269850][T11552] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.289268][T11552] bridge_slave_1: entered allmulticast mode [ 271.318623][T11552] bridge_slave_1: entered promiscuous mode [ 271.372749][T11656] netlink: 'syz.2.1884': attribute type 4 has an invalid length. [ 271.389966][T11656] netlink: 'syz.2.1884': attribute type 4 has an invalid length. [ 271.392133][T11657] netlink: 'syz.2.1884': attribute type 4 has an invalid length. [ 271.415778][T11656] netlink: 126008 bytes leftover after parsing attributes in process `syz.2.1884'. [ 271.430309][T11657] netlink: 'syz.2.1884': attribute type 4 has an invalid length. [ 271.464255][T11657] netlink: 126008 bytes leftover after parsing attributes in process `syz.2.1884'. [ 271.510026][T11552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.559688][T11552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.577606][ T5109] Bluetooth: hci5: command tx timeout [ 271.746211][T11552] team0: Port device team_slave_0 added [ 271.801592][T11552] team0: Port device team_slave_1 added [ 271.928950][T11552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.946931][T11552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.995873][T11552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.036920][T11688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1893'. [ 272.080996][T11697] netlink: 'syz.1.1895': attribute type 4 has an invalid length. [ 272.208065][T11552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.215099][T11552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.269624][T11552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.411038][T11705] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1899'. [ 272.567188][T11709] netlink: 592 bytes leftover after parsing attributes in process `syz.1.1900'. [ 272.665656][T11552] hsr_slave_0: entered promiscuous mode [ 272.695123][T11725] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1904'. [ 272.723598][T11552] hsr_slave_1: entered promiscuous mode [ 272.729363][T11725] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1904'. [ 273.110319][T11738] netlink: 'syz.4.1906': attribute type 4 has an invalid length. [ 273.218163][T11741] __nla_validate_parse: 2 callbacks suppressed [ 273.218189][T11741] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1907'. [ 273.504126][T11753] netlink: 'syz.1.1912': attribute type 1 has an invalid length. [ 273.512011][T11753] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1912'. [ 273.527103][T11756] sch_tbf: burst 0 is lower than device team0 mtu (1514) ! [ 273.609293][T11755] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 273.675329][ T5101] Bluetooth: hci5: command tx timeout [ 274.086986][T11787] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1925'. [ 274.125021][T11552] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 274.176181][T11552] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 274.207636][T11552] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 274.224074][T11552] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 274.268933][T11791] hsr0: entered promiscuous mode [ 274.389345][T11798] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1930'. [ 274.429268][T11798] netlink: 'syz.4.1930': attribute type 3 has an invalid length. [ 274.477046][T11803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1931'. [ 274.486180][T11803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1931'. [ 274.529158][T11807] netlink: 'syz.1.1933': attribute type 30 has an invalid length. [ 274.697663][T11552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.764192][T11552] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.820130][T11815] netlink: 644 bytes leftover after parsing attributes in process `syz.2.1937'. [ 274.831674][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.838966][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.899320][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.906619][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.962215][T11822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1939'. [ 275.008817][T11822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1939'. [ 275.040456][T11823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1939'. [ 275.109991][T11552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 