last executing test programs:

50.930390393s ago: executing program 4 (id=3192):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd34, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xe, 0xfff2}, {}, {0x8, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdb9128280b372219d205e81f4a7f71c46660cdcfcf29fc6de1926aae1efd7e0054a863f3d5cfe71b55b5bb9fa6935849e6098ed64ab5bf031781719fbb37b", 0x65}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee381927148203000000c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a040600000028f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40811)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000002, 0x42073, 0xffffffffffffffff, 0xaba00000)
close(r5)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r7}, 0x18)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8)
close(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r6, @ANYRES32=r10, @ANYBLOB="0200000002"], 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)

49.444105627s ago: executing program 4 (id=3202):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="240600001e008d2a00000000000000000a400000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000"], 0x24}}, 0x0)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x2c}, 0x4004)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000040)="09296444118ba68ce0f120461742e9f5baf863bd2072e8e1bac1a8de9676c3b906bd792fd69cebdf4b27e82aa96f66401f7afdc643263399116ca759c855ecdfc4e586b70c0f0afd8346a491ba98c133cdeeaabb9d", 0x55, 0xc401, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)

48.618029814s ago: executing program 4 (id=3208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8910, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})

37.107002473s ago: executing program 4 (id=3208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8910, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})

23.859076727s ago: executing program 4 (id=3208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8910, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})

9.045641731s ago: executing program 4 (id=3208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8910, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})

4.878935739s ago: executing program 1 (id=3505):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x304}, "a000", "c1c035923e206f45456cbd38edfd4ed7", "1eb86b3e", "08c29b704f198d1f"}, 0x28)
sendmsg$inet(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000006c0)='n7', 0x4000}], 0x1, 0x0, 0x0, 0xe4ff}, 0x0)

4.51002532s ago: executing program 1 (id=3508):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$inet(0x2, 0x80001, 0x84)
r3 = socket$inet6(0xa, 0x5, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
ioctl$FS_IOC_RESVSP(r4, 0x800442d4, 0x0)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
bind$inet(r2, &(0x7f0000000180)={0x2, 0xc620, @local}, 0x10)
listen(r3, 0x7fff)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @local}, 0x2}}, 0x2e)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4c23, 0x81, @ipv4={'\x00', '\xff\xff', @remote}, 0xffbff001}, 0x1c)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x1, @broadcast}, 0x2, 0x4}}, 0x2e)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r8=>0x0})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r9)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f00), r9)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000f40)={'wpan0\x00'})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r6, @ANYRESOCT=r8, @ANYBLOB="019c00b20000000000003b00000008000300", @ANYRES64=r7, @ANYBLOB="53003300500300000000000000ff080211000000e85050505050"], 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x8080)
clock_gettime(0x0, &(0x7f0000000000))

4.043489511s ago: executing program 1 (id=3513):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_local\x00', r1}, 0x10)
socket$inet6(0xa, 0x802, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r2, &(0x7f0000000280)="02042c08ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000240)='task_newtask\x00', r0}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x60}}, 0x0)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000500), 0x8)
close(r6)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000100)={r7})
r8 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r8, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r8, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x0, @dev, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
sendmsg$kcm(r8, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x4000800)
close(r8)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f00000000c0))
close(0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800"/13, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.847022714s ago: executing program 1 (id=3514):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6(0xa, 0x3, 0x8000000003c)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="240600001e008d2a00000000000000000a400000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000"], 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16=0x0, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2.935378798s ago: executing program 1 (id=3516):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848200000005e1406040000001f0e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

2.631763119s ago: executing program 1 (id=3520):
r0 = socket(0x22, 0x2, 0x3)
accept$alg(r0, 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@handle=@nsim={{}, {0x0, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0x0, 0xa8, @name2}, @DEVLINK_ATTR_PORT_INDEX={0x0, 0x3, 0x2}]}, 0xfffffe52}, 0x1, 0x0, 0x0, 0x44850}, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x48000)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, &(0x7f0000000180)=0x10)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={r8, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000000)={r6, @in={{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1, 0xfffe}, 0x90)
socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000100)={&(0x7f0000000340)={0x2, 0x4001, @rand_addr=0x64010100}, 0x10, 0x0}, 0x3000c085)
syz_genetlink_get_family_id$l2tp(0x0, r2)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
r10 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6, 0x2}, 0x20)
connect$pppl2tp(r9, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0xffff, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r11)
sendmsg$NLBL_CALIPSO_C_ADD(r11, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000240)={0x24, r12, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x29}, 0x1, 0x0, 0x0, 0xc800}, 0x20020000)

2.027951732s ago: executing program 3 (id=3525):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r5, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000020002001c0012800c0001006d616376", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x4c}}, 0x4000)

