last executing test programs:

4.034326383s ago: executing program 0 (id=9923):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'hsr0\x00'})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x40801}, 0x24040881)

3.922373342s ago: executing program 0 (id=9925):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r0, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x9200000000000000)

3.774153687s ago: executing program 0 (id=9926):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

3.733964373s ago: executing program 0 (id=9927):
syz_emit_ethernet(0x86, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x0, "017cea08e90a62168facaecca577cb43f478fd5e6e5d4fb33ecffe357eac8a8e", "66d379b886319c62896eb4629b6baae1", {"a41819bdef458b3c84740f618752a2e5", "396954ec098e6a74ec194039740c8a59"}}}}}}}, 0x0)

3.638394613s ago: executing program 0 (id=9928):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000080008"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.478011452s ago: executing program 0 (id=9929):
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x3b, 0x107, 0x0, 0x0, {0x3, 0x7c}}, 0x14}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x3f8, 0x200, 0xf0, 0x0, 0x310, 0x310, 0x310, 0x8000000, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'wg1\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @empty, @multicast2}}}, {{@arp={@multicast1, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gre0\x00', 'bridge0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x448)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x8)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000003c0)={0x1, 0x8, "3ee2a3", 0x8, 0x1})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)

969.29649ms ago: executing program 3 (id=9981):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

838.080236ms ago: executing program 3 (id=9985):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r1, 0x8010743f, &(0x7f0000000180))

812.943348ms ago: executing program 4 (id=9986):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000100000000000000000000007112080000000000950000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

708.962803ms ago: executing program 4 (id=9988):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0x1, 0x307, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000000000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)

700.383308ms ago: executing program 1 (id=9989):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x143, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

621.995658ms ago: executing program 1 (id=9990):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f0000000680), 0x0}, 0x20)

562.199069ms ago: executing program 3 (id=9991):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x38, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x4}, @NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40044)

561.786341ms ago: executing program 2 (id=9992):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
close(r3)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x0}, 0x10)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback=r4, 0x0, 0x0, 0x401, &(0x7f0000000400)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

534.494743ms ago: executing program 4 (id=9993):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x86, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x0, "017cea08e90a62168facaecca577cb43f478fd5e6e5d4fb33ecffe357eac8a8e", "66d379b886319c62896eb4629b6baae1", {"a41819bdef458b3c84740f618752a2e5", "396954ec098e6a74ec194039740c8a59"}}}}}}}, 0x0)

499.784659ms ago: executing program 1 (id=9994):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0xfffffffffffffcb7, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value}, 0x28)

458.780945ms ago: executing program 2 (id=9995):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000000020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000850000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001b40)={r0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

458.035297ms ago: executing program 3 (id=9996):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0}, &(0x7f0000000500), &(0x7f0000000540)='%pi6   \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x4, 0x0, &(0x7f00000004c0)="630b0086", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

379.625293ms ago: executing program 4 (id=9997):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7b}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)

326.218245ms ago: executing program 1 (id=9998):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000005000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8a}, 0x21)

309.188394ms ago: executing program 2 (id=9999):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

255.925198ms ago: executing program 3 (id=10000):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='signal_generate\x00', r0}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

198.352589ms ago: executing program 4 (id=10001):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)

198.146608ms ago: executing program 1 (id=10002):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x37, &(0x7f0000000200)=ANY=[@ANYBLOB="851000000c"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

197.893611ms ago: executing program 2 (id=10003):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

94.4575ms ago: executing program 2 (id=10004):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x2c, 0x28, 0xd27, 0x1000001, 0x0, {0x0, 0x0, 0x0, r3, {0xd, 0x9}, {0xa}, {0x0, 0xa}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x7}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x4000)

89.090169ms ago: executing program 3 (id=10005):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

42.189407ms ago: executing program 1 (id=10006):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000680), 0x10700, 0x0)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f00000006c0)=0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r2, 0x8b26, &(0x7f0000000100)={'wlan1\x00'})
bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8)

7.718564ms ago: executing program 4 (id=10007):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x86, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x0, "017cea08e90a62168facaecca577cb43f478fd5e6e5d4fb33ecffe357eac8a8e", "66d379b886319c62896eb4629b6baae1", {"a41819bdef458b3c84740f618752a2e5", "396954ec098e6a74ec194039740c8a59"}}}}}}}, 0x0)

0s ago: executing program 2 (id=10008):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'wlan1\x00', @random="0100c3201000"})

kernel console output (not intermixed with test programs):

xe1/0x4d0
[ 1405.872136][ T6583]  ? __kasan_kmalloc+0x98/0xb0
[ 1405.872153][ T6583]  ? __kvmalloc_node_noprof+0x72/0x190
[ 1405.872183][ T6583]  __kvmalloc_node_noprof+0x72/0x190
[ 1405.872208][ T6583]  page_pool_create_percpu+0x2f5/0xb70
[ 1405.872243][ T6583]  bpf_test_run_xdp_live+0x2e6/0x2220
[ 1405.872270][ T6583]  ? __pfx_lock_release+0x10/0x10
[ 1405.872299][ T6583]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1405.872323][ T6583]  ? __pfx___might_resched+0x10/0x10
[ 1405.872347][ T6583]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1405.872384][ T6583]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[ 1405.872404][ T6583]  ? synchronize_rcu+0x11b/0x360
[ 1405.872423][ T6583]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1405.872462][ T6583]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[ 1405.872493][ T6583]  ? 0xffffffffa00013b0
[ 1405.872528][ T6583]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[ 1405.872567][ T6583]  ? _copy_from_user+0x95/0xb0
[ 1405.872589][ T6583]  ? bpf_test_init+0x137/0x160
[ 1405.872616][ T6583]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1405.872641][ T6583]  bpf_prog_test_run_xdp+0x805/0x11e0
[ 1405.872670][ T6583]  ? __pfx_lock_release+0x10/0x10
[ 1405.872702][ T6583]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1405.872726][ T6583]  ? __fget_files+0x2a/0x410
[ 1405.872758][ T6583]  ? __fget_files+0x2a/0x410
[ 1405.872788][ T6583]  ? fput+0x21b/0x290
[ 1405.872808][ T6583]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1405.872834][ T6583]  bpf_prog_test_run+0x2e4/0x360
[ 1405.872861][ T6583]  __sys_bpf+0x487/0x820
[ 1405.872890][ T6583]  ? __pfx___sys_bpf+0x10/0x10
[ 1405.872922][ T6583]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1405.872949][ T6583]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1405.872974][ T6583]  ? do_syscall_64+0x100/0x230
[ 1405.872999][ T6583]  __x64_sys_bpf+0x7c/0x90
[ 1405.873034][ T6583]  do_syscall_64+0xf3/0x230
[ 1405.873054][ T6583]  ? clear_bhb_loop+0x35/0x90
[ 1405.873079][ T6583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1405.873100][ T6583] RIP: 0033:0x7faadf98d169
[ 1405.873115][ T6583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1405.873130][ T6583] RSP: 002b:00007faae089e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1405.873150][ T6583] RAX: ffffffffffffffda RBX: 00007faadfba5fa0 RCX: 00007faadf98d169
[ 1405.873169][ T6583] RDX: 0000000000000050 RSI: 0000400000000000 RDI: 000000000000000a
[ 1405.873180][ T6583] RBP: 00007faae089e090 R08: 0000000000000000 R09: 0000000000000000
[ 1405.873191][ T6583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1405.873201][ T6583] R13: 0000000000000000 R14: 00007faadfba5fa0 R15: 00007fff8db3f5a8
[ 1405.873228][ T6583]  </TASK>
[ 1406.194945][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1406.216419][ T6583] page_pool_create_percpu() gave up with errno -12
[ 1406.810534][ T6601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9181'.
[ 1407.152865][ T6610] IPVS: Unknown mcast interface: vcan0
[ 1407.202025][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1407.240805][ T6612] FAULT_INJECTION: forcing a failure.
[ 1407.240805][ T6612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1407.272723][ T6612] CPU: 0 UID: 0 PID: 6612 Comm: syz.4.9185 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1407.272748][ T6612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1407.272759][ T6612] Call Trace:
[ 1407.272766][ T6612]  <TASK>
[ 1407.272774][ T6612]  dump_stack_lvl+0x241/0x360
[ 1407.272800][ T6612]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1407.272819][ T6612]  ? __pfx__printk+0x10/0x10
[ 1407.272838][ T6612]  ? __pfx_lock_release+0x10/0x10
[ 1407.272868][ T6612]  should_fail_ex+0x40a/0x550
[ 1407.272897][ T6612]  _copy_from_user+0x2d/0xb0
[ 1407.272919][ T6612]  copy_msghdr_from_user+0xae/0x680
[ 1407.272941][ T6612]  ? __pfx___might_resched+0x10/0x10
[ 1407.272966][ T6612]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1407.272989][ T6612]  ? __fget_files+0x2a/0x410
[ 1407.273017][ T6612]  ? __sys_sendmmsg+0x392/0x720
[ 1407.273036][ T6612]  ? __might_fault+0xaa/0x120
[ 1407.273058][ T6612]  __sys_sendmmsg+0x32b/0x720
[ 1407.273088][ T6612]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1407.273120][ T6612]  ? __pfx_lock_release+0x10/0x10
[ 1407.273140][ T6612]  ? kstrtouint_from_user+0x128/0x190
[ 1407.273183][ T6612]  ? ksys_write+0x22a/0x2b0
[ 1407.273200][ T6612]  ? __pfx_lock_release+0x10/0x10
[ 1407.273229][ T6612]  ? sb_end_write+0xe9/0x1c0
[ 1407.273251][ T6612]  ? vfs_write+0x7fa/0xd10
[ 1407.273271][ T6612]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1407.273320][ T6612]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1407.273346][ T6612]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1407.273370][ T6612]  ? do_syscall_64+0x100/0x230
[ 1407.273394][ T6612]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1407.273415][ T6612]  do_syscall_64+0xf3/0x230
[ 1407.273434][ T6612]  ? clear_bhb_loop+0x35/0x90
[ 1407.273458][ T6612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1407.273479][ T6612] RIP: 0033:0x7f3e4858d169
[ 1407.273494][ T6612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1407.273509][ T6612] RSP: 002b:00007f3e49394038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1407.273528][ T6612] RAX: ffffffffffffffda RBX: 00007f3e487a5fa0 RCX: 00007f3e4858d169
[ 1407.273541][ T6612] RDX: 040000000000037c RSI: 0000400000002440 RDI: 0000000000000004
[ 1407.273553][ T6612] RBP: 00007f3e49394090 R08: 0000000000000000 R09: 0000000000000000
[ 1407.273564][ T6612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1407.273575][ T6612] R13: 0000000000000000 R14: 00007f3e487a5fa0 R15: 00007ffe8ec33c18
[ 1407.273603][ T6612]  </TASK>
[ 1407.904737][ T6628] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9192'.
[ 1408.242026][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1408.652944][ T6641] IPVS: Unknown mcast interface: vcan0
[ 1408.781637][ T6648] FAULT_INJECTION: forcing a failure.
[ 1408.781637][ T6648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1408.815494][ T6648] CPU: 1 UID: 0 PID: 6648 Comm: syz.2.9199 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1408.815519][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1408.815530][ T6648] Call Trace:
[ 1408.815537][ T6648]  <TASK>
[ 1408.815545][ T6648]  dump_stack_lvl+0x241/0x360
[ 1408.815571][ T6648]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1408.815589][ T6648]  ? __pfx__printk+0x10/0x10
[ 1408.815609][ T6648]  ? __pfx_lock_release+0x10/0x10
[ 1408.815641][ T6648]  should_fail_ex+0x40a/0x550
[ 1408.815668][ T6648]  _copy_from_user+0x2d/0xb0
[ 1408.815690][ T6648]  copy_msghdr_from_user+0xae/0x680
[ 1408.815713][ T6648]  ? __pfx___might_resched+0x10/0x10
[ 1408.815736][ T6648]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1408.815764][ T6648]  ? __sys_sendmmsg+0x392/0x720
[ 1408.815783][ T6648]  ? __might_fault+0xaa/0x120
[ 1408.815805][ T6648]  __sys_sendmmsg+0x32b/0x720
[ 1408.815835][ T6648]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1408.815867][ T6648]  ? __pfx_lock_release+0x10/0x10
[ 1408.815887][ T6648]  ? kstrtouint_from_user+0x128/0x190
[ 1408.815929][ T6648]  ? ksys_write+0x22a/0x2b0
[ 1408.815948][ T6648]  ? __pfx_lock_release+0x10/0x10
[ 1408.815976][ T6648]  ? sb_end_write+0xe9/0x1c0
[ 1408.815999][ T6648]  ? vfs_write+0x7fa/0xd10
[ 1408.816019][ T6648]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1408.816068][ T6648]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1408.816093][ T6648]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1408.816118][ T6648]  ? do_syscall_64+0x100/0x230
[ 1408.816142][ T6648]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1408.816163][ T6648]  do_syscall_64+0xf3/0x230
[ 1408.816183][ T6648]  ? clear_bhb_loop+0x35/0x90
[ 1408.816207][ T6648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1408.816228][ T6648] RIP: 0033:0x7faadf98d169
[ 1408.816243][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1408.816258][ T6648] RSP: 002b:00007faae089e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1408.816276][ T6648] RAX: ffffffffffffffda RBX: 00007faadfba5fa0 RCX: 00007faadf98d169
[ 1408.816289][ T6648] RDX: 0000000000000318 RSI: 00004000000bd000 RDI: 0000000000000004
[ 1408.816300][ T6648] RBP: 00007faae089e090 R08: 0000000000000000 R09: 0000000000000000
[ 1408.816311][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1408.816321][ T6648] R13: 0000000000000000 R14: 00007faadfba5fa0 R15: 00007fff8db3f5a8
[ 1408.816349][ T6648]  </TASK>
[ 1409.282022][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1409.669981][ T6675] IPVS: Unknown mcast interface: vcan0
[ 1409.701718][ T6677] netlink: 'syz.3.9210': attribute type 12 has an invalid length.
[ 1409.711735][ T6677] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9210'.
[ 1409.752284][ T6673] lo speed is unknown, defaulting to 1000
[ 1409.791487][ T6673] lo speed is unknown, defaulting to 1000
[ 1409.827750][ T6673] virt_wifi0 speed is unknown, defaulting to 1000
[ 1409.913430][ T6681] FAULT_INJECTION: forcing a failure.
[ 1409.913430][ T6681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1409.949831][ T6681] CPU: 0 UID: 0 PID: 6681 Comm: syz.3.9211 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1409.949856][ T6681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1409.949867][ T6681] Call Trace:
[ 1409.949873][ T6681]  <TASK>
[ 1409.949881][ T6681]  dump_stack_lvl+0x241/0x360
[ 1409.949907][ T6681]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1409.949926][ T6681]  ? __pfx__printk+0x10/0x10
[ 1409.949945][ T6681]  ? __pfx_lock_release+0x10/0x10
[ 1409.949976][ T6681]  should_fail_ex+0x40a/0x550
[ 1409.950004][ T6681]  _copy_from_user+0x2d/0xb0
[ 1409.950026][ T6681]  copy_msghdr_from_user+0xae/0x680
[ 1409.950049][ T6681]  ? __pfx___might_resched+0x10/0x10
[ 1409.950073][ T6681]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1409.950093][ T6681]  ? __fget_files+0x2a/0x410
[ 1409.950121][ T6681]  ? __sys_sendmmsg+0x392/0x720
[ 1409.950140][ T6681]  ? __might_fault+0xaa/0x120
[ 1409.950162][ T6681]  __sys_sendmmsg+0x32b/0x720
[ 1409.950193][ T6681]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1409.950225][ T6681]  ? __pfx_lock_release+0x10/0x10
[ 1409.950245][ T6681]  ? kstrtouint_from_user+0x128/0x190
[ 1409.950286][ T6681]  ? ksys_write+0x22a/0x2b0
[ 1409.950305][ T6681]  ? __pfx_lock_release+0x10/0x10
[ 1409.950342][ T6681]  ? sb_end_write+0xe9/0x1c0
[ 1409.950366][ T6681]  ? vfs_write+0x7fa/0xd10
[ 1409.950386][ T6681]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1409.950434][ T6681]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1409.950461][ T6681]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1409.950485][ T6681]  ? do_syscall_64+0x100/0x230
[ 1409.950509][ T6681]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1409.950532][ T6681]  do_syscall_64+0xf3/0x230
[ 1409.950551][ T6681]  ? clear_bhb_loop+0x35/0x90
[ 1409.950575][ T6681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1409.950595][ T6681] RIP: 0033:0x7fb9a1f8d169
[ 1409.950610][ T6681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1409.950625][ T6681] RSP: 002b:00007fb9a2d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1409.950643][ T6681] RAX: ffffffffffffffda RBX: 00007fb9a21a5fa0 RCX: 00007fb9a1f8d169
[ 1409.950656][ T6681] RDX: 040000000000037c RSI: 0000400000002440 RDI: 0000000000000004
[ 1409.950667][ T6681] RBP: 00007fb9a2d0f090 R08: 0000000000000000 R09: 0000000000000000
[ 1409.950678][ T6681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1409.950688][ T6681] R13: 0000000000000000 R14: 00007fb9a21a5fa0 R15: 00007fffa9f0a968
[ 1409.950715][ T6681]  </TASK>
[ 1410.332165][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1410.477167][ T6698] netlink: 5 bytes leftover after parsing attributes in process `syz.3.9217'.
[ 1410.525991][ T6673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9208'.
[ 1410.601622][ T2007] hid-generic 0005:07C0:06E6.0041: item fetching failed at offset 0/1
[ 1410.619882][ T2007] hid-generic 0005:07C0:06E6.0041: probe with driver hid-generic failed with error -22
[ 1411.117139][ T6721] netlink: 'syz.1.9225': attribute type 1 has an invalid length.
[ 1411.317116][ T6729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1411.330713][ T6729] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[ 1411.362020][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1411.519509][ T6744] netlink: 48 bytes leftover after parsing attributes in process `syz.0.9232'.
[ 1412.266099][ T6766] netlink: 'syz.3.9241': attribute type 7 has an invalid length.
[ 1412.274306][ T6766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9241'.
[ 1412.412101][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1412.736245][ T6787] netlink: 292 bytes leftover after parsing attributes in process `syz.4.9247'.
[ 1412.952367][ T6797] IPVS: Error connecting to the multicast addr
[ 1412.959464][ T6795] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.9252'.
[ 1412.979991][ T6799] IPVS: Error connecting to the multicast addr
[ 1413.009803][ T6800] netlink: 'syz.2.9249': attribute type 1 has an invalid length.
[ 1413.222479][ T6812] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[ 1413.442025][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1413.627354][ T6822] FAULT_INJECTION: forcing a failure.
[ 1413.627354][ T6822] name failslab, interval 1, probability 0, space 0, times 0
[ 1413.641922][ T6822] CPU: 0 UID: 0 PID: 6822 Comm: syz.1.9258 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1413.641951][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1413.641961][ T6822] Call Trace:
[ 1413.641968][ T6822]  <TASK>
[ 1413.641975][ T6822]  dump_stack_lvl+0x241/0x360
[ 1413.642001][ T6822]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1413.642019][ T6822]  ? __pfx__printk+0x10/0x10
[ 1413.642037][ T6822]  ? __kmalloc_cache_noprof+0x48/0x390
[ 1413.642061][ T6822]  ? __pfx___might_resched+0x10/0x10
[ 1413.642086][ T6822]  should_fail_ex+0x40a/0x550
[ 1413.642115][ T6822]  should_failslab+0xac/0x100
[ 1413.642137][ T6822]  __kmalloc_cache_noprof+0x70/0x390
[ 1413.642158][ T6822]  ? __xdp_reg_mem_model+0x1e3/0x620
[ 1413.642179][ T6822]  __xdp_reg_mem_model+0x1e3/0x620
[ 1413.642200][ T6822]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[ 1413.642227][ T6822]  ? page_pool_create_percpu+0x73b/0xb70
[ 1413.642251][ T6822]  xdp_reg_mem_model+0x22/0x40
[ 1413.642269][ T6822]  bpf_test_run_xdp_live+0x32f/0x2220
[ 1413.642291][ T6822]  ? __pfx_lock_release+0x10/0x10
[ 1413.642320][ T6822]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1413.642340][ T6822]  ? __pfx___might_resched+0x10/0x10
[ 1413.642365][ T6822]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1413.642395][ T6822]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[ 1413.642416][ T6822]  ? synchronize_rcu+0x11b/0x360
[ 1413.642436][ T6822]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1413.642476][ T6822]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[ 1413.642499][ T6822]  ? 0xffffffffa0002114
[ 1413.642535][ T6822]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[ 1413.642574][ T6822]  ? _copy_from_user+0x95/0xb0
[ 1413.642595][ T6822]  ? bpf_test_init+0x137/0x160
[ 1413.642615][ T6822]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1413.642640][ T6822]  bpf_prog_test_run_xdp+0x805/0x11e0
[ 1413.642669][ T6822]  ? __pfx_lock_release+0x10/0x10
[ 1413.642701][ T6822]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1413.642726][ T6822]  ? __fget_files+0x2a/0x410
[ 1413.642752][ T6822]  ? __fget_files+0x2a/0x410
[ 1413.642778][ T6822]  ? fput+0x21b/0x290
[ 1413.642799][ T6822]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1413.642823][ T6822]  bpf_prog_test_run+0x2e4/0x360
[ 1413.642850][ T6822]  __sys_bpf+0x487/0x820
[ 1413.642873][ T6822]  ? __pfx___sys_bpf+0x10/0x10
[ 1413.642907][ T6822]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1413.642933][ T6822]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1413.642957][ T6822]  ? do_syscall_64+0x100/0x230
[ 1413.642982][ T6822]  __x64_sys_bpf+0x7c/0x90
[ 1413.643003][ T6822]  do_syscall_64+0xf3/0x230
[ 1413.643024][ T6822]  ? clear_bhb_loop+0x35/0x90
[ 1413.643048][ T6822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1413.643068][ T6822] RIP: 0033:0x7f8e8a78d169
[ 1413.643083][ T6822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1413.643098][ T6822] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1413.643117][ T6822] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1413.643130][ T6822] RDX: 0000000000000050 RSI: 0000400000000000 RDI: 000000000000000a
[ 1413.643141][ T6822] RBP: 00007f8e8b6bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1413.643152][ T6822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1413.643162][ T6822] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1413.643189][ T6822]  </TASK>
[ 1414.241926][ T6830] syzkaller0: entered promiscuous mode
[ 1414.247737][ T6830] syzkaller0: entered allmulticast mode
[ 1414.262151][ T6834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9263'.
[ 1414.278157][ T6838] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9263'.
[ 1414.399487][ T6845] IPVS: Unknown mcast interface: vcan0
[ 1414.482219][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1414.612902][ T6855] netlink: 'syz.3.9270': attribute type 1 has an invalid length.
[ 1414.691702][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9271'.
[ 1414.919953][ T6867] x_tables: duplicate underflow at hook 2
[ 1415.528888][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1416.564541][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1416.767962][ T6869] gretap0: left promiscuous mode
[ 1416.814347][ T6869] 8021q: adding VLAN 0 to HW filter on device 