275.137388][T11552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.693255][T11552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.737649][ T5101] Bluetooth: hci5: command 0x0419 tx timeout [ 275.917838][T11552] veth0_vlan: entered promiscuous mode [ 275.992144][T11552] veth1_vlan: entered promiscuous mode [ 276.093851][T11864] syzkaller0: entered promiscuous mode [ 276.123636][T11864] syzkaller0: entered allmulticast mode [ 276.168863][T11552] veth0_macvtap: entered promiscuous mode [ 276.201138][T11552] veth1_macvtap: entered promiscuous mode [ 276.277876][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.302245][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.312899][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.327060][T11878] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 276.334686][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.334714][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.334734][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.334758][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.386808][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.418713][T11552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.468794][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.493882][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.546458][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.579653][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.597190][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.613808][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.626013][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.652259][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.665950][T11552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.690827][T11552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.712974][T11552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.769247][T11552] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.810119][T11552] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.846863][T11552] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.885299][T11552] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.125935][T11909] syz_tun: entered promiscuous mode [ 277.248171][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.265680][T11908] syz_tun: left promiscuous mode [ 277.271339][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.441820][ T7798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.464143][ T7798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.075620][T11954] bond0: entered allmulticast mode [ 278.245887][T11963] __nla_validate_parse: 9 callbacks suppressed [ 278.245914][T11963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1978'. [ 278.332271][T11971] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1982'. [ 279.057155][T12008] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1991'. [ 279.117443][T12010] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (48) [ 279.268891][T12017] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1996'. [ 279.296827][T12017] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 279.347603][T12019] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1997'. [ 279.923895][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.490436][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.609849][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.754168][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.892104][ T11] bridge_slave_1: left allmulticast mode [ 280.898238][ T11] bridge_slave_1: left promiscuous mode [ 280.904008][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.914508][ T11] bridge_slave_0: left allmulticast mode [ 280.920603][ T11] bridge_slave_0: left promiscuous mode [ 280.926454][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.411241][T12082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2008'. [ 281.704467][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 281.714704][T12098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2012'. [ 281.753132][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 281.792706][ T11] bond0 (unregistering): Released all slaves [ 281.868540][T12093] validate_nla: 2 callbacks suppressed [ 281.868562][T12093] netlink: 'syz.1.2011': attribute type 6 has an invalid length. [ 281.930115][ T5101] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 281.958074][ T5101] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 281.973469][ T5101] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 281.991283][ T5101] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 281.999432][ T5101] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 282.009393][ T5101] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 282.018489][T12109] syzkaller0: entered allmulticast mode [ 282.091608][T12109] syzkaller0 (unregistering): left allmulticast mode [ 282.170590][T12119] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg1, syncid = 0, id = 0 [ 282.593062][ T11] hsr_slave_0: left promiscuous mode [ 282.608161][T12134] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2023'. [ 282.622183][ T11] hsr_slave_1: left promiscuous mode [ 282.630752][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.649301][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.671869][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.703740][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.775320][ T11] veth1_macvtap: left promiscuous mode [ 282.782165][ T11] veth0_macvtap: left promiscuous mode [ 282.789755][ T11] veth1_vlan: left promiscuous mode [ 282.797391][ T11] veth0_vlan: left promiscuous mode [ 282.813012][T12142] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2025'. [ 282.838821][T12142] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 282.847525][T12142] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 283.555426][ T11] team0 (unregistering): Port device team_slave_1 removed [ 283.627613][ T11] team0 (unregistering): Port device team_slave_0 removed [ 284.138400][ T5109] Bluetooth: hci5: command tx timeout [ 284.205777][T12127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2021'. [ 284.242797][T12130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2021'. [ 284.285102][T12142] netlink: 'syz.0.2025': attribute type 10 has an invalid length. [ 284.725197][T12170] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2036'. [ 284.901592][T12174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2035'. [ 285.012081][T12105] chnl_net:caif_netlink_parms(): no params data found [ 285.206070][T12183] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2038'. [ 285.244532][T12183] mac80211_hwsim hwsim44 wlan0: entered promiscuous mode [ 285.266839][T12183] macvtap1: entered promiscuous mode [ 285.309253][T12189] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2041'. [ 285.464351][T12105] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.499606][T12105] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.527330][T12105] bridge_slave_0: entered allmulticast mode [ 285.549278][T12105] bridge_slave_0: entered promiscuous mode [ 285.580952][T12105] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.610105][T12105] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.631116][T12105] bridge_slave_1: entered allmulticast mode [ 285.656293][T12105] bridge_slave_1: entered promiscuous mode [ 285.913317][T12105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.928998][T12105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.013935][T12215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2048'. [ 286.019243][T12221] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2050'. [ 286.049502][T12105] team0: Port device team_slave_0 added [ 286.070168][T12105] team0: Port device team_slave_1 added [ 286.217868][ T5109] Bluetooth: hci5: command tx timeout [ 286.257951][T12105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.265500][T12105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.340142][T12105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.393599][T12236] netlink: 'syz.4.2055': attribute type 37 has an invalid length. [ 286.435610][T12243] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 286.462548][T12105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.479614][T12105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.545432][T12105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.582460][T12251] netlink: 'syz.1.2059': attribute type 32 has an invalid length. [ 286.611009][T12236] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2055'. [ 286.732332][T12105] hsr_slave_0: entered promiscuous mode [ 286.772617][T12105] hsr_slave_1: entered promiscuous mode [ 287.030103][T12271] netlink: 'syz.1.2065': attribute