1.830924168s ago: executing program 0 (id=3526):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6(0xa, 0x3, 0x8000000003c)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="240600001e008d2a00000000000000000a400000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000"], 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16=0x0, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.509628702s ago: executing program 3 (id=3528):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r0, &(0x7f0000000000)={0x2a, 0xffffffff, 0x7ffe}, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000080)={'syztnl1\x00', <r2=>0x0, 0x7, 0x80, 0x6, 0xffffffff, {{0x1d, 0x4, 0x3, 0x9, 0x74, 0x66, 0x0, 0xf7, 0x4, 0x0, @empty, @loopback, {[@lsrr={0x83, 0x7, 0xb7, [@empty]}, @end, @timestamp_prespec={0x44, 0x1c, 0x5d, 0x3, 0xd, [{@local, 0x1}, {@dev={0xac, 0x14, 0x14, 0x27}, 0xfffff001}, {@private=0xa010101, 0x9e}]}, @timestamp_prespec={0x44, 0x3c, 0x5, 0x3, 0x3, [{@rand_addr=0x64010100, 0x1f}, {@remote, 0xffffffff}, {@private=0xa010100, 0x3}, {@remote, 0xee}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@empty, 0x7}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x8}]}]}}}}})
sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=@bridge_setlink={0x13c, 0x13, 0x2, 0x70bd27, 0x25dfdbfc, {0x7, 0x0, 0x0, r2, 0x160, 0x1000}, [@IFLA_VF_PORTS={0x114, 0x18, 0x0, 0x1, [{0x9c, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xd, 0x2, '/::&]*#@\x00'}, @IFLA_PORT_PROFILE={0x18, 0x2, '!!$+#@@^#4^\xd9\x8d\xe9]}\']%\x00'}, @IFLA_PORT_PROFILE={0xa, 0x2, '-&[@^\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "dfe1b1241537620e0feffc4cb55a235b"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "e90f3c8f4eda015839107c6e9fbde96e"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "28438caff4928dbf3282068e4178fffd"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "a6d17ebd4f74cae8e0b41a544daf666e"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "201ef940a13680f2c26742361267921c"}]}, {0x14, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x7}]}, {0x4}, {0x5c, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "364d2b0fe5dadd99887908bd97816af2"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "db688a473b70f0571f0cf1c781ba6abb"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "f050895e3723bee9c86d3f191e6f13fd"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "7056a4fc52b53907ba4ca03f7143b2d6"}, @IFLA_PORT_VF={0x8, 0x1, 0xd9f5}]}]}, @IFLA_WEIGHT={0x8, 0xf, 0x2}]}, 0x13c}}, 0x4000)
connect$qrtr(r0, &(0x7f0000000340)={0x2a, 0x4, 0x2000}, 0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f00000003c0)=@gettaction={0x1f0, 0x32, 0xc02, 0x70bd2d, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x54, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x858}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x8}, @action_gd=@TCA_ACT_TAB={0x30, 0x1, [{0x14, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}, @action_gd=@TCA_ACT_TAB={0x9c, 0x1, [{0x14, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfe}}, {0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @action_gd=@TCA_ACT_TAB={0x7c, 0x1, [{0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x50}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x102}}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0xc091}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000640)={<r3=>r0})
sendmsg$AUDIT_LIST_RULES(r3, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x10, 0x3f5, 0x20, 0x70bd25, 0x25dfdbfd, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040000)
sendmsg$nl_route_sched(r3, &(0x7f0000001300)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000012c0)={&(0x7f00000007c0)=@newtaction={0xaf4, 0x30, 0x400, 0x70bd28, 0x25dfdbfb, {}, [{0xae0, 0x1, [@m_ife={0xa8, 0x2, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x9}, @TCA_IFE_TYPE={0x6, 0x5, 0x25e}, @TCA_IFE_TYPE={0x6, 0x5, 0x5}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x75e}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_TYPE={0x6, 0x5, 0xbbb3}]}, {0x4b, 0x6, "251dc38e9efdb1ee5c53e64aced144cec7d5a65f161f75ee077a6e94e28f5071709e44c05220a4bd31a725432336833dff4d4562d01ef67cb6c2bf369e996536dc9cee6722c7c5"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_connmark={0x1b8, 0x1, 0x0, 0x0, {{0xd}, {0xe4, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x8, 0xffffffffffffffff, 0x13, 0x101}, 0x1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xffff, 0xffffffffffffffff, 0x8, 0x3}, 0x7}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x1, 0x5, 0x24c0000, 0xffffffff}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8000, 0x1, 0x10000000, 0x32, 0x8001}, 0x5d6e}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x7e68, 0x3, 0xc000, 0x8}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x2, 0x5, 0x8, 0x5}, 0x1ff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x10001, 0x8, 0x2, 0x9, 0x7}, 0x86bf}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x80000000, 0x5, 0x6, 0x2, 0x20000}, 0x4}}]}, {0xa5, 0x6, "d280c09c9bd75fb90442b2195fce4666f5990189ee8d8d7ccfc8dbea13ff9c57342bef87b686097d4df207214de79c4fa989e444dcfdf87168cb2c5a963ace6cbb4e5cb8d614ad59331c24c96165ee8291eb8ca900e0a223dff39719a4542bdf2b31c60b5dbb7dca2d3294938184cec8b8359b0c34d3d79f9ab939c16f00120ea4161eeaa2079f1061be1404ec6fc8a620b18eb4a4e62628bd466ac0fe834971bb"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_xt={0x270, 0x16, 0x0, 0x0, {{0x7}, {0x1f4, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xb6, 0x6, {0x8000, 'mangle\x00', 0x30, 0x0, "d468f8fa31ea866b383212fc024a30aff8331173208ff17d25f6ec907d8f90dfe073425a077fd359118075469690aecf3f351be95e06d5b4169e032fd7bc3d7edf179aabb20dbf29941913a1e1e86580d514bfde42b64fa769bf010eedc4155103a2ae6837febc30f486c21fceb69b741c6bde476f8439cbe9162286d05589f53322d59faa3791deaf727f52"}}, @TCA_IPT_TARG={0xd8, 0x6, {0x4, 'mangle\x00', 0x80, 0x7, "e982aba4bad415f8145a75e29021437c78a508841db5159411e218083d7944d5396d226506ef152023314bfcae32e7c760e7d9de2dc6bdf88844c386bb60217483d7c5d0084ae5f12d2897e34a8dd028f7fa3d728987cedfeddb954820ff702cd0f5549569964af85748e552094fa9dd0c10e92fd19477104a6d2e7bd68020143f0ac0171306a90ce69c430a77a5782001290a90cdcbf5c221b9a278bf862a7a4065b7c6d7f447e4b602559aa1d0"}}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0xe}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}]}, {0x58, 