[ 1416.828248][ T6869] dummy0: entered promiscuous mode
[ 1416.866428][ T6869] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1416.887923][T15744] lo speed is unknown, defaulting to 1000
[ 1417.285870][ T6895] IPVS: Error connecting to the multicast addr
[ 1417.602089][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1417.641680][ T6913] netlink: 'syz.3.9288': attribute type 1 has an invalid length.
[ 1417.796283][ T6915] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9289'.
[ 1417.830790][ T6915] netlink: 'syz.1.9289': attribute type 21 has an invalid length.
[ 1417.851411][ T6920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1417.890334][ T6915] netlink: 'syz.1.9289': attribute type 1 has an invalid length.
[ 1418.098664][ T6930] netlink: 232 bytes leftover after parsing attributes in process `syz.4.9295'.
[ 1418.458803][ T6940] netlink: 'syz.0.9299': attribute type 1 has an invalid length.
[ 1418.642023][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1419.682113][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1419.987864][ T6995] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[ 1420.065134][ T6995] syz_tun: entered allmulticast mode
[ 1420.094278][ T6995] syz_tun: left allmulticast mode
[ 1420.389777][ T7014] netlink: 52 bytes leftover after parsing attributes in process `syz.0.9324'.
[ 1420.485653][ T7020] IPVS: Unknown mcast interface: vcan0
[ 1420.722027][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1421.114415][ T7035] netlink: 292 bytes leftover after parsing attributes in process `syz.4.9332'.
[ 1421.400021][ T7049] netlink: 'syz.0.9338': attribute type 21 has an invalid length.
[ 1421.431304][ T7049] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9338'.
[ 1421.453555][ T7053] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9338'.
[ 1421.476511][ T7049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9338'.
[ 1421.598317][ T7058] FAULT_INJECTION: forcing a failure.
[ 1421.598317][ T7058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1421.662678][ T7058] CPU: 0 UID: 0 PID: 7058 Comm: syz.2.9341 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1421.662705][ T7058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1421.662716][ T7058] Call Trace:
[ 1421.662723][ T7058]  <TASK>
[ 1421.662731][ T7058]  dump_stack_lvl+0x241/0x360
[ 1421.662758][ T7058]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1421.662778][ T7058]  ? __pfx__printk+0x10/0x10
[ 1421.662798][ T7058]  ? __pfx_lock_release+0x10/0x10
[ 1421.662828][ T7058]  should_fail_ex+0x40a/0x550
[ 1421.662854][ T7058]  _copy_from_user+0x2d/0xb0
[ 1421.662876][ T7058]  sctp_setsockopt+0xcc/0x11c0
[ 1421.662902][ T7058]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1421.662925][ T7058]  do_sock_setsockopt+0x3af/0x720
[ 1421.662949][ T7058]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1421.662971][ T7058]  ? __fget_files+0x395/0x410
[ 1421.662993][ T7058]  ? __fget_files+0x2a/0x410
[ 1421.663023][ T7058]  __x64_sys_setsockopt+0x1ee/0x280
[ 1421.663048][ T7058]  do_syscall_64+0xf3/0x230
[ 1421.663069][ T7058]  ? clear_bhb_loop+0x35/0x90
[ 1421.663093][ T7058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1421.663113][ T7058] RIP: 0033:0x7faadf98d169
[ 1421.663128][ T7058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1421.663142][ T7058] RSP: 002b:00007faae089e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1421.663161][ T7058] RAX: ffffffffffffffda RBX: 00007faadfba5fa0 RCX: 00007faadf98d169
[ 1421.663173][ T7058] RDX: 0000000000000072 RSI: 0000000000000084 RDI: 0000000000000003
[ 1421.663183][ T7058] RBP: 00007faae089e090 R08: 000000000000000c R09: 0000000000000000
[ 1421.663193][ T7058] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000001
[ 1421.663203][ T7058] R13: 0000000000000000 R14: 00007faadfba5fa0 R15: 00007fff8db3f5a8
[ 1421.663231][ T7058]  </TASK>
[ 1421.782132][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1422.217223][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9346'.
[ 1422.259570][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9346'.
[ 1422.300115][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9346'.
[ 1422.510067][ T7081] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !��آ
�D��UD�w�}�zR3��p(@O�>�
[ 1422.802023][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1423.718060][ T7130] netlink: 'syz.3.9365': attribute type 1 has an invalid length.
[ 1423.765955][ T7121] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[ 1423.852027][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1424.035189][ T7142] netlink: 'syz.2.9369': attribute type 1 has an invalid length.
[ 1424.882042][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1424.979235][ T7170] netlink: 292 bytes leftover after parsing attributes in process `syz.4.9381'.
[ 1425.194998][ T7179] netlink: 'syz.3.9385': attribute type 1 has an invalid length.
[ 1425.294259][ T7179] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1425.389670][ T7182] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1425.394213][ T7187] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9386'.
[ 1425.399450][ T7182] bond6: (slave vxcan1): The slave device specified does not support setting the MAC address
[ 1425.462705][ T7182] bond6: (slave vxcan1): Error -95 calling set_mac_address
[ 1425.543192][ T7179] ip6erspan0: entered promiscuous mode
[ 1425.573162][ T7179] bond6: (slave ip6erspan0): making interface the new active one
[ 1425.612860][ T7179] bond6: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1425.613479][ T7201] netlink: 1256 bytes leftover after parsing attributes in process `syz.2.9389'.
[ 1425.702746][ T7190] netlink: 'syz.4.9386': attribute type 2 has an invalid length.
[ 1425.720621][ T7190] netlink: 119 bytes leftover after parsing attributes in process `syz.4.9386'.
[ 1425.866266][ T7212] bridge0: port 1(gretap0) entered blocking state
[ 1425.882121][ T7212] bridge0: port 1(gretap0) entered disabled state
[ 1425.898939][ T7212] gretap0: entered allmulticast mode
[ 1425.909928][ T7212] gretap0: entered promiscuous mode
[ 1425.922106][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1425.940046][ T7212] bridge0: port 1(gretap0) entered blocking state
[ 1425.946598][ T7212] bridge0: port 1(gretap0) entered forwarding state
[ 1425.958275][ T7209] netlink: 'syz.3.9392': attribute type 1 has an invalid length.
[ 1425.975346][ T7214] gretap0: left allmulticast mode
[ 1425.980405][ T7214] gretap0: left promiscuous mode
[ 1425.994449][ T7214] bridge0: port 1(gretap0) entered disabled state
[ 1426.496352][ T7229] lo speed is unknown, defaulting to 1000
[ 1426.515750][ T7229] lo speed is unknown, defaulting to 1000
[ 1426.525083][ T7229] virt_wifi0 speed is unknown, defaulting to 1000
[ 1426.868687][ T7242] bridge0: port 1(gretap0) entered blocking state
[ 1426.881211][ T7242] bridge0: port 1(gretap0) entered disabled state
[ 1426.904376][ T7242] gretap0: entered allmulticast mode
[ 1426.924884][ T7242] gretap0: entered promiscuous mode
[ 1426.940776][ T7250] netlink: 60 bytes leftover after parsing attributes in process `syz.2.9404'.
[ 1426.960340][ T7248] gretap0: left allmulticast mode
[ 1426.968111][ T7248] gretap0: left promiscuous mode
[ 1426.972093][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1426.985652][ T7248] bridge0: port 1(gretap0) entered disabled state
[ 1427.042282][ T7246] netlink: 60 bytes leftover after parsing attributes in process `syz.2.9404'.
[ 1427.314755][ T7229] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9399'.
[ 1427.465737][ T7263] netlink: 'syz.2.9408': attribute type 11 has an invalid length.
[ 1427.510552][ T7262] netlink: 188 bytes leftover after parsing attributes in process `syz.1.9409'.
[ 1427.638486][ T7266] netlink: 'syz.0.9410': attribute type 1 has an invalid length.
[ 1427.737304][ T7271] netlink: 'syz.1.9411': attribute type 1 has an invalid length.
[ 1427.786256][ T7273] bridge0: port 1(gretap0) entered blocking state
[ 1427.795696][ T7273] bridge0: port 1(gretap0) entered disabled state
[ 1427.816050][ T7273] gretap0: entered allmulticast mode
[ 1427.826062][ T7276] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9413'.
[ 1427.835905][ T7273] gretap0: entered promiscuous mode
[ 1427.848970][ T7273] bridge0: port 1(gretap0) entered blocking state
[ 1427.855513][ T7273] bridge0: port 1(gretap0) entered forwarding state
[ 1427.886743][ T7277] gretap0: left allmulticast mode
[ 1427.904182][ T7277] gretap0: left promiscuous mode
[ 1427.910053][ T7276] netlink: ct family unspecified
[ 1427.912386][ T7277] bridge0: port 1(gretap0) entered disabled state
[ 1427.915214][ T7276] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1427.940771][ T7276] netlink: 'syz.3.9413': attribute type 21 has an invalid length.
[ 1427.959776][ T7276] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9413'.
[ 1428.002022][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1428.158653][ T7295] FAULT_INJECTION: forcing a failure.
[ 1428.158653][ T7295] name failslab, interval 1, probability 0, space 0, times 0
[ 1428.208281][ T7295] CPU: 1 UID: 0 PID: 7295 Comm: syz.3.9419 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1428.208309][ T7295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1428.208321][ T7295] Call Trace:
[ 1428.208327][ T7295]  <TASK>
[ 1428.208335][ T7295]  dump_stack_lvl+0x241/0x360
[ 1428.208362][ T7295]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1428.208381][ T7295]  ? __pfx__printk+0x10/0x10
[ 1428.208406][ T7295]  ? ref_tracker_alloc+0x332/0x490
[ 1428.208427][ T7295]  should_fail_ex+0x40a/0x550
[ 1428.208456][ T7295]  should_failslab+0xac/0x100
[ 1428.208478][ T7295]  ? skb_clone+0x20c/0x390
[ 1428.208497][ T7295]  kmem_cache_alloc_noprof+0x70/0x380
[ 1428.208525][ T7295]  skb_clone+0x20c/0x390
[ 1428.208548][ T7295]  __netlink_deliver_tap+0x3c4/0x7f0
[ 1428.208583][ T7295]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1428.208604][ T7295]  netlink_deliver_tap+0x19d/0x1b0
[ 1428.208627][ T7295]  netlink_sendskb+0x68/0x140
[ 1428.208650][ T7295]  netlink_unicast+0x39d/0x990
[ 1428.208669][ T7295]  ? __asan_memcpy+0x40/0x70
[ 1428.208695][ T7295]  ? __pfx_netlink_unicast+0x10/0x10
[ 1428.208732][ T7295]  netlink_rcv_skb+0x294/0x480
[ 1428.208756][ T7295]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1428.208781][ T7295]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1428.208827][ T7295]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1428.208850][ T7295]  netlink_unicast+0x7f6/0x990
[ 1428.208880][ T7295]  ? __pfx_netlink_unicast+0x10/0x10
[ 1428.208898][ T7295]  ? __virt_addr_valid+0x45f/0x530
[ 1428.208917][ T7295]  ? __phys_addr_symbol+0x2f/0x70
[ 1428.208932][ T7295]  ? __check_object_size+0x47a/0x730
[ 1428.208959][ T7295]  netlink_sendmsg+0x8de/0xcb0
[ 1428.208995][ T7295]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1428.209022][ T7295]  ? aa_sock_msg_perm+0x91/0x160
[ 1428.209052][ T7295]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1428.209072][ T7295]  __sock_sendmsg+0x221/0x270
[ 1428.209098][ T7295]  ____sys_sendmsg+0x53a/0x860
[ 1428.209126][ T7295]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1428.209143][ T7295]  ? __fget_files+0x2a/0x410
[ 1428.209168][ T7295]  ? __fget_files+0x2a/0x410
[ 1428.209199][ T7295]  __sys_sendmsg+0x269/0x350
[ 1428.209224][ T7295]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1428.209257][ T7295]  ? do_sys_openat2+0x17a/0x1d0
[ 1428.209307][ T7295]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1428.209332][ T7295]  ? do_syscall_64+0x100/0x230
[ 1428.209357][ T7295]  ? do_syscall_64+0xb6/0x230
[ 1428.209380][ T7295]  do_syscall_64+0xf3/0x230
[ 1428.209400][ T7295]  ? clear_bhb_loop+0x35/0x90
[ 1428.209424][ T7295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1428.209444][ T7295] RIP: 0033:0x7fb9a1f8d169
[ 1428.209459][ T7295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1428.209474][ T7295] RSP: 002b:00007fb99fdf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1428.209493][ T7295] RAX: ffffffffffffffda RBX: 00007fb9a21a6080 RCX: 00007fb9a1f8d169
[ 1428.209505][ T7295] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000009
[ 1428.209516][ T7295] RBP: 00007fb99fdf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1428.209527][ T7295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1428.209538][ T7295] R13: 0000000000000000 R14: 00007fb9a21a6080 R15: 00007fffa9f0a968
[ 1428.209567][ T7295]  </TASK>
[ 1428.806282][ T7314] bridge0: port 1(gretap0) entered blocking state
[ 1428.812957][ T7314] bridge0: port 1(gretap0) entered disabled state
[ 1428.819574][ T7314] gretap0: entered allmulticast mode
[ 1428.827552][ T7314] gretap0: entered promiscuous mode
[ 1428.833493][ T7314] bridge0: port 1(gretap0) entered blocking state
[ 1428.839985][ T7314] bridge0: port 1(gretap0) entered forwarding state
[ 1428.849437][ T7314] gretap0: left allmulticast mode
[ 1428.854570][ T7314] gretap0: left promiscuous mode
[ 1428.859685][ T7314] bridge0: port 1(gretap0) entered disabled state
[ 1429.042353][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1429.162755][ T7330] 

