last executing test programs: 1m18.718368428s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 1m15.199674902s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 1m0.505326947s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 59.89099729s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 44.192592455s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 43.30833512s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 29.901876048s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 28.836932449s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 18.500359715s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 17.427971295s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 6.95064323s ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000000000000000073907800000300e000000100000000fe9e90780200000000000000"], 0x0) recvmmsg(r1, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x49}], 0x1, 0x2120, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/151, 0x97}, {&(0x7f0000000180)=""/139, 0x8b}, {&(0x7f0000000240)=""/120, 0x78}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f0000000300)=""/38, 0x26}], 0x6, &(0x7f0000000480)=""/197, 0xc5}, 0xd}, {{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/144, 0x90}, {&(0x7f0000000740)=""/25, 0x19}], 0x3, &(0x7f00000007c0)=""/6, 0x6}, 0x5}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000000840)=""/229, 0xe5}, 0x5}], 0x3, 0x10000, &(0x7f0000000a00)) ioctl$sock_netdev_private(r2, 0x8929, &(0x7f0000000440)="8d557fd094c38f748ec33512ef3a") 6.022345308s ago: executing program 3 (id=625): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000880)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000010500"/16, @ANYRES64=0x0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="0100006001"], 0x48}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e00)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000900)="83488a3c44e56b5cc1e229719ccaf3cec92eece76c01e71d5d605594be2a8173d5e144e7500cbe85b7cdb559f1509efce7a6ab042f84ff05e5687e35ea774b40c608830e551e4e8d0269e83299a0b3c9830889fc920def1b4ffcfbf92ba792bb", 0x60}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x40040) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000280)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 2.594448818s ago: executing program 1 (id=1233): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}]}, &(0x7f0000000180)=0x10) writev(r0, &(0x7f0000000100), 0x0) 2.523403503s ago: executing program 2 (id=1235): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x8) (async, rerun: 64) syz_emit_ethernet(0x466, &(0x7f0000000200)={@local, @empty, @val={@val={0x88a8, 0x7, 0x0, 0x2}, {0x8100, 0x2, 0x1, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "008000", 0x428, 0x6, 0x0, @private0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {[@dstopts={0x3c, 0x4, '\x00', [@hao={0xc9, 0x10, @empty}, @hao={0xc9, 0x10, @loopback}]}, @routing={0x3b, 0x10, 0x1, 0x3, 0x0, [@private1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, @dev={0xfe, 0x80, '\x00', 0x3c}, @mcast1, @mcast2, @rand_addr=' \x01\x00']}, @srh={0x2, 0x12, 0x4, 0x9, 0x5, 0x40, 0x6, [@ipv4={'\x00', '\xff\xff', @broadcast}, @dev={0xfe, 0x80, '\x00', 0x2e}, @remote, @local, @remote, @mcast1, @mcast2, @mcast2, @local]}, @fragment={0x88, 0x0, 0x8, 0x1, 0x0, 0x6, 0x68}, @hopopts={0x48, 0x1f, '\x00', [@calipso={0x7, 0x38, {0x0, 0xc, 0x38, 0x4, [0x2, 0x7, 0xfaa, 0x80000000, 0x8, 0x200]}}, @hao={0xc9, 0x10, @private2}, @generic={0xc, 0x7b, "092c84eb8d9d5b05f114b7f0ddcd5e0d068c75cfd1b70996d23f1b603e9b6c2a0d3040d09e305090063f9355a41407b8ca084a3a4fb4b15b19557ba31a73ad4a608515b220d070ccd41f4e66e33d7a0db65149872e0cef8eff1281ccf8c9c53b581914de189ac0a6a7923cf942d8e4851e7baeb98f96edfa51e847"}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x1}, @enc_lim, @hao={0xc9, 0x10, @loopback}, @jumbo={0xc2, 0x4, 0x2}, @hao={0xc9, 0x10, @remote}]}, @hopopts={0x87, 0x2, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0xc, 0x14, '\x00', [@calipso={0x7, 0x58, {0x237def592aad5661, 0x14, 0x9, 0x2, [0xb74, 0x5, 0x0, 0x7, 0x1, 0x2, 0x4, 0x2, 0xea, 0xaa99]}}, @ra={0x5, 0x2, 0x4}, @padn={0x1, 0x1, [0x0]}, @pad1, @generic={0x2, 0xe, "c1842abe19390c46b2acf281a2e2"}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x0, 0x6, 0xe3, 0x9, [0x3, 0x9, 0x10001]}}, @jumbo={0xc2, 0x4, 0x6}]}, @dstopts={0x89, 0x16, '\x00', [@generic={0x4, 0xa6, "0d5d8cefec8ecf929971a4c161454c3c892acc14d65dcef8510b1a210dc95f18ca3281f53de48d606b5ec788b2d321ee03cb1cf0f2804335849cc9cddce4645fc5ca03231bf47f1367b9ea5cb4c1856caaabe800d5f815d7aca556aa7cc599ba69340b00c752217bada028ae1b30073ec448f15eb07131e3203b70a95f4913f96247f8ada19ded4f40d6fc892c83a191e100eb59fd77562ac3b3b6628a7868438f62ff5e11d2"}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x1, [0x0]}]}, @fragment={0x2c, 0x0, 0x2, 0x1, 0x0, 0x7, 0x64}, @fragment={0x5c, 0x0, 0x8, 0x1, 0x0, 0x19, 0x67}], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0xb, "2cf6c1e60f58678bfd"}, @exp_smc={0xfe, 0x6}, @nop]}}}}}}}}, 0x0) (rerun: 64) 2.379419888s ago: executing program 2 (id=1236): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0xe, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f000000ab00)={0x18, 0x2, {0x1, @private=0xa010101}}, 0x1e) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) bind$pptp(r1, &(0x7f000000ae00)={0x18, 0x2, {0x1, @local}}, 0x1e) socket$pppl2tp(0x18, 0x1, 0x1) 2.210747073s ago: executing program 2 (id=1237): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r1 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x20000840) 2.210463969s ago: executing program 4 (id=1238): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r1, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x7ff}], 0x1, 0x162, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newlink={0x30, 0x10, 0x801, 0xfffffffd, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x70414}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2d}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 1.848393788s ago: executing program 2 (id=1239): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x99a}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback={0xff00000000000000}}}, 0x0, 0x0, 0x300, 0x0, 0x54}, 0x9c) 1.762882124s ago: executing program 4 (id=1240): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x58, 0x10, 0x401, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x103, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MODE={0x5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) r1 = accept(r0, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000140)=0x80) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000380)="0cb58d83949d0a0c28f06fa033e1164ddbb8460bef03f42ae3a773d32e5fc74fc0ace79e58058c0725ecd4c404f8f9c7dfc3d0d4c940bbeded63d544dc5872819d457d3d190a0c22c2641854ebf3", 0x4e}, {&(0x7f0000000400)="3e628259e64490cc7b9d87c245b7544e39c2e94c86017cc0832161fb30df95ed182bb19b0768d344aa65f6a892c91bc0d7d470348354b550ae3a6f47dbc917d4156ca9d4051fa269d74c85c1048661968b7a753762935edd20c743439b70175f874b9c33f1c301b05fc345975cce9e6b22a0208584b2c51b592c8bcc908bbadcedb60c71", 0x84}, {&(0x7f00000004c0)="2cdf52ec64c7d8bb59f1a2a2832787fad155c4c87990264741745148b1d2cc87b9055dc8ff8f8db3a3fe55844523c6d687a579b9d29cce16a82734", 0x3b}, {&(0x7f0000000500)="b43452295401bd78f5d4d6e34b4477a668dea13b345ad939a7a9152751f6032c3574a387760185bcbbd7868fb0d458cbe9041031d73069efabde8cdfcac9c42986459203bdb6f2e9286f0312942220a6e97d2555820b1e9ae022d63c43ca0c51b3d1e21dac27c1f299595ab683cd549132a2d95d2faecaba280658eeec90c3515991b53f222c5a37b055a164c7756ed0f5c9b4caad8641940ca2fd6071764b6a3b5f861d787ba284080b29", 0xab}], 0x4) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x58, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7ff}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x80) 1.654466112s ago: executing program 1 (id=1241): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x82}, 0x90) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={r1, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r2, 0x19c1f4bf}, &(0x7f0000000080)=0x8) 1.625323738s ago: executing program 1 (id=1242): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4"], 0x1c}}, 0x0) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x400001b, 0x0, 0x0) 1.5717061s ago: executing program 4 (id=1243): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x5, @private0, 0xffdd}, 0x1c) (async) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async) listen(r1, 0x8) (async) r2 = accept4(r1, 0x0, 0x0, 0x0) listen(r2, 0x3) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r5, @ANYBLOB="0800a0009e09000008009f000400000008002600800900000800a1000519"], 0x3c}}, 0x0) r7 = socket$inet_dccp(0x2, 0x6, 0x0) (async) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r6, 0x10, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x8a, 0x30}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x65}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) (async) r9 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r9, &(0x7f00000000c0)="ff21798848eb6a8a3007887ac6cea90a8c2f5093d82dde136d8b788e768776f136c837caed478027f3f43d778f988f", 0x2f, 0x4080, &(0x7f0000000140)={0xa, 0x0, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x6, 0x3}, 0x20) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000180)=0x7, 0x4) listen(r7, 0x3) (async) ioctl$sock_SIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000011c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x400300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0xc554}]}}}]}, 0x3c}, 0x1, 0xba01, 0x0, 0x44844}, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000005, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x100f1e}, 0x1c) 1.366669255s ago: executing program 4 (id=1244): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'}) ioctl(r4, 0x8b24, &(0x7f0000000040)) bind$unix(r3, &(0x7f00000005c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) connect$unix(r3, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e21}, 0x6e) recvmsg(r2, &(0x7f0000000200)={&(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000780)=""/241, 0xf1}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/247, 0xf7}, {&(0x7f0000000140)=""/78, 0x4e}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000440)=""/67, 0x43}, {&(0x7f0000000640)=""/159, 0x9f}], 0x7, &(0x7f0000001ac0)=""/151, 0x97}, 0x20) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000940)=@newtaction={0x48, 0x76, 0x1, 0x0, 0x0, {0x0, 0x0, 0x300}, [{0x34, 0x1, [@m_vlan={0x30, 0x4, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000007060101000000000000000000000000080000040500010007000000788f64aec1bf9e455ae7e9397c234bd0328095f7ba39679f14cb"], 0x2c}}, 0x4000014) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x54, r1, 0x1, 0x4, 0x0, {0x3}, [@TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x4}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'caif0\x00'}}]}]}, 0x54}}, 0x0) 899.51401ms ago: executing program 2 (id=1245): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e7", 0x4b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000d00)=""/197, 0xc5}, {&(0x7f0000000700)=""/215, 0xd7}, {&(0x7f0000000c00)=""/196, 0xc4}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000002180)=""/100, 0x64}, {&(0x7f0000002200)=""/4066, 0xfe2}, {&(0x7f00000003c0)=""/242, 0xf2}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f0000000240)=""/159, 0x9f}], 0x9}, 0x40002002) 740.166694ms ago: executing program 1 (id=1246): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x1, 0x4}, 0x1}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0xa00, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x100000, {0x0, 0x0, 0x74, r2, {0xfff3, 0x8}, {0x4, 0xfff3}, {0xffe0, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0x0) 566.408112ms ago: executing program 1 (id=1247): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) (async) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff810540010000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd000000100001000b080800418e01400004fcff", 0x58}], 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40ffff00109acc391e000040dda1906c30c8d59338d9dece958fde4025752f1cd0b8160dc7dd37530f4ce6d41db6301a85c80d9c9b5cd40e7a84be9beb4cdd91e5efa767293fa5c524501aaa27de59b89c07597e07a90975b7384a8d7e2c4962ed9c57eb4cfb4df98d800eb267005146ffbd3a0f1b4c0f119a80b81e94b01462f9b9907f904de9abf9dfdb3e931c61aa9bedd4823b0eee04aa82c27bfb5e4ae6d12259542a6e3c3986033f4ec83ddf499755698cf1212a47895f0a1a0d34ba282c22a5573e08c5138794d8", @ANYRES32=0x0, @ANYBLOB="04080400000000001800128008000100677470000c000280050005000100000008000a00", @ANYRES32=r2, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 434.760679ms ago: executing program 4 (id=1248): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES64=0x0], 0x9c}, 0x1, 0xba01}, 0x0) (async, rerun: 64) r0 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c0003"], 0x528}}, 0xc000) 434.582472ms ago: executing program 1 (id=1249): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r1 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@newtfilter={0x24, 0x28, 0xd27, 0x1003ffd, 0x0, {0x0, 0x0, 0x0, r2, {0xd, 0x9}, {}, {0x2, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x20000840) 334.236187ms ago: executing program 4 (id=1250): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0xfe, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) 0s ago: executing program 2 (id=1251): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x3c, r1, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_BACKEND_IDENTIFIER={0x9, 0xa, 'syz0\x00'}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}]}, 0x3c}}, 0x44004) (fail_nth: 32) kernel console output (not intermixed with test programs): T6680] veth1_vlan: left promiscuous mode [ 173.969335][ T6680] veth0_vlan: left promiscuous mode [ 174.597963][ T8535] netlink: 16 bytes leftover after parsing attributes in process `syz.1.763'. [ 174.610445][ T8535] netlink: 16 bytes leftover after parsing attributes in process `syz.1.763'. [ 174.619064][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 174.629875][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 174.644791][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 174.654517][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 174.663173][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 174.871086][ T6680] team0 (unregistering): Port device team_slave_1 removed [ 174.917576][ T6680] team0 (unregistering): Port device team_slave_0 removed [ 175.920426][ T8545] netem: unknown loss type 0 [ 175.925352][ T8545] netem: change failed [ 175.938161][ T5858] Bluetooth: hci2: command tx timeout [ 176.236543][ T8440] chnl_net:caif_netlink_parms(): no params data found [ 176.471357][ T6701] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.526949][ T8534] chnl_net:caif_netlink_parms(): no params data found [ 176.704350][ T6701] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.738873][ T5858] Bluetooth: hci1: command tx timeout [ 176.881161][ T6701] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.970384][ T8440] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.979458][ T8440] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.987803][ T8440] bridge_slave_0: entered allmulticast mode [ 176.996377][ T8440] bridge_slave_0: entered promiscuous mode [ 177.005924][ T8440] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.013614][ T8440] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.021675][ T8440] bridge_slave_1: entered allmulticast mode [ 177.031617][ T8440] bridge_slave_1: entered promiscuous mode [ 177.058116][ T6701] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.251356][ T8534] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.260091][ T8534] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.272069][ T8534] bridge_slave_0: entered allmulticast mode [ 177.283415][ T8534] bridge_slave_0: entered promiscuous mode [ 177.300081][ T8440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.315230][ T8440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.330380][ T8534] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.348111][ T8534] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.362084][ T8534] bridge_slave_1: entered allmulticast mode [ 177.387069][ T8534] bridge_slave_1: entered promiscuous mode [ 177.656127][ T8440] team0: Port device team_slave_0 added [ 177.702145][ T8534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.752725][ T8534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.795065][ T8440] team0: Port device team_slave_1 added [ 177.895046][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.781'. [ 178.017137][ T5858] Bluetooth: hci2: command tx timeout [ 178.281258][ T8440] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.290385][ T8440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.320267][ T8440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.351235][ T8641] tipc: Started in network mode [ 178.361141][ T8641] tipc: Node identity _, cluster identity 4711 [ 178.384362][ T8534] team0: Port device team_slave_0 added [ 178.440112][ T8646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.783'. [ 178.468584][ T8440] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.475866][ T8440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.529444][ T8440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.584622][ T8534] team0: Port device team_slave_1 added [ 178.728297][ T6701] bridge_slave_1: left allmulticast mode [ 178.734027][ T6701] bridge_slave_1: left promiscuous mode [ 178.756581][ T6701] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.779841][ T6701] bridge_slave_0: left allmulticast mode [ 178.785546][ T6701] bridge_slave_0: left promiscuous mode [ 178.791974][ T6701] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.817131][ T5858] Bluetooth: hci1: command tx timeout [ 178.877016][ T8664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.789'. [ 178.917101][ T8667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.789'. [ 179.345016][ T6701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.359361][ T6701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.369873][ T6701] bond0 (unregistering): Released all slaves [ 179.514047][ T8440] hsr_slave_0: entered promiscuous mode [ 179.531236][ T8683] No such timeout policy "syz0" [ 179.555366][ T8440] hsr_slave_1: entered promiscuous mode [ 179.568919][ T8440] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.596654][ T8440] Cannot create hsr debugfs directory [ 179.627742][ T8534] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.635147][ T8534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.710826][ T8534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.867239][ T8534] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.886807][ T8534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.926387][ T8701] netlink: 248 bytes leftover after parsing attributes in process `syz.2.796'. [ 179.973097][ T8534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.976809][ T8701] NCSI netlink: No device for ifindex 0 [ 180.097042][ T5858] Bluetooth: hci2: command tx timeout [ 180.372631][ T8716] netlink: 108 bytes leftover after parsing attributes in process `syz.4.798'. [ 180.441958][ T6701] hsr_slave_0: left promiscuous mode [ 180.459289][ T6701] hsr_slave_1: left promiscuous mode [ 180.485152][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.492948][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.513935][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.522791][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.557327][ T6701] veth1_macvtap: left promiscuous mode [ 180.563102][ T6701] veth0_macvtap: left promiscuous mode [ 180.575097][ T6701] veth1_vlan: left promiscuous mode [ 180.581483][ T6701] veth0_vlan: left promiscuous mode [ 180.896917][ T5858] Bluetooth: hci1: command tx timeout [ 181.142467][ T6701] team0 (unregistering): Port device team_slave_1 removed [ 181.177260][ T6701] team0 (unregistering): Port device team_slave_0 removed [ 181.634438][ T8534] hsr_slave_0: entered promiscuous mode [ 181.650038][ T8534] hsr_slave_1: entered promiscuous mode [ 181.658882][ T8534] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.667750][ T8534] Cannot create hsr debugfs directory [ 181.726343][ T8747] xt_TCPMSS: Only works on TCP SYN packets [ 181.852281][ T8749] FAULT_INJECTION: forcing a failure. [ 181.852281][ T8749] name failslab, interval 1, probability 0, space 0, times 0 [ 181.868758][ T8751] netlink: 40 bytes leftover after parsing attributes in process `syz.2.805'. [ 181.877876][ T8749] CPU: 1 UID: 0 PID: 8749 Comm: syz.1.804 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 181.877907][ T8749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 181.877920][ T8749] Call Trace: [ 181.877929][ T8749] [ 181.877938][ T8749] dump_stack_lvl+0x241/0x360 [ 181.877978][ T8749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.878008][ T8749] ? __pfx__printk+0x10/0x10 [ 181.878052][ T8749] should_fail_ex+0x424/0x570 [ 181.878091][ T8749] should_failslab+0xac/0x100 [ 181.878114][ T8749] __kmalloc_cache_noprof+0x73/0x370 [ 181.878135][ T8749] ? sctp_add_bind_addr+0x89/0x3a0 [ 181.878164][ T8749] sctp_add_bind_addr+0x89/0x3a0 [ 181.878193][ T8749] sctp_copy_local_addr_list+0x313/0x500 [ 181.878219][ T8749] ? sctp_copy_local_addr_list+0xad/0x500 [ 181.878252][ T8749] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 181.878280][ T8749] ? sctp_v6_is_any+0x60/0x70 [ 181.878307][ T8749] ? sctp_copy_one_addr+0x94/0x360 [ 181.878333][ T8749] sctp_bind_addr_copy+0xad/0x3b0 [ 181.878357][ T8749] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 181.878396][ T8749] sctp_connect_new_asoc+0x337/0x700 [ 181.878429][ T8749] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 181.878460][ T8749] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 181.878494][ T8749] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 181.878519][ T8749] ? sctp_endpoint_lookup_assoc+0x217/0x250 [ 181.878546][ T8749] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 181.878578][ T8749] sctp_sendmsg+0x2009/0x3620 [ 181.878633][ T8749] ? __pfx_sctp_sendmsg+0x10/0x10 [ 181.878665][ T8749] ? aa_sk_perm+0x96f/0xac0 [ 181.878708][ T8749] ? inet_sendmsg+0x330/0x390 [ 181.878732][ T8749] __sock_sendmsg+0x1a6/0x270 [ 181.878762][ T8749] __sys_sendto+0x365/0x4c0 [ 181.878797][ T8749] ? __pfx___sys_sendto+0x10/0x10 [ 181.878855][ T8749] ? ksys_write+0x266/0x2d0 [ 181.878896][ T8749] __x64_sys_sendto+0xde/0x100 [ 181.878930][ T8749] do_syscall_64+0xf3/0x210 [ 181.878955][ T8749] ? clear_bhb_loop+0x45/0xa0 [ 181.878979][ T8749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.878998][ T8749] RIP: 0033:0x7f36e778e169 [ 181.879015][ T8749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.879030][ T8749] RSP: 002b:00007f36e858c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 181.879052][ T8749] RAX: ffffffffffffffda RBX: 00007f36e79b5fa0 RCX: 00007f36e778e169 [ 181.879077][ T8749] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 181.879090][ T8749] RBP: 00007f36e858c090 R08: 0000200000000100 R09: 000000000000001c [ 181.879104][ T8749] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 181.879116][ T8749] R13: 0000000000000000 R14: 00007f36e79b5fa0 R15: 00007fffc6e785d8 [ 181.879149][ T8749] [ 182.331609][ T8761] xt_l2tp: wrong L2TP version: 0 [ 182.375447][ T8763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.809'. [ 182.431310][ T8765] netlink: 12 bytes leftover after parsing attributes in process `syz.1.809'. [ 182.517059][ T8768] netlink: 'syz.2.810': attribute type 10 has an invalid length. [ 182.627713][ T8770] FAULT_INJECTION: forcing a failure. [ 182.627713][ T8770] name failslab, interval 1, probability 0, space 0, times 0 [ 182.642761][ T8770] CPU: 0 UID: 0 PID: 8770 Comm: syz.4.811 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 182.642792][ T8770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.642805][ T8770] Call Trace: [ 182.642814][ T8770] [ 182.642824][ T8770] dump_stack_lvl+0x241/0x360 [ 182.642862][ T8770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.642893][ T8770] ? __pfx__printk+0x10/0x10 [ 182.642937][ T8770] ? __pfx___might_resched+0x10/0x10 [ 182.642963][ T8770] should_fail_ex+0x424/0x570 [ 182.643001][ T8770] should_failslab+0xac/0x100 [ 182.643024][ T8770] kmem_cache_alloc_noprof+0x78/0x390 [ 182.643046][ T8770] ? vm_area_dup+0x2b/0x5b0 [ 182.643081][ T8770] vm_area_dup+0x2b/0x5b0 [ 182.643117][ T8770] __split_vma+0x1b8/0xb20 [ 182.643147][ T8770] ? __pfx___split_vma+0x10/0x10 [ 182.643186][ T8770] vma_modify+0x31f/0x450 [ 182.643221][ T8770] vma_modify_flags+0x3b2/0x430 [ 182.643252][ T8770] ? __pfx_ima_file_mprotect+0x10/0x10 [ 182.643285][ T8770] ? __pfx_vma_modify_flags+0x10/0x10 [ 182.643334][ T8770] ? may_expand_vm+0x1b9/0x300 [ 182.643363][ T8770] mprotect_fixup+0x445/0xa40 [ 182.643402][ T8770] ? __pfx_mprotect_fixup+0x10/0x10 [ 182.643430][ T8770] ? mas_find+0x950/0xbb0 [ 182.643456][ T8770] do_mprotect_pkey+0x99f/0xde0 [ 182.643488][ T8770] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 182.643528][ T8770] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 182.643604][ T8770] __x64_sys_mprotect+0x80/0x90 [ 182.643636][ T8770] do_syscall_64+0xf3/0x210 [ 182.643658][ T8770] ? clear_bhb_loop+0x45/0xa0 [ 182.643683][ T8770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.643703][ T8770] RIP: 0033:0x7fbc1898e227 [ 182.643722][ T8770] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.643739][ T8770] RSP: 002b:00007fbc197eabf8 EFLAGS: 00000217 ORIG_RAX: 000000000000000a [ 182.643767][ T8770] RAX: ffffffffffffffda RBX: 00007fbc10000000 RCX: 00007fbc1898e227 [ 182.643783][ T8770] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 00007fbc10000000 [ 182.643796][ T8770] RBP: 0000000004000000 R08: 00000000ffffffff R09: 0000000000000000 [ 182.643810][ T8770] R10: 0000000000004022 R11: 0000000000000217 R12: 00007fbc14000000 [ 182.643824][ T8770] R13: 0000000000001000 R14: 0000000000021000 R15: 0000000001a00000 [ 182.643858][ T8770] [ 182.960991][ T8768] hsr0: entered promiscuous mode [ 182.977059][ T5858] Bluetooth: hci1: command tx timeout [ 183.012005][ T8768] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 183.022590][ T8768] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 183.041855][ T8768] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 183.332380][ T8794] SET target dimension over the limit! [ 183.707907][ T8440] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 183.803122][ T8440] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.876029][ T8821] netlink: 'syz.4.817': attribute type 23 has an invalid length. [ 183.960798][ T8440] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 183.989332][ T8440] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 184.031265][ T8818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.816'. [ 184.066027][ T8829] can: request_module (can-proto-4) failed. [ 184.649220][ T8534] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 184.675251][ T8534] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 184.719399][ T8534] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 184.759343][ T8534] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 184.834600][ T8440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.942130][ T8440] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.966347][ T6701] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.973621][ T6701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.033170][ T6700] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.040514][ T6700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.373370][ T8534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.576593][ T8534] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.619481][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.626765][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.722928][ T6701] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.730172][ T6701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.105637][ T8440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.290103][ T8440] veth0_vlan: entered promiscuous mode [ 186.361580][ T8440] veth1_vlan: entered promiscuous mode [ 186.379086][ T8534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.460876][ T8440] veth0_macvtap: entered promiscuous mode [ 186.491465][ T8440] veth1_macvtap: entered promiscuous mode [ 186.525905][ T8534] veth0_vlan: entered promiscuous mode [ 186.559186][ T8440] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.571852][ T8534] veth1_vlan: entered promiscuous mode [ 186.598317][ T8440] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.620682][ T8440] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.646725][ T8440] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.655635][ T8440] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.683346][ T8440] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.792775][ T8534] veth0_macvtap: entered promiscuous mode [ 186.802097][ T8928] netlink: 44 bytes leftover after parsing attributes in process `syz.1.834'. [ 186.826192][ T8534] veth1_macvtap: entered promiscuous mode [ 186.988667][ T6701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.020129][ T6701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.060578][ T8534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.088078][ T8534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.100413][ T8534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.162201][ T8534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.207585][ T8534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.239719][ T8534] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.263444][ T8534] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.291744][ T8534] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.316957][ T8534] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.325740][ T8534] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.361041][ T6701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.373344][ T6701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.512450][ T8951] FAULT_INJECTION: forcing a failure. [ 187.512450][ T8951] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 187.557617][ T8951] CPU: 0 UID: 0 PID: 8951 Comm: syz.2.837 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 187.557651][ T8951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 187.557664][ T8951] Call Trace: [ 187.557673][ T8951] [ 187.557682][ T8951] dump_stack_lvl+0x241/0x360 [ 187.557747][ T8951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.557778][ T8951] ? __pfx__printk+0x10/0x10 [ 187.557821][ T8951] should_fail_ex+0x424/0x570 [ 187.557859][ T8951] prepare_alloc_pages+0x220/0x610 [ 187.557903][ T8951] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 187.557937][ T8951] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 187.557991][ T8951] alloc_pages_mpol+0x339/0x690 [ 187.558020][ T8951] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 187.558054][ T8951] vma_alloc_folio_noprof+0x12d/0x260 [ 187.558080][ T8951] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 187.558103][ T8951] ? __pfx___up_read+0x10/0x10 [ 187.558134][ T8951] folio_prealloc+0x2e/0x170 [ 187.558161][ T8951] handle_pte_fault+0x2e45/0x61c0 [ 187.558212][ T8951] ? __pfx_handle_pte_fault+0x10/0x10 [ 187.558243][ T8951] ? vma_modify_flags+0x3b2/0x430 [ 187.558273][ T8951] ? __pfx_ima_file_mprotect+0x10/0x10 [ 187.558307][ T8951] ? __pfx_vma_modify_flags+0x10/0x10 [ 187.558335][ T8951] ? vma_wants_writenotify+0xb2/0x2b0 [ 187.558378][ T8951] ? do_mprotect_pkey+0xbdc/0xde0 [ 187.558414][ T8951] ? up_write+0x1ab/0x590 [ 187.558450][ T8951] handle_mm_fault+0x1129/0x1bf0 [ 187.558508][ T8951] ? __pfx_handle_mm_fault+0x10/0x10 [ 187.558532][ T8951] ? lock_vma_under_rcu+0x1f0/0x9a0 [ 187.558581][ T8951] ? exc_page_fault+0x115/0x920 [ 187.558605][ T8951] exc_page_fault+0x45b/0x920 [ 187.558627][ T8951] ? do_syscall_64+0x100/0x210 [ 187.558656][ T8951] asm_exc_page_fault+0x26/0x30 [ 187.558675][ T8951] RIP: 0033:0x7f89f2349a5f [ 187.558694][ T8951] Code: f6 48 89 df e8 e2 47 04 00 85 c0 0f 85 4a 01 00 00 48 8b 05 db a1 23 00 48 83 e8 01 4c 39 f0 0f 82 c6 00 00 00 66 0f 6f 0c 24 <4c> 89 6b 20 0f 11 4b 10 48 83 c4 18 48 89 d8 5b 5d 41 5c 41 5d 41 [ 187.558711][ T8951] RSP: 002b:00007f89f319fc00 EFLAGS: 00010286 [ 187.558731][ T8951] RAX: ffffffffffffffff RBX: 00007f89e8000000 RCX: 00007f89f238e227 [ 187.558753][ T8951] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 00007f89e8000000 [ 187.558766][ T8951] RBP: 0000000004000000 R08: 00000000ffffffff R09: 0000000000000000 [ 187.558780][ T8951] R10: 0000000000004022 R11: 0000000000000217 R12: 00007f89ec000000 [ 187.558793][ T8951] R13: 0000000000001000 R14: 0000000000021000 R15: 0000000000000000 [ 187.558828][ T8951] [ 187.560280][ T8951] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 187.931113][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.949419][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.164936][ T6680] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.186197][ T6680] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.530554][ T6680] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.804094][ T6680] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.833060][ T8993] syzkaller1: entered promiscuous mode [ 188.846768][ T8993] syzkaller1: entered allmulticast mode [ 189.086394][ T6680] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.364557][ T6680] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.612480][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 189.622508][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 189.635666][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 189.645940][ T6680] bridge_slave_1: left allmulticast mode [ 189.654107][ T6680] bridge_slave_1: left promiscuous mode [ 189.654318][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 189.667075][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.688219][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 189.700299][ T6680] bridge_slave_0: left allmulticast mode [ 189.747539][ T6680] bridge_slave_0: left promiscuous mode [ 189.768652][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.165237][ T9036] xt_CT: No such helper "pptp" [ 190.342060][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 190.354361][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 190.365019][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 190.382998][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 190.397433][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 190.675091][ T6680] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 190.696254][ T6680] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 190.714458][ T6680] bond0 (unregistering): Released all slaves [ 191.109264][ T9081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'. [ 191.776974][ T5859] Bluetooth: hci1: command tx timeout [ 192.511140][ T5859] Bluetooth: hci2: command tx timeout [ 192.802962][ T6680] hsr_slave_0: left promiscuous mode [ 192.828875][ T6680] hsr_slave_1: left promiscuous mode [ 192.839972][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.853396][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.868585][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.876144][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.904917][ T6680] veth1_macvtap: left promiscuous mode [ 192.913304][ T6680] veth0_macvtap: left promiscuous mode [ 192.926031][ T6680] veth1_vlan: left promiscuous mode [ 192.932336][ T6680] veth0_vlan: left promiscuous mode [ 193.432442][ T6680] team0 (unregistering): Port device team_slave_1 removed [ 193.480074][ T6680] team0 (unregistering): Port device team_slave_0 removed [ 193.857007][ T5859] Bluetooth: hci1: command tx timeout [ 193.905978][ T9130] netlink: 'syz.1.868': attribute type 1 has an invalid length. [ 194.043924][ T9119] netlink: 4 bytes leftover after parsing attributes in process `syz.4.866'. [ 194.256239][ T9142] netlink: 'syz.2.871': attribute type 1 has an invalid length. [ 194.274454][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.289860][ T9144] netlink: 20 bytes leftover after parsing attributes in process `syz.4.872'. [ 194.298707][ T9142] netlink: 'syz.2.871': attribute type 10 has an invalid length. [ 194.308283][ T9142] netlink: 'syz.2.871': attribute type 4 has an invalid length. [ 194.329977][ T9142] netlink: 'syz.2.871': attribute type 1 has an invalid length. [ 194.356965][ T9142] netlink: 192 bytes leftover after parsing attributes in process `syz.2.871'. [ 194.398580][ T9018] chnl_net:caif_netlink_parms(): no params data found [ 194.576827][ T5859] Bluetooth: hci2: command tx timeout [ 194.639829][ T9047] chnl_net:caif_netlink_parms(): no params data found [ 194.745386][ T9018] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.766967][ T9018] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.783794][ T9018] bridge_slave_0: entered allmulticast mode [ 194.809461][ T9018] bridge_slave_0: entered promiscuous mode [ 194.853263][ T9018] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.869456][ T9018] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.887321][ T9018] bridge_slave_1: entered allmulticast mode [ 194.895374][ T9018] bridge_slave_1: entered promiscuous mode [ 195.114943][ T9018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.340134][ T6680] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.365612][ T9018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.415939][ T9193] x_tables: ip_tables: osf match: only valid for protocol 6 [ 195.489753][ T6680] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.557932][ T5859] block nbd1: Receive control failed (result -32) [ 195.715128][ T6680] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.849496][ T9018] team0: Port device team_slave_0 added [ 195.868292][ T9047] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.882116][ T9047] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.895395][ T9047] bridge_slave_0: entered allmulticast mode [ 195.904347][ T9047] bridge_slave_0: entered promiscuous mode [ 195.937337][ T5859] Bluetooth: hci1: command tx timeout [ 195.969526][ T6680] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.106257][ T9018] team0: Port device team_slave_1 added [ 196.178808][ T9047] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.189648][ T9047] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.208731][ T9047] bridge_slave_1: entered allmulticast mode [ 196.228580][ T9047] bridge_slave_1: entered promiscuous mode [ 196.313763][ T9244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.887'. [ 196.443208][ T9018] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.459326][ T9248] FAULT_INJECTION: forcing a failure. [ 196.459326][ T9248] name failslab, interval 1, probability 0, space 0, times 0 [ 196.472753][ T9018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.481483][ T9248] CPU: 0 UID: 0 PID: 9248 Comm: syz.2.888 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 196.481520][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 196.481535][ T9248] Call Trace: [ 196.481545][ T9248] [ 196.481555][ T9248] dump_stack_lvl+0x241/0x360 [ 196.481599][ T9248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.481633][ T9248] ? __pfx__printk+0x10/0x10 [ 196.481671][ T9248] ? __pfx___might_resched+0x10/0x10 [ 196.481707][ T9248] should_fail_ex+0x424/0x570 [ 196.481750][ T9248] should_failslab+0xac/0x100 [ 196.481776][ T9248] kmem_cache_alloc_noprof+0x78/0x390 [ 196.481799][ T9248] ? __kernfs_new_node+0xdf/0x890 [ 196.481829][ T9248] __kernfs_new_node+0xdf/0x890 [ 196.481854][ T9248] ? __lock_acquire+0xad5/0xd80 [ 196.481894][ T9248] ? __pfx___kernfs_new_node+0x10/0x10 [ 196.481931][ T9248] ? kernfs_root+0x1c/0x230 [ 196.481954][ T9248] ? kernfs_root+0x1c/0x230 [ 196.481979][ T9248] kernfs_new_node+0x114/0x220 [ 196.482010][ T9248] __kernfs_create_file+0x49/0x2e0 [ 196.482044][ T9248] sysfs_add_file_mode_ns+0x24a/0x310 [ 196.482087][ T9248] sysfs_create_file_ns+0x197/0x2c0 [ 196.482123][ T9248] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 196.482152][ T9248] ? nbd_add_socket+0x65b/0xad0 [ 196.482193][ T9248] ? device_create_file+0xf2/0x1c0 [ 196.482221][ T9248] nbd_start_device+0x244/0xab0 [ 196.482258][ T9248] ? __nla_parse+0x40/0x60 [ 196.482289][ T9248] nbd_genl_connect+0x157e/0x1c90 [ 196.482336][ T9248] ? __pfx_nbd_genl_connect+0x10/0x10 [ 196.482385][ T9248] ? __nla_parse+0x40/0x60 [ 196.482414][ T9248] ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290 [ 196.482448][ T9248] genl_rcv_msg+0xb38/0xf00 [ 196.482495][ T9248] ? __pfx_genl_rcv_msg+0x10/0x10 [ 196.482526][ T9248] ? stack_trace_save+0x11a/0x1d0 [ 196.482556][ T9248] ? __pfx_stack_trace_save+0x10/0x10 [ 196.482586][ T9248] ? stack_depot_save_flags+0x44/0x940 [ 196.482619][ T9248] ? __pfx_stack_trace_save+0x1/0x10 [ 196.482664][ T9248] ? __lock_acquire+0xad5/0xd80 [ 196.482708][ T9248] ? __pfx_nbd_genl_connect+0x10/0x10 [ 196.482758][ T9248] netlink_rcv_skb+0x208/0x480 [ 196.482787][ T9248] ? __pfx_genl_rcv_msg+0x10/0x10 [ 196.482824][ T9248] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 196.482881][ T9248] ? netlink_deliver_tap+0x2e/0x1b0 [ 196.482918][ T9248] genl_rcv+0x28/0x40 [ 196.482948][ T9248] netlink_unicast+0x7f8/0x9a0 [ 196.482986][ T9248] ? __pfx_netlink_unicast+0x10/0x10 [ 196.483014][ T9248] ? skb_put+0x114/0x1f0 [ 196.483054][ T9248] netlink_sendmsg+0x8c3/0xcd0 [ 196.483099][ T9248] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.483134][ T9248] ? aa_sock_msg_perm+0x91/0x160 [ 196.483171][ T9248] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.483197][ T9248] __sock_sendmsg+0x221/0x270 [ 196.483230][ T9248] ____sys_sendmsg+0x523/0x860 [ 196.483263][ T9248] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.483282][ T9248] ? __fget_files+0x2a/0x420 [ 196.483308][ T9248] ? __fget_files+0x2a/0x420 [ 196.483341][ T9248] __sys_sendmsg+0x271/0x360 [ 196.483370][ T9248] ? __pfx___sys_sendmsg+0x10/0x10 [ 196.483461][ T9248] ? do_syscall_64+0xb6/0x210 [ 196.483490][ T9248] do_syscall_64+0xf3/0x210 [ 196.483515][ T9248] ? clear_bhb_loop+0x45/0xa0 [ 196.483543][ T9248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.483565][ T9248] RIP: 0033:0x7f89f238e169 [ 196.483602][ T9248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.483622][ T9248] RSP: 002b:00007f89f31c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 196.483646][ T9248] RAX: ffffffffffffffda RBX: 00007f89f25b5fa0 RCX: 00007f89f238e169 [ 196.483663][ T9248] RDX: 0000000000044004 RSI: 0000200000000380 RDI: 0000000000000004 [ 196.483678][ T9248] RBP: 00007f89f31c2090 R08: 0000000000000000 R09: 0000000000000000 [ 196.483698][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.483712][ T9248] R13: 0000000000000000 R14: 00007f89f25b5fa0 R15: 00007ffece171ff8 [ 196.483749][ T9248] [ 196.483928][ T9248] block nbd2: device_create_file failed for pid! [ 196.556780][ T9018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.563503][ T9248] block nbd2: shutting down sockets [ 196.687001][ T5859] Bluetooth: hci2: command tx timeout [ 197.004347][ T9047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.020275][ T9018] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.027447][ T9018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.058951][ T9018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.098037][ T9047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.314551][ T9275] netlink: 'syz.4.892': attribute type 1 has an invalid length. [ 197.341341][ T9275] netlink: 232 bytes leftover after parsing attributes in process `syz.4.892'. [ 197.358283][ T9018] hsr_slave_0: entered promiscuous mode [ 197.366555][ T9018] hsr_slave_1: entered promiscuous mode [ 197.376240][ T9275] netlink: 4 bytes leftover after parsing attributes in process `syz.4.892'. [ 197.388920][ T9018] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.399758][ T9018] Cannot create hsr debugfs directory [ 197.409849][ T9047] team0: Port device team_slave_0 added [ 197.674612][ T6680] bridge_slave_1: left allmulticast mode [ 197.692623][ T6680] bridge_slave_1: left promiscuous mode [ 197.727781][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.741604][ T6680] bridge_slave_0: left allmulticast mode [ 197.750300][ T6680] bridge_slave_0: left promiscuous mode [ 197.757331][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.018134][ T5859] Bluetooth: hci1: command tx timeout [ 198.203314][ T6680] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 198.215089][ T6680] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.227162][ T6680] bond0 (unregistering): Released all slaves [ 198.244004][ T9047] team0: Port device team_slave_1 added [ 198.414530][ T9294] bond0: (slave bridge0): Releasing backup interface [ 198.685489][ T9047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.693482][ T9047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.724320][ T9047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.745924][ T9047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.764316][ T9047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.826708][ T9047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.921615][ T5859] block nbd2: Receive control failed (result -32) [ 198.977214][ T5859] Bluetooth: hci2: command tx timeout [ 199.086247][ T6680] hsr_slave_0: left promiscuous mode [ 199.110455][ T6680] hsr_slave_1: left promiscuous mode [ 199.116979][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.127910][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.158267][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.165777][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 199.196509][ T6680] veth1_macvtap: left promiscuous mode [ 199.202321][ T6680] veth0_macvtap: left promiscuous mode [ 199.209305][ T6680] veth1_vlan: left promiscuous mode [ 199.214797][ T6680] veth0_vlan: left promiscuous mode [ 199.833641][ T6680] team0 (unregistering): Port device team_slave_1 removed [ 199.874194][ T6680] team0 (unregistering): Port device team_slave_0 removed [ 200.309697][ T9047] hsr_slave_0: entered promiscuous mode [ 200.316468][ T9047] hsr_slave_1: entered promiscuous mode [ 200.327827][ T9047] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.336365][ T9047] Cannot create hsr debugfs directory [ 200.512606][ T9346] netlink: 696 bytes leftover after parsing attributes in process `syz.2.909'. [ 200.566936][ T9350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.908'. [ 200.873481][ T9355] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 200.883596][ T9355] team0: Device ipvlan0 is already an upper device of the team interface [ 200.910487][ T9361] FAULT_INJECTION: forcing a failure. [ 200.910487][ T9361] name failslab, interval 1, probability 0, space 0, times 0 [ 200.937083][ T9361] CPU: 1 UID: 0 PID: 9361 Comm: syz.2.911 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 200.937117][ T9361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 200.937130][ T9361] Call Trace: [ 200.937139][ T9361] [ 200.937148][ T9361] dump_stack_lvl+0x241/0x360 [ 200.937188][ T9361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.937219][ T9361] ? __pfx__printk+0x10/0x10 [ 200.937248][ T9361] ? trace_contention_end+0x3c/0x120 [ 200.937274][ T9361] ? __pfx___might_resched+0x10/0x10 [ 200.937305][ T9361] should_fail_ex+0x424/0x570 [ 200.937355][ T9361] should_failslab+0xac/0x100 [ 200.937380][ T9361] __kmalloc_cache_noprof+0x73/0x370 [ 200.937414][ T9361] ? genl_start+0x1cb/0x6d0 [ 200.937438][ T9361] genl_start+0x1cb/0x6d0 [ 200.937469][ T9361] __netlink_dump_start+0x45c/0x790 [ 200.937513][ T9361] genl_rcv_msg+0x8a4/0xf00 [ 200.937557][ T9361] ? __pfx_genl_rcv_msg+0x10/0x10 [ 200.937592][ T9361] ? __dev_queue_xmit+0x1780/0x3f60 [ 200.937622][ T9361] ? __pfx_genl_start+0x10/0x10 [ 200.937638][ T9361] ? __pfx_genl_dumpit+0x10/0x10 [ 200.937654][ T9361] ? __pfx_genl_done+0x10/0x10 [ 200.937692][ T9361] ? __lock_acquire+0xad5/0xd80 [ 200.937722][ T9361] ? __pfx_batadv_bla_backbone_dump+0x10/0x10 [ 200.937770][ T9361] netlink_rcv_skb+0x208/0x480 [ 200.937797][ T9361] ? __pfx_genl_rcv_msg+0x10/0x10 [ 200.937836][ T9361] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 200.937888][ T9361] ? netlink_deliver_tap+0x2e/0x1b0 [ 200.937923][ T9361] genl_rcv+0x28/0x40 [ 200.937952][ T9361] netlink_unicast+0x7f8/0x9a0 [ 200.937986][ T9361] ? __pfx_netlink_unicast+0x10/0x10 [ 200.938013][ T9361] ? skb_put+0x114/0x1f0 [ 200.938061][ T9361] netlink_sendmsg+0x8c3/0xcd0 [ 200.938104][ T9361] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.938136][ T9361] ? aa_sock_msg_perm+0x91/0x160 [ 200.938170][ T9361] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.938195][ T9361] __sock_sendmsg+0x221/0x270 [ 200.938225][ T9361] ____sys_sendmsg+0x523/0x860 [ 200.938255][ T9361] ? __pfx_____sys_sendmsg+0x10/0x10 [ 200.938278][ T9361] ? __fget_files+0x2a/0x420 [ 200.938302][ T9361] ? __fget_files+0x2a/0x420 [ 200.938334][ T9361] __sys_sendmsg+0x271/0x360 [ 200.938361][ T9361] ? __pfx___sys_sendmsg+0x10/0x10 [ 200.938447][ T9361] ? do_syscall_64+0xb6/0x210 [ 200.938474][ T9361] do_syscall_64+0xf3/0x210 [ 200.938497][ T9361] ? clear_bhb_loop+0x45/0xa0 [ 200.938522][ T9361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.938543][ T9361] RIP: 0033:0x7f89f238e169 [ 200.938568][ T9361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.938586][ T9361] RSP: 002b:00007f89f31a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 200.938608][ T9361] RAX: ffffffffffffffda RBX: 00007f89f25b6080 RCX: 00007f89f238e169 [ 200.938624][ T9361] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 200.938637][ T9361] RBP: 00007f89f31a1090 R08: 0000000000000000 R09: 0000000000000000 [ 200.938650][ T9361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.938662][ T9361] R13: 0000000000000000 R14: 00007f89f25b6080 R15: 00007ffece171ff8 [ 200.938697][ T9361] [ 201.307696][ T9360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.912'. [ 201.467708][ T9018] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 201.499314][ T9018] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 201.514406][ T9018] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 201.532480][ T9018] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 