0x6, "0985c44f9dfe0af96cc43f4d15b5fc16bede0581797ce9a8de1df82a9900fd5a1ca2fe27e883a74259d4c56aebe393188d9221dfd3f084fe2f05d7d7f9df597a48f8737caeec7d59482b64114d2e38660df8346e"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbedit={0xb8, 0xe, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x2, 0x1}}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x4}]}, {0x74, 0x6, "283d04c91d6f6d6121898f00f8545a593858fe9e5a4858263d83da24c0b1c8b8878cec29f444b2304437325cd87e52988bdc90a1e948771892a39d271ae5745d23bc2da5d8d23a163adaec91bc2cc559ae10a68df12368b34cc268524d289cd0ba409f264930f9818df69552efbf9aeb"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0xa7bfc6b908124905, 0x3}}}}, @m_gact={0x108, 0x20, 0x0, 0x0, {{0x9}, {0xa0, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1fb4, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x1, 0x3ff, 0x1, 0x4, 0x8}}, @TCA_GACT_PARMS={0x18, 0x2, {0xff000000, 0x5, 0x1, 0x7fffffff, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0xf, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0x800, 0x10000, 0x2, 0x5, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x7fffffff, 0x1, 0x1, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0xf82, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x6, 0x7}}]}, {0x3e, 0x6, "894f59ec5873a86113ab205d0dcf38d1bb2e67e1d819b60ec78e4b8a5da17566e9dc44653b8809787f3399c590f08f0058703c7aa9e0fe0f51c5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x168, 0x1d, 0x0, 0x0, {{0x9}, {0xac, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x6, 0x3, 0x2, 0x8}, 0x62}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x9, 0x0, 0x1, 0x6}, 0x6e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x253, 0x20000000, 0x401, 0x6}, 0x5}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x81, 0x4, 0x6, 0x5}}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x6, 0x8, 0x8, 0x40}, 0x2a}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x10000, 0x0, 0x4, 0x5}, 0x67}}]}, {0x93, 0x6, "c8d27dcec99164bec8917a723a0609c12011b9bf4632a0de0300986bac23fc7d2e9f23678ab9c0468cbd2164f0ccb80cca86858b499d7ac0fdbcdddbbc59c59dceca18fb1fc983aa93f2f29dec8910d323c991368bdfdb9728ffbcb63f64f74acbc55da1e270d77220bd98771550e0d62b713bb69a4e80b03b6c28f023fbc658c6057e017c336f667f144bdcd98fa4"}, {0xc}, {0xc}}}, @m_skbedit={0x100, 0x15, 0x0, 0x0, {{0xc}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1, 0x0, 0x0, 0x129, 0x1}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x4, 0xffffff81, 0x8, 0x8, 0x100}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x4}]}, {0x93, 0x6, "9357bf95f4b396d90aa0874dc7b23e2417294a24e53bcb04c193f26135c973cc6a678fadae3cd1539a1405d597e5adeaf6d5431ee701230a413532f494d3fe05bee3630ab18dbc354bf9d36f7dccda69c0b748e42b849f02105bba62f2f8758f43db10c23a3b3845be59dfde4145d4fbdec76b7dff2ac1880e626852bc7cb5d1b15f4ef90790195d47ec1faccebbd2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ct={0x128, 0xf, 0x0, 0x0, {{0x7}, {0x8c, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}, @TCA_CT_LABELS_MASK={0x14, 0x8, "4790bf18b9f0f65ba438742ca8ac6d52"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x5}, @TCA_CT_PARMS={0x18, 0x1, {0x6, 0xffffffff, 0x1, 0x2, 0x7}}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @dev={0xac, 0x14, 0x14, 0x15}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_ACTION={0x6, 0x3, 0x36}, @TCA_CT_ACTION={0x6, 0x3, 0x11}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private1={0xfc, 0x1, '\x00', 0x1}}]}, {0x78, 0x6, "acb7bbc1e3b914c2d2a7e569bbd70d7d64ac5eb49e0df73a208eb155c76e32d84207ff6f2b1f4cb5e46cd6b60c8aee76e6b7f16896ede3b55e83bf9df4b55794607eae283df21d292a67c01a21e935d2e8ce6845b87d783a6365f588150371ee2c9a4c1138a4b3ac29b67182f6a574076b6c9987"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x6, 0x1}}}}, @m_simple={0xbc, 0x17, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x0, 0x4, 0xdb, 0x800}}]}, {0x76, 0x6, "84577a69f1390aff33e5d0bc9f2070ca7e542efecd54e4dbabd871504f7f1fb3cd46495b4c41aab86efc7b53a4e879222351916850942641f96e906ff32a4fa234f7bdf5f95d2bd0e687bb0205d747c6e2d336d1da721ab7d0897b07bb515077a9b17b19675561941b5857a84f09efc28939"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x5}}}}]}]}, 0xaf4}, 0x1, 0x0, 0x0, 0x992e5a985e2b39a}, 0x20000044)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000001340))
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r5 = accept(r4, &(0x7f0000001380)=@tipc=@name, &(0x7f0000001400)=0x80)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000014c0)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f0000001440), &(0x7f0000001480)='%ps    \x00'}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000001500)=@base={0x19, 0x4, 0xffffff00, 0x1ff, 0x6284b, r6, 0x0, '\x00', r2, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$nl_route_sched(r5, &(0x7f0000001640)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001600)={&(0x7f00000015c0)=@deltclass={0x38, 0x29, 0x400, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xb, 0xd}, {0xd}, {0x0, 0xfff3}}, [@tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x40, 0x6}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4840}, 0x20000001)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000001680)={0x3, 0x3, 0x2800, 0x5, 0xc43})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f00000016c0)={0x6, 0x2, 0x101, 0x9, 0x23d})
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000001700)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00', 0x4e23, 0x8, 0x4e21, 0x300, 0xa, 0x80, 0x20, 0x2e, 0x0, 0xffffffffffffffff}, {0x3, 0x6, 0x0, 0x1, 0x200, 0x9d6, 0x24a, 0x8001}, {0x3, 0xfffffffffffffffa, 0x3b1b, 0x101}, 0xcc7d, 0x6e6bbc, 0x1, 0x1, 0x3, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d4, 0x46}, 0x2, @in=@private=0xa010100, 0x3500, 0x0, 0x0, 0x29, 0x7ff, 0x3, 0x7}}, 0xe8)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000001800)={0x1, 0x3, 0x2, 0x5})
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000001840)={0x6, 0x0, 0x800, 0x4, 0xf})
setsockopt$WPAN_SECURITY(r5, 0x0, 0x1, &(0x7f0000001880)=0x2, 0x4)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000018c0)={0x1, 0x75, 0x3ff, 0x3, 0x400})
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000001900)={0x80000001, 0x5, 0xfffffffd, 0x400, 0x7})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000001980), r5)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r8, &(0x7f0000001a40)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001a00)={&(0x7f00000019c0)={0x24, r9, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x40000)