: renamed from bond_slave_0
[ 1429.433791][ T7339] netlink: 'syz.3.9436': attribute type 1 has an invalid length.
[ 1429.450776][ T7339] netlink: 'syz.3.9436': attribute type 2 has an invalid length.
[ 1429.832429][ T7358] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1429.886224][ T7362] sctp: [Deprecated]: syz.4.9447 (pid 7362) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1429.886224][ T7362] Use struct sctp_sack_info instead
[ 1429.957208][ T7362] netlink: 'syz.4.9447': attribute type 4 has an invalid length.
[ 1430.082067][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1430.140944][ T7370] netlink: 'syz.1.9452': attribute type 1 has an invalid length.
[ 1430.160073][ T7370] netlink: 'syz.1.9452': attribute type 2 has an invalid length.
[ 1430.670621][ T7400] FAULT_INJECTION: forcing a failure.
[ 1430.670621][ T7400] name failslab, interval 1, probability 0, space 0, times 0
[ 1430.708702][ T7400] CPU: 1 UID: 0 PID: 7400 Comm: syz.1.9463 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1430.708727][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1430.708739][ T7400] Call Trace:
[ 1430.708746][ T7400]  <TASK>
[ 1430.708753][ T7400]  dump_stack_lvl+0x241/0x360
[ 1430.708780][ T7400]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1430.708798][ T7400]  ? __pfx__printk+0x10/0x10
[ 1430.708818][ T7400]  ? __kmalloc_node_noprof+0xb9/0x4d0
[ 1430.708841][ T7400]  ? __pfx___might_resched+0x10/0x10
[ 1430.708859][ T7400]  ? rcu_is_watching+0x15/0xb0
[ 1430.708881][ T7400]  should_fail_ex+0x40a/0x550
[ 1430.708909][ T7400]  should_failslab+0xac/0x100
[ 1430.708933][ T7400]  __kmalloc_node_noprof+0xe1/0x4d0
[ 1430.708954][ T7400]  ? __kvmalloc_node_noprof+0x72/0x190
[ 1430.708977][ T7400]  ? seq_read_iter+0xb4/0xd70
[ 1430.709000][ T7400]  __kvmalloc_node_noprof+0x72/0x190
[ 1430.709025][ T7400]  traverse+0xd6/0x550
[ 1430.709055][ T7400]  seq_read_iter+0xc8c/0xd70
[ 1430.709073][ T7400]  ? __pfx_aa_file_perm+0x10/0x10
[ 1430.709097][ T7400]  ? kernfs_fop_read_iter+0x142/0x640
[ 1430.709125][ T7400]  do_iter_readv_writev+0x71a/0x9d0
[ 1430.709152][ T7400]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1430.709181][ T7400]  ? rw_verify_area+0x243/0x630
[ 1430.709204][ T7400]  vfs_readv+0x2b3/0xa80
[ 1430.709238][ T7400]  ? __pfx_vfs_readv+0x10/0x10
[ 1430.709257][ T7400]  ? vfs_write+0x7fa/0xd10
[ 1430.709291][ T7400]  ? __fget_files+0x2a/0x410
[ 1430.709316][ T7400]  ? __fget_files+0x395/0x410
[ 1430.709336][ T7400]  ? __fget_files+0x2a/0x410
[ 1430.709368][ T7400]  __x64_sys_preadv+0x1b7/0x2d0
[ 1430.709391][ T7400]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 1430.709411][ T7400]  ? do_syscall_64+0x100/0x230
[ 1430.709436][ T7400]  ? do_syscall_64+0xb6/0x230
[ 1430.709457][ T7400]  do_syscall_64+0xf3/0x230
[ 1430.709483][ T7400]  ? clear_bhb_loop+0x35/0x90
[ 1430.709508][ T7400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1430.709528][ T7400] RIP: 0033:0x7f8e8a78d169
[ 1430.709543][ T7400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1430.709558][ T7400] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1430.709576][ T7400] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1430.709588][ T7400] RDX: 0000000000000001 RSI: 00004000000039c0 RDI: 0000000000000005
[ 1430.709598][ T7400] RBP: 00007f8e8b6bd090 R08: 0000000000000003 R09: 0000000000000000
[ 1430.709608][ T7400] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[ 1430.709618][ T7400] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1430.709646][ T7400]  </TASK>
[ 1430.750127][ T7405] __nla_validate_parse: 6 callbacks suppressed
[ 1430.750144][ T7405] netlink: 60 bytes leftover after parsing attributes in process `syz.2.9460'.
[ 1430.991846][ T7402] netlink: 60 bytes leftover after parsing attributes in process `syz.2.9460'.
[ 1431.084271][ T7417] lo speed is unknown, defaulting to 1000
[ 1431.095943][ T7417] lo speed is unknown, defaulting to 1000
[ 1431.113061][ T7417] virt_wifi0 speed is unknown, defaulting to 1000
[ 1431.122148][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1431.291450][ T7429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9471'.
[ 1431.323733][ T7429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9471'.
[ 1431.355504][ T7429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9471'.
[ 1431.492469][ T7438] gretap0: left allmulticast mode
[ 1431.497515][ T7438] gretap0: left promiscuous mode
[ 1431.532343][ T7438] bridge0: port 1(gretap0) entered disabled state
[ 1431.745200][ T7453] netlink: 48 bytes leftover after parsing attributes in process `syz.3.9478'.
[ 1431.829166][ T7456] lo speed is unknown, defaulting to 1000
[ 1431.843457][ T7456] lo speed is unknown, defaulting to 1000
[ 1431.851385][ T7456] virt_wifi0 speed is unknown, defaulting to 1000
[ 1432.002293][ T7459] netlink: 'syz.4.9481': attribute type 2 has an invalid length.
[ 1432.021830][ T7459] netlink: 'syz.4.9481': attribute type 8 has an invalid length.
[ 1432.042112][ T7459] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9481'.
[ 1432.162088][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1432.594876][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9487'.
[ 1432.888037][ T7500] FAULT_INJECTION: forcing a failure.
[ 1432.888037][ T7500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1432.942065][ T7500] CPU: 1 UID: 0 PID: 7500 Comm: syz.3.9489 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1432.942091][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1432.942102][ T7500] Call Trace:
[ 1432.942109][ T7500]  <TASK>
[ 1432.942116][ T7500]  dump_stack_lvl+0x241/0x360
[ 1432.942143][ T7500]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1432.942161][ T7500]  ? __pfx__printk+0x10/0x10
[ 1432.942181][ T7500]  ? __pfx_lock_release+0x10/0x10
[ 1432.942201][ T7500]  ? __mutex_trylock_common+0x183/0x2e0
[ 1432.942234][ T7500]  should_fail_ex+0x40a/0x550
[ 1432.942264][ T7500]  _copy_from_iter+0x1df/0x1c40
[ 1432.942290][ T7500]  ? __pfx_lock_release+0x10/0x10
[ 1432.942320][ T7500]  ? __pfx__copy_from_iter+0x10/0x10
[ 1432.942340][ T7500]  ? __pfx___mutex_lock+0x10/0x10
[ 1432.942363][ T7500]  ? aa_file_perm+0x137/0xf50
[ 1432.942385][ T7500]  ? page_copy_sane+0x46/0x260
[ 1432.942408][ T7500]  copy_page_from_iter+0x7a/0x100
[ 1432.942431][ T7500]  pipe_write+0x15dd/0x1950
[ 1432.942480][ T7500]  ? __pfx_pipe_write+0x10/0x10
[ 1432.942501][ T7500]  ? common_file_perm+0x1a6/0x210
[ 1432.942528][ T7500]  ? bpf_lsm_file_permission+0x9/0x10
[ 1432.942559][ T7500]  vfs_write+0xacf/0xd10
[ 1432.942582][ T7500]  ? __pfx_pipe_write+0x10/0x10
[ 1432.942603][ T7500]  ? __pfx_vfs_write+0x10/0x10
[ 1432.942619][ T7500]  ? do_sys_openat2+0x17a/0x1d0
[ 1432.942644][ T7500]  ? __fget_files+0x2a/0x410
[ 1432.942671][ T7500]  ? __fget_files+0x2a/0x410
[ 1432.942703][ T7500]  ksys_write+0x18f/0x2b0
[ 1432.942723][ T7500]  ? __pfx_ksys_write+0x10/0x10
[ 1432.942743][ T7500]  ? do_syscall_64+0x100/0x230
[ 1432.942767][ T7500]  ? do_syscall_64+0xb6/0x230
[ 1432.942791][ T7500]  do_syscall_64+0xf3/0x230
[ 1432.942811][ T7500]  ? clear_bhb_loop+0x35/0x90
[ 1432.942835][ T7500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1432.942855][ T7500] RIP: 0033:0x7fb9a1f8d169
[ 1432.942871][ T7500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1432.942885][ T7500] RSP: 002b:00007fb9a2d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1432.942903][ T7500] RAX: ffffffffffffffda RBX: 00007fb9a21a5fa0 RCX: 00007fb9a1f8d169
[ 1432.942916][ T7500] RDX: 0000000000000001 RSI: 0000400000003300 RDI: 0000000000000007
[ 1432.942927][ T7500] RBP: 00007fb9a2d0f090 R08: 0000000000000000 R09: 0000000000000000
[ 1432.942938][ T7500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1432.942948][ T7500] R13: 0000000000000000 R14: 00007fb9a21a5fa0 R15: 00007fffa9f0a968
[ 1432.942977][ T7500]  </TASK>
[ 1433.212046][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1433.276129][ T7509] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9494'.
[ 1433.474867][ T7521] lo speed is unknown, defaulting to 1000
[ 1433.481559][ T7521] lo speed is unknown, defaulting to 1000
[ 1433.491024][ T7521] virt_wifi0 speed is unknown, defaulting to 1000
[ 1433.563610][ T7527] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9498'.
[ 1433.853370][ T7530] FAULT_INJECTION: forcing a failure.
[ 1433.853370][ T7530] name failslab, interval 1, probability 0, space 0, times 0
[ 1433.868629][ T7530] CPU: 0 UID: 0 PID: 7530 Comm: syz.1.9499 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1433.868653][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1433.868663][ T7530] Call Trace:
[ 1433.868670][ T7530]  <TASK>
[ 1433.868678][ T7530]  dump_stack_lvl+0x241/0x360
[ 1433.868704][ T7530]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1433.868723][ T7530]  ? __pfx__printk+0x10/0x10
[ 1433.868747][ T7530]  ? ref_tracker_alloc+0x332/0x490
[ 1433.868770][ T7530]  should_fail_ex+0x40a/0x550
[ 1433.868799][ T7530]  should_failslab+0xac/0x100
[ 1433.868822][ T7530]  ? skb_clone+0x20c/0x390
[ 1433.868840][ T7530]  kmem_cache_alloc_noprof+0x70/0x380
[ 1433.868867][ T7530]  skb_clone+0x20c/0x390
[ 1433.868898][ T7530]  __netlink_deliver_tap+0x3c4/0x7f0
[ 1433.868934][ T7530]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1433.868955][ T7530]  netlink_deliver_tap+0x19d/0x1b0
[ 1433.868979][ T7530]  __netlink_sendskb+0x60/0xd0
[ 1433.869001][ T7530]  netlink_dump+0x9f0/0xe10
[ 1433.869037][ T7530]  ? __pfx_netlink_dump+0x10/0x10
[ 1433.869076][ T7530]  ? __pfx_lock_acquire+0x10/0x10
[ 1433.869110][ T7530]  __netlink_dump_start+0x5a2/0x790
[ 1433.869140][ T7530]  ? __pfx_rtnl_dump_all+0x10/0x10
[ 1433.869163][ T7530]  rtnetlink_rcv_msg+0xb3d/0xcf0
[ 1433.869193][ T7530]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1433.869216][ T7530]  ? __pfx_rtnl_dumpit+0x10/0x10
[ 1433.869238][ T7530]  ? __pfx_rtnl_dump_all+0x10/0x10
[ 1433.869267][ T7530]  ? ref_tracker_free+0x643/0x7e0
[ 1433.869292][ T7530]  netlink_rcv_skb+0x206/0x480
[ 1433.869316][ T7530]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1433.869341][ T7530]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1433.869389][ T7530]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1433.869414][ T7530]  netlink_unicast+0x7f6/0x990
[ 1433.869445][ T7530]  ? __pfx_netlink_unicast+0x10/0x10
[ 1433.869464][ T7530]  ? __virt_addr_valid+0x45f/0x530
[ 1433.869481][ T7530]  ? __phys_addr_symbol+0x2f/0x70
[ 1433.869497][ T7530]  ? __check_object_size+0x47a/0x730
[ 1433.869525][ T7530]  netlink_sendmsg+0x8de/0xcb0
[ 1433.869561][ T7530]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1433.869588][ T7530]  ? aa_sock_msg_perm+0x91/0x160
[ 1433.869618][ T7530]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1433.869639][ T7530]  __sock_sendmsg+0x221/0x270
[ 1433.869665][ T7530]  ____sys_sendmsg+0x53a/0x860
[ 1433.869697][ T7530]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1433.869715][ T7530]  ? __fget_files+0x2a/0x410
[ 1433.869742][ T7530]  ? __fget_files+0x2a/0x410
[ 1433.869774][ T7530]  __sys_sendmsg+0x269/0x350
[ 1433.869800][ T7530]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1433.869832][ T7530]  ? do_sys_openat2+0x17a/0x1d0
[ 1433.869891][ T7530]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1433.869915][ T7530]  ? do_syscall_64+0x100/0x230
[ 1433.869940][ T7530]  ? do_syscall_64+0xb6/0x230
[ 1433.869963][ T7530]  do_syscall_64+0xf3/0x230
[ 1433.869984][ T7530]  ? clear_bhb_loop+0x35/0x90
[ 1433.870008][ T7530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1433.870028][ T7530] RIP: 0033:0x7f8e8a78d169
[ 1433.870044][ T7530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1433.870058][ T7530] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1433.870077][ T7530] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1433.870090][ T7530] RDX: 0000000000000000 RSI: 0000400000000140 RDI: 0000000000000003
[ 1433.870099][ T7530] RBP: 00007f8e8b6bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1433.870110][ T7530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1433.870121][ T7530] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1433.870149][ T7530]  </TASK>
[ 1435.773144][ T7620] FAULT_INJECTION: forcing a failure.
[ 1435.773144][ T7620] name failslab, interval 1, probability 0, space 0, times 0
[ 1435.863124][ T7620] CPU: 0 UID: 0 PID: 7620 Comm: syz.4.9538 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1435.863151][ T7620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1435.863162][ T7620] Call Trace:
[ 1435.863168][ T7620]  <TASK>
[ 1435.863176][ T7620]  dump_stack_lvl+0x241/0x360
[ 1435.863202][ T7620]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1435.863220][ T7620]  ? __pfx__printk+0x10/0x10
[ 1435.863239][ T7620]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[ 1435.863264][ T7620]  ? __pfx___might_resched+0x10/0x10
[ 1435.863289][ T7620]  should_fail_ex+0x40a/0x550
[ 1435.863316][ T7620]  should_failslab+0xac/0x100
[ 1435.863338][ T7620]  kmem_cache_alloc_node_noprof+0x77/0x380
[ 1435.863357][ T7620]  ? __alloc_skb+0x1c3/0x440
[ 1435.863373][ T7620]  ? validate_chain+0x11e/0x5920
[ 1435.863393][ T7620]  __alloc_skb+0x1c3/0x440
[ 1435.863414][ T7620]  ? __pfx___alloc_skb+0x10/0x10
[ 1435.863437][ T7620]  ? __lock_acquire+0x1397/0x2100
[ 1435.863462][ T7620]  alloc_skb_with_frags+0xc3/0x820
[ 1435.863480][ T7620]  ? validate_chain+0x11e/0x5920
[ 1435.863509][ T7620]  sock_alloc_send_pskb+0x91a/0xa60
[ 1435.863547][ T7620]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1435.863582][ T7620]  unix_dgram_sendmsg+0x5e8/0x1df0
[ 1435.863621][ T7620]  ? aa_sk_perm+0x96d/0xab0
[ 1435.863648][ T7620]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1435.863674][ T7620]  ? __import_iovec+0x3bf/0x830
[ 1435.863706][ T7620]  ? aa_sock_msg_perm+0x91/0x160
[ 1435.863735][ T7620]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1435.863754][ T7620]  __sock_sendmsg+0x221/0x270
[ 1435.863779][ T7620]  ____sys_sendmsg+0x53a/0x860
[ 1435.863806][ T7620]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1435.863831][ T7620]  ? __sys_sendmmsg+0x392/0x720
[ 1435.863850][ T7620]  ? __might_fault+0xaa/0x120
[ 1435.863870][ T7620]  __sys_sendmmsg+0x36a/0x720
[ 1435.863898][ T7620]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1435.863927][ T7620]  ? __pfx_lock_release+0x10/0x10
[ 1435.863946][ T7620]  ? kstrtouint_from_user+0x128/0x190
[ 1435.863986][ T7620]  ? ksys_write+0x22a/0x2b0
[ 1435.864005][ T7620]  ? __pfx_lock_release+0x10/0x10
[ 1435.864031][ T7620]  ? sb_end_write+0xe9/0x1c0
[ 1435.864053][ T7620]  ? vfs_write+0x7fa/0xd10
[ 1435.864073][ T7620]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1435.864121][ T7620]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1435.864146][ T7620]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1435.864169][ T7620]  ? do_syscall_64+0x100/0x230
[ 1435.864193][ T7620]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1435.864214][ T7620]  do_syscall_64+0xf3/0x230
[ 1435.864234][ T7620]  ? clear_bhb_loop+0x35/0x90
[ 1435.864256][ T7620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1435.864275][ T7620] RIP: 0033:0x7f3e4858d169
[ 1435.864290][ T7620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1435.864304][ T7620] RSP: 002b:00007f3e49394038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1435.864322][ T7620] RAX: ffffffffffffffda RBX: 00007f3e487a5fa0 RCX: 00007f3e4858d169
[ 1435.864334][ T7620] RDX: 0000000000000318 RSI: 00004000000bd000 RDI: 0000000000000004
[ 1435.864345][ T7620] RBP: 00007f3e49394090 R08: 0000000000000000 R09: 0000000000000000
[ 1435.864354][ T7620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1435.864363][ T7620] R13: 0000000000000000 R14: 00007f3e487a5fa0 R15: 00007ffe8ec33c18
[ 1435.864390][ T7620]  </TASK>