type 1 has an invalid length. [ 287.053998][T12271] netlink: 'syz.1.2065': attribute type 2 has an invalid length. [ 287.231968][T12280] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2068'. [ 287.978854][T12105] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 288.011367][T12105] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 288.067303][T12105] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 288.133870][T12105] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 288.258944][T12330] tipc: Enabling of bearer rejected, failed to enable media [ 288.296593][ T5109] Bluetooth: hci5: command tx timeout [ 288.489155][T12347] netlink: 'syz.4.2087': attribute type 4 has an invalid length. [ 288.545973][T12105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.643202][T12105] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.717690][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.724930][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.776060][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.783360][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.242992][T12381] netlink: 'syz.0.2103': attribute type 3 has an invalid length. [ 289.287747][T12381] __nla_validate_parse: 3 callbacks suppressed [ 289.287770][T12381] netlink: 124 bytes leftover after parsing attributes in process `syz.0.2103'. [ 289.383375][T12105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.417389][T12388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2105'. [ 289.578982][T12105] veth0_vlan: entered promiscuous mode [ 289.681626][T12105] veth1_vlan: entered promiscuous mode [ 289.796048][T12409] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2113'. [ 289.826214][T12105] veth0_macvtap: entered promiscuous mode [ 289.874868][T12105] veth1_macvtap: entered promiscuous mode [ 289.919518][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.956542][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.006570][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.033106][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.054268][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.081990][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.105014][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.126755][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.149641][T12105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.174851][T12416] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2116'. [ 290.186850][T12416] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 290.243125][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.286560][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.320656][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.367713][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.386464][ T5109] Bluetooth: hci5: command tx timeout [ 290.397100][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.423248][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.441199][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.463425][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.485723][T12105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.508762][T12105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.531816][T12105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.597806][T12105] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.637266][T12105] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.646147][T12105] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.665711][T12105] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.686692][T12445] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2129'. [ 290.967389][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.007255][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.071892][T12464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2136'. [ 291.087004][T12464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2136'. [ 291.102053][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.136727][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.975805][T12509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2157'. [ 292.108254][T12515] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2160'. [ 292.553133][T12531] team0: Port device team_slave_0 removed [ 292.572035][T12531] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 292.950401][T12555] skb