1.361421473s ago: executing program 0 (id=3529):
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNADDRESOURCE(r0, 0x89e0, &(0x7f0000000000)=0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000001680)={@fallback=r1, r1, 0x2f, 0x0, 0x0, @void, @value}, 0x20)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000300)={0x0, <r3=>0x0}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@cgroup=r1, r2, 0x2f, 0x2020, 0x4, @void, @void, @value=r3}, 0x20)

1.300017927s ago: executing program 2 (id=3530):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x11000000}, 0x3, r1}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)=<r3=>0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in=@multicast2, @in=@loopback, 0x4e23, 0x3, 0x4e24, 0x2, 0x4d3b5ef5fcbedf9c, 0x20, 0x20, 0x87, r1, r3}, {0xd08, 0x3, 0x8001, 0x7f, 0x5, 0x8, 0xc89, 0x6d3}, {0x8, 0xf8, 0x6, 0xb5df}, 0x5e3, 0x6e6bb1, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x3c}, 0x2, @in6=@mcast2, 0x0, 0x1, 0x3, 0x7f, 0x3ff, 0xfff, 0x9}}, 0xe8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000a00)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000b24400000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="5300330050000000ffffffffffff080211000000505050505050"], 0x70}}, 0x80)

1.246426381s ago: executing program 3 (id=3531):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001340)=@newtfilter={0x34, 0x2c, 0xd2f, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {0x4, 0xffff}, {}, {0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x1}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

1.11938856s ago: executing program 0 (id=3532):
bpf$MAP_CREATE(0x2100000000000000, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x18, 0x0, @void, @value, @void, @value}, 0x48)

1.036087686s ago: executing program 2 (id=3533):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006206558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

951.777911ms ago: executing program 0 (id=3534):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090500000000fddbdf25021f00cb", @ANYRES32=r1, @ANYBLOB="080008100002000008000200ffffffff0800090006000000080009000000180008000200ac1414aa080009"], 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0xed, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x800000000000000)

898.423677ms ago: executing program 2 (id=3535):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x70, 0x2c, 0xd27, 0xfffffffc, 0xf2ff0000, {0x0, 0x0, 0x0, r3, {0x3, 0xfff3}, {}, {0x6, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xc, 0x2}, {0x0, 0x7, 0x2}}}]}}]}]}]}}]}, 0x70}}, 0x200400d4)

822.358054ms ago: executing program 3 (id=3536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000000080)=0x1, 0x4)
readv(r1, &(0x7f0000000580), 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0xa, &(0x7f0000000040)=0x2c5, 0x4)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x4, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x44, r5, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xf9}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x5, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "6a53198af9b87849"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x5, 0x800, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a628860aa6e365024153d004358b73a753e5074b25f3328e39d4d32b16f5a128e0d00da5935de9dc2df4937ddab7e2249ad356a0c06acbae37a90abbcee54219"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\a'], 0x48}}, 0x0)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x24000841}, 0x4048004)

723.763655ms ago: executing program 0 (id=3537):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x2100000000000000, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc, 0x0, 0xffffffffffffffff, 0x41, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

576.370803ms ago: executing program 3 (id=3538):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r5, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000020002001c0012800c0001006d6163766c616e000c0002800800", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x4c}}, 0x4000)

447.572679ms ago: executing program 2 (id=3539):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04", 0xd}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x4000000, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

203.794035ms ago: executing program 2 (id=3540):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)={0x24, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x24}}, 0x500000000000000)