[ 1436.390760][ T7644] __nla_validate_parse: 11 callbacks suppressed
[ 1436.390780][ T7644] netlink: 232 bytes leftover after parsing attributes in process `syz.3.9544'.
[ 1436.687123][ T7657] netlink: 'syz.0.9549': attribute type 1 has an invalid length.
[ 1436.821204][ T7668] netlink: 72 bytes leftover after parsing attributes in process `syz.1.9554'.
[ 1436.898055][ T7672] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1437.099155][ T7689] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9560'.
[ 1437.135740][ T7682] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9560'.
[ 1437.337907][ T7696] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9564'.
[ 1437.348452][ T7697] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9564'.
[ 1437.978596][ T7725] netlink: 292 bytes leftover after parsing attributes in process `syz.3.9573'.
[ 1438.058071][ T7727] netlink: 'syz.0.9574': attribute type 1 has an invalid length.
[ 1438.169191][ T7734] FAULT_INJECTION: forcing a failure.
[ 1438.169191][ T7734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1438.218896][ T7734] CPU: 1 UID: 0 PID: 7734 Comm: syz.1.9576 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1438.218922][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1438.218933][ T7734] Call Trace:
[ 1438.218940][ T7734]  <TASK>
[ 1438.218947][ T7734]  dump_stack_lvl+0x241/0x360
[ 1438.218974][ T7734]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1438.218993][ T7734]  ? __pfx__printk+0x10/0x10
[ 1438.219013][ T7734]  ? __pfx_lock_release+0x10/0x10
[ 1438.219046][ T7734]  should_fail_ex+0x40a/0x550
[ 1438.219074][ T7734]  _copy_to_iter+0x1df/0x1c40
[ 1438.219094][ T7734]  ? __virt_addr_valid+0x183/0x530
[ 1438.219113][ T7734]  ? __pfx_lock_release+0x10/0x10
[ 1438.219142][ T7734]  ? kernfs_seq_stop+0x17b/0x200
[ 1438.219162][ T7734]  ? __pfx__copy_to_iter+0x10/0x10
[ 1438.219183][ T7734]  ? __virt_addr_valid+0x183/0x530
[ 1438.219199][ T7734]  ? __virt_addr_valid+0x183/0x530
[ 1438.219214][ T7734]  ? __virt_addr_valid+0x45f/0x530
[ 1438.219231][ T7734]  ? __phys_addr_symbol+0x2f/0x70
[ 1438.219254][ T7734]  seq_read_iter+0x2e2/0xd70
[ 1438.219274][ T7734]  ? __pfx_aa_file_perm+0x10/0x10
[ 1438.219298][ T7734]  ? kernfs_fop_read_iter+0x142/0x640
[ 1438.219324][ T7734]  do_iter_readv_writev+0x71a/0x9d0
[ 1438.219351][ T7734]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1438.219380][ T7734]  ? rw_verify_area+0x243/0x630
[ 1438.219402][ T7734]  vfs_readv+0x2b3/0xa80
[ 1438.219435][ T7734]  ? __pfx_vfs_readv+0x10/0x10
[ 1438.219455][ T7734]  ? vfs_write+0x7fa/0xd10
[ 1438.219495][ T7734]  ? __fget_files+0x2a/0x410
[ 1438.219520][ T7734]  ? __fget_files+0x395/0x410
[ 1438.219540][ T7734]  ? __fget_files+0x2a/0x410
[ 1438.219572][ T7734]  __x64_sys_preadv+0x1b7/0x2d0
[ 1438.219594][ T7734]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 1438.219615][ T7734]  ? do_syscall_64+0x100/0x230
[ 1438.219638][ T7734]  ? do_syscall_64+0xb6/0x230
[ 1438.219661][ T7734]  do_syscall_64+0xf3/0x230
[ 1438.219681][ T7734]  ? clear_bhb_loop+0x35/0x90
[ 1438.219706][ T7734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.219725][ T7734] RIP: 0033:0x7f8e8a78d169
[ 1438.219741][ T7734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1438.219755][ T7734] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1438.219774][ T7734] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1438.219786][ T7734] RDX: 0000000000000001 RSI: 00004000000039c0 RDI: 0000000000000005
[ 1438.219798][ T7734] RBP: 00007f8e8b6bd090 R08: 0000000000000003 R09: 0000000000000000
[ 1438.219808][ T7734] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[ 1438.219818][ T7734] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1438.219846][ T7734]  </TASK>
[ 1438.531548][ T7738] vlan5: entered promiscuous mode
[ 1438.538667][ T7738] hsr0: entered promiscuous mode
[ 1438.668485][ T7743] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.9580'.
[ 1438.730870][ T7740] lo speed is unknown, defaulting to 1000
[ 1438.794217][ T7740] lo speed is unknown, defaulting to 1000
[ 1438.834043][ T7740] virt_wifi0 speed is unknown, defaulting to 1000
[ 1438.899007][ T7748] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9582'.
[ 1439.214723][ T7757] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9585'.
[ 1439.392072][ T7765] FAULT_INJECTION: forcing a failure.
[ 1439.392072][ T7765] name failslab, interval 1, probability 0, space 0, times 0
[ 1439.408073][ T7766] FAULT_INJECTION: forcing a failure.
[ 1439.408073][ T7766] name failslab, interval 1, probability 0, space 0, times 0
[ 1439.435886][ T7765] CPU: 1 UID: 0 PID: 7765 Comm: syz.4.9588 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1439.435910][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1439.435922][ T7765] Call Trace:
[ 1439.435928][ T7765]  <TASK>
[ 1439.435936][ T7765]  dump_stack_lvl+0x241/0x360
[ 1439.435963][ T7765]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1439.435982][ T7765]  ? __pfx__printk+0x10/0x10
[ 1439.436014][ T7765]  should_fail_ex+0x40a/0x550
[ 1439.436045][ T7765]  should_failslab+0xac/0x100
[ 1439.436068][ T7765]  ? skb_clone+0x20c/0x390
[ 1439.436086][ T7765]  kmem_cache_alloc_noprof+0x70/0x380
[ 1439.436114][ T7765]  skb_clone+0x20c/0x390
[ 1439.436138][ T7765]  __netlink_deliver_tap+0x3c4/0x7f0
[ 1439.436173][ T7765]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1439.436194][ T7765]  netlink_deliver_tap+0x19d/0x1b0
[ 1439.436219][ T7765]  netlink_unicast+0x7c4/0x990
[ 1439.436249][ T7765]  ? __pfx_netlink_unicast+0x10/0x10
[ 1439.436268][ T7765]  ? __virt_addr_valid+0x45f/0x530
[ 1439.436285][ T7765]  ? __phys_addr_symbol+0x2f/0x70
[ 1439.436314][ T7765]  ? __check_object_size+0x47a/0x730
[ 1439.436341][ T7765]  netlink_sendmsg+0x8de/0xcb0
[ 1439.436376][ T7765]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1439.436404][ T7765]  ? aa_sock_msg_perm+0x91/0x160
[ 1439.436433][ T7765]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1439.436455][ T7765]  __sock_sendmsg+0x221/0x270
[ 1439.436481][ T7765]  ____sys_sendmsg+0x53a/0x860
[ 1439.436510][ T7765]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1439.436527][ T7765]  ? __fget_files+0x2a/0x410
[ 1439.436554][ T7765]  ? __fget_files+0x2a/0x410
[ 1439.436592][ T7765]  __sys_sendmsg+0x269/0x350
[ 1439.436618][ T7765]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1439.436651][ T7765]  ? do_sys_openat2+0x17a/0x1d0
[ 1439.436701][ T7765]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1439.436727][ T7765]  ? do_syscall_64+0x100/0x230
[ 1439.436752][ T7765]  ? do_syscall_64+0xb6/0x230
[ 1439.436775][ T7765]  do_syscall_64+0xf3/0x230
[ 1439.436796][ T7765]  ? clear_bhb_loop+0x35/0x90
[ 1439.436824][ T7765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1439.436845][ T7765] RIP: 0033:0x7f3e4858d169
[ 1439.436860][ T7765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1439.436876][ T7765] RSP: 002b:00007f3e49394038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1439.436895][ T7765] RAX: ffffffffffffffda RBX: 00007f3e487a5fa0 RCX: 00007f3e4858d169
[ 1439.436907][ T7765] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003
[ 1439.436918][ T7765] RBP: 00007f3e49394090 R08: 0000000000000000 R09: 0000000000000000
[ 1439.436929][ T7765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1439.436940][ T7765] R13: 0000000000000000 R14: 00007f3e487a5fa0 R15: 00007ffe8ec33c18
[ 1439.436969][ T7765]  </TASK>
[ 1439.713198][ T7766] CPU: 0 UID: 0 PID: 7766 Comm: syz.0.9589 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1439.713224][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1439.713235][ T7766] Call Trace:
[ 1439.713242][ T7766]  <TASK>
[ 1439.713250][ T7766]  dump_stack_lvl+0x241/0x360
[ 1439.713275][ T7766]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1439.713299][ T7766]  ? __pfx__printk+0x10/0x10
[ 1439.713319][ T7766]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[ 1439.713343][ T7766]  ? __pfx___might_resched+0x10/0x10
[ 1439.713369][ T7766]  should_fail_ex+0x40a/0x550
[ 1439.713396][ T7766]  should_failslab+0xac/0x100
[ 1439.713419][ T7766]  kmem_cache_alloc_node_noprof+0x77/0x380
[ 1439.713440][ T7766]  ? __alloc_skb+0x1c3/0x440
[ 1439.713456][ T7766]  ? validate_chain+0x11e/0x5920
[ 1439.713477][ T7766]  __alloc_skb+0x1c3/0x440
[ 1439.713500][ T7766]  ? __pfx___alloc_skb+0x10/0x10
[ 1439.713522][ T7766]  ? __lock_acquire+0x1397/0x2100
[ 1439.713548][ T7766]  alloc_skb_with_frags+0xc3/0x820
[ 1439.713567][ T7766]  ? validate_chain+0x11e/0x5920
[ 1439.713597][ T7766]  sock_alloc_send_pskb+0x91a/0xa60
[ 1439.713636][ T7766]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1439.713674][ T7766]  unix_dgram_sendmsg+0x5e8/0x1df0
[ 1439.713712][ T7766]  ? aa_sk_perm+0x96d/0xab0
[ 1439.713739][ T7766]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1439.713765][ T7766]  ? __import_iovec+0x3bf/0x830
[ 1439.713787][ T7766]  ? aa_sock_msg_perm+0x91/0x160
[ 1439.713815][ T7766]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1439.713836][ T7766]  __sock_sendmsg+0x221/0x270
[ 1439.713862][ T7766]  ____sys_sendmsg+0x53a/0x860
[ 1439.713890][ T7766]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1439.713915][ T7766]  ? __sys_sendmmsg+0x392/0x720
[ 1439.713934][ T7766]  ? __might_fault+0xaa/0x120
[ 1439.713956][ T7766]  __sys_sendmmsg+0x36a/0x720
[ 1439.713987][ T7766]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1439.714019][ T7766]  ? __pfx_lock_release+0x10/0x10
[ 1439.714039][ T7766]  ? kstrtouint_from_user+0x128/0x190
[ 1439.714081][ T7766]  ? ksys_write+0x22a/0x2b0
[ 1439.714100][ T7766]  ? __pfx_lock_release+0x10/0x10
[ 1439.714128][ T7766]  ? sb_end_write+0xe9/0x1c0
[ 1439.714150][ T7766]  ? vfs_write+0x7fa/0xd10
[ 1439.714170][ T7766]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1439.714218][ T7766]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1439.714244][ T7766]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1439.714268][ T7766]  ? do_syscall_64+0x100/0x230
[ 1439.714297][ T7766]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1439.714319][ T7766]  do_syscall_64+0xf3/0x230
[ 1439.714338][ T7766]  ? clear_bhb_loop+0x35/0x90
[ 1439.714362][ T7766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1439.714382][ T7766] RIP: 0033:0x7f6c0278d169
[ 1439.714399][ T7766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1439.714413][ T7766] RSP: 002b:00007f6c035b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1439.714432][ T7766] RAX: ffffffffffffffda RBX: 00007f6c029a5fa0 RCX: 00007f6c0278d169
[ 1439.714445][ T7766] RDX: 0000000000000318 RSI: 00004000000bd000 RDI: 0000000000000004
[ 1439.714456][ T7766] RBP: 00007f6c035b1090 R08: 0000000000000000 R09: 0000000000000000
[ 1439.714467][ T7766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1439.714477][ T7766] R13: 0000000000000000 R14: 00007f6c029a5fa0 R15: 00007ffc820c3b78
[ 1439.714506][ T7766]  </TASK>
[ 1440.509184][ T7740] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10
[ 1441.251489][ T7801] xfrm1: entered allmulticast mode
[ 1441.871663][ T7833] FAULT_INJECTION: forcing a failure.
[ 1441.871663][ T7833] name failslab, interval 1, probability 0, space 0, times 0
[ 1441.889636][ T7833] CPU: 0 UID: 0 PID: 7833 Comm: syz.1.9613 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1441.889662][ T7833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1441.889674][ T7833] Call Trace:
[ 1441.889681][ T7833]  <TASK>
[ 1441.889689][ T7833]  dump_stack_lvl+0x241/0x360
[ 1441.889716][ T7833]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1441.889734][ T7833]  ? __pfx__printk+0x10/0x10
[ 1441.889754][ T7833]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[ 1441.889779][ T7833]  ? __pfx___might_resched+0x10/0x10
[ 1441.889805][ T7833]  should_fail_ex+0x40a/0x550
[ 1441.889833][ T7833]  should_failslab+0xac/0x100
[ 1441.889856][ T7833]  kmem_cache_alloc_node_noprof+0x77/0x380
[ 1441.889877][ T7833]  ? __alloc_skb+0x1c3/0x440
[ 1441.889899][ T7833]  __alloc_skb+0x1c3/0x440
[ 1441.889922][ T7833]  ? __pfx___alloc_skb+0x10/0x10
[ 1441.889942][ T7833]  ? netlink_autobind+0xd6/0x2f0
[ 1441.889957][ T7833]  ? netlink_autobind+0x2b0/0x2f0
[ 1441.889977][ T7833]  netlink_sendmsg+0x634/0xcb0
[ 1441.890011][ T7833]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1441.890038][ T7833]  ? aa_sock_msg_perm+0x91/0x160
[ 1441.890066][ T7833]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1441.890087][ T7833]  __sock_sendmsg+0x221/0x270
[ 1441.890112][ T7833]  ____sys_sendmsg+0x53a/0x860
[ 1441.890140][ T7833]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1441.890157][ T7833]  ? __fget_files+0x2a/0x410
[ 1441.890183][ T7833]  ? __fget_files+0x2a/0x410
[ 1441.890214][ T7833]  __sys_sendmsg+0x269/0x350
[ 1441.890239][ T7833]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1441.890271][ T7833]  ? do_sys_openat2+0x17a/0x1d0
[ 1441.890325][ T7833]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1441.890350][ T7833]  ? do_syscall_64+0x100/0x230
[ 1441.890375][ T7833]  ? do_syscall_64+0xb6/0x230
[ 1441.890397][ T7833]  do_syscall_64+0xf3/0x230
[ 1441.890417][ T7833]  ? clear_bhb_loop+0x35/0x90
[ 1441.890441][ T7833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.890462][ T7833] RIP: 0033:0x7f8e8a78d169
[ 1441.890477][ T7833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1441.890491][ T7833] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1441.890510][ T7833] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1441.890523][ T7833] RDX: 0000000000000000 RSI: 0000400000000140 RDI: 0000000000000003
[ 1441.890534][ T7833] RBP: 00007f8e8b6bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1441.890544][ T7833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1441.890555][ T7833] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1441.890584][ T7833]  </TASK>
[ 1442.164403][ T7834] __nla_validate_parse: 4 callbacks suppressed
[ 1442.164421][ T7834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9612'.
[ 1442.179630][ T7834] nbd: nbd0 already in use
[ 1442.185817][ T7834] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9612'.
[ 1442.387746][ T7843] netlink: 260 bytes leftover after parsing attributes in process `syz.1.9616'.
[ 1442.423004][ T7843] netlink: 'syz.1.9616': attribute type 39 has an invalid length.
[ 1442.521479][ T7841] lo speed is unknown, defaulting to 1000
[ 1442.595401][ T7841] lo speed is unknown, defaulting to 1000
[ 1442.607064][ T7841] virt_wifi0 speed is unknown, defaulting to 1000
[ 1442.789754][ T7856] netlink: 1256 bytes leftover after parsing attributes in process `syz.1.9621'.
[ 1442.842518][ T7858] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9622'.
[ 1443.241827][ T7841] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9615'.
[ 1443.676341][ T7886] FAULT_INJECTION: forcing a failure.
[ 1443.676341][ T7886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1443.751225][ T7886] CPU: 0 UID: 0 PID: 7886 Comm: syz.1.9630 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1443.751252][ T7886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1443.751263][ T7886] Call Trace:
[ 1443.751269][ T7886]  <TASK>
[ 1443.751277][ T7886]  dump_stack_lvl+0x241/0x360
[ 1443.751303][ T7886]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1443.751320][ T7886]  ? __pfx__printk+0x10/0x10
[ 1443.751339][ T7886]  ? __pfx_lock_release+0x10/0x10
[ 1443.751369][ T7886]  should_fail_ex+0x40a/0x550
[ 1443.751395][ T7886]  _copy_from_user+0x2d/0xb0
[ 1443.751419][ T7886]  copy_msghdr_from_user+0xae/0x680
[ 1443.751441][ T7886]  ? __pfx___might_resched+0x10/0x10
[ 1443.751466][ T7886]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1443.751489][ T7886]  ? __sys_sendmmsg+0x392/0x720
[ 1443.751504][ T7886]  ? __might_fault+0xaa/0x120
[ 1443.751520][ T7886]  __sys_sendmmsg+0x32b/0x720