201.610107][ T9372] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 201.668031][ T9018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.712169][ T9018] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.757705][ T6701] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.765170][ T6701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.807120][ T9374] xt_CT: No such helper "pptp" [ 201.841892][ T6701] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.849178][ T6701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.934027][ T9047] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 201.960689][ T9047] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 201.989063][ T9047] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 202.014914][ T9047] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 202.220671][ T9047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.286836][ T9047] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.325150][ T6700] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.332448][ T6700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.419927][ T6700] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.427179][ T6700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.564470][ T9018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.738825][ T9400] netlink: 'syz.2.923': attribute type 30 has an invalid length. [ 202.763208][ T9018] veth0_vlan: entered promiscuous mode [ 202.845013][ T9018] veth1_vlan: entered promiscuous mode [ 202.974334][ T9018] veth0_macvtap: entered promiscuous mode [ 203.020731][ T9018] veth1_macvtap: entered promiscuous mode [ 203.100206][ T9047] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.142673][ T9018] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.174495][ T9018] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.179539][ T9412] netlink: 44 bytes leftover after parsing attributes in process `syz.4.927'. [ 203.203364][ T9018] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.219942][ T9018] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.237734][ T9018] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.246512][ T9018] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.360678][ T9047] veth0_vlan: entered promiscuous mode [ 203.411411][ T9047] veth1_vlan: entered promiscuous mode [ 203.491992][ T9416] netlink: 8 bytes leftover after parsing attributes in process `syz.1.928'. [ 203.516087][ T6680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.535242][ T9423] netlink: 8 bytes leftover after parsing attributes in process `syz.4.930'. [ 203.542011][ T6680] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.545861][ T9416] netlink: 32 bytes leftover after parsing attributes in process `syz.1.928'. [ 203.562494][ T9423] netlink: 12 bytes leftover after parsing attributes in process `syz.4.930'. [ 203.577186][ T9423] netlink: 'syz.4.930': attribute type 15 has an invalid length. [ 203.620217][ T9425] netlink: 5 bytes leftover after parsing attributes in process `syz.4.930'. [ 203.646019][ T6701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.666215][ T9047] veth0_macvtap: entered promiscuous mode [ 203.672305][ T6701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.694997][ T9047] veth1_macvtap: entered promiscuous mode [ 203.771425][ T9047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.797160][ T9047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.814016][ T9047] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.829765][ T9428] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 203.835717][ T9047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.897337][ T9047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.916085][ T9047] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.927511][ T9433] SET target dimension over the limit! [ 203.935737][ T9047] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.952220][ T9047] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.963834][ T9047] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.974058][ T9047] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.313863][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.337063][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.380107][ T8200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.406745][ T8200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.871456][ T8200] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.172102][ T8200] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.232167][ T8200] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.293841][ T8200] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.681869][ T8200] bridge_slave_1: left allmulticast mode [ 205.705908][ T8200] bridge_slave_1: left promiscuous mode [ 205.725727][ T8200] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.765115][ T8200] bridge_slave_0: left allmulticast mode [ 205.778075][ T8200] bridge_slave_0: left promiscuous mode [ 205.783990][ T8200] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.011530][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 206.035027][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 206.047964][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 206.061010][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 206.070522][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 206.245156][ T8200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.257398][ T8200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 206.268816][ T8200] bond0 (unregistering): Released all slaves [ 206.565176][ T9491] xt_TCPMSS: Only works on TCP SYN packets [ 206.970554][ T9479] chnl_net:caif_netlink_parms(): no params data found [ 207.061093][ T8200] hsr_slave_0: left promiscuous mode [ 207.113553][ T8200] hsr_slave_1: left promiscuous mode [ 207.130181][ T8200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 207.149620][ T8200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 207.179199][ T8200] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 207.191261][ T8200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.202201][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 207.216527][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 207.232976][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 207.244557][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 207.253356][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 207.315430][ T8200] veth1_macvtap: left promiscuous mode [ 207.332251][ T8200] veth0_macvtap: left promiscuous mode [ 207.346966][ T8200] veth1_vlan: left promiscuous mode [ 207.362729][ T8200] veth0_vlan: left promiscuous mode [ 208.180767][ T5859] Bluetooth: hci1: command tx timeout [ 208.202879][ T8200] team0 (unregistering): Port device team_slave_1 removed [ 208.243177][ T8200] team0 (unregistering): Port device team_slave_0 removed [ 208.829426][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.972'. [ 208.899693][ T9479] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.919111][ T9479] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.926416][ T9479] bridge_slave_0: entered allmulticast mode [ 208.950270][ T9479] bridge_slave_0: entered promiscuous mode [ 208.981093][ T9479] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.990423][ T9479] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.000549][ T9479] bridge_slave_1: entered allmulticast mode [ 209.010204][ T9479] bridge_slave_1: entered promiscuous mode [ 209.230084][ T9479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.259004][ T9479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.299739][ T5859] Bluetooth: hci2: command tx timeout [ 209.341117][ T9558] netlink: 'syz.2.983': attribute type 29 has an invalid length. [ 209.501702][ T8200] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.536191][ T9479] team0: Port device team_slave_0 added [ 209.547289][ T9479] team0: Port device team_slave_1 added [ 209.757879][ T8200] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.840569][ T9479] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.857007][ T9479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.915490][ T9479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.942512][ T9479] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.966766][ T9479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.029535][ T9479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.142248][ T9577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.989'. [ 210.258312][ T5859] Bluetooth: hci1: command tx timeout [ 210.647980][ T8200] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.869529][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 210.876374][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 210.882890][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 210.889493][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 210.896124][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 210.956877][ T8200] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.985781][ T9515] chnl_net:caif_netlink_parms(): no params data found [ 211.105053][ T9479] hsr_slave_0: entered promiscuous mode [ 211.130392][ T9479] hsr_slave_1: entered promiscuous mode [ 211.141662][ T9479] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.157147][ T9479] Cannot create hsr debugfs directory [ 211.186431][ T9595] netlink: 'syz.1.997': attribute type 13 has an invalid length. [ 211.272126][ T9602] netlink: 'syz.2.1000': attribute type 1 has an invalid length. [ 211.376821][ T5859] Bluetooth: hci2: command tx timeout [ 211.533623][ T9595] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.544144][ T9595] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.553396][ T9595] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.634753][ T9601] veth0_macvtap: left promiscuous mode [ 211.643236][ T9601] macvtap0: entered promiscuous mode [ 211.656351][ T9601] veth0_macvtap: entered promiscuous mode [ 211.664344][ T9601] team0: Device macvtap0 failed to register rx_handler [ 211.672138][ T9601] veth0_macvtap: left promiscuous mode [ 211.732109][ T9604] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 211.773137][ T9605] veth3: entered promiscuous mode [ 211.782692][ T9605] bond3: (slave veth3): Enslaving as a backup interface with a down link [ 211.901855][ T9615] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1004'. [ 211.974404][ T9616] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1003'. [ 212.031127][ T9618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1005'. [ 212.041059][ T9515] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.052770][ T9515] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.060369][ T9515] bridge_slave_0: entered allmulticast mode [ 212.072712][ T9515] bridge_slave_0: entered promiscuous mode [ 212.092332][ T9612] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1003'. [ 212.137382][ T9515] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.144596][ T9515] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.166357][ T9515] bridge_slave_1: entered allmulticast mode [ 212.187061][ T9515] bridge_slave_1: entered promiscuous mode [ 212.302557][ T8200] bridge_slave_1: left allmulticast mode [ 212.308632][ T8200] bridge_slave_1: left promiscuous mode [ 212.321332][ T8200] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.333748][ T8200] bridge_slave_0: left allmulticast mode [ 212.340638][ T5859] Bluetooth: hci1: command tx timeout [ 212.347350][ T8200] bridge_slave_0: left promiscuous mode [ 212.353146][ T8200] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.684174][ T8200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.696481][ T8200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.707569][ T8200] bond0 (unregistering): Released all slaves [ 212.727640][ T9515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.754657][ T9515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.911448][ T9515] team0: Port device team_slave_0 added [ 212.940223][ T9515] team0: Port device team_slave_1 added [ 212.961957][ T9640] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1013'. [ 213.020985][ T9515] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.031019][ T9515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.060874][ T9515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.062280][ T9641] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1014'. [ 213.076299][ T9639] syzkaller0: refused to change device tx_queue_len [ 213.160203][ T9515] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.168965][ T9515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.196480][ T9515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.300119][ T8200] hsr_slave_0: left promiscuous mode [ 213.324622][ T8200] hsr_slave_1: left promiscuous mode [ 213.335443][ T8200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.356053][ T8200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.378883][ T8200] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.386366][ T8200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.417297][ T8200] veth1_macvtap: left promiscuous mode [ 213.422873][ T8200] veth0_macvtap: left promiscuous mode [ 213.429092][ T8200] veth1_vlan: left promiscuous mode [ 213.434471][ T8200] veth0_vlan: left promiscuous mode [ 213.450066][ T9652] FAULT_INJECTION: forcing a failure. [ 213.450066][ T9652] name failslab, interval 1, probability 0, space 0, times 0 [ 213.462950][ T5859] Bluetooth: hci2: command tx timeout [ 213.474415][ T9652] CPU: 1 UID: 0 PID: 9652 Comm: syz.1.1018 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 213.474448][ T9652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 213.474461][ T9652] Call Trace: [ 213.474470][ T9652] [ 213.474479][ T9652] dump_stack_lvl+0x241/0x360 [ 213.474519][ T9652] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.474550][ T9652] ? __pfx__printk+0x10/0x10 [ 213.474586][ T9652] ? __pfx___might_resched+0x10/0x10 [ 213.474613][ T9652] should_fail_ex+0x424/0x570 [ 213.474652][ T9652] should_failslab+0xac/0x100 [ 213.474676][ T9652] kmem_cache_alloc_lru_noprof+0x7d/0x390 [ 213.474699][ T9652] ? __d_alloc+0x31/0x740 [ 213.474728][ T9652] __d_alloc+0x31/0x740 [ 213.474750][ T9652] ? __pfx_stack_trace_save+0x10/0x10 [ 213.474781][ T9652] d_alloc_parallel+0xe9/0x1660 [ 213.474806][ T9652] ? xa_load+0x149/0x350 [ 213.474838][ T9652] ? kasan_save_track+0x51/0x80 [ 213.474866][ T9652] ? kasan_save_track+0x3f/0x80 [ 213.474892][ T9652] ? __kasan_slab_alloc+0x66/0x80 [ 213.474934][ T9652] ? __pfx_d_alloc_parallel+0x10/0x10 [ 213.474958][ T9652] ? __lock_acquire+0xad5/0xd80 [ 213.474992][ T9652] ? __raw_spin_lock_init+0x45/0x100 [ 213.475020][ T9652] ? __init_waitqueue_head+0xae/0x150 [ 213.475052][ T9652] __lookup_slow+0x127/0x400 [ 213.475079][ T9652] ? __pfx___lookup_slow+0x10/0x10 [ 213.475101][ T9652] ? __d_lookup+0x64/0x7b0 [ 213.475159][ T9652] lookup_one_len+0x1f3/0x310 [ 213.475186][ T9652] ? __pfx_lookup_one_len+0x10/0x10 [ 213.475209][ T9652] ? mntput+0x65/0xc0 [ 213.475242][ T9652] start_creating+0x187/0x310 [ 213.475275][ T9652] __debugfs_create_file+0x7d/0x500 [ 213.475308][ T9652] debugfs_create_file_full+0x40/0x60 [ 213.475344][ T9652] nbd_start_device+0x30b/0xab0 [ 213.475379][ T9652] ? __nla_parse+0x40/0x60 [ 213.475407][ T9652] nbd_genl_connect+0x157e/0x1c90 [ 213.475452][ T9652] ? __pfx_nbd_genl_connect+0x10/0x10 [ 213.475498][ T9652] ? __nla_parse+0x40/0x60 [ 213.475526][ T9652] ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290 [ 213.475557][ T9652] genl_rcv_msg+0xb38/0xf00 [ 213.475601][ T9652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.475629][ T9652] ? stack_trace_save+0x11a/0x1d0 [ 213.475656][ T9652] ? __pfx_stack_trace_save+0x10/0x10 [ 213.475684][ T9652] ? stack_depot_save_flags+0x44/0x940 [ 213.475713][ T9652] ? __pfx_stack_trace_save+0x1/0x10 [ 213.475754][ T9652] ? __lock_acquire+0xad5/0xd80 [ 213.475786][ T9652] ? __pfx_nbd_genl_connect+0x10/0x10 [ 213.475834][ T9652] netlink_rcv_skb+0x208/0x480 [ 213.475863][ T9652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.475898][ T9652] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 213.475951][ T9652] ? netlink_deliver_tap+0x2e/0x1b0 [ 213.475987][ T9652] genl_rcv+0x28/0x40 [ 213.476016][ T9652] netlink_unicast+0x7f8/0x9a0 [ 213.476052][ T9652] ? __pfx_netlink_unicast+0x10/0x10 [ 213.476079][ T9652] ? skb_put+0x114/0x1f0 [ 213.476123][ T9652] netlink_sendmsg+0x8c3/0xcd0 [ 213.476164][ T9652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.476197][ T9652] ? aa_sock_msg_perm+0x91/0x160 [ 213.476232][ T9652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.476256][ T9652] __sock_sendmsg+0x221/0x270 [ 213.476286][ T9652] ____sys_sendmsg+0x523/0x860 [ 213.476318][ T9652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.476335][ T9652] ? __fget_files+0x2a/0x420 [ 213.476359][ T9652] ? __fget_files+0x2a/0x420 [ 213.476392][ T9652] __sys_sendmsg+0x271/0x360 [ 213.476419][ T9652] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.476507][ T9652] ? do_syscall_64+0xb6/0x210 [ 213.476534][ T9652] do_syscall_64+0xf3/0x210 [ 213.476558][ T9652] ? clear_bhb_loop+0x45/0xa0 [ 213.476583][ T9652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.476603][ T9652] RIP: 0033:0x7f36e778e169 [ 213.476622][ T9652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.476641][ T9652] RSP: 002b:00007f36e858c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.476664][ T9652] RAX: ffffffffffffffda RBX: 00007f36e79b5fa0 RCX: 00007f36e778e169 [ 213.476680][ T9652] RDX: 0000000000044004 RSI: 0000200000000380 RDI: 0000000000000004 [ 213.476693][ T9652] RBP: 00007f36e858c090 R08: 0000000000000000 R09: 0000000000000000 [ 213.476706][ T9652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 213.476719][ T9652] R13: 0000000000000000 R14: 00007f36e79b5fa0 R15: 00007fffc6e785d8 [ 213.476754][ T9652] [ 213.949918][ T5859] block nbd3: Receive control failed (result -32) [ 214.161186][ T9656] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1019'. [ 214.287568][ T8200] team0 (unregistering): Port device team_slave_1 removed [ 214.327171][ T8200] team0 (unregistering): Port device team_slave_0 removed [ 214.416842][ T5859] Bluetooth: hci1: command tx timeout [ 214.692322][ T9648] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 214.700211][ T9648] team0: Device ipvlan0 is already an upper device of the team interface [ 214.764110][ T9657] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1019'. [ 214.776226][ T9657] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1019'. [ 214.890184][ T9515] hsr_slave_0: entered promiscuous mode [ 214.897835][ T9515] hsr_slave_1: entered promiscuous mode [ 214.904229][ T9515] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.923852][ T9515] Cannot create hsr debugfs directory [ 214.931551][ T9664] bridge_slave_0: entered promiscuous mode [ 215.278325][ T9479] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 215.324587][ T9479] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 215.393692][ T9479] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 215.411138][ T9479] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 215.483973][ T9681] pim6reg1: entered promiscuous mode [ 215.501365][ T9681] pim6reg1: entered allmulticast mode [ 215.537130][ T5858] Bluetooth: hci2: command tx timeout [ 215.752364][ T9690] bond0: (slave bond2): Releasing backup interface [ 215.759145][ T9690] bond2: left promiscuous mode [ 216.037603][ T9479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.080363][ T9479] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.125762][ T6692] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.133043][ T6692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.178890][ T6692] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.186166][ T6692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.432734][ T9515] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 216.450578][ T9515] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 216.476150][ T9515] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 216.517475][ T9515] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 216.583970][ T9718] netlink: 'syz.1.1038': attribute type 11 has an invalid length. [ 216.624964][ T9718] netlink: 'syz.1.1038': attribute type 11 has an invalid length. [ 216.657358][ T9718] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1038'. [ 216.774034][ T9479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.794771][ T9515] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.817009][ T5858] Bluetooth: hci3: command 0x0406 tx timeout [ 216.857157][ T9722] tipc: Enabling of bearer rejected, already enabled [ 216.891652][ T9515] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.932062][ T6701] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.939365][ T6701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.972072][ T6701] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.979336][ T6701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.996169][ T9479] veth0_vlan: entered promiscuous mode [ 217.046393][ T9479] veth1_vlan: entered promiscuous mode [ 217.134809][ T9479] veth0_macvtap: entered promiscuous mode [ 217.155121][ T9479] veth1_macvtap: entered promiscuous mode [ 217.182755][ T9479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.184243][ T9731] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1042'. [ 217.205891][ T9479] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.223206][ T9479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.234109][ T9479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.243440][ T9479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.254843][ T9479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.419587][ T6701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.432045][ T6701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.469208][ T9515] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.485540][ T6680] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.500767][ T6680] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.531601][ T9738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 217.557874][ T9738] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1044'. [ 217.582998][ T9738] sit0: entered allmulticast mode [ 217.601469][ T9738] tipc: Started in network mode [ 217.609947][ T9738] tipc: Node identity , cluster identity 4711 [ 217.618838][ T9738] tipc: Failed to obtain node identity [ 217.624375][ T9738] tipc: Enabling of bearer rejected, failed to enable media [ 217.635548][ T9515] veth0_vlan: entered promiscuous mode [ 217.727668][ T9515] veth1_vlan: entered promiscuous mode [ 217.775596][ T9515] veth0_macvtap: entered promiscuous mode [ 217.790098][ T9515] veth1_macvtap: entered promiscuous mode [ 217.813105][ T9515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.824593][ T9515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.834567][ T5859] block nbd4: Receive control failed (result -32) [ 217.847285][ T9515] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.869157][ T9515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.884441][ T9515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.930600][ T9515] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.945271][ T9743] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x9 [ 217.973030][ T9515] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.982540][ T9515] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.995448][ T9515] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.004483][ T9515] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.157801][ T8200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.179852][ T8200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.224486][ T6692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.233006][ T6692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.247821][ T9749] FAULT_INJECTION: forcing a failure. [ 218.247821][ T9749] name failslab, interval 1, probability 0, space 0, times 0 [ 218.268984][ T9749] CPU: 1 UID: 0 PID: 9749 Comm: syz.2.1049 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 218.269018][ T9749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 218.269032][ T9749] Call Trace: [ 218.269041][ T9749] [ 218.269050][ T9749] dump_stack_lvl+0x241/0x360 [ 218.269090][ T9749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.269120][ T9749] ? __pfx__printk+0x10/0x10 [ 218.269155][ T9749] ? __pfx___might_resched+0x10/0x10 [ 218.269182][ T9749] should_fail_ex+0x424/0x570 [ 218.269221][ T9749] should_failslab+0xac/0x100 [ 218.269245][ T9749] kmem_cache_alloc_lru_noprof+0x7d/0x390 [ 218.269268][ T9749] ? __d_alloc+0x31/0x740 [ 218.269302][ T9749] __d_alloc+0x31/0x740 [ 218.269333][ T9749] d_alloc_parallel+0xe9/0x1660 [ 218.269356][ T9749] ? kasan_save_track+0x3f/0x80 [ 218.269382][ T9749] ? __kasan_slab_alloc+0x66/0x80 [ 218.269409][ T9749] ? kmem_cache_alloc_noprof+0x1e1/0x390 [ 218.269435][ T9749] ? __lock_acquire+0xad5/0xd80 [ 218.269466][ T9749] ? __sys_sendmsg+0x271/0x360 [ 218.269482][ T9749] ? do_syscall_64+0xf3/0x210 [ 218.269513][ T9749] ? __pfx_d_alloc_parallel+0x10/0x10 [ 218.269537][ T9749] ? __lock_acquire+0xad5/0xd80 [ 218.269568][ T9749] ? __raw_spin_lock_init+0x45/0x100 [ 218.269592][ T9749] ? __init_waitqueue_head+0xae/0x150 [ 218.269621][ T9749] __lookup_slow+0x127/0x400 [ 218.269648][ T9749] ? __pfx___lookup_slow+0x10/0x10 [ 218.269668][ T9749] ? __d_lookup+0x64/0x7b0 [ 218.269716][ T9749] lookup_one_len+0x1f3/0x310 [ 218.269752][ T9749] ? __pfx_lookup_one_len+0x10/0x10 [ 218.269776][ T9749] ? mntput+0x65/0xc0 [ 218.269806][ T9749] start_creating+0x187/0x310 [ 218.269835][ T9749] __debugfs_create_file+0x7d/0x500 [ 218.269868][ T9749] debugfs_create_file_unsafe+0x3b/0x50 [ 218.269899][ T9749] nbd_start_device+0x326/0xab0 [ 218.269934][ T9749] ? __nla_parse+0x40/0x60 [ 218.269961][ T9749] nbd_genl_connect+0x157e/0x1c90 [ 218.270004][ T9749] ? __pfx_nbd_genl_connect+0x10/0x10 [ 218.270048][ T9749] ? __nla_parse+0x40/0x60 [ 218.270074][ T9749] ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290 [ 218.270106][ T9749] genl_rcv_msg+0xb38/0xf00 [ 218.270148][ T9749] ? __pfx_genl_rcv_msg+0x10/0x10 [ 218.270176][ T9749] ? stack_trace_save+0x11a/0x1d0 [ 218.270204][ T9749] ? __pfx_stack_trace_save+0x10/0x10 [ 218.270232][ T9749] ? stack_depot_save_flags+0x44/0x940 [ 218.270263][ T9749] ? __pfx_stack_trace_save+0x1/0x10 [ 218.270305][ T9749] ? __lock_acquire+0xad5/0xd80 [ 218.270336][ T9749] ? __pfx_nbd_genl_connect+0x10/0x10 [ 218.270384][ T9749] netlink_rcv_skb+0x208/0x480 [ 218.270412][ T9749] ? __pfx_genl_rcv_msg+0x10/0x10 [ 218.270446][ T9749] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 218.270499][ T9749] ? netlink_deliver_tap+0x2e/0x1b0 [ 218.270534][ T9749] genl_rcv+0x28/0x40 [ 218.270563][ T9749] netlink_unicast+0x7f8/0x9a0 [ 218.270598][ T9749] ? __pfx_netlink_unicast+0x10/0x10 [ 218.270624][ T9749] ? skb_put+0x114/0x1f0 [ 218.270660][ T9749] netlink_sendmsg+0x8c3/0xcd0 [ 218.270704][ T9749] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.270744][ T9749] ? aa_sock_msg_perm+0x91/0x160 [ 218.270779][ T9749] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.270803][ T9749] __sock_sendmsg+0x221/0x270 [ 218.270834][ T9749] ____sys_sendmsg+0x523/0x860 [ 218.270865][ T9749] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.270883][ T9749] ? __fget_files+0x2a/0x420 [ 218.270906][ T9749] ? __fget_files+0x2a/0x420 [ 218.270936][ T9749] __sys_sendmsg+0x271/0x360 [ 218.270962][ T9749] ? __pfx___sys_sendmsg+0x10/0x10 [ 218.271045][ T9749] ? do_syscall_64+0xb6/0x210 [ 218.271071][ T9749] do_syscall_64+0xf3/0x210 [ 218.271092][ T9749] ? clear_bhb_loop+0x45/0xa0 [ 218.271117][ T9749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.271136][ T9749] RIP: 0033:0x7f89f238e169 [ 218.271155][ T9749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.271172][ T9749] RSP: 002b:00007f89f31c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.271194][ T9749] RAX: ffffffffffffffda RBX: 00007f89f25b5fa0 RCX: 00007f89f238e169 [ 218.271209][ T9749] RDX: 0000000000044004 RSI: 0000200000000380 RDI: 0000000000000004 [ 218.271221][ T9749] RBP: 00007f89f31c2090 R08: 0000000000000000 R09: 0000000000000000 [ 218.271233][ T9749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 218.271244][ T9749] R13: 0000000000000000 R14: 00007f89f25b5fa0 R15: 00007ffece171ff8 [ 218.271277][ T9749] [ 218.767010][ T5859] block nbd5: Receive control failed (result -32) [ 218.911084][ T9760] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1052'. [ 219.005923][ T6700] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.148854][ T9766] netlink: 1760 bytes leftover after parsing attributes in process `syz.1.1051'. [ 220.160740][ T6700] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.197550][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 220.210559][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 220.218842][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 220.227414][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 220.238440][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 220.281280][ T6700] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.382401][ T6700] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.553409][ T6700] bridge_slave_1: left allmulticast mode [ 220.559496][ T6700] bridge_slave_1: left promiscuous mode [ 220.565214][ T6700] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.575206][ T6700] bridge_slave_0: left allmulticast mode [ 220.582162][ T6700] bridge_slave_0: left promiscuous mode [ 220.588045][ T6700] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.048971][ T6700] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 221.082974][ T6700] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.114873][ T6700] bond0 (unregistering): Released all slaves [ 221.192192][ T9786] chnl_net:caif_netlink_parms(): no params data found [ 221.414855][ T9813] netlink: 'syz.2.1066': attribute type 72 has an invalid length. [ 221.436532][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 221.450342][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 221.459329][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 221.468371][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 221.476685][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 221.603402][ T9786] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.613888][ T9786] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.624323][ T9786] bridge_slave_0: entered allmulticast mode [ 221.635918][ T9786] bridge_slave_0: entered promiscuous mode [ 221.651461][ T6700] hsr_slave_0: left promiscuous mode [ 221.659933][ T6700] hsr_slave_1: left promiscuous mode [ 221.666298][ T6700] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.676501][ T6700] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.689623][ T6700] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.699881][ T6700] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.732081][ T6700] veth1_macvtap: left promiscuous mode [ 221.738752][ T6700] veth0_macvtap: left promiscuous mode [ 221.744557][ T6700] veth1_vlan: left promiscuous mode [ 221.750026][ T6700] veth0_vlan: left promiscuous mode [ 222.347650][ T5858] Bluetooth: hci1: command tx timeout [ 222.399829][ T6700] team0 (unregistering): Port device team_slave_1 removed [ 222.443257][ T6700] team0 (unregistering): Port device team_slave_0 removed [ 222.806546][ T9786] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.814449][ T9786] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.822694][ T9786] bridge_slave_1: entered allmulticast mode [ 222.830078][ T9786] bridge_slave_1: entered promiscuous mode [ 223.027233][ T9786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.090612][ T9855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1076'. [ 223.090854][ T9786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.116401][ T9855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1076'. [ 223.142544][ T9855] netlink: 'syz.2.1076': attribute type 11 has an invalid length. [ 223.273843][ T9786] team0: Port device team_slave_0 added [ 223.319614][ T9786] team0: Port device team_slave_1 added [ 223.428357][ T9786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.435350][ T9786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.479121][ T9786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.493126][ T9786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.500665][ T9786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.526858][ T9786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.537582][ T5858] Bluetooth: hci2: command tx timeout [ 223.776394][ T6700] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.814043][ T9786] hsr_slave_0: entered promiscuous mode [ 223.816318][ T9873] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1082'. [ 223.821528][ T9786] hsr_slave_1: entered promiscuous mode [ 223.837906][ T9786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.845677][ T9786] Cannot create hsr debugfs directory [ 223.845806][ T9874] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1082'. [ 223.889156][ T9815] chnl_net:caif_netlink_parms(): no params data found [ 223.930205][ T6700] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.017986][ T6700] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.107235][ T6700] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.250350][ T9815] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.262239][ T9815] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.269965][ T9815] bridge_slave_0: entered allmulticast mode [ 224.277959][ T9815] bridge_slave_0: entered promiscuous mode [ 224.315051][ T9815] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.332692][ T9815] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.347103][ T9815] bridge_slave_1: entered allmulticast mode [ 224.355665][ T9815] bridge_slave_1: entered promiscuous mode [ 224.416973][ T5858] Bluetooth: hci1: command tx timeout [ 224.461764][ T9815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.477997][ T9815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.622159][ T9815] team0: Port device team_slave_0 added [ 224.643633][ T9815] team0: Port device team_slave_1 added [ 224.758487][ T9815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 224.765571][ T9815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.795423][ T9815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 224.810894][ T9815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 224.819432][ T9815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.847745][ T9815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 224.915106][ T6700] bridge_slave_1: left allmulticast mode [ 224.926704][ T6700] bridge_slave_1: left promiscuous mode [ 224.932519][ T6700] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.992804][ T6700] bridge_slave_0: left allmulticast mode [ 225.001107][ T6700] bridge_slave_0: left promiscuous mode [ 225.010888][ T6700] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.100072][ T9921] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1095'. [ 225.115259][ T9921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1095'. [ 225.425751][ T6700] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.440916][ T6700] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.451672][ T6700] bond0 (unregistering): Released all slaves [ 225.551449][ T9815] hsr_slave_0: entered promiscuous mode [ 225.558925][ T9815] hsr_slave_1: entered promiscuous mode [ 225.565414][ T9815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 225.573557][ T9815] Cannot create hsr debugfs directory [ 225.616863][ T5858] Bluetooth: hci2: command tx timeout [ 225.950531][ T9945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1100'. [ 225.980817][ T9948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1100'. [ 226.042705][ T9945] xfrm1: entered promiscuous mode [ 226.049349][ T9945] xfrm1: entered allmulticast mode [ 226.081359][ T9951] netlink: 'syz.2.1102': attribute type 72 has an invalid length. [ 226.090145][ T6700] hsr_slave_0: left promiscuous mode [ 226.096368][ T6700] hsr_slave_1: left promiscuous mode [ 226.102867][ T6700] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 226.111885][ T6700] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.121697][ T6700] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.129584][ T6700] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.155795][ T6700] veth1_macvtap: left promiscuous mode [ 226.162613][ T6700] veth0_macvtap: left promiscuous mode [ 226.177075][ T6700] veth1_vlan: left promiscuous mode [ 226.182482][ T6700] veth0_vlan: left promiscuous mode [ 226.474988][ T9962] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1105'. [ 226.500108][ T5858] Bluetooth: hci1: command tx timeout [ 226.634746][ T6700] team0 (unregistering): Port device team_slave_1 removed [ 226.671366][ T6700] team0 (unregistering): Port device team_slave_0 removed [ 227.121930][ T9786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 227.178809][ T9967] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 227.187982][ T9967] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 227.198754][ T9971] netlink: 'syz.4.1107': attribute type 29 has an invalid length. [ 227.210121][ T9786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 227.225354][ T9786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 227.244245][ T9786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 227.290631][ T9973] netlink: 'syz.4.1107': attribute type 29 has an invalid length. [ 227.341130][ T9974] netlink: 'syz.4.1107': attribute type 29 has an invalid length. [ 227.360328][ T9976] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1108'. [ 227.423455][ T9979] netlink: 'syz.2.1108': attribute type 1 has an invalid length. [ 227.710804][ T5858] Bluetooth: hci2: command tx timeout [ 227.764066][ T9786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.783098][ T9990] sctp: [Deprecated]: syz.1.1112 (pid 9990) Use of int in maxseg socket option. [ 227.783098][ T9990] Use struct sctp_assoc_value instead [ 227.840713][ T9786] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.925020][ T6700] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.932295][ T6700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.978190][ T6700] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.985494][ T6700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.025021][T10006] FAULT_INJECTION: forcing a failure. [ 228.025021][T10006] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.078433][T10006] CPU: 1 UID: 0 PID: 10006 Comm: syz.1.1117 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 228.078465][T10006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 228.078479][T10006] Call Trace: [ 228.078487][T10006] [ 228.078496][T10006] dump_stack_lvl+0x241/0x360 [ 228.078536][T10006] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.078574][T10006] ? __pfx__printk+0x10/0x10 [ 228.078618][T10006] should_fail_ex+0x424/0x570 [ 228.078656][T10006] _copy_from_user+0x2d/0xb0 [ 228.078685][T10006] copy_msghdr_from_user+0xb3/0x580 [ 228.078718][T10006] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 228.078741][T10006] ? __fget_files+0x2a/0x420 [ 228.078765][T10006] ? __fget_files+0x2a/0x420 [ 228.078796][T10006] __sys_sendmsg+0x20a/0x360 [ 228.078821][T10006] ? __pfx___sys_sendmsg+0x10/0x10 [ 228.078901][T10006] ? do_syscall_64+0xb6/0x210 [ 228.078928][T10006] do_syscall_64+0xf3/0x210 [ 228.078950][T10006] ? clear_bhb_loop+0x45/0xa0 [ 228.078976][T10006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.078996][T10006] RIP: 0033:0x7f36e778e169 [ 228.079014][T10006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.079032][T10006] RSP: 002b:00007f36e856b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.079055][T10006] RAX: ffffffffffffffda RBX: 00007f36e79b6080 RCX: 00007f36e778e169 [ 228.079086][T10006] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 228.079103][T10006] RBP: 00007f36e856b090 R08: 0000000000000000 R09: 0000000000000000 [ 228.079116][T10006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.079128][T10006] R13: 0000000000000001 R14: 00007f36e79b6080 R15: 00007fffc6e785d8 [ 228.079161][T10006] [ 228.311478][T10009] __nla_validate_parse: 2 callbacks suppressed [ 228.311500][T10009] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1116'. [ 228.346565][ T9786] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 228.357212][ T9786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.378512][ T9815] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 228.430759][ T9815] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 228.475160][ T9815] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 228.544429][ T9815] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 228.576930][ T5858] Bluetooth: hci1: command tx timeout [ 228.599365][T10020] netlink: 'syz.1.1120': attribute type 29 has an invalid length. [ 228.626116][T10020] netlink: 'syz.1.1120': attribute type 29 has an invalid length. [ 228.704203][T10020] netlink: 'syz.1.1120': attribute type 29 has an invalid length. [ 228.752855][T10025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1121'. [ 228.989581][ T9786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.046089][ T9815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.121394][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1127'. [ 229.123070][ T9815] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.170147][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1127'. [ 229.176069][ T6700] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.186414][ T6700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.202927][T10040] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1127'. [ 229.226234][ T9786] veth0_vlan: entered promiscuous mode [ 229.231490][T10042] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1128'. [ 229.253177][ T6700] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.260393][ T6700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.290214][ T9786] veth1_vlan: entered promiscuous mode [ 229.413060][ T9786] veth0_macvtap: entered promiscuous mode [ 229.435226][ T9786] veth1_macvtap: entered promiscuous mode [ 229.472126][ T9786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 229.491102][ T9786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 229.515596][ T9786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.538038][ T9786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.556670][ T9786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.565417][ T9786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.598160][T10059] netlink: 'syz.2.1132': attribute type 29 has an invalid length. [ 229.612097][T10059] netlink: 'syz.2.1132': attribute type 29 has an invalid length. [ 229.634234][T10059] netlink: 'syz.2.1132': attribute type 29 has an invalid length. [ 229.740423][ T6697] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.753194][ T6697] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.775097][ T9815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.777142][ T5858] Bluetooth: hci2: command tx timeout [ 229.814689][ T8200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.825814][ T8200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.872461][ T9815] veth0_vlan: entered promiscuous mode [ 229.900629][ T9815] veth1_vlan: entered promiscuous mode [ 229.958162][ T9815] veth0_macvtap: entered promiscuous mode [ 229.972007][T10066] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1133'. [ 229.975864][ T9815] veth1_macvtap: entered promiscuous mode [ 230.036347][ T9815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.047954][ T9815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.059731][ T9815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.074332][ T9815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.085078][ T9815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.096572][ T9815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 230.120063][ T9815] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.147961][ T9815] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.156779][ T9815] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.165507][ T9815] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.384762][ T6692] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.471235][ T6700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.506647][ T6700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.590097][ T6692] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.624762][ T6697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.634925][ T6697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.711571][ T6692] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.779041][ T6692] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.032619][ T6692] bridge_slave_1: left allmulticast mode [ 231.038533][ T6692] bridge_slave_1: left promiscuous mode [ 231.044260][ T6692] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.055844][ T6692] bridge_slave_0: left allmulticast mode [ 231.062762][ T6692] bridge_slave_0: left promiscuous mode [ 231.068644][ T6692] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.392216][T10082] xt_hashlimit: overflow, rate too high: 0 [ 231.421117][T10082] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20000 [ 231.450572][T10082] x_tables: duplicate underflow at hook 2 [ 231.717667][ T6692] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.747297][ T6692] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.771805][ T6692] bond0 (unregistering): Released all slaves [ 231.882619][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 231.891601][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 231.900953][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 231.914853][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 231.924152][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 232.058023][ T6692] hsr_slave_0: left promiscuous mode [ 232.063933][ T6692] hsr_slave_1: left promiscuous mode [ 232.071307][ T6692] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.081654][ T6692] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.090255][ T6692] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.098147][ T6692] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.119101][ T6692] veth1_macvtap: left promiscuous mode [ 232.124659][ T6692] veth0_macvtap: left promiscuous mode [ 232.130522][ T6692] veth1_vlan: left promiscuous mode [ 232.135876][ T6692] veth0_vlan: left promiscuous mode [ 232.842197][ T6692] team0 (unregistering): Port device team_slave_1 removed [ 232.848388][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 232.868064][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 232.878915][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 232.894546][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 232.906138][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 232.914787][ T6692] team0 (unregistering): Port device team_slave_0 removed [ 233.261095][T10100] netlink: 'syz.4.1143': attribute type 29 has an invalid length. [ 233.274423][T10103] netlink: 'syz.4.1143': attribute type 29 has an invalid length. [ 233.311747][T10105] netlink: 'syz.4.1143': attribute type 29 has an invalid length. [ 233.739298][T10088] chnl_net:caif_netlink_parms(): no params data found [ 233.939456][ T5858] Bluetooth: hci1: command tx timeout [ 233.993509][T10106] chnl_net:caif_netlink_parms(): no params data found [ 234.006930][T10140] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1148'. [ 234.016352][T10088] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.031035][T10088] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.039472][T10088] bridge_slave_0: entered allmulticast mode [ 234.049793][T10088] bridge_slave_0: entered promiscuous mode [ 234.074240][T10088] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.084448][T10088] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.095256][T10088] bridge_slave_1: entered allmulticast mode [ 234.106323][T10088] bridge_slave_1: entered promiscuous mode [ 234.219686][T10088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.285372][ T6692] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.313039][T10088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.373392][ T6692] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.475915][T10088] team0: Port device team_slave_0 added [ 234.494425][ T6692] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.509708][T10106] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.517169][T10106] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.524507][T10106] bridge_slave_0: entered allmulticast mode [ 234.531998][T10106] bridge_slave_0: entered promiscuous mode [ 234.543077][T10088] team0: Port device team_slave_1 added [ 234.606527][T10106] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.614118][T10106] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.622361][T10106] bridge_slave_1: entered allmulticast mode [ 234.633638][T10106] bridge_slave_1: entered promiscuous mode [ 234.654564][ T6692] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.678349][T10088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.685428][T10088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.715827][T10088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.762602][T10088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.773764][T10088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.800966][T10088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.833572][T10106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.861300][T10106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.921819][T10088] hsr_slave_0: entered promiscuous mode [ 234.928544][T10088] hsr_slave_1: entered promiscuous mode [ 234.934818][T10088] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.942573][T10088] Cannot create hsr debugfs directory [ 234.970274][T10106] team0: Port device team_slave_0 added [ 234.987531][ T5858] Bluetooth: hci2: command tx timeout [ 235.002860][T10106] team0: Port device team_slave_1 added [ 