96.038474ms ago: executing program 0 (id=3541):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x4}}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002800)="41fc", 0x2}], 0x1}, 0x14)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f00000001c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000400)={'broute\x00', 0x0, 0x0, 0x0, [0x3ff, 0x9a3, 0x7, 0x6, 0x4, 0x8], 0x5, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}]}, 0xc8)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x1, 0x0, 0x0, 0x10000000}, 0x12cd)
socket$kcm(0xa, 0x5, 0x3a)
sendmsg$kcm(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="cc", 0x1}], 0x1}, 0x4000804)

77.064046ms ago: executing program 3 (id=3542):
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x40000000000000}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x8, &(0x7f0000000600))
write(0xffffffffffffffff, &(0x7f0000000100)="29000000140005b7ff000000040860eb0101b6ff021596db2d6d6974b5", 0x1d)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 2 (id=3543):
socket$nl_route(0x10, 0x3, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(r2, 0x0, 0x4000800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2100000000000000, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (fail_nth: 22)

kernel console output (not intermixed with test programs):

n process `syz.1.2692'.
[  288.287850][T12568] unsupported nlmsg_type 40
[  288.452045][T12579] FAULT_INJECTION: forcing a failure.
[  288.452045][T12579] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.486094][T12579] CPU: 1 UID: 0 PID: 12579 Comm: syz.1.2696 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  288.486126][T12579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  288.486139][T12579] Call Trace:
[  288.486147][T12579]  <TASK>
[  288.486156][T12579]  dump_stack_lvl+0x189/0x250
[  288.486187][T12579]  ? __lock_acquire+0xaac/0xd20
[  288.486220][T12579]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.486248][T12579]  ? __pfx__printk+0x10/0x10
[  288.486269][T12579]  ? __might_fault+0xb0/0x130
[  288.486306][T12579]  should_fail_ex+0x414/0x560
[  288.486330][T12579]  _copy_from_iter+0x1db/0x15a0
[  288.486371][T12579]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  288.486393][T12579]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  288.486420][T12579]  ? __pfx__copy_from_iter+0x10/0x10
[  288.486446][T12579]  ? __build_skb_around+0x257/0x3e0
[  288.486475][T12579]  ? netlink_sendmsg+0x642/0xb30
[  288.486495][T12579]  ? skb_put+0x11b/0x210
[  288.486524][T12579]  netlink_sendmsg+0x6b2/0xb30
[  288.486556][T12579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.486583][T12579]  ? aa_sock_msg_perm+0x94/0x160
[  288.486607][T12579]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.486630][T12579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.486651][T12579]  __sock_sendmsg+0x219/0x270
[  288.486674][T12579]  ____sys_sendmsg+0x52d/0x830
[  288.486707][T12579]  ? __pfx_____sys_sendmsg+0x10/0x10
[  288.486742][T12579]  ? import_iovec+0x74/0xa0
[  288.486772][T12579]  ___sys_sendmsg+0x21f/0x2a0
[  288.486800][T12579]  ? __pfx____sys_sendmsg+0x10/0x10
[  288.486864][T12579]  ? __fget_files+0x2a/0x420
[  288.486889][T12579]  ? __fget_files+0x3a0/0x420
[  288.486926][T12579]  __sys_sendmmsg+0x227/0x430
[  288.486958][T12579]  ? __pfx___sys_sendmmsg+0x10/0x10
[  288.486995][T12579]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  288.487040][T12579]  ? ksys_write+0x1f0/0x250
[  288.487061][T12579]  ? rcu_is_watching+0x15/0xb0
[  288.487103][T12579]  __x64_sys_sendmmsg+0xa0/0xc0
[  288.487130][T12579]  do_syscall_64+0xf6/0x210
[  288.487157][T12579]  ? clear_bhb_loop+0x45/0xa0
[  288.487181][T12579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.487201][T12579] RIP: 0033:0x7f43f538e969
[  288.487219][T12579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.487236][T12579] RSP: 002b:00007f43f611a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  288.487258][T12579] RAX: ffffffffffffffda RBX: 00007f43f55b5fa0 RCX: 00007f43f538e969
[  288.487273][T12579] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  288.487287][T12579] RBP: 00007f43f611a090 R08: 0000000000000000 R09: 0000000000000000
[  288.487300][T12579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.487311][T12579] R13: 0000000000000000 R14: 00007f43f55b5fa0 R15: 00007ffeda311c78
[  288.487343][T12579]  </TASK>
[  288.826977][T12583] netlink: 'syz.3.2698': attribute type 29 has an invalid length.
[  288.859086][T12583] netlink: 'syz.3.2698': attribute type 29 has an invalid length.
[  289.214077][T12595] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  289.318213][T12604] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2706'.
[  289.592742][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2711'.
[  289.597351][T12617] netlink: 'syz.2.2712': attribute type 29 has an invalid length.
[  289.623441][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2711'.
[  289.648392][T12617] netlink: 'syz.2.2712': attribute type 29 has an invalid length.
[  289.658979][T12620] syz0: rxe_newlink: already configured on bond_slave_1