[ 1443.751543][ T7886]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1443.751566][ T7886]  ? __pfx_lock_release+0x10/0x10
[ 1443.751582][ T7886]  ? kstrtouint_from_user+0x128/0x190
[ 1443.751613][ T7886]  ? ksys_write+0x22a/0x2b0
[ 1443.751627][ T7886]  ? __pfx_lock_release+0x10/0x10
[ 1443.751649][ T7886]  ? sb_end_write+0xe9/0x1c0
[ 1443.751667][ T7886]  ? vfs_write+0x7fa/0xd10
[ 1443.751682][ T7886]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1443.751719][ T7886]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1443.751738][ T7886]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1443.751757][ T7886]  ? do_syscall_64+0x100/0x230
[ 1443.751776][ T7886]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1443.751792][ T7886]  do_syscall_64+0xf3/0x230
[ 1443.751807][ T7886]  ? clear_bhb_loop+0x35/0x90
[ 1443.751826][ T7886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1443.751842][ T7886] RIP: 0033:0x7f8e8a78d169
[ 1443.751861][ T7886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1443.751873][ T7886] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1443.751888][ T7886] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1443.751898][ T7886] RDX: 0000000000000318 RSI: 00004000000bd000 RDI: 0000000000000004
[ 1443.751908][ T7886] RBP: 00007f8e8b6bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1443.751918][ T7886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1443.751929][ T7886] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1443.751959][ T7886]  </TASK>
[ 1444.009817][ T7893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9634'.
[ 1444.234543][ T7900] netlink: 'syz.4.9638': attribute type 3 has an invalid length.
[ 1444.449372][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9641'.
[ 1444.464647][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9641'.
[ 1444.504766][ T7921] netlink: 'syz.0.9644': attribute type 19 has an invalid length.
[ 1444.616796][ T7923] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9648'.
[ 1444.787986][ T7932] lo speed is unknown, defaulting to 1000
[ 1444.823426][ T7932] lo speed is unknown, defaulting to 1000
[ 1444.848924][ T7932] virt_wifi0 speed is unknown, defaulting to 1000
[ 1445.223995][ T7950] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1445.453637][ T7932] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11
[ 1445.751825][ T7965] netdevsim0: entered promiscuous mode
[ 1445.773579][ T7965] netdevsim0: left promiscuous mode
[ 1445.821242][ T7964] batman_adv: batadv0: Interface deactivated: ip6gretap2
[ 1445.841038][ T7964] batman_adv: batadv0: Removing interface: ip6gretap2
[ 1445.864107][ T7973] FAULT_INJECTION: forcing a failure.
[ 1445.864107][ T7973] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1445.877652][ T7973] CPU: 0 UID: 0 PID: 7973 Comm: syz.1.9661 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1445.877675][ T7973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1445.877685][ T7973] Call Trace:
[ 1445.877692][ T7973]  <TASK>
[ 1445.877700][ T7973]  dump_stack_lvl+0x241/0x360
[ 1445.877726][ T7973]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1445.877745][ T7973]  ? __pfx__printk+0x10/0x10
[ 1445.877774][ T7973]  should_fail_ex+0x40a/0x550
[ 1445.877804][ T7973]  prepare_alloc_pages+0x1da/0x5b0
[ 1445.877832][ T7973]  __alloc_frozen_pages_noprof+0x16f/0x710
[ 1445.877856][ T7973]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1445.877875][ T7973]  ? __lock_acquire+0x1397/0x2100
[ 1445.877918][ T7973]  alloc_pages_mpol+0x311/0x660
[ 1445.877952][ T7973]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1445.877984][ T7973]  vma_alloc_folio_noprof+0x12b/0x260
[ 1445.878010][ T7973]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1445.878035][ T7973]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1445.878061][ T7973]  folio_prealloc+0x2e/0x170
[ 1445.878081][ T7973]  do_wp_page+0x1253/0x49b0
[ 1445.878120][ T7973]  ? __pfx_do_wp_page+0x10/0x10
[ 1445.878150][ T7973]  ? __pfx_lock_acquire+0x10/0x10
[ 1445.878170][ T7973]  ? rcu_is_watching+0x15/0xb0
[ 1445.878193][ T7973]  ? do_raw_spin_lock+0x14f/0x370
[ 1445.878213][ T7973]  ? __pfx____pte_offset_map+0x10/0x10
[ 1445.878254][ T7973]  __handle_mm_fault+0x24d5/0x70f0
[ 1445.878276][ T7973]  ? mark_lock+0x9a/0x360
[ 1445.878321][ T7973]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1445.878355][ T7973]  ? mt_find+0x2a9/0x920
[ 1445.878376][ T7973]  ? __pfx_lock_release+0x10/0x10
[ 1445.878411][ T7973]  ? mt_find+0x2a9/0x920
[ 1445.878433][ T7973]  ? mt_find+0x6c8/0x920
[ 1445.878454][ T7973]  ? mt_find+0x2a9/0x920
[ 1445.878480][ T7973]  ? __pfx_mt_find+0x10/0x10
[ 1445.878521][ T7973]  ? find_vma+0xf9/0x170
[ 1445.878537][ T7973]  ? __pfx_find_vma+0x10/0x10
[ 1445.878551][ T7973]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1445.878578][ T7973]  handle_mm_fault+0x3e5/0x8d0
[ 1445.878616][ T7973]  exc_page_fault+0x2b9/0x8b0
[ 1445.878643][ T7973]  asm_exc_page_fault+0x26/0x30
[ 1445.878664][ T7973] RIP: 0010:__put_user_4+0x11/0x20
[ 1445.878684][ T7973] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
[ 1445.878699][ T7973] RSP: 0018:ffffc900044c79b8 EFLAGS: 00050202
[ 1445.878715][ T7973] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000400000003038
[ 1445.878727][ T7973] RDX: 0000400000003000 RSI: ffffffff8c2ac600 RDI: ffffffff8c810060
[ 1445.878739][ T7973] RBP: ffffc900044c7ed0 R08: ffffffff903d1277 R09: 1ffffffff207a24e
[ 1445.878751][ T7973] R10: dffffc0000000000 R11: fffffbfff207a24f R12: 000000000000037c
[ 1445.878763][ T7973] R13: dffffc0000000000 R14: ffffc900044c7d20 R15: 1ffff92000898f48
[ 1445.878794][ T7973]  __sys_sendmmsg+0x4de/0x720
[ 1445.878827][ T7973]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1445.878859][ T7973]  ? __pfx_lock_release+0x10/0x10
[ 1445.878879][ T7973]  ? kstrtouint_from_user+0x128/0x190
[ 1445.878923][ T7973]  ? ksys_write+0x22a/0x2b0
[ 1445.878947][ T7973]  ? __pfx_lock_release+0x10/0x10
[ 1445.878976][ T7973]  ? sb_end_write+0xe9/0x1c0
[ 1445.878999][ T7973]  ? vfs_write+0x7fa/0xd10
[ 1445.879020][ T7973]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1445.879071][ T7973]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1445.879097][ T7973]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1445.879122][ T7973]  ? do_syscall_64+0x100/0x230
[ 1445.879146][ T7973]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1445.879168][ T7973]  do_syscall_64+0xf3/0x230
[ 1445.879188][ T7973]  ? clear_bhb_loop+0x35/0x90
[ 1445.879212][ T7973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1445.879233][ T7973] RIP: 0033:0x7f8e8a78d169
[ 1445.879247][ T7973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1445.879261][ T7973] RSP: 002b:00007f8e8b6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1445.879277][ T7973] RAX: ffffffffffffffda RBX: 00007f8e8a9a5fa0 RCX: 00007f8e8a78d169
[ 1445.879290][ T7973] RDX: 040000000000037c RSI: 0000400000002440 RDI: 0000000000000004
[ 1445.879302][ T7973] RBP: 00007f8e8b6bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1445.879313][ T7973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1445.879323][ T7973] R13: 0000000000000000 R14: 00007f8e8a9a5fa0 R15: 00007ffd6f77ca08
[ 1445.879352][ T7973]  </TASK>
[ 1446.972881][ T8002] lo speed is unknown, defaulting to 1000
[ 1447.007529][ T8002] lo speed is unknown, defaulting to 1000
[ 1447.033148][ T8002] virt_wifi0 speed is unknown, defaulting to 1000
[ 1447.490140][ T8002] __nla_validate_parse: 6 callbacks suppressed
[ 1447.490159][ T8002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9670'.
[ 1447.654483][ T8033] netlink: 'syz.1.9676': attribute type 1 has an invalid length.
[ 1447.848404][ T8045] bridge0: port 1(gretap0) entered blocking state
[ 1447.855210][ T8045] bridge0: port 1(gretap0) entered disabled state
[ 1447.862411][ T8045] gretap0: entered allmulticast mode
[ 1447.868908][ T8045] gretap0: entered promiscuous mode
[ 1447.883480][ T8045] bridge0: port 1(gretap0) entered blocking state
[ 1447.890029][ T8045] bridge0: port 1(gretap0) entered forwarding state
[ 1447.940021][ T8049] gretap0: left allmulticast mode
[ 1447.945530][ T8049] gretap0: left promiscuous mode
[ 1447.972850][ T8049] bridge0: port 1(gretap0) entered disabled state
[ 1448.084871][ T8054] erspan0: mtu less than device minimum
[ 1448.115775][ T8055] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9686'.
[ 1448.148709][ T8057] netlink: 1256 bytes leftover after parsing attributes in process `syz.3.9688'.
[ 1448.334004][ T8052] lo speed is unknown, defaulting to 1000
[ 1448.340731][ T8052] lo speed is unknown, defaulting to 1000
[ 1448.411202][ T8052] virt_wifi0 speed is unknown, defaulting to 1000
[ 1448.432067][ T8065] netlink: 'syz.0.9690': attribute type 11 has an invalid length.
[ 1448.717927][ T8073] bridge0: entered promiscuous mode
[ 1448.740355][ T8073] vlan6: entered promiscuous mode
[ 1448.802938][ T8073] bridge0: left promiscuous mode
[ 1449.022207][ T8079] netlink: 'syz.4.9696': attribute type 1 has an invalid length.
[ 1449.037247][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1449.047584][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1449.062419][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1449.067449][ T8079] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1449.077134][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1449.090454][ T5837] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1449.097877][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1449.139131][ T8081] lo speed is unknown, defaulting to 1000
[ 1449.145870][ T8081] lo speed is unknown, defaulting to 1000
[ 1449.158965][ T8081] virt_wifi0 speed is unknown, defaulting to 1000
[ 1449.454390][ T8094] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9698'.
[ 1449.597028][ T8081] chnl_net:caif_netlink_parms(): no params data found
[ 1449.678373][ T8098] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9700'.
[ 1449.698307][ T8097] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9700'.
[ 1449.763050][ T8102] netlink: 592 bytes leftover after parsing attributes in process `syz.0.9703'.
[ 1449.866149][ T8109] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0
[ 1449.875754][ T8109] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0
[ 1449.884499][ T8109] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0
[ 1449.894054][ T8109] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0
[ 1449.906545][ T8081] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1449.914183][ T8081] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1449.921341][ T8081] bridge_slave_0: entered allmulticast mode
[ 1449.927971][ T8081] bridge_slave_0: entered promiscuous mode
[ 1449.936835][ T8081] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1449.944127][ T8081] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1449.951269][ T8081] bridge_slave_1: entered allmulticast mode
[ 1449.958166][ T8081] bridge_slave_1: entered promiscuous mode
[ 1449.964167][ T8109] netlink: 'syz.4.9704': attribute type 10 has an invalid length.
[ 1449.991476][ T8081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1450.010135][ T8081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1450.064748][ T8081] team0: Port device team_slave_0 added
[ 1450.079071][ T8081] team0: Port device team_slave_1 added
[ 1450.098400][ T8081] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1450.105681][ T8081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1450.131643][ T8081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1450.145437][ T8081] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1450.152771][ T8081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1450.178905][ T8081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1450.209137][ T8081] hsr_slave_0: entered promiscuous mode
[ 1450.215324][ T8081] hsr_slave_1: entered promiscuous mode
[ 1450.221174][ T8081] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1450.228795][ T8081] Cannot create hsr debugfs directory
[ 1450.546431][ T8081] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1450.567825][ T8081] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1450.581029][ T8081] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1450.590262][ T8081] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1450.641914][ T8081] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1450.666994][ T8081] 8021q: adding VLAN 0 to HW filter on device team0
[ 1450.683512][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1450.690604][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1450.703661][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1450.710747][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1450.836168][ T8081] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1450.870532][ T8081] veth0_vlan: entered promiscuous mode
[ 1450.881673][ T8081] veth1_vlan: entered promiscuous mode
[ 1450.908925][ T8081] veth0_macvtap: entered promiscuous mode
[ 1450.918112][ T8081] veth1_macvtap: entered promiscuous mode
[ 1450.935802][ T8081] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1450.948589][ T8081] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1450.963318][ T8081] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1450.972507][ T8081] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1450.981192][ T8081] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1450.990112][ T8081] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1451.051614][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1451.060257][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1451.084796][T28162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1451.094530][T28162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1451.202401][ T5839] Bluetooth: hci4: command tx timeout
[ 1453.282124][ T5839] Bluetooth: hci4: command tx timeout
[ 1455.134951][ T8137] lo speed is unknown, defaulting to 1000
[ 1455.148315][ T8137] lo speed is unknown, defaulting to 1000
[ 1455.174013][ T1053] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1455.209898][ T8137] virt_wifi0 speed is unknown, defaulting to 1000
[ 1455.255518][ T1053] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1455.275633][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1455.287435][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1455.303226][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1455.311371][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1455.319050][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1455.327442][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1455.329270][ T1053] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1455.363724][ T5839] Bluetooth: hci4: command tx timeout
[ 1455.454748][ T1053] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1455.496839][ T8144] lo speed is unknown, defaulting to 1000
[ 1455.503843][ T8144] lo speed is unknown, defaulting to 1000
[ 1455.511574][ T8144] virt_wifi0 speed is unknown, defaulting to 1000
[ 1456.196946][ T1053] bridge0 (unregistering): left promiscuous mode
[ 1456.686033][ T1053] bond0 (unregistering): Released all slaves
[ 1456.820219][ T1053] bond1 (unregistering): Released all slaves
[ 1456.829946][ T1053] bond2 (unregistering): Released all slaves
[ 1456.869024][ T8169] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 1456.902353][ T8169] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[ 1456.970954][ T8144] chnl_net:caif_netlink_parms(): no params data found
[ 1457.041203][ T8169] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 1457.052920][ T8169] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[ 1457.167631][ T8169] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 1457.198389][ T8169] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[ 1457.234821][ T1053] : left promiscuous mode