235.087430][T10106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.096264][T10106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.122888][T10106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.135954][T10106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.143082][T10106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.170399][T10106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.223638][ T6692] bridge_slave_1: left allmulticast mode [ 235.242946][ T6692] bridge_slave_1: left promiscuous mode [ 235.249079][ T6692] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.260805][ T6692] bridge_slave_0: left allmulticast mode [ 235.267481][ T6692] bridge_slave_0: left promiscuous mode [ 235.273343][ T6692] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.637637][T10175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1160'. [ 235.774460][ T6692] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.786417][ T6692] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.797146][ T6692] bond0 (unregistering): Released all slaves [ 235.834208][T10175] FAULT_INJECTION: forcing a failure. [ 235.834208][T10175] name failslab, interval 1, probability 0, space 0, times 0 [ 235.849534][T10175] CPU: 1 UID: 0 PID: 10175 Comm: syz.2.1160 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 235.849566][T10175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 235.849579][T10175] Call Trace: [ 235.849587][T10175] [ 235.849596][T10175] dump_stack_lvl+0x241/0x360 [ 235.849635][T10175] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.849665][T10175] ? __pfx__printk+0x10/0x10 [ 235.849699][T10175] ? __pfx___might_resched+0x10/0x10 [ 235.849725][T10175] should_fail_ex+0x424/0x570 [ 235.849762][T10175] should_failslab+0xac/0x100 [ 235.849787][T10175] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 235.849811][T10175] ? __alloc_skb+0x1c2/0x480 [ 235.849844][T10175] __alloc_skb+0x1c2/0x480 [ 235.849879][T10175] ? __pfx___alloc_skb+0x10/0x10 [ 235.849908][T10175] ? __pfx_rtnl_dellink+0x10/0x10 [ 235.849940][T10175] ? netlink_ack_tlv_len+0x6e/0x200 [ 235.849969][T10175] netlink_ack+0x147/0xa70 [ 235.849992][T10175] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 235.850027][T10175] ? ref_tracker_free+0x63e/0x7e0 [ 235.850055][T10175] netlink_rcv_skb+0x296/0x480 [ 235.850083][T10175] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 235.850112][T10175] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 235.850166][T10175] ? netlink_deliver_tap+0x2e/0x1b0 [ 235.850195][T10175] ? netlink_deliver_tap+0x2e/0x1b0 [ 235.850223][T10175] netlink_unicast+0x7f8/0x9a0 [ 235.850256][T10175] ? __pfx_netlink_unicast+0x10/0x10 [ 235.850282][T10175] ? skb_put+0x114/0x1f0 [ 235.850317][T10175] netlink_sendmsg+0x8c3/0xcd0 [ 235.850358][T10175] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.850390][T10175] ? aa_sock_msg_perm+0x91/0x160 [ 235.850425][T10175] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.850449][T10175] __sock_sendmsg+0x221/0x270 [ 235.850477][T10175] ____sys_sendmsg+0x523/0x860 [ 235.850507][T10175] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.850524][T10175] ? __fget_files+0x2a/0x420 [ 235.850547][T10175] ? __fget_files+0x2a/0x420 [ 235.850578][T10175] __sys_sendmsg+0x271/0x360 [ 235.850603][T10175] ? __pfx___sys_sendmsg+0x10/0x10 [ 235.850681][T10175] ? do_syscall_64+0xb6/0x210 [ 235.850708][T10175] do_syscall_64+0xf3/0x210 [ 235.850729][T10175] ? clear_bhb_loop+0x45/0xa0 [ 235.850756][T10175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.850776][T10175] RIP: 0033:0x7f89f238e169 [ 235.850795][T10175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.850813][T10175] RSP: 002b:00007f89f31a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.850835][T10175] RAX: ffffffffffffffda RBX: 00007f89f25b6080 RCX: 00007f89f238e169 [ 235.850851][T10175] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 235.850865][T10175] RBP: 00007f89f31a1090 R08: 0000000000000000 R09: 0000000000000000 [ 235.850878][T10175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.850890][T10175] R13: 0000000000000001 R14: 00007f89f25b6080 R15: 00007ffece171ff8 [ 235.850923][T10175] [ 236.157084][ T5858] Bluetooth: hci1: command tx timeout [ 236.332963][T10106] hsr_slave_0: entered promiscuous mode [ 236.339976][T10106] hsr_slave_1: entered promiscuous mode [ 236.346313][T10106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.354988][T10106] Cannot create hsr debugfs directory [ 236.622791][ T6692] hsr_slave_0: left promiscuous mode [ 236.629131][ T6692] hsr_slave_1: left promiscuous mode [ 236.635092][ T6692] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.648368][ T6692] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 236.656413][ T6692] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.664348][ T6692] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.690164][ T6692] veth1_macvtap: left promiscuous mode [ 236.695878][ T6692] veth0_macvtap: left promiscuous mode [ 236.701943][ T6692] veth1_vlan: left promiscuous mode [ 236.707668][ T6692] veth0_vlan: left promiscuous mode [ 237.056953][ T5858] Bluetooth: hci2: command tx timeout [ 237.155803][ T6692] team0 (unregistering): Port device team_slave_1 removed [ 237.205379][ T6692] team0 (unregistering): Port device team_slave_0 removed [ 237.555293][T10214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1174'. [ 238.181340][ T5858] Bluetooth: hci1: command tx timeout [ 238.655592][T10088] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 238.670543][T10088] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 238.681128][T10088] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 238.704349][T10088] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 238.761262][T10106] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 238.774400][T10106] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 238.785449][T10106] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 238.800995][T10106] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 238.919880][T10088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.957748][T10088] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.978198][ T6692] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.985388][ T6692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.002098][T10106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.015902][ T6692] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.023082][ T6692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.061530][T10106] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.091377][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.098550][ T6680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.117711][ T6692] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.124917][ T6692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.136993][ T5858] Bluetooth: hci2: command tx timeout [ 239.574889][T10088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.599680][T10266] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1186'. [ 239.785646][T10088] veth0_vlan: entered promiscuous mode [ 239.803664][T10106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.824085][T10088] veth1_vlan: entered promiscuous mode [ 239.959563][T10106] veth0_vlan: entered promiscuous mode [ 239.971538][T10088] veth0_macvtap: entered promiscuous mode [ 239.983996][T10088] veth1_macvtap: entered promiscuous mode [ 240.013014][T10284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1192'. [ 240.024433][T10284] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1192'. [ 240.032606][T10283] xt_connbytes: Forcing CT accounting to be enabled [ 240.078963][T10106] veth1_vlan: entered promiscuous mode [ 240.092272][T10088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.161191][T10088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.190173][T10088] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.217912][T10088] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.227482][T10088] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.236228][T10088] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.258597][ T5858] Bluetooth: hci1: command tx timeout [ 240.336064][T10106] veth0_macvtap: entered promiscuous mode [ 240.352749][T10106] veth1_macvtap: entered promiscuous mode [ 240.410816][T10106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.421901][T10106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.434979][T10106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.455490][ T6701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.463671][T10106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.468907][ T6701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.484837][T10106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.508637][T10106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.513149][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1194'. [ 240.585225][T10106] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.597971][T10106] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.607118][T10106] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.616393][T10106] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.632066][ T6692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.644463][ T6692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.891807][ T6701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.912209][ T6701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.949565][T10315] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1198'. [ 241.015366][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1199'. [ 241.061436][ T6692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.080893][ T6692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.219285][ T5858] Bluetooth: hci2: command tx timeout [ 241.372160][T10339] netlink: 'syz.4.1205': attribute type 62 has an invalid length. [ 241.496193][T10347] netlink: 'syz.2.1208': attribute type 1 has an invalid length. [ 241.602849][T10347] veth5: entered promiscuous mode [ 241.614976][T10347] bond4: (slave veth5): Enslaving as a backup interface with a down link [ 241.886471][ T6701] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.899002][T10367] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1215'. [ 242.445636][ T6701] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.583467][ T6701] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.659225][ T6701] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.867034][ T6701] bridge_slave_1: left allmulticast mode [ 242.872751][ T6701] bridge_slave_1: left promiscuous mode [ 242.893298][ T6701] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.909059][ T6701] bridge_slave_0: left allmulticast mode [ 242.914759][ T6701] bridge_slave_0: left promiscuous mode [ 242.923323][ T6701] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.206144][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 243.222585][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 243.241021][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 243.262667][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 243.270542][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 243.321883][ T6701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.333269][ T6701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.345498][ T6701] bond0 (unregistering): Released all slaves [ 243.600698][T10375] chnl_net:caif_netlink_parms(): no params data found [ 243.694565][ T6701] hsr_slave_0: left promiscuous mode [ 243.708587][ T6701] hsr_slave_1: left promiscuous mode [ 243.727599][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.735088][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.792301][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.820030][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.914997][ T6701] veth1_macvtap: left promiscuous mode [ 243.934805][ T6701] veth0_macvtap: left promiscuous mode [ 243.946680][ T6701] veth1_vlan: left promiscuous mode [ 243.960392][ T6701] veth0_vlan: left promiscuous mode [ 244.180314][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 244.190174][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 244.199040][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 244.208467][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 244.216397][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 244.561872][ T6701] team0 (unregistering): Port device team_slave_1 removed [ 244.601965][ T6701] team0 (unregistering): Port device team_slave_0 removed [ 245.237583][T10375] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.246544][T10375] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.262672][T10375] bridge_slave_0: entered allmulticast mode [ 245.272244][T10375] bridge_slave_0: entered promiscuous mode [ 245.284390][T10375] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.295469][T10375] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.308844][T10375] bridge_slave_1: entered allmulticast mode [ 245.320240][T10375] bridge_slave_1: entered promiscuous mode [ 245.379814][ T5858] Bluetooth: hci1: command tx timeout [ 245.484647][T10375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.520643][T10375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.532544][T10432] sctp: [Deprecated]: syz.2.1227 (pid 10432) Use of int in max_burst socket option deprecated. [ 245.532544][T10432] Use struct sctp_assoc_value instead [ 245.642748][T10375] team0: Port device team_slave_0 added [ 245.654022][T10375] team0: Port device team_slave_1 added [ 245.721031][T10375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.731752][T10375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.758615][T10375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.809238][T10375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.816419][T10375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.842651][T10375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.953166][ T6701] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.092489][ T6701] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.153746][T10375] hsr_slave_0: entered promiscuous mode [ 246.178931][T10375] hsr_slave_1: entered promiscuous mode [ 246.194130][T10375] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 246.213919][T10375] Cannot create hsr debugfs directory [ 246.261905][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.269755][ T5858] Bluetooth: hci2: command tx timeout [ 246.276239][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.283724][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.291390][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.298898][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.306449][T10456] Dead loop on virtual device ip6_vti0, fix it urgently! [ 246.324672][T10456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1234'. [ 246.330231][ T6701] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.339410][T10456] netlink: 'syz.4.1234': attribute type 7 has an invalid length. [ 246.352660][T10456] netlink: 'syz.4.1234': attribute type 8 has an invalid length. [ 246.360459][T10456] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1234'. [ 246.402685][T10406] chnl_net:caif_netlink_parms(): no params data found [ 246.505271][ T6701] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.793436][T10466] macvtap0: left promiscuous mode [ 246.807927][T10466] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.824300][T10466] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.833353][T10466] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.844215][T10466] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.888949][T10466] bond1: left promiscuous mode [ 246.895399][T10466] bond3: left allmulticast mode [ 247.204193][T10406] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.222372][T10406] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.230622][T10406] bridge_slave_0: entered allmulticast mode [ 247.240792][T10406] bridge_slave_0: entered promiscuous mode [ 247.280749][T10406] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.288079][T10406] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.295334][T10406] bridge_slave_1: entered allmulticast mode [ 247.303348][T10406] bridge_slave_1: entered promiscuous mode [ 247.360938][ T6701] bridge_slave_1: left allmulticast mode [ 247.369171][ T6701] bridge_slave_1: left promiscuous mode [ 247.375734][ T6701] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.396210][ T6701] bridge_slave_0: left allmulticast mode [ 247.402123][ T6701] bridge_slave_0: left promiscuous mode [ 247.408215][ T6701] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.457823][ T5858] Bluetooth: hci1: command tx timeout [ 247.603793][T10492] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1244'. [ 247.745483][ T6701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 247.758443][ T6701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.771559][ T6701] bond0 (unregistering): Released all slaves [ 247.799733][T10492] tipc: Enabled bearer , priority 10 [ 247.825104][T10406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.871130][T10406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.983469][T10406] team0: Port device team_slave_0 added [ 248.003214][T10406] team0: Port device team_slave_1 added [ 248.102702][T10496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1246'. [ 248.151750][T10406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.159181][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.187033][T10406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.200735][T10406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.207970][T10406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.234613][T10406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.280879][ T6701] hsr_slave_0: left promiscuous mode [ 248.298981][ T6701] hsr_slave_1: left promiscuous mode [ 248.305136][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.317676][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.333866][ T6701] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.344218][ T5858] Bluetooth: hci2: command tx timeout [ 248.356708][ T6701] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.386493][T10500] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.1248'. [ 248.405555][ T6701] veth1_macvtap: left promiscuous mode [ 248.411342][ T6701] veth0_macvtap: left promiscuous mode [ 248.417567][ T6701] veth1_vlan: left promiscuous mode [ 248.423003][ T6701] veth0_vlan: left promiscuous mode [ 248.902139][T10511] FAULT_INJECTION: forcing a failure. [ 248.902139][T10511] name failslab, interval 1, probability 0, space 0, times 0 [ 248.917540][ T7603] tipc: Node number set to 1596850176 [ 248.927455][T10511] CPU: 0 UID: 0 PID: 10511 Comm: syz.2.1251 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 248.927485][T10511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 248.927497][T10511] Call Trace: [ 248.927506][T10511] [ 248.927515][T10511] dump_stack_lvl+0x241/0x360 [ 248.927552][T10511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.927581][T10511] ? __pfx__printk+0x10/0x10 [ 248.927615][T10511] ? __pfx___might_resched+0x10/0x10 [ 248.927641][T10511] should_fail_ex+0x424/0x570 [ 248.927678][T10511] should_failslab+0xac/0x100 [ 248.927701][T10511] kmem_cache_alloc_noprof+0x78/0x390 [ 248.927727][T10511] ? __kernfs_new_node+0xdf/0x890 [ 248.927746][T10511] ? stack_depot_save_flags+0x44/0x940 [ 248.927782][T10511] __kernfs_new_node+0xdf/0x890 [ 248.927804][T10511] ? __lock_acquire+0xad5/0xd80 [ 248.927840][T10511] ? __pfx___kernfs_new_node+0x10/0x10 [ 248.927873][T10511] ? kernfs_root+0x1c/0x230 [ 248.927894][T10511] ? kernfs_root+0x1c/0x230 [ 248.927917][T10511] kernfs_new_node+0x114/0x220 [ 248.927944][T10511] __kernfs_create_file+0x49/0x2e0 [ 248.927975][T10511] sysfs_add_file_mode_ns+0x24a/0x310 [ 248.928022][T10511] sysfs_create_file_ns+0x197/0x2c0 [ 248.928055][T10511] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 248.928085][T10511] ? __asan_memcpy+0x40/0x70 [ 248.928113][T10511] ? device_create_file+0xf2/0x1c0 [ 248.928139][T10511] nbd_genl_connect+0x1711/0x1c90 [ 248.928183][T10511] ? __pfx_nbd_genl_connect+0x10/0x10 [ 248.928228][T10511] ? __nla_parse+0x40/0x60 [ 248.928254][T10511] ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290 [ 248.928286][T10511] genl_rcv_msg+0xb38/0xf00 [ 248.928328][T10511] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.928356][T10511] ? stack_trace_save+0x11a/0x1d0 [ 248.928401][T10511] ? __pfx_stack_trace_save+0x10/0x10 [ 248.928429][T10511] ? stack_depot_save_flags+0x44/0x940 [ 248.928459][T10511] ? __pfx_stack_trace_save+0x1/0x10 [ 248.928501][T10511] ? __lock_acquire+0xad5/0xd80 [ 248.928532][T10511] ? __pfx_nbd_genl_connect+0x10/0x10 [ 248.928580][T10511] netlink_rcv_skb+0x208/0x480 [ 248.928608][T10511] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.928642][T10511] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.928695][T10511] ? netlink_deliver_tap+0x2e/0x1b0 [ 248.928729][T10511] genl_rcv+0x28/0x40 [ 248.928758][T10511] netlink_unicast+0x7f8/0x9a0 [ 248.928793][T10511] ? __pfx_netlink_unicast+0x10/0x10 [ 248.928820][T10511] ? skb_put+0x114/0x1f0 [ 248.928856][T10511] netlink_sendmsg+0x8c3/0xcd0 [ 248.928898][T10511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.928931][T10511] ? aa_sock_msg_perm+0x91/0x160 [ 248.928956][T10511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.928980][T10511] __sock_sendmsg+0x221/0x270 [ 248.929008][T10511] ____sys_sendmsg+0x523/0x860 [ 248.929031][T10511] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.929044][T10511] ? __fget_files+0x2a/0x420 [ 248.929061][T10511] ? __fget_files+0x2a/0x420 [ 248.929083][T10511] __sys_sendmsg+0x271/0x360 [ 248.929102][T10511] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.929161][T10511] ? do_syscall_64+0xb6/0x210 [ 248.929181][T10511] do_syscall_64+0xf3/0x210 [ 248.929198][T10511] ? clear_bhb_loop+0x45/0xa0 [ 248.929216][T10511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.929231][T10511] RIP: 0033:0x7f89f238e169 [ 248.929247][T10511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.929259][T10511] RSP: 002b:00007f89f31c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.929277][T10511] RAX: ffffffffffffffda RBX: 00007f89f25b5fa0 RCX: 00007f89f238e169 [ 248.929289][T10511] RDX: 0000000000044004 RSI: 0000200000000380 RDI: 0000000000000004 [ 248.929299][T10511] RBP: 00007f89f31c2090 R08: 0000000000000000 R09: 0000000000000000 [ 248.929309][T10511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 248.929319][T10511] R13: 0000000000000000 R14: 00007f89f25b5fa0 R15: 00007ffece171ff8 [ 248.929343][T10511] [ 248.929440][T10511] block nbd6: device_create_file failed for backend! [ 249.329821][ T5858] block nbd6: Receive control failed (result -32) [ 249.331545][ T6701] team0 (unregistering): Port device team_slave_1 removed [ 249.339102][ T5858] block nbd6: shutting down sockets [ 249.383156][ T5858] ================================================================== [ 249.391276][ T5858] BUG: KASAN: slab-use-after-free in recv_work+0x228a/0x25d0 [ 249.398688][ T5858] Write of size 4 at addr ffff8880325cec78 by task kworker/u9:8/5858 [ 249.406765][ T5858] [ 249.409109][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: kworker/u9:8 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 249.409132][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 249.409145][ T5858] Workqueue: nbd6-recv recv_work [ 249.409176][ T5858] Call Trace: [ 249.409184][ T5858] [ 249.409193][ T5858] dump_stack_lvl+0x241/0x360 [ 249.409220][ T5858] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.409243][ T5858] ? rcu_is_watching+0x15/0xb0 [ 249.409259][ T5858] ? __virt_addr_valid+0x183/0x530 [ 249.409282][ T5858] ? lock_release+0x4e/0x3e0 [ 249.409308][ T5858] ? __virt_addr_valid+0x183/0x530 [ 249.409328][ T5858] ? __virt_addr_valid+0x183/0x530 [ 249.409350][ T5858] print_report+0x16e/0x5b0 [ 249.409366][ T5858] ? __virt_addr_valid+0x183/0x530 [ 249.409386][ T5858] ? __virt_addr_valid+0x183/0x530 [ 249.409405][ T5858] ? __virt_addr_valid+0x45f/0x530 [ 249.409425][ T5858] ? __phys_addr+0xba/0x170 [ 249.409446][ T5858] ? recv_work+0x228a/0x25d0 [ 249.409470][ T5858] kasan_report+0x143/0x180 [ 249.409487][ T5858] ? recv_work+0x228a/0x25d0 [ 249.409515][ T5858] kasan_check_range+0x28f/0x2a0 [ 249.409532][ T5858] recv_work+0x228a/0x25d0 [ 249.409565][ T5858] ? stack_trace_save+0x11a/0x1d0 [ 249.409593][ T5858] ? __pfx_recv_work+0x10/0x10 [ 249.409618][ T5858] ? lockdep_unlock+0x8d/0x120 [ 249.409638][ T5858] ? validate_chain+0x8a7/0x24e0 [ 249.409680][ T5858] ? process_scheduled_works+0x9cb/0x18e0 [ 249.409705][ T5858] process_scheduled_works+0xac3/0x18e0 [ 249.409744][ T5858] ? __pfx_process_scheduled_works+0x10/0x10 [ 249.409774][ T5858] ? assign_work+0x367/0x3d0 [ 249.409801][ T5858] worker_thread+0x870/0xd50 [ 249.409823][ T5858] ? __kthread_parkme+0x1a8/0x200 [ 249.409841][ T5858] ? __pfx_worker_thread+0x10/0x10 [ 249.409857][ T5858] kthread+0x7b7/0x940 [ 249.409876][ T5858] ? __pfx_worker_thread+0x10/0x10 [ 249.409892][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.409909][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.409933][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.409952][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.409969][ T5858] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.409994][ T5858] ? lockdep_hardirqs_on+0x9d/0x150 [ 249.410011][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.410030][ T5858] ret_from_fork+0x4b/0x80 [ 249.410045][ T5858] ? __pfx_kthread+0x10/0x10 [ 249.410064][ T5858] ret_from_fork_asm+0x1a/0x30 [ 249.410086][ T5858] [ 249.410093][ T5858] [ 249.642440][ T5858] Allocated by task 10511: [ 249.646854][ T5858] kasan_save_track+0x3f/0x80 [ 249.651542][ T5858] __kasan_kmalloc+0x9d/0xb0 [ 249.656139][ T5858] __kmalloc_cache_noprof+0x236/0x370 [ 249.661525][ T5858] nbd_alloc_and_init_config+0x88/0x260 [ 249.667083][ T5858] nbd_genl_connect+0xcbc/0x1c90 [ 249.672029][ T5858] genl_rcv_msg+0xb38/0xf00 [ 249.676542][ T5858] netlink_rcv_skb+0x208/0x480 [ 249.681315][ T5858] genl_rcv+0x28/0x40 [ 249.685301][ T5858] netlink_unicast+0x7f8/0x9a0 [ 249.690073][ T5858] netlink_sendmsg+0x8c3/0xcd0 [ 249.694841][ T5858] __sock_sendmsg+0x221/0x270 [ 249.699522][ T5858] ____sys_sendmsg+0x523/0x860 [ 249.704282][ T5858] __sys_sendmsg+0x271/0x360 [ 249.708868][ T5858] do_syscall_64+0xf3/0x210 [ 249.713373][ T5858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.719268][ T5858] [ 249.721587][ T5858] Freed by task 5858: [ 249.725559][ T5858] kasan_save_track+0x3f/0x80 [ 249.730242][ T5858] kasan_save_free_info+0x40/0x50 [ 249.735288][ T5858] __kasan_slab_free+0x59/0x70 [ 249.740060][ T5858] kfree+0x198/0x430 [ 249.743974][ T5858] nbd_config_put+0x67d/0x7e0 [ 249.748654][ T5858] recv_work+0x2274/0x25d0 [ 249.753077][ T5858] process_scheduled_works+0xac3/0x18e0 [ 249.758631][ T5858] worker_thread+0x870/0xd50 [ 249.763218][ T5858] kthread+0x7b7/0x940 [ 249.767292][ T5858] ret_from_fork+0x4b/0x80 [ 249.771717][ T5858] ret_from_fork_asm+0x1a/0x30 [ 249.776479][ T5858] [ 249.778804][ T5858] The buggy address belongs to the object at ffff8880325cec00 [ 249.778804][ T5858] which belongs to the cache kmalloc-256 of size 256 [ 249.792877][ T5858] The buggy address is located 120 bytes inside of [ 249.792877][ T5858] freed 256-byte region [ffff8880325cec00, ffff8880325ced00) [ 249.806679][ T5858] [ 249.809003][ T5858] The buggy address belongs to the physical page: [ 249.815421][ T5858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880325ce800 pfn:0x325ce [ 249.825492][ T5858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 249.833993][ T5858] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 249.841986][ T5858] page_type: f5(slab) [ 249.845975][ T5858] raw: 00fff00000000040 ffff88801b041b40 ffffea000174d780 dead000000000005 [ 249.854577][ T5858] raw: ffff8880325ce800 000000000010000e 00000000f5000000 0000000000000000 [ 249.863177][ T5858] head: 00fff00000000040 ffff88801b041b40 ffffea000174d780 dead000000000005 [ 249.871848][ T5858] head: ffff8880325ce800 000000000010000e 00000000f5000000 0000000000000000 [ 249.880517][ T5858] head: 00fff00000000001 ffffea0000c97381 00000000ffffffff 00000000ffffffff [ 249.889190][ T5858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 249.897853][ T5858] page dumped because: kasan: bad access detected [ 249.904272][ T5858] page_owner tracks the page as allocated [ 249.909982][ T5858] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5841, tgid 5841 (syz-executor), ts 96373969812, free_ts 96321630609 [ 249.931402][ T5858] post_alloc_hook+0x1f4/0x240 [ 249.936177][ T5858] get_page_from_freelist+0x360a/0x37a0 [ 249.941734][ T5858] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 249.947562][ T5858] alloc_pages_mpol+0x339/0x690 [ 249.952411][ T5858] allocate_slab+0x8f/0x3b0 [ 249.956920][ T5858] ___slab_alloc+0xc3b/0x1500 [ 249.961602][ T5858] __slab_alloc+0x58/0xa0 [ 249.965967][ T5858] __kmalloc_noprof+0x2ea/0x4d0 [ 249.970819][ T5858] fib_create_info+0x110f/0x2cc0 [ 249.975756][ T5858] fib_table_insert+0x14b/0x1d70 [ 249.980705][ T5858] fib_magic+0x3da/0x620 [ 249.984954][ T5858] fib_add_ifaddr+0x398/0x5e0 [ 249.989644][ T5858] fib_netdev_event+0x375/0x490 [ 249.994584][ T5858] notifier_call_chain+0x1a5/0x3f0 [ 249.999699][ T5858] __dev_notify_flags+0x209/0x410 [ 250.004732][ T5858] netif_change_flags+0xf0/0x1a0 [ 250.009680][ T5858] page last free pid 5910 tgid 5910 stack trace: [ 250.016004][ T5858] __free_frozen_pages+0xde8/0x10a0 [ 250.021205][ T5858] __put_partials+0x160/0x1c0 [ 250.025994][ T5858] put_cpu_partial+0x17e/0x250 [ 250.030766][ T5858] __slab_free+0x294/0x390 [ 250.035191][ T5858] qlist_free_all+0x9a/0x140 [ 250.039792][ T5858] kasan_quarantine_reduce+0x14f/0x170 [ 250.045260][ T5858] __kasan_slab_alloc+0x23/0x80 [ 250.050119][ T5858] kmem_cache_alloc_node_noprof+0x1f2/0x3b0 [ 250.056022][ T5858] __alloc_skb+0x1c2/0x480 [ 250.060449][ T5858] mld_newpack+0x176/0xc70 [ 250.064868][ T5858] add_grec+0x1495/0x19a0 [ 250.069205][ T5858] mld_ifc_work+0x691/0xd90 [ 250.073716][ T5858] process_scheduled_works+0xac3/0x18e0 [ 250.079273][ T5858] worker_thread+0x870/0xd50 [ 250.083864][ T5858] kthread+0x7b7/0x940 [ 250.087940][ T5858] ret_from_fork+0x4b/0x80 [ 250.092358][ T5858] [ 250.094678][ T5858] Memory state around the buggy address: [ 250.100308][ T5858] ffff8880325ceb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 250.108371][ T5858] ffff8880325ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 250.116433][ T5858] >ffff8880325cec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.124495][ T5858] ^ [ 250.132468][ T5858] ffff8880325cec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 250.140532][ T5858] ffff8880325ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 250.148589][ T5858] ================================================================== [ 250.159602][ T5859] Bluetooth: hci1: command tx timeout [ 250.165140][ T5858] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 250.172371][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: kworker/u9:8 Not tainted 6.15.0-rc2-syzkaller-00279-g491ef1117c56 #0 PREEMPT(full) [ 250.184552][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 250.194636][ T5858] Workqueue: nbd6-recv recv_work [ 250.199619][ T5858] Call Trace: [ 250.202926][ T5858] [ 250.205891][ T5858] dump_stack_lvl+0x241/0x360 [ 250.210609][ T5858] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.215934][ T5858] ? __pfx__printk+0x10/0x10 [ 250.220555][ T5858] ? vscnprintf+0x5d/0x90 [ 250.224918][ T5858] panic+0x349/0x880 [ 250.228842][ T5858] ? check_panic_on_warn+0x21/0xb0 [ 250.233979][ T5858] ? __pfx_panic+0x10/0x10 [ 250.238435][ T5858] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 250.244451][ T5858] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 250.250817][ T5858] ? print_report+0x519/0x5b0 [ 250.255539][ T5858] check_panic_on_warn+0x86/0xb0 [ 250.260508][ T5858] ? recv_work+0x228a/0x25d0 [ 250.265145][ T5858] end_report+0x77/0x160 [ 250.269405][ T5858] kasan_report+0x154/0x180 [ 250.273922][ T5858] ? recv_work+0x228a/0x25d0 [ 250.278528][ T5858] kasan_check_range+0x28f/0x2a0 [ 250.283469][ T5858] recv_work+0x228a/0x25d0 [ 250.287907][ T5858] ? stack_trace_save+0x11a/0x1d0 [ 250.292950][ T5858] ? __pfx_recv_work+0x10/0x10 [ 250.297812][ T5858] ? lockdep_unlock+0x8d/0x120 [ 250.302593][ T5858] ? validate_chain+0x8a7/0x24e0 [ 250.307557][ T5858] ? process_scheduled_works+0x9cb/0x18e0 [ 250.313284][ T5858] process_scheduled_works+0xac3/0x18e0 [ 250.318864][ T5858] ? __pfx_process_scheduled_works+0x10/0x10 [ 250.324863][ T5858] ? assign_work+0x367/0x3d0 [ 250.329468][ T5858] worker_thread+0x870/0xd50 [ 250.334063][ T5858] ? __kthread_parkme+0x1a8/0x200 [ 250.339086][ T5858] ? __pfx_worker_thread+0x10/0x10 [ 250.344200][ T5858] kthread+0x7b7/0x940 [ 250.348271][ T5858] ? __pfx_worker_thread+0x10/0x10 [ 250.353381][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.358005][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.362601][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.367212][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.371803][ T5858] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.377011][ T5858] ? lockdep_hardirqs_on+0x9d/0x150 [ 250.382217][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.386829][ T5858] ret_from_fork+0x4b/0x80 [ 250.391249][ T5858] ? __pfx_kthread+0x10/0x10 [ 250.395843][ T5858] ret_from_fork_asm+0x1a/0x30 [ 250.400618][ T5858] [ 250.403999][ T5858] Kernel Offset: disabled [ 250.408327][ T5858] Rebooting in 86400 seconds..