[  289.678463][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2711'.
[  289.746491][T12622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2711'.
[  289.773871][T12622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2711'.
[  290.121463][T12638] FAULT_INJECTION: forcing a failure.
[  290.121463][T12638] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.167948][T12638] CPU: 1 UID: 0 PID: 12638 Comm: syz.4.2719 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  290.167979][T12638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  290.167991][T12638] Call Trace:
[  290.167999][T12638]  <TASK>
[  290.168009][T12638]  dump_stack_lvl+0x189/0x250
[  290.168042][T12638]  ? __lock_acquire+0xaac/0xd20
[  290.168072][T12638]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.168100][T12638]  ? __pfx__printk+0x10/0x10
[  290.168119][T12638]  ? __might_fault+0xb0/0x130
[  290.168165][T12638]  should_fail_ex+0x414/0x560
[  290.168190][T12638]  _copy_from_user+0x2d/0xb0
[  290.168219][T12638]  ___sys_sendmsg+0x158/0x2a0
[  290.168249][T12638]  ? __pfx____sys_sendmsg+0x10/0x10
[  290.168316][T12638]  ? __fget_files+0x2a/0x420
[  290.168340][T12638]  ? __fget_files+0x3a0/0x420
[  290.168378][T12638]  __sys_sendmmsg+0x227/0x430
[  290.168411][T12638]  ? __pfx___sys_sendmmsg+0x10/0x10
[  290.168465][T12638]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  290.168511][T12638]  ? ksys_write+0x1f0/0x250
[  290.168533][T12638]  ? rcu_is_watching+0x15/0xb0
[  290.168574][T12638]  __x64_sys_sendmmsg+0xa0/0xc0
[  290.168603][T12638]  do_syscall_64+0xf6/0x210
[  290.168629][T12638]  ? clear_bhb_loop+0x45/0xa0
[  290.168654][T12638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.168673][T12638] RIP: 0033:0x7fb979d8e969
[  290.168691][T12638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.168709][T12638] RSP: 002b:00007fb97ac53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  290.168730][T12638] RAX: ffffffffffffffda RBX: 00007fb979fb5fa0 RCX: 00007fb979d8e969
[  290.168746][T12638] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  290.168759][T12638] RBP: 00007fb97ac53090 R08: 0000000000000000 R09: 0000000000000000
[  290.168771][T12638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.168782][T12638] R13: 0000000000000000 R14: 00007fb979fb5fa0 R15: 00007ffff4afe818
[  290.168815][T12638]  </TASK>
[  290.404684][T12642] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2724'.
[  290.477625][T12649] Cannot find add_set index 1 as target
[  290.540134][T12644] 8021q: adding VLAN 0 to HW filter on device bond5
[  290.593478][T12644] bond5: entered promiscuous mode
[  290.603598][T12644] bond0: (slave bond5): Enslaving as an active interface with an up link
[  290.612966][T12651] netlink: 'syz.2.2726': attribute type 29 has an invalid length.
[  290.628643][T12657] netlink: 'syz.4.2727': attribute type 1 has an invalid length.
[  290.636823][T12655] netlink: 'syz.3.2728': attribute type 1 has an invalid length.
[  290.636847][T12655] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2728'.
[  290.654222][T12658] netlink: 'syz.2.2726': attribute type 29 has an invalid length.
[  290.662877][T12657] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2727'.
[  290.663271][T12651] netlink: 'syz.2.2726': attribute type 29 has an invalid length.
[  291.468286][T12695] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2743'.
[  291.539950][T12697] netlink: 'syz.1.2744': attribute type 29 has an invalid length.
[  291.550105][T12697] netlink: 'syz.1.2744': attribute type 29 has an invalid length.
[  291.579995][T12697] netlink: 'syz.1.2744': attribute type 29 has an invalid length.
[  291.779008][T12704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  291.903594][T12714] FAULT_INJECTION: forcing a failure.
[  291.903594][T12714] name failslab, interval 1, probability 0, space 0, times 0
[  291.936934][T12714] CPU: 0 UID: 0 PID: 12714 Comm: syz.2.2748 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  291.936983][T12714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  291.937004][T12714] Call Trace:
[  291.937023][T12714]  <TASK>
[  291.937032][T12714]  dump_stack_lvl+0x189/0x250
[  291.937070][T12714]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.937098][T12714]  ? __pfx__printk+0x10/0x10
[  291.937126][T12714]  ? ref_tracker_alloc+0x318/0x460
[  291.937152][T12714]  should_fail_ex+0x414/0x560
[  291.937176][T12714]  should_failslab+0xa8/0x100
[  291.937205][T12714]  kmem_cache_alloc_noprof+0x73/0x3c0
[  291.937229][T12714]  ? skb_clone+0x212/0x3a0
[  291.937261][T12714]  skb_clone+0x212/0x3a0
[  291.937291][T12714]  __netlink_deliver_tap+0x404/0x850
[  291.937328][T12714]  ? netlink_deliver_tap+0x2e/0x1b0
[  291.937351][T12714]  netlink_deliver_tap+0x19c/0x1b0
[  291.937375][T12714]  netlink_unicast+0x72f/0x8d0
[  291.937407][T12714]  netlink_sendmsg+0x805/0xb30
[  291.937440][T12714]  ? __pfx_netlink_sendmsg+0x10/0x10
[  291.937467][T12714]  ? aa_sock_msg_perm+0x94/0x160
[  291.937490][T12714]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  291.937513][T12714]  ? __pfx_netlink_sendmsg+0x10/0x10