[ 1457.369491][ T5839] Bluetooth: hci1: command tx timeout
[ 1457.442089][ T5839] Bluetooth: hci4: command tx timeout
[ 1457.603310][ T8169] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 1457.622037][ T8169] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[ 1457.645760][ T1053] tipc: Disabling bearer <udp:s>
[ 1457.672184][ T1053] tipc: Left network mode
[ 1457.703638][ T8144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1457.720992][ T8144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1457.745190][ T8144] bridge_slave_0: entered allmulticast mode
[ 1457.762386][ T8144] bridge_slave_0: entered promiscuous mode
[ 1457.780538][ T8144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1457.803249][ T8144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1457.810404][ T8144] bridge_slave_1: entered allmulticast mode
[ 1457.849411][ T8144] bridge_slave_1: entered promiscuous mode
[ 1457.874130][ T8199] FAULT_INJECTION: forcing a failure.
[ 1457.874130][ T8199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1457.887582][ T8199] CPU: 0 UID: 0 PID: 8199 Comm: syz.2.9731 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1457.887605][ T8199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1457.887616][ T8199] Call Trace:
[ 1457.887623][ T8199]  <TASK>
[ 1457.887630][ T8199]  dump_stack_lvl+0x241/0x360
[ 1457.887657][ T8199]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1457.887682][ T8199]  ? __pfx__printk+0x10/0x10
[ 1457.887702][ T8199]  ? __pfx_lock_release+0x10/0x10
[ 1457.887734][ T8199]  should_fail_ex+0x40a/0x550
[ 1457.887762][ T8199]  _copy_from_user+0x2d/0xb0
[ 1457.887784][ T8199]  copy_msghdr_from_user+0xae/0x680
[ 1457.887807][ T8199]  ? __pfx___might_resched+0x10/0x10
[ 1457.887831][ T8199]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1457.887859][ T8199]  ? __sys_sendmmsg+0x392/0x720
[ 1457.887879][ T8199]  ? __might_fault+0xaa/0x120
[ 1457.887901][ T8199]  __sys_sendmmsg+0x32b/0x720
[ 1457.887931][ T8199]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1457.887962][ T8199]  ? __pfx_lock_release+0x10/0x10
[ 1457.887982][ T8199]  ? kstrtouint_from_user+0x128/0x190
[ 1457.888022][ T8199]  ? ksys_write+0x22a/0x2b0
[ 1457.888041][ T8199]  ? __pfx_lock_release+0x10/0x10
[ 1457.888068][ T8199]  ? sb_end_write+0xe9/0x1c0
[ 1457.888091][ T8199]  ? vfs_write+0x7fa/0xd10
[ 1457.888111][ T8199]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1457.888160][ T8199]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1457.888186][ T8199]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1457.888210][ T8199]  ? do_syscall_64+0x100/0x230
[ 1457.888235][ T8199]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1457.888256][ T8199]  do_syscall_64+0xf3/0x230
[ 1457.888277][ T8199]  ? clear_bhb_loop+0x35/0x90
[ 1457.888301][ T8199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1457.888321][ T8199] RIP: 0033:0x7faadf98d169
[ 1457.888336][ T8199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1457.888351][ T8199] RSP: 002b:00007faae089e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1457.888369][ T8199] RAX: ffffffffffffffda RBX: 00007faadfba5fa0 RCX: 00007faadf98d169
[ 1457.888382][ T8199] RDX: 0000000000000318 RSI: 00004000000bd000 RDI: 0000000000000004
[ 1457.888393][ T8199] RBP: 00007faae089e090 R08: 0000000000000000 R09: 0000000000000000
[ 1457.888404][ T8199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1457.888414][ T8199] R13: 0000000000000000 R14: 00007faadfba5fa0 R15: 00007fff8db3f5a8
[ 1457.888441][ T8199]  </TASK>
[ 1458.397161][ T8144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1458.459329][ T8169] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1458.494648][ T8169] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20001 - 0
[ 1458.551031][ T8144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1458.609652][ T8169] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1458.628093][ T8169] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20001 - 0
[ 1458.658103][ T8169] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1458.674948][ T8169] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20001 - 0
[ 1458.700991][ T8210] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9736'.
[ 1458.724783][ T8210] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9736'.
[ 1458.749960][ T8169] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1458.759250][ T8169] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20001 - 0
[ 1458.782704][ T8144] team0: Port device team_slave_0 added
[ 1458.876203][ T8144] team0: Port device team_slave_1 added
[ 1458.918574][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9739'.
[ 1458.957245][ T8144] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1458.970866][ T8144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1459.000076][ T8144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1459.071297][ T8144] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1459.111370][ T8144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1459.160978][ T8144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1459.255499][ T8222] lo speed is unknown, defaulting to 1000
[ 1459.332333][ T8222] lo speed is unknown, defaulting to 1000
[ 1459.335547][ T8144] hsr_slave_0: entered promiscuous mode
[ 1459.353184][ T8144] hsr_slave_1: entered promiscuous mode
[ 1459.359245][ T8144] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1459.372417][ T8144] Cannot create hsr debugfs directory
[ 1459.377961][ T8222] virt_wifi0 speed is unknown, defaulting to 1000
[ 1459.442400][ T5839] Bluetooth: hci1: command tx timeout
[ 1459.512770][ T1053] pimreg (unregistering): left allmulticast mode
[ 1459.835357][ T8224] netlink: 'syz.4.9741': attribute type 39 has an invalid length.
[ 1460.950015][ T8144] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1460.965494][ T8144] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1460.982811][ T8144] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1460.991436][ T8144] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1461.003519][ T1053] IPVS: stop unused estimator thread 0...
[ 1461.089322][ T8144] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1461.121014][ T8144] 8021q: adding VLAN 0 to HW filter on device team0
[ 1461.135467][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1461.142591][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1461.170079][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1461.177193][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1461.198797][ T8144] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1461.209530][ T8144] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1461.349831][ T8144] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1461.387532][ T8144] veth0_vlan: entered promiscuous mode
[ 1461.398917][ T8144] veth1_vlan: entered promiscuous mode
[ 1461.421704][ T8144] veth0_macvtap: entered promiscuous mode
[ 1461.431112][ T8144] veth1_macvtap: entered promiscuous mode
[ 1461.445253][ T8144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1461.458003][ T8144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1461.468639][ T8144] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1461.480746][ T8144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1461.491818][ T8144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1461.503501][ T8144] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1461.514791][ T8144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1461.522560][ T5839] Bluetooth: hci1: command tx timeout
[ 1461.523879][ T8144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1461.537940][ T8144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1461.547493][ T8144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1461.610077][T28162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1461.625366][T28162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1461.640999][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1461.649209][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1463.603439][ T5837] Bluetooth: hci1: command tx timeout
[ 1480.998847][ T8237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9743'.
[ 1481.125900][ T8240] xt_CT: No such helper "snmp"
[ 1481.142141][ T8240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9745'.
[ 1481.284817][ T8251] netlink: del zone limit has 4 unknown bytes
[ 1481.476808][ T8256] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1481.520395][ T8256] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1481.563717][ T8256] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1481.583629][ T8256] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1481.675273][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1481.689817][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1481.700504][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1481.709008][ T5840] syz_tun (unregistering): left promiscuous mode
[ 1481.717220][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1481.727315][ T5839] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1481.735923][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1481.827742][ T8260] lo speed is unknown, defaulting to 1000
[ 1481.860584][ T8260] lo speed is unknown, defaulting to 1000
[ 1482.042199][ T8260] chnl_net:caif_netlink_parms(): no params data found
[ 1482.141310][ T8274] lo speed is unknown, defaulting to 1000
[ 1482.224859][ T8274] lo speed is unknown, defaulting to 1000
[ 1482.293612][ T8260] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1482.300701][ T8260] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1482.339408][ T8260] bridge_slave_0: entered allmulticast mode
[ 1482.362267][ T8260] bridge_slave_0: entered promiscuous mode
[ 1482.369895][ T8260] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1482.400601][ T8260] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.422418][ T8260] bridge_slave_1: entered allmulticast mode
[ 1482.429413][ T8260] bridge_slave_1: entered promiscuous mode
[ 1482.598210][ T8260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1482.642619][ T8260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1482.716450][ T8260] team0: Port device team_slave_0 added
[ 1482.735852][ T8260] team0: Port device team_slave_1 added
[ 1482.837607][ T8274] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9754'.
[ 1482.849442][ T8260] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1482.868129][ T8260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1482.899893][ T8276] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12
[ 1482.928430][ T8260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1482.949228][ T8260] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1482.957427][ T8260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1482.984715][ T8260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1483.122921][ T8296] FAULT_INJECTION: forcing a failure.
[ 1483.122921][ T8296] name failslab, interval 1, probability 0, space 0, times 0
[ 1483.135623][ T8296] CPU: 0 UID: 0 PID: 8296 Comm: syz.0.9760 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1483.135646][ T8296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1483.135657][ T8296] Call Trace:
[ 1483.135664][ T8296]  <TASK>
[ 1483.135672][ T8296]  dump_stack_lvl+0x241/0x360
[ 1483.135698][ T8296]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1483.135717][ T8296]  ? __pfx__printk+0x10/0x10
[ 1483.135748][ T8296]  should_fail_ex+0x40a/0x550
[ 1483.135777][ T8296]  should_failslab+0xac/0x100
[ 1483.135800][ T8296]  ? fib6_add_1+0x91a/0x13c0
[ 1483.135818][ T8296]  kmem_cache_alloc_noprof+0x70/0x380
[ 1483.135845][ T8296]  fib6_add_1+0x91a/0x13c0
[ 1483.135878][ T8296]  fib6_add+0x374/0x4420
[ 1483.135926][ T8296]  ? __pfx_lock_acquire+0x10/0x10
[ 1483.135950][ T8296]  ? __pfx_fib6_add+0x10/0x10
[ 1483.135970][ T8296]  ? do_raw_spin_lock+0x14f/0x370
[ 1483.135990][ T8296]  ? __pfx___local_bh_disable_ip+0x10/0x10
[ 1483.136015][ T8296]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1483.136039][ T8296]  ? ip6_route_add+0x76/0x160
[ 1483.136065][ T8296]  ip6_route_add+0x8b/0x160
[ 1483.136095][ T8296]  ipv6_route_ioctl+0x588/0x870
[ 1483.136122][ T8296]  ? __pfx_ipv6_route_ioctl+0x10/0x10
[ 1483.136167][ T8296]  ? __might_fault+0xaa/0x120
[ 1483.136193][ T8296]  inet6_ioctl+0x21a/0x280
[ 1483.136215][ T8296]  ? __pfx_inet6_ioctl+0x10/0x10
[ 1483.136255][ T8296]  sock_do_ioctl+0x158/0x460
[ 1483.136283][ T8296]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1483.136325][ T8296]  sock_ioctl+0x626/0x8e0
[ 1483.136349][ T8296]  ? __pfx_sock_ioctl+0x10/0x10
[ 1483.136370][ T8296]  ? __fget_files+0x2a/0x410
[ 1483.136396][ T8296]  ? __fget_files+0x2a/0x410
[ 1483.136423][ T8296]  ? __pfx_sock_ioctl+0x10/0x10
[ 1483.136446][ T8296]  __se_sys_ioctl+0xf5/0x170
[ 1483.136467][ T8296]  do_syscall_64+0xf3/0x230
[ 1483.136488][ T8296]  ? clear_bhb_loop+0x35/0x90
[ 1483.136513][ T8296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.136534][ T8296] RIP: 0033:0x7f4d9e98d169
[ 1483.136550][ T8296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1483.136565][ T8296] RSP: 002b:00007f4d9f87b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1483.136584][ T8296] RAX: ffffffffffffffda RBX: 00007f4d9eba5fa0 RCX: 00007f4d9e98d169
[ 1483.136597][ T8296] RDX: 0000400000000040 RSI: 000000000000890b RDI: 0000000000000003
[ 1483.136608][ T8296] RBP: 00007f4d9f87b090 R08: 0000000000000000 R09: 0000000000000000
[ 1483.136619][ T8296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1483.136630][ T8296] R13: 0000000000000000 R14: 00007f4d9eba5fa0 R15: 00007fff780017c8
[ 1483.136660][ T8296]  </TASK>
[ 1483.495821][ T8260] hsr_slave_0: entered promiscuous mode
[ 1483.533754][ T8260] hsr_slave_1: entered promiscuous mode
[ 1483.563425][ T8260] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1483.607385][ T8260] Cannot create hsr debugfs directory
[ 1483.762276][ T5837] Bluetooth: hci2: command tx timeout
[ 1483.904741][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9763'.
[ 1483.942913][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9763'.
[ 1483.980074][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9763'.
[ 1484.031485][ T8311] netlink: 232 bytes leftover after parsing attributes in process `syz.4.9765'.
[ 1484.608149][ T8322] netlink: 'syz.4.9768': attribute type 1 has an invalid length.
[ 1484.765543][ T8260] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1484.788456][ T8260] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1484.827729][ T8260] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1484.851006][ T8260] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1485.027434][ T8260] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1485.048629][ T8260] 8021q: adding VLAN 0 to HW filter on device team0
[ 1485.204246][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1485.211395][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1485.255584][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1485.262769][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1485.323683][ T8335] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1485.733459][ T8346] netlink: 2 bytes leftover after parsing attributes in process `syz.1.9776'.
[ 1485.814871][ T8260] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1485.842344][ T5837] Bluetooth: hci2: command tx timeout
[ 1485.904377][ T8260] veth0_vlan: entered promiscuous mode
[ 1485.955758][ T8260] veth1_vlan: entered promiscuous mode
[ 1485.972851][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9778'.
[ 1485.981748][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9778'.
[ 1486.000377][ T8260] veth0_macvtap: entered promiscuous mode