len=23047 headroom=168 headlen=136 tailroom=0 [ 292.950401][T12555] mac=(168,0) mac_len=0 net=(168,20) trans=188 [ 292.950401][T12555] shinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0)) [ 292.950401][T12555] csum(0x350e2a31 start=10801 offset=13582 ip_summed=3 complete_sw=0 valid=0 level=0) [ 292.950401][T12555] hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0 [ 292.950401][T12555] priority=0x0 mark=0x0 alloc_cpu=0 vlan_all=0x0 [ 292.950401][T12555] encapsulation=1 inner(proto=0x0008, mac=192, net=192, trans=244) [ 293.001081][T12555] dev name=veth0 feat=0x000061164fdd19e9 [ 293.006890][T12555] sk family=17 type=3 proto=0 [ 293.011626][T12555] skb linear: 00000000: 45 02 5a 07 57 a2 00 00 0f 2f 59 f4 ac 14 14 18 [ 293.020303][T12555] skb linear: 00000010: e0 00 00 03 00 00 08 00 bd 0b 59 ef 10 83 0c 52 [ 293.029029][T12555] skb linear: 00000020: 0f 06 ba 25 fd fe 4b 88 94 30 eb b5 29 97 e3 6e [ 293.037617][T12555] skb linear: 00000030: 03 9b 1c 59 88 25 f8 01 00 e3 c0 63 76 c3 30 76 [ 293.046421][T12555] skb linear: 00000040: a1 67 d5 14 fa 57 0a 44 02 61 a6 7a 34 a0 76 05 [ 293.055074][T12555] skb linear: 00000050: c9 3a 9c 4a 46 bc 62 83 f4 00 00 00 7c fe 00 00 [ 293.063871][T12555] skb linear: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.072685][T12555] skb linear: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.081623][T12555] skb linear: 00000080: 00 00 00 00 00 00 00 00 [ 293.089118][T12555] skb frag: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.099804][T12555] skb frag: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.108850][T12555] skb frag: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.117617][T12555] skb frag: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.126395][T12555] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.135473][T12555] skb frag: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.144691][T12555] skb frag: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.153375][T12555] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.162062][T12555] skb frag: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.170832][T12555] skb frag: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 293.179610][T12555] skb frag: 000000a0: 00 00 00 00 00 00 00 00 [ 293.186256][T12555] ------------[ cut here ]------------ [ 293.191816][T12555] offset (10633) >= skb_headlen() (136) [ 293.198222][T12555] WARNING: CPU: 0 PID: 12555 at net/core/dev.c:3325 skb_checksum_help+0x5f9/0x730 [ 293.207548][T12555] Modules linked in: [ 293.211508][T12555] CPU: 0 PID: 12555 Comm: syz.2.2176 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 293.221856][T12555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 293.232013][T12555] RIP: 0010:skb_checksum_help+0x5f9/0x730 [ 293.237840][T12555] Code: 48 8b 4c 24 10 0f b6 04 01 84 c0 0f 85 dd 00 00 00 48 8b 44 24 08 2b 18 48 c7 c7 60 ac c5 8c 44 89 f6 89 da e8 88 c8 00 f8 90 <0f> 0b 90 90 bb ea ff ff ff e9 65 fd ff ff e8 a4 9a 3e f8 c6 05 94 [ 293.257828][T12555] RSP: 0018:ffffc9000349eda8 EFLAGS: 00010246 [ 293.263962][T12555] RAX: 17cb2e7f73e9da00 RBX: 0000000000000088 RCX: 0000000000040000 [ 293.272399][T12555] RDX: ffffc9000e09b000 RSI: 000000000003ffff RDI: 0000000000040000 [ 293.280511][T12555] RBP: 0000000000005a07 R08: ffffffff81585882 R09: fffffbfff1c39994 [ 293.288669][T12555] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: 1ffff11003da1c36 [ 293.296738][T12555] R13: dffffc0000000000 R14: 0000000000002989 R15: ffff88801ed0e140 [ 293.304857][T12555] FS: 00007f2cfd3806c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 293.313925][T12555] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 293.320661][T12555] CR2: 000000002000e000 CR3: 000000005f8ca000 CR4: 00000000003506f0 [ 293.328829][T12555] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 293.337421][T12555] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 293.345447][T12555] Call Trace: [ 293.349276][T12555] [ 293.352281][T12555] ? __warn+0x163/0x4e0 [ 293.356652][T12555] ? skb_checksum_help+0x5f9/0x730 [ 293.361853][T12555] ? report_bug+0x2b3/0x500 [ 293.366466][T12555] ? skb_checksum_help+0x5f9/0x730 [ 293.371754][T12555] ? handle_bug+0x3e/0x70 [ 293.376152][T12555] ? exc_invalid_op+0x1a/0x50 [ 293.381512][T12555] ? asm_exc_invalid_op+0x1a/0x20 [ 293.387411][T12555] ? __warn_printk+0x292/0x360 [ 