[  291.937536][T12714]  __sock_sendmsg+0x219/0x270
[  291.937559][T12714]  ____sys_sendmsg+0x52d/0x830
[  291.937592][T12714]  ? __pfx_____sys_sendmsg+0x10/0x10
[  291.937630][T12714]  ? import_iovec+0x74/0xa0
[  291.937661][T12714]  ___sys_sendmsg+0x21f/0x2a0
[  291.937690][T12714]  ? __pfx____sys_sendmsg+0x10/0x10
[  291.937758][T12714]  ? __fget_files+0x2a/0x420
[  291.937782][T12714]  ? __fget_files+0x3a0/0x420
[  291.937821][T12714]  __sys_sendmmsg+0x227/0x430
[  291.937853][T12714]  ? __pfx___sys_sendmmsg+0x10/0x10
[  291.937890][T12714]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  291.937936][T12714]  ? ksys_write+0x1f0/0x250
[  291.937971][T12714]  __x64_sys_sendmmsg+0xa0/0xc0
[  291.938000][T12714]  do_syscall_64+0xf6/0x210
[  291.938041][T12714]  ? clear_bhb_loop+0x45/0xa0
[  291.938065][T12714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.938084][T12714] RIP: 0033:0x7f6de5d8e969
[  291.938102][T12714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.938119][T12714] RSP: 002b:00007f6de6b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  291.938141][T12714] RAX: ffffffffffffffda RBX: 00007f6de5fb5fa0 RCX: 00007f6de5d8e969
[  291.938155][T12714] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  291.938168][T12714] RBP: 00007f6de6b5c090 R08: 0000000000000000 R09: 0000000000000000
[  291.938181][T12714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  291.938192][T12714] R13: 0000000000000000 R14: 00007f6de5fb5fa0 R15: 00007ffc67242aa8
[  291.938226][T12714]  </TASK>
[  293.263390][T12744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.265203][T12746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.285431][T12744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.722696][ T7192] syzkaller0: tun_net_xmit 76
[  293.728245][ T7192] syzkaller0: tun_net_xmit 48
[  293.728846][T12760] syzkaller0: create flow: hash 1480608854 index 2
[  293.743966][ T5884] syzkaller0: tun_net_xmit 76
[  293.855868][ T5884] syzkaller0: tun_net_xmit 76
[  293.863975][ T5891] syzkaller0: tun_net_xmit 76
[  293.868811][T12759] syzkaller0: delete flow: hash 1480608854 index 2
[  293.928335][T12768] FAULT_INJECTION: forcing a failure.
[  293.928335][T12768] name failslab, interval 1, probability 0, space 0, times 0
[  293.941607][T12768] CPU: 1 UID: 0 PID: 12768 Comm: syz.3.2769 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  293.941636][T12768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  293.941648][T12768] Call Trace:
[  293.941657][T12768]  <TASK>
[  293.941665][T12768]  dump_stack_lvl+0x189/0x250
[  293.941704][T12768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.941731][T12768]  ? __pfx__printk+0x10/0x10
[  293.941758][T12768]  ? __pfx___might_resched+0x10/0x10
[  293.941787][T12768]  ? fs_reclaim_acquire+0x7d/0x100
[  293.941821][T12768]  should_fail_ex+0x414/0x560
[  293.941847][T12768]  should_failslab+0xa8/0x100
[  293.941875][T12768]  __kmalloc_noprof+0xcb/0x4f0
[  293.941898][T12768]  ? sock_kmalloc+0xd6/0x160
[  293.941929][T12768]  sock_kmalloc+0xd6/0x160
[  293.941955][T12768]  hash_accept_parent+0x80/0x370
[  293.941974][T12768]  ? __pfx_hash_accept_parent+0x10/0x10
[  293.941991][T12768]  af_alg_accept+0x174/0x520
[  293.942023][T12768]  hash_accept+0x16a/0x390
[  293.942043][T12768]  do_accept+0x48c/0x680
[  293.942067][T12768]  ? __pfx_do_accept+0x10/0x10
[  293.942107][T12768]  __sys_accept4+0x11c/0x1c0
[  293.942129][T12768]  ? __pfx___sys_accept4+0x10/0x10
[  293.942145][T12768]  ? ksys_write+0x1f0/0x250
[  293.942180][T12768]  __x64_sys_accept4+0x9a/0xb0
[  293.942203][T12768]  do_syscall_64+0xf6/0x210
[  293.942229][T12768]  ? clear_bhb_loop+0x45/0xa0
[  293.942253][T12768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.942289][T12768] RIP: 0033:0x7f03f7f8e969
[  293.942307][T12768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.942324][T12768] RSP: 002b:00007f03f8d6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  293.942345][T12768] RAX: ffffffffffffffda RBX: 00007f03f81b5fa0 RCX: 00007f03f7f8e969
[  293.942359][T12768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  293.942370][T12768] RBP: 00007f03f8d6c090 R08: 0000000000000000 R09: 0000000000000000
[  293.942383][T12768] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  293.942395][T12768] R13: 0000000000000000 R14: 00007f03f81b5fa0 R15: 00007ffdde09f648
[  293.942428][T12768]  </TASK>
[  295.621895][T12766] validate_nla: 4 callbacks suppressed
[  295.621914][T12766] netlink: 'syz.4.2770': attribute type 29 has an invalid length.
[  295.826628][T12801] __nla_validate_parse: 3 callbacks suppressed
[  295.826662][T12801] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2776'.
[  295.988178][T12806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.139413][T12817] netlink: 'syz.4.2786': attribute type 29 has an invalid length.
[  296.158115][T12817] netlink: 'syz.4.2786': attribute type 29 has an invalid length.
[  296.171551][T12817] netlink: 'syz.4.2786': attribute type 29 has an invalid length.