[ 1486.023116][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9778'.
[ 1486.038701][ T8260] veth1_macvtap: entered promiscuous mode
[ 1486.095014][ T8260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1486.165160][ T8260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1486.183292][ T8260] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1486.212636][ T8260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1486.224755][ T8260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1486.236436][ T8260] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1486.306991][ T8260] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1486.331847][ T8260] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1486.341095][ T8260] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1486.356212][ T8260] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1486.581260][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1486.607101][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1486.654004][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1486.702560][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1486.861609][ T8375] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1487.061426][ T8381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9788'.
[ 1487.932301][ T5837] Bluetooth: hci2: command tx timeout
[ 1488.100981][ T8405] lo speed is unknown, defaulting to 1000
[ 1488.129193][ T8405] lo speed is unknown, defaulting to 1000
[ 1488.392494][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1488.422270][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1488.431746][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1488.444163][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1488.455266][ T5839] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1488.463622][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1488.546579][ T8420] lo speed is unknown, defaulting to 1000
[ 1488.558561][ T8420] lo speed is unknown, defaulting to 1000
[ 1488.858528][ T8420] chnl_net:caif_netlink_parms(): no params data found
[ 1489.038176][ T8451] netlink: 'syz.3.9813': attribute type 49 has an invalid length.
[ 1489.131379][ T8420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1489.169858][ T8420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1489.203541][ T8420] bridge_slave_0: entered allmulticast mode
[ 1489.210551][ T8420] bridge_slave_0: entered promiscuous mode
[ 1489.238056][ T8420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1489.252303][ T8420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1489.262533][ T8420] bridge_slave_1: entered allmulticast mode
[ 1489.269714][ T8420] bridge_slave_1: entered promiscuous mode
[ 1489.356172][ T8420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1489.386037][ T8420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1489.420837][ T8470] netlink: 'syz.3.9818': attribute type 1 has an invalid length.
[ 1489.443056][ T8420] team0: Port device team_slave_0 added
[ 1489.449063][ T8470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9818'.
[ 1489.463722][ T8420] team0: Port device team_slave_1 added
[ 1489.501251][ T8420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1489.517010][ T8420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1489.577206][ T8420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1489.594660][ T8420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1489.601704][ T8420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1489.647679][ T8420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1489.701432][ T8475] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9819'.
[ 1489.727004][ T8420] hsr_slave_0: entered promiscuous mode
[ 1489.733807][ T8420] hsr_slave_1: entered promiscuous mode
[ 1489.739985][ T8420] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1489.763547][ T8420] Cannot create hsr debugfs directory
[ 1490.003159][ T5837] Bluetooth: hci2: command tx timeout
[ 1490.283049][ T8420] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.318706][ T8420] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[ 1490.342149][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9822'.
[ 1490.414882][ T8420] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.427387][ T8498] netlink: 732 bytes leftover after parsing attributes in process `syz.3.9823'.
[ 1490.437727][ T8498] netlink: 732 bytes leftover after parsing attributes in process `syz.3.9823'.
[ 1490.445020][ T8420] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[ 1490.562240][ T5837] Bluetooth: hci5: command tx timeout
[ 1490.589725][ T8420] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.628991][ T8420] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[ 1490.773206][ T8420] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.792298][ T8420] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[ 1490.821079][ T8506] FAULT_INJECTION: forcing a failure.
[ 1490.821079][ T8506] name failslab, interval 1, probability 0, space 0, times 0
[ 1490.862094][ T8506] CPU: 1 UID: 0 PID: 8506 Comm: syz.0.9826 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1490.862118][ T8506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1490.862130][ T8506] Call Trace:
[ 1490.862137][ T8506]  <TASK>
[ 1490.862145][ T8506]  dump_stack_lvl+0x241/0x360
[ 1490.862171][ T8506]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1490.862190][ T8506]  ? __pfx__printk+0x10/0x10
[ 1490.862209][ T8506]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[ 1490.862234][ T8506]  ? __pfx___might_resched+0x10/0x10
[ 1490.862259][ T8506]  should_fail_ex+0x40a/0x550
[ 1490.862291][ T8506]  should_failslab+0xac/0x100
[ 1490.862313][ T8506]  kmem_cache_alloc_node_noprof+0x77/0x380
[ 1490.862334][ T8506]  ? __alloc_skb+0x1c3/0x440
[ 1490.862357][ T8506]  __alloc_skb+0x1c3/0x440
[ 1490.862379][ T8506]  ? __pfx___alloc_skb+0x10/0x10
[ 1490.862399][ T8506]  ? netlink_autobind+0xd6/0x2f0
[ 1490.862414][ T8506]  ? netlink_autobind+0x2b0/0x2f0
[ 1490.862434][ T8506]  netlink_sendmsg+0x634/0xcb0
[ 1490.862469][ T8506]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1490.862496][ T8506]  ? aa_sock_msg_perm+0x91/0x160
[ 1490.862526][ T8506]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1490.862546][ T8506]  __sock_sendmsg+0x221/0x270
[ 1490.862572][ T8506]  ____sys_sendmsg+0x53a/0x860
[ 1490.862601][ T8506]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1490.862618][ T8506]  ? __fget_files+0x2a/0x410
[ 1490.862644][ T8506]  ? __fget_files+0x2a/0x410
[ 1490.862675][ T8506]  __sys_sendmmsg+0x36a/0x720
[ 1490.862706][ T8506]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1490.862737][ T8506]  ? __pfx_lock_release+0x10/0x10
[ 1490.862757][ T8506]  ? kstrtouint_from_user+0x128/0x190
[ 1490.862800][ T8506]  ? ksys_write+0x22a/0x2b0
[ 1490.862818][ T8506]  ? __pfx_lock_release+0x10/0x10
[ 1490.862846][ T8506]  ? sb_end_write+0xe9/0x1c0
[ 1490.862868][ T8506]  ? vfs_write+0x7fa/0xd10
[ 1490.862888][ T8506]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1490.862934][ T8506]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1490.862960][ T8506]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1490.862984][ T8506]  ? do_syscall_64+0x100/0x230
[ 1490.863009][ T8506]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1490.863030][ T8506]  do_syscall_64+0xf3/0x230
[ 1490.863050][ T8506]  ? clear_bhb_loop+0x35/0x90
[ 1490.863074][ T8506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.863100][ T8506] RIP: 0033:0x7f4d9e98d169
[ 1490.863116][ T8506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1490.863130][ T8506] RSP: 002b:00007f4d9f87b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1490.863150][ T8506] RAX: ffffffffffffffda RBX: 00007f4d9eba5fa0 RCX: 00007f4d9e98d169
[ 1490.863163][ T8506] RDX: 0400000000000235 RSI: 0000400000000000 RDI: 0000000000000003
[ 1490.863175][ T8506] RBP: 00007f4d9f87b090 R08: 0000000000000000 R09: 0000000000000000
[ 1490.863186][ T8506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1490.863196][ T8506] R13: 0000000000000000 R14: 00007f4d9eba5fa0 R15: 00007fff780017c8
[ 1490.863224][ T8506]  </TASK>
[ 1491.505122][ T8511] bridge0: port 3(gretap0) entered blocking state
[ 1491.511709][ T8511] bridge0: port 3(gretap0) entered disabled state
[ 1491.518579][ T8511] gretap0: entered allmulticast mode
[ 1491.525515][ T8511] gretap0: entered promiscuous mode
[ 1491.531242][ T8511] bridge0: port 3(gretap0) entered blocking state
[ 1491.537782][ T8511] bridge0: port 3(gretap0) entered forwarding state
[ 1491.578644][ T8513] gretap0: left allmulticast mode
[ 1491.594185][ T8513] gretap0: left promiscuous mode
[ 1491.612476][ T8513] bridge0: port 3(gretap0) entered disabled state
[ 1491.676107][ T8519] FAULT_INJECTION: forcing a failure.
[ 1491.676107][ T8519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1491.684372][ T8420] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1491.696079][ T8519] CPU: 1 UID: 0 PID: 8519 Comm: syz.3.9831 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1491.696101][ T8519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1491.696111][ T8519] Call Trace:
[ 1491.696118][ T8519]  <TASK>
[ 1491.696126][ T8519]  dump_stack_lvl+0x241/0x360
[ 1491.696152][ T8519]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1491.696170][ T8519]  ? __pfx__printk+0x10/0x10
[ 1491.696190][ T8519]  ? __pfx_lock_release+0x10/0x10
[ 1491.696221][ T8519]  should_fail_ex+0x40a/0x550
[ 1491.696249][ T8519]  _copy_from_user+0x2d/0xb0
[ 1491.696271][ T8519]  copy_msghdr_from_user+0xae/0x680
[ 1491.696294][ T8519]  ? __pfx___might_resched+0x10/0x10
[ 1491.696318][ T8519]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1491.696346][ T8519]  ? __sys_sendmmsg+0x392/0x720
[ 1491.696365][ T8519]  ? __might_fault+0xaa/0x120
[ 1491.696388][ T8519]  __sys_sendmmsg+0x32b/0x720
[ 1491.696419][ T8519]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1491.696449][ T8519]  ? __pfx_lock_release+0x10/0x10
[ 1491.696470][ T8519]  ? kstrtouint_from_user+0x128/0x190
[ 1491.696513][ T8519]  ? ksys_write+0x22a/0x2b0
[ 1491.696531][ T8519]  ? __pfx_lock_release+0x10/0x10
[ 1491.696560][ T8519]  ? sb_end_write+0xe9/0x1c0
[ 1491.696582][ T8519]  ? vfs_write+0x7fa/0xd10
[ 1491.696603][ T8519]  ? __mutex_unlock_slowpath+0x227/0x800
[ 1491.696653][ T8519]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1491.696679][ T8519]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1491.696703][ T8519]  ? do_syscall_64+0x100/0x230
[ 1491.696727][ T8519]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1491.696748][ T8519]  do_syscall_64+0xf3/0x230
[ 1491.696768][ T8519]  ? clear_bhb_loop+0x35/0x90
[ 1491.696793][ T8519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1491.696813][ T8519] RIP: 0033:0x7fb9a1f8d169
[ 1491.696828][ T8519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1491.696843][ T8519] RSP: 002b:00007fb9a2d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1491.696862][ T8519] RAX: ffffffffffffffda RBX: 00007fb9a21a5fa0 RCX: 00007fb9a1f8d169
[ 1491.696874][ T8519] RDX: 040000000000037c RSI: 0000400000002440 RDI: 0000000000000004
[ 1491.696886][ T8519] RBP: 00007fb9a2d0f090 R08: 0000000000000000 R09: 0000000000000000
[ 1491.696897][ T8519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1491.696907][ T8519] R13: 0000000000000000 R14: 00007fb9a21a5fa0 R15: 00007fffa9f0a968
[ 1491.696935][ T8519]  </TASK>
[ 1491.979132][ T8420] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1491.996658][ T8420] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1492.046374][ T8420] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1492.359632][ T8420] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1492.405543][ T8420] 8021q: adding VLAN 0 to HW filter on device team0
[ 1492.425362][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1492.432492][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1492.459244][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1492.466392][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1492.527106][ T8420] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1492.548195][ T8420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1492.642141][ T5837] Bluetooth: hci5: command tx timeout
[ 1492.831178][ T8420] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1492.838975][ T8541] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9836'.
[ 1493.164389][ T8556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9840'.
[ 1493.169872][ T8420] veth0_vlan: entered promiscuous mode
[ 1493.191889][ T8420] veth1_vlan: entered promiscuous mode
[ 1493.232156][ T2004] IPVS: starting estimator thread 0...
[ 1493.246503][ T8420] veth0_macvtap: entered promiscuous mode
[ 1493.276713][ T8420] veth1_macvtap: entered promiscuous mode
[ 1493.316701][ T8420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1493.337512][ T8420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1493.362636][ T8558] IPVS: using max 20 ests per chain, 48000 per kthread
[ 1493.369626][ T8420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1493.390891][ T8564] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[ 1493.411239][ T8420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1493.429104][ T8420] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1493.445883][ T8564] gretap0: entered promiscuous mode
[ 1493.451325][ T8564] macsec1: entered promiscuous mode
[ 1493.459059][ T8564] gretap0: left promiscuous mode
[ 1493.485594][ T8420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1493.497275][ T8420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1493.507920][ T8420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1493.521071][ T8420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1493.548808][ T8420] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1493.560354][ T8420] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1493.569564][ T8420] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1493.581063][ T8420] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1493.611495][ T8420] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1493.688439][ T8566] bond_slave_0: left allmulticast mode
[ 1493.696358][ T8566] batadv_slave_0: left promiscuous mode
[ 1493.703915][ T8566] batadv_slave_0: left allmulticast mode
[ 1493.710920][ T8566] batadv_slave_1: left promiscuous mode
[ 1493.726112][ T8566] vlan2: left allmulticast mode
[ 1493.731637][ T8566] bond2: left promiscuous mode
[ 1493.737797][ T8566] batadv1: left allmulticast mode
[ 1493.744018][ T8566] wireguard0: left promiscuous mode
[ 1493.757407][ T8566] wireguard0: left allmulticast mode
[ 1493.772071][ T8566] gtp0: left promiscuous mode
[ 1493.777101][ T8566] gtp0: left allmulticast mode
[ 1493.796156][ T8566] gtp1: left promiscuous mode
[ 1493.802121][ T8566] gtp1: left allmulticast mode
[ 1493.812590][ T8566] gtp2: left promiscuous mode
[ 1493.817428][ T8566] gtp2: left allmulticast mode
[ 1493.823807][ T8566] gtp3: left promiscuous mode
[ 1493.828515][ T8566] gtp3: left allmulticast mode
[ 1493.837794][ T8566] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[ 1493.845311][ T8566] mac80211_hwsim hwsim6 wlan0: left promiscuous mode
[ 1493.852667][ T8566] macsec1: left promiscuous mode
[ 1493.858019][ T8566] macsec1: left allmulticast mode
[ 1493.868520][ T8566] ipip0: left promiscuous mode
[ 1493.875395][ T8566] bond5: left promiscuous mode
[ 1493.880421][ T8566] bond5: left allmulticast mode
[ 1493.885650][ T8566] batadv2: left allmulticast mode
[ 1493.891380][ T8566] batadv2: left promiscuous mode
[ 1493.906376][ T8566] ip6erspan0: left promiscuous mode
[ 1493.933478][ T8569] team0: Device gtp0 is of different type
[ 1493.956184][ T2004] lo speed is unknown, defaulting to 1000