293.392428][T12555] ? skb_checksum_help+0x5f9/0x730 [ 293.397850][T12555] ? skb_checksum_help+0x5f8/0x730 [ 293.403048][T12555] ip_do_fragment+0x21b/0x1b60 [ 293.407953][T12555] ? __pfx_ip_finish_output2+0x10/0x10 [ 293.413576][T12555] ? __pfx_ip_do_fragment+0x10/0x10 [ 293.418942][T12555] ? kasan_quarantine_put+0xdc/0x230 [ 293.424297][T12555] ? lockdep_hardirqs_on+0x99/0x150 [ 293.429632][T12555] ? __ip_finish_output+0x247/0x400 [ 293.434939][T12555] ? kmem_cache_free+0x145/0x350 [ 293.439985][T12555] ? ip_fragment+0x9a/0x220 [ 293.444569][T12555] __ip_finish_output+0x290/0x400 [ 293.449716][T12555] iptunnel_xmit+0x540/0x9b0 [ 293.454395][T12555] ip_tunnel_xmit+0x2113/0x2940 [ 293.459400][T12555] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 293.464683][T12555] ? gre_build_header+0x341/0xb30 [ 293.469857][T12555] ? __pfx_gre_build_header+0x10/0x10 [ 293.475328][T12555] ? iptunnel_handle_offloads+0x25f/0x650 [ 293.481168][T12555] ipgre_xmit+0x956/0xd40 [ 293.485581][T12555] ? __pfx_ipgre_xmit+0x10/0x10 [ 293.490555][T12555] ? validate_xmit_skb+0xa04/0x1120 [ 293.495808][T12555] dev_hard_start_xmit+0x27a/0x7e0 [ 293.501054][T12555] __dev_queue_xmit+0x1b0e/0x3d30 [ 293.506153][T12555] ? rep_movs_alternative+0x4a/0x70 [ 293.511526][T12555] ? __dev_queue_xmit+0x2d2/0x3d30 [ 293.516948][T12555] ? skb_partial_csum_set+0x105/0x350 [ 293.522387][T12555] ? __pfx___dev_queue_xmit+0x10/0x10 [ 293.527870][T12555] ? virtio_net_hdr_to_skb+0xa6a/0x1330 [ 293.533474][T12555] ? packet_parse_headers+0x7bd/0xad0 [ 293.539100][T12555] ? packet_xmit+0x68/0x330 [ 293.543792][T12555] packet_sendmsg+0x46c2/0x6150 [ 293.548817][T12555] ? finish_task_switch+0x1e5/0x870 [ 293.554124][T12555] ? __pfx___might_resched+0x10/0x10 [ 293.559755][T12555] ? aa_sk_perm+0x967/0xab0 [ 293.564521][T12555] ? __pfx_packet_sendmsg+0x10/0x10 [ 293.570008][T12555] ? __pfx_lock_release+0x10/0x10 [ 293.575091][T12555] ? __import_iovec+0x536/0x820 [ 293.580125][T12555] ? aa_sock_msg_perm+0x91/0x160 [ 293.585500][T12555] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 293.590917][T12555] ? security_socket_sendmsg+0x87/0xb0 [ 293.596680][T12555] ? __pfx_packet_sendmsg+0x10/0x10 [ 293.602007][T12555] __sock_sendmsg+0x221/0x270 [ 293.606826][T12555] ____sys_sendmsg+0x525/0x7d0 [ 293.611666][T12555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 293.617166][T12555] __sys_sendmsg+0x2b0/0x3a0 [ 293.621828][T12555] ? __pfx___sys_sendmsg+0x10/0x10 [ 293.627132][T12555] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 293.633538][T12555] ? do_syscall_64+0x100/0x230 [ 293.638430][T12555] ? do_syscall_64+0xb6/0x230 [ 293.643167][T12555] do_syscall_64+0xf3/0x230 [ 293.647891][T12555] ? clear_bhb_loop+0x35/0x90 [ 293.652727][T12555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.658844][T12555] RIP: 0033:0x7f2cfc575bd9 [ 293.663301][T12555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.683111][T12555] RSP: 002b:00007f2cfd380048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.691709][T12555] RAX: ffffffffffffffda RBX: 00007f2cfc703f60 RCX: 00007f2cfc575bd9 [ 293.700328][T12555] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000003 [ 293.708404][T12555] RBP: 00007f2cfc5e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 293.716586][T12555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.724601][T12555] R13: 000000000000000b R14: 00007f2cfc703f60 R15: 00007ffe5e733728 [ 293.732865][T12555] [ 293.735931][T12555] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 293.743236][T12555] CPU: 0 PID: 12555 Comm: syz.2.2176 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0 [ 293.753431][T12555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 293.763902][T12555] Call Trace: [ 293.767201][T12555] [ 293.770149][T12555] dump_stack_lvl+0x241/0x360 [ 293.774861][T12555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.780089][T12555] ? __pfx__printk+0x10/0x10 [ 293.784800][T12555] ? vscnprintf+0x5d/0x90 [ 293.789241][T12555] panic+0x349/0x860 [ 293.793168][T12555] ? __warn+0x172/0x4e0 [ 293.797350][T12555] ? __pfx_panic+0x10/0x10 [ 293.801842][T12555] __warn+0x346/0x4e0 [ 293.805856][T12555] ? skb_checksum_help+0x5f9/0x730 [ 293.811000][T12555] report_bug+0x2b3/0x500 [ 293.815355][T12555] ? skb_checksum_help+0x5f9/0x730 [ 293.820501][T12555] handle_bug+0x3e/0x70 [ 293.824687][T12555] exc_invalid_op+0x1a/0x50 [ 293.829221][T12555] asm_exc_invalid_op+0x1a/0x20 [ 293.834108][T12555] RIP: 0010:skb_checksum_help+0x5f9/0x730 [ 293.839860][T12555] Code: 48 8b 4c 24 10 0f b6 04 01 84 c0 0f 85 dd 00 00 00 48 8b 44 24 08 2b 18 48 c7 c7 60 ac c5 8c 44 89 f6 89 da e8 88 c8 00 f8 90 <0f> 0b 90 90 bb ea ff ff ff e9 65 fd ff ff e8 a4 9a 3e f8 c6 05 94 [ 293.859678][T12555] RSP: 0018:ffffc9000349eda8 EFLAGS: 00010246 [ 293.865771][T12555] RAX: 17cb2e7f73e9da00 RBX: 0000000000000088 RCX: 0000000000040000 [ 293.873772][T12555] RDX: ffffc9000e09b000 RSI: 000000000003ffff RDI: 0000000000040000 [ 293.881879][T12555] RBP: 0000000000005a07 R08: ffffffff81585882 R09: fffffbfff1c39994 [ 293.889956][T12555] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: 1ffff11003da1c36 [ 293.897981][T12555] R13: dffffc0000000000 R14: 0000000000002989 R15: ffff88801ed0e140 [ 293.905981][T12555] ? __warn_printk+0x292/0x360 [ 293.910784][T12555] ? skb_checksum_help+0x5f8/0x730 [ 293.915927][T12555] ip_do_fragment+0x21b/0x1b60 [ 293.920730][T12555] ? __pfx_ip_finish_output2+0x10/0x10 [ 293.926241][T12555] ? __pfx_ip_do_fragment+0x10/0x10 [ 293.931553][T12555] ? kasan_quarantine_put+0xdc/0x230 [ 293.936882][T12555] ? lockdep_hardirqs_on+0x99/0x150 [ 293.942114][T12555] ? __ip_finish_output+0x247/0x400 [ 293.947338][T12555] ? kmem_cache_free+0x145/0x350 [ 293.952291][T12555] ? ip_fragment+0x9a/0x220 [ 293.956850][T12555] __ip_finish_output+0x290/0x400 [ 293.961905][T12555] iptunnel_xmit+0x540/0x9b0 [ 293.966545][T12555] ip_tunnel_xmit+0x2113/0x2940 [ 293.971446][T12555] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 293.976689][T12555] ? gre_build_header+0x341/0xb30 [ 293.981855][T12555] ? __pfx_gre_build_header+0x10/0x10 [ 293.987267][T12555] ? iptunnel_handle_offloads+0x25f/0x650 [ 293.993300][T12555] ipgre_xmit+0x956/0xd40 [ 293.997690][T12555] ? __pfx_ipgre_xmit+0x10/0x10 [ 294.002576][T12555] ? validate_xmit_skb+0xa04/0x1120 [ 294.007814][T12555] dev_hard_start_xmit+0x27a/0x7e0 [ 294.012979][T12555] __dev_queue_xmit+0x1b0e/0x3d30 [ 294.018115][T12555] ? rep_movs_alternative+0x4a/0x70 [ 294.023364][T12555] ? __dev_queue_xmit+0x2d2/0x3d30 [ 294.028515][T12555] ? skb_partial_csum_set+0x105/0x350 [ 294.033915][T12555] ? __pfx___dev_queue_xmit+0x10/0x10 [ 294.039319][T12555] ? virtio_net_hdr_to_skb+0xa6a/0x1330 [ 294.044885][T12555] ? packet_parse_headers+0x7bd/0xad0 [ 294.050319][T12555] ? packet_xmit+0x68/0x330 [ 294.054846][T12555] packet_sendmsg+0x46c2/0x6150 [ 294.059732][T12555] ? finish_task_switch+0x1e5/0x870 [ 294.065097][T12555] ? __pfx___might_resched+0x10/0x10 [ 294.070439][T12555] ? aa_sk_perm+0x967/0xab0 [ 294.075426][T12555] ? __pfx_packet_sendmsg+0x10/0x10 [ 294.080835][T12555] ? __pfx_lock_release+0x10/0x10 [ 294.085967][T12555] ? __import_iovec+0x536/0x820 [ 294.090924][T12555] ? aa_sock_msg_perm+0x91/0x160 [ 294.095891][T12555] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 294.101197][T12555] ? security_socket_sendmsg+0x87/0xb0 [ 294.106682][T12555] ? __pfx_packet_sendmsg+0x10/0x10 [ 294.111927][T12555] __sock_sendmsg+0x221/0x270 [ 294.116721][T12555] ____sys_sendmsg+0x525/0x7d0 [ 294.122048][T12555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 294.127373][T12555] __sys_sendmsg+0x2b0/0x3a0 [ 294.132169][T12555] ? __pfx___sys_sendmsg+0x10/0x10 [ 294.138021][T12555] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.144915][T12555] ? do_syscall_64+0x100/0x230 [ 294.150067][T12555] ? do_syscall_64+0xb6/0x230 [ 294.154888][T12555] do_syscall_64+0xf3/0x230 [ 294.159633][T12555] ? clear_bhb_loop+0x35/0x90 [ 294.164338][T12555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.171197][T12555] RIP: 0033:0x7f2cfc575bd9 [ 294.175651][T12555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.195284][T12555] RSP: 002b:00007f2cfd380048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.204270][T12555] RAX: ffffffffffffffda RBX: 00007f2cfc703f60 RCX: 00007f2cfc575bd9 [ 294.212271][T12555] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000003 [ 294.220279][T12555] RBP: 00007f2cfc5e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 294.228387][T12555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.236386][T12555] R13: 000000000000000b R14: 00007f2cfc703f60 R15: 00007ffe5e733728 [ 294.244492][T12555] [ 294.247933][T12555] Kernel Offset: disabled [ 294.252345][T12555] Rebooting in 86400 seconds..