[ 1494.073757][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1494.081591][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1494.165319][ T1053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1494.174938][ T1053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1494.299838][ T8582] lo speed is unknown, defaulting to 1000
[ 1494.342999][ T8582] lo speed is unknown, defaulting to 1000
[ 1494.711527][ T8596] bridge_slave_0: left allmulticast mode
[ 1494.732211][ T5837] Bluetooth: hci5: command tx timeout
[ 1494.742180][ T8596] bridge_slave_0: left promiscuous mode
[ 1494.748006][ T8596] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1494.788650][ T8596] bridge_slave_1: left allmulticast mode
[ 1494.849446][ T8596] bridge_slave_1: left promiscuous mode
[ 1494.872395][ T8596] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1494.907574][ T8596] bond0: (slave bond_slave_0): Releasing backup interface
[ 1494.952857][ T8596] bond0: (slave bond_slave_1): Releasing backup interface
[ 1494.991169][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1494.998424][ T8596] team0: Failed to send options change via netlink (err -105)
[ 1494.998751][ T8596] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[ 1495.001440][ T8596] team0: Port device team_slave_0 removed
[ 1495.028280][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1495.040022][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1495.054194][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1495.057244][ T8596] team0: Failed to send options change via netlink (err -105)
[ 1495.070121][ T5839] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1495.070209][ T8596] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[ 1495.087162][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1495.088570][ T8596] team0: Port device team_slave_1 removed
[ 1495.120545][ T8585] netlink: 'syz.0.9850': attribute type 1 has an invalid length.
[ 1495.168019][ T8582] lo speed is unknown, defaulting to 1000
[ 1495.174043][ T8585] netlink: 228 bytes leftover after parsing attributes in process `syz.0.9850'.
[ 1495.187071][ T8601] lo speed is unknown, defaulting to 1000
[ 1495.194274][ T8582] lo speed is unknown, defaulting to 1000
[ 1495.205509][ T8601] lo speed is unknown, defaulting to 1000
[ 1495.876164][ T8617] lo speed is unknown, defaulting to 1000
[ 1495.893454][ T8617] lo speed is unknown, defaulting to 1000
[ 1495.977840][ T8601] chnl_net:caif_netlink_parms(): no params data found
[ 1496.392346][ T8601] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1496.415439][ T8601] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1496.448405][ T8601] bridge_slave_0: entered allmulticast mode
[ 1496.464175][ T8601] bridge_slave_0: entered promiscuous mode
[ 1496.518016][ T8601] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1496.535579][ T8647] Bluetooth: MGMT ver 1.23
[ 1496.541396][ T8601] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1496.556270][ T8645] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[ 1496.711127][ T8601] bridge_slave_1: entered allmulticast mode
[ 1496.724595][ T8601] bridge_slave_1: entered promiscuous mode
[ 1496.778245][ T8644] lo speed is unknown, defaulting to 1000
[ 1496.802277][ T5837] Bluetooth: hci5: command tx timeout
[ 1496.821572][ T8644] lo speed is unknown, defaulting to 1000
[ 1496.824880][ T8601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1496.845427][ T8601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1497.079260][ T8601] team0: Port device team_slave_0 added
[ 1497.125069][ T8601] team0: Port device team_slave_1 added
[ 1497.316076][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1497.332727][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1497.388188][ T8601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1497.428203][ T8601] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1497.442188][ T8601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1497.482238][ T8601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1497.577553][ T8601] hsr_slave_0: entered promiscuous mode
[ 1497.584687][ T8601] hsr_slave_1: entered promiscuous mode
[ 1497.590873][ T8601] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1497.599730][ T8601] Cannot create hsr debugfs directory
[ 1498.594742][ T8601] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1498.610411][ T8601] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1498.623361][ T8601] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1498.642615][ T5839] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1498.648484][ T8601] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1498.855106][ T8601] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1498.887448][ T8601] 8021q: adding VLAN 0 to HW filter on device team0
[ 1498.931524][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1498.938690][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1498.980761][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1498.987900][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1499.234098][ T8601] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1499.288915][ T8601] veth0_vlan: entered promiscuous mode
[ 1499.330809][ T8601] veth1_vlan: entered promiscuous mode
[ 1499.388801][ T8601] veth0_macvtap: entered promiscuous mode
[ 1499.419104][ T8601] veth1_macvtap: entered promiscuous mode
[ 1499.498433][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1499.517733][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.543803][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1499.575268][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.602359][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1499.645882][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.683511][ T8601] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1499.721819][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1499.740561][ T8746] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9907'.
[ 1499.781533][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.822033][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1499.850730][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.876454][ T8601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1499.910913][ T8601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1499.934292][ T8601] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1499.999599][ T8601] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1500.048934][ T8601] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1500.091006][ T8601] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1500.124635][ T8601] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1500.145502][ T8753] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1500.152384][ T8753] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1500.503938][T28162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1500.532559][T28162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1500.578004][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1500.604401][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1500.693749][ T8769] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9919'.
[ 1500.844921][ T8778] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9922'.
[ 1501.273102][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9928'.
[ 1501.314079][ T5882] IPVS: starting estimator thread 0...
[ 1501.422206][ T8799] IPVS: using max 21 ests per chain, 50400 per kthread
[ 1502.238028][ T8829] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1502.247255][ T8829] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1502.256002][ T8829] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1502.264774][ T8829] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1502.286770][ T8829] vxlan0: entered promiscuous mode
[ 1502.292402][ T8829] vxlan0: entered allmulticast mode
[ 1504.723987][ T8954] syzkaller0: tun_chr_ioctl cmd 21731
[ 1504.943289][ T8969] 
[ 1504.945660][ T8969] ======================================================
[ 1504.952681][ T8969] WARNING: possible circular locking dependency detected
[ 1504.959705][ T8969] 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 Not tainted
[ 1504.966818][ T8969] ------------------------------------------------------
[ 1504.973843][ T8969] syz.2.10008/8969 is trying to acquire lock:
[ 1504.979919][ T8969] ffff888031818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_change_mac+0xc6/0x1160
[ 1504.989696][ T8969] 
[ 1504.989696][ T8969] but task is already holding lock:
[ 1504.997071][ T8969] ffff8880433c4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50
[ 1505.006057][ T8969] 
[ 1505.006057][ T8969] which lock already depends on the new lock.
[ 1505.006057][ T8969] 
[ 1505.016463][ T8969] 
[ 1505.016463][ T8969] the existing dependency chain (in reverse order) is:
[ 1505.025480][ T8969] 
[ 1505.025480][ T8969] -> #1 (&dev->lock){+.+.}-{4:4}:
[ 1505.032711][ T8969]        lock_acquire+0x1ed/0x550
[ 1505.037753][ T8969]        __mutex_lock+0x19c/0x1010
[ 1505.042885][ T8969]        register_netdevice+0x12d8/0x1b70
[ 1505.048623][ T8969]        cfg80211_register_netdevice+0x149/0x2f0
[ 1505.054960][ T8969]        ieee80211_if_add+0x119d/0x1780
[ 1505.060500][ T8969]        ieee80211_register_hw+0x3708/0x42e0
[ 1505.066471][ T8969]        mac80211_hwsim_new_radio+0x2a89/0x49f0
[ 1505.072703][ T8969]        init_mac80211_hwsim+0x87a/0xb00
[ 1505.078323][ T8969]        do_one_initcall+0x248/0x930
[ 1505.083600][ T8969]        do_initcall_level+0x157/0x210
[ 1505.089048][ T8969]        do_initcalls+0x71/0xd0
[ 1505.093890][ T8969]        kernel_init_freeable+0x435/0x5d0
[ 1505.099598][ T8969]        kernel_init+0x1d/0x2b0
[ 1505.104439][ T8969]        ret_from_fork+0x4b/0x80
[ 1505.109366][ T8969]        ret_from_fork_asm+0x1a/0x30
[ 1505.114639][ T8969] 
[ 1505.114639][ T8969] -> #0 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 1505.122364][ T8969]        validate_chain+0x18ef/0x5920
[ 1505.127722][ T8969]        __lock_acquire+0x1397/0x2100
[ 1505.133086][ T8969]        lock_acquire+0x1ed/0x550
[ 1505.138103][ T8969]        __mutex_lock+0x19c/0x1010
[ 1505.143204][ T8969]        ieee80211_change_mac+0xc6/0x1160
[ 1505.148912][ T8969]        netif_set_mac_address+0x327/0x510
[ 1505.154707][ T8969]        dev_set_mac_address+0x38/0x50
[ 1505.160150][ T8969]        dev_ifsioc+0xdf4/0x1130
[ 1505.165078][ T8969]        dev_ioctl+0x719/0x1340
[ 1505.169916][ T8969]        sock_do_ioctl+0x240/0x460
[ 1505.175032][ T8969]        sock_ioctl+0x626/0x8e0
[ 1505.179879][ T8969]        __se_sys_ioctl+0xf5/0x170
[ 1505.184985][ T8969]        do_syscall_64+0xf3/0x230
[ 1505.190008][ T8969]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.196423][ T8969] 
[ 1505.196423][ T8969] other info that might help us debug this:
[ 1505.196423][ T8969] 
[ 1505.206644][ T8969]  Possible unsafe locking scenario:
[ 1505.206644][ T8969] 
[ 1505.214086][ T8969]        CPU0                    CPU1
[ 1505.219438][ T8969]        ----                    ----
[ 1505.224792][ T8969]   lock(&dev->lock);
[ 1505.228769][ T8969]                                lock(&rdev->wiphy.mtx);
[ 1505.235781][ T8969]                                lock(&dev->lock);
[ 1505.242274][ T8969]   lock(&rdev->wiphy.mtx);
[ 1505.246771][ T8969] 
[ 1505.246771][ T8969]  *** DEADLOCK ***
[ 1505.246771][ T8969] 
[ 1505.254904][ T8969] 2 locks held by syz.2.10008/8969:
[ 1505.260084][ T8969]  #0: ffffffff8fed6cc8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x706/0x1340
[ 1505.268883][ T8969]  #1: ffff8880433c4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50
[ 1505.278281][ T8969] 
[ 1505.278281][ T8969] stack backtrace:
[ 1505.284163][ T8969] CPU: 0 UID: 0 PID: 8969 Comm: syz.2.10008 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0
[ 1505.284181][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1505.284191][ T8969] Call Trace:
[ 1505.284197][ T8969]  <TASK>
[ 1505.284204][ T8969]  dump_stack_lvl+0x241/0x360
[ 1505.284223][ T8969]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1505.284238][ T8969]  ? __pfx__printk+0x10/0x10
[ 1505.284255][ T8969]  print_circular_bug+0x13a/0x1b0
[ 1505.284273][ T8969]  check_noncircular+0x36a/0x4a0
[ 1505.284290][ T8969]  ? __pfx_check_noncircular+0x10/0x10
[ 1505.284304][ T8969]  ? lockdep_lock+0x123/0x2b0
[ 1505.284325][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284340][ T8969]  validate_chain+0x18ef/0x5920
[ 1505.284363][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284380][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284395][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284409][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284423][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284445][ T8969]  ? __pfx_validate_chain+0x10/0x10
[ 1505.284459][ T8969]  ? mark_lock+0x9a/0x360
[ 1505.284472][ T8969]  __lock_acquire+0x1397/0x2100
[ 1505.284497][ T8969]  lock_acquire+0x1ed/0x550
[ 1505.284514][ T8969]  ? ieee80211_change_mac+0xc6/0x1160
[ 1505.284535][ T8969]  ? __pfx_lock_acquire+0x10/0x10
[ 1505.284554][ T8969]  ? __pfx___might_resched+0x10/0x10
[ 1505.284582][ T8969]  __mutex_lock+0x19c/0x1010
[ 1505.284598][ T8969]  ? ieee80211_change_mac+0xc6/0x1160
[ 1505.284615][ T8969]  ? __pfx_lock_release+0x10/0x10
[ 1505.284634][ T8969]  ? ieee80211_change_mac+0xc6/0x1160
[ 1505.284650][ T8969]  ? __pfx___mutex_lock+0x10/0x10
[ 1505.284668][ T8969]  ? __pfx_vxlan_netdevice_event+0x10/0x10
[ 1505.284682][ T8969]  ? ib_device_get_by_netdev+0x85/0x5e0
[ 1505.284702][ T8969]  ? __pfx_ib_device_get_by_netdev+0x10/0x10
[ 1505.284719][ T8969]  ? hsr_netdev_notify+0x295/0xb50
[ 1505.284738][ T8969]  ieee80211_change_mac+0xc6/0x1160
[ 1505.284755][ T8969]  ? ip6_route_dev_notify+0x99/0x600
[ 1505.284771][ T8969]  ? notifier_call_chain+0x15a/0x3f0
[ 1505.284790][ T8969]  ? notifier_call_chain+0x3cc/0x3f0
[ 1505.284809][ T8969]  netif_set_mac_address+0x327/0x510
[ 1505.284828][ T8969]  ? __pfx_netif_set_mac_address+0x10/0x10
[ 1505.284843][ T8969]  ? rcu_is_watching+0x15/0xb0
[ 1505.284858][ T8969]  ? __mutex_lock+0x397/0x1010
[ 1505.284875][ T8969]  ? full_name_hash+0x93/0xe0
[ 1505.284895][ T8969]  dev_set_mac_address+0x38/0x50
[ 1505.284910][ T8969]  dev_ifsioc+0xdf4/0x1130
[ 1505.284927][ T8969]  ? __pfx___mutex_lock+0x10/0x10
[ 1505.284946][ T8969]  ? __pfx_dev_ifsioc+0x10/0x10
[ 1505.284965][ T8969]  ? dev_load+0x21/0x1f0
[ 1505.284982][ T8969]  dev_ioctl+0x719/0x1340
[ 1505.285000][ T8969]  sock_do_ioctl+0x240/0x460
[ 1505.285020][ T8969]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1505.285044][ T8969]  sock_ioctl+0x626/0x8e0
[ 1505.285061][ T8969]  ? __pfx_sock_ioctl+0x10/0x10
[ 1505.285077][ T8969]  ? __fget_files+0x2a/0x410
[ 1505.285096][ T8969]  ? __fget_files+0x2a/0x410
[ 1505.285115][ T8969]  ? __pfx_sock_ioctl+0x10/0x10
[ 1505.285132][ T8969]  __se_sys_ioctl+0xf5/0x170
[ 1505.285147][ T8969]  do_syscall_64+0xf3/0x230
[ 1505.285164][ T8969]  ? clear_bhb_loop+0x35/0x90
[ 1505.285182][ T8969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.285200][ T8969] RIP: 0033:0x7f5d0ff8d169
[ 1505.285213][ T8969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1505.285226][ T8969] RSP: 002b:00007f5d10df2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1505.285240][ T8969] RAX: ffffffffffffffda RBX: 00007f5d101a5fa0 RCX: 00007f5d0ff8d169
[ 1505.285250][ T8969] RDX: 0000400000000000 RSI: 0000000000008924 RDI: 0000000000000005
[ 1505.285259][ T8969] RBP: 00007f5d1000e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 1505.285267][ T8969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1505.285276][ T8969] R13: 0000000000000000 R14: 00007f5d101a5fa0 R15: 00007ffc6b1ceb88
[ 1505.285292][ T8969]  </TASK>
[ 1505.617412][ T8992] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10018'.