[  296.771097][T12852] netlink: 'syz.0.2798': attribute type 29 has an invalid length.
[  296.782739][T12852] netlink: 'syz.0.2798': attribute type 29 has an invalid length.
[  296.824367][T12852] netlink: 'syz.0.2798': attribute type 29 has an invalid length.
[  297.230971][T12867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.506344][T12886] FAULT_INJECTION: forcing a failure.
[  297.506344][T12886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.534207][T12886] CPU: 0 UID: 0 PID: 12886 Comm: syz.4.2812 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  297.534238][T12886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  297.534251][T12886] Call Trace:
[  297.534260][T12886]  <TASK>
[  297.534268][T12886]  dump_stack_lvl+0x189/0x250
[  297.534301][T12886]  ? __lock_acquire+0xaac/0xd20
[  297.534332][T12886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.534361][T12886]  ? __pfx__printk+0x10/0x10
[  297.534397][T12886]  ? __might_fault+0xb0/0x130
[  297.534435][T12886]  should_fail_ex+0x414/0x560
[  297.534461][T12886]  _copy_from_user+0x2d/0xb0
[  297.534490][T12886]  ___sys_sendmsg+0x158/0x2a0
[  297.534520][T12886]  ? __pfx____sys_sendmsg+0x10/0x10
[  297.534587][T12886]  ? __fget_files+0x2a/0x420
[  297.534612][T12886]  ? __fget_files+0x3a0/0x420
[  297.534649][T12886]  __x64_sys_sendmsg+0x19b/0x260
[  297.534678][T12886]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  297.534724][T12886]  ? do_syscall_64+0xba/0x210
[  297.534754][T12886]  do_syscall_64+0xf6/0x210
[  297.534785][T12886]  ? clear_bhb_loop+0x45/0xa0
[  297.534810][T12886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.534829][T12886] RIP: 0033:0x7fb979d8e969
[  297.534847][T12886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.534865][T12886] RSP: 002b:00007fb97ac53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  297.534886][T12886] RAX: ffffffffffffffda RBX: 00007fb979fb5fa0 RCX: 00007fb979d8e969
[  297.534900][T12886] RDX: 00000000200400d4 RSI: 0000200000000140 RDI: 0000000000000004
[  297.534913][T12886] RBP: 00007fb97ac53090 R08: 0000000000000000 R09: 0000000000000000
[  297.534926][T12886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.534937][T12886] R13: 0000000000000000 R14: 00007fb979fb5fa0 R15: 00007ffff4afe818
[  297.534970][T12886]  </TASK>
[  297.867729][T12895] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2815'.
[  298.140890][T12908] FAULT_INJECTION: forcing a failure.
[  298.140890][T12908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.162802][T12908] CPU: 1 UID: 0 PID: 12908 Comm: syz.0.2818 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  298.162829][T12908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.162839][T12908] Call Trace:
[  298.162847][T12908]  <TASK>
[  298.162855][T12908]  dump_stack_lvl+0x189/0x250
[  298.162882][T12908]  ? __lock_acquire+0xaac/0xd20
[  298.162907][T12908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.162929][T12908]  ? __pfx__printk+0x10/0x10
[  298.162945][T12908]  ? __might_fault+0xb0/0x130
[  298.162976][T12908]  should_fail_ex+0x414/0x560
[  298.162997][T12908]  _copy_from_iter+0x1db/0x15a0
[  298.163029][T12908]  ? __pfx__copy_from_iter+0x10/0x10
[  298.163051][T12908]  ? is_bpf_text_address+0x26/0x2b0
[  298.163085][T12908]  tun_get_user+0x20c/0x3c20
[  298.163128][T12908]  ? aa_file_perm+0x11f/0xed0
[  298.163148][T12908]  ? __pfx_tun_get_user+0x10/0x10
[  298.163171][T12908]  ? aa_file_perm+0x11f/0xed0
[  298.163190][T12908]  ? aa_file_perm+0x3e7/0xed0
[  298.163222][T12908]  ? ref_tracker_alloc+0x318/0x460
[  298.163244][T12908]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  298.163269][T12908]  ? tun_get+0x1c/0x2f0
[  298.163299][T12908]  ? tun_get+0x1c/0x2f0
[  298.163324][T12908]  ? tun_get+0x1c/0x2f0
[  298.163354][T12908]  tun_chr_write_iter+0x113/0x200
[  298.163390][T12908]  vfs_write+0x548/0xa90
[  298.163413][T12908]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  298.163437][T12908]  ? __pfx_vfs_write+0x10/0x10
[  298.163464][T12908]  ? __fget_files+0x2a/0x420
[  298.163497][T12908]  ksys_write+0x145/0x250
[  298.163521][T12908]  ? __pfx_ksys_write+0x10/0x10
[  298.163544][T12908]  ? do_syscall_64+0xba/0x210
[  298.163572][T12908]  do_syscall_64+0xf6/0x210
[  298.163597][T12908]  ? clear_bhb_loop+0x45/0xa0
[  298.163628][T12908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.163645][T12908] RIP: 0033:0x7ffbd6b8e969
[  298.163663][T12908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.163680][T12908] RSP: 002b:00007ffbd7958038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  298.163701][T12908] RAX: ffffffffffffffda RBX: 00007ffbd6db6080 RCX: 00007ffbd6b8e969
[  298.163716][T12908] RDX: 000000000000fdef RSI: 00002000000003c0 RDI: 0000000000000003
[  298.163728][T12908] RBP: 00007ffbd7958090 R08: 0000000000000000 R09: 0000000000000000
[  298.163739][T12908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.163750][T12908] R13: 0000000000000001 R14: 00007ffbd6db6080 R15: 00007ffedf7b0058
[  298.163781][T12908]  </TASK>
[  298.251377][T12907] netlink: 'syz.1.2820': attribute type 1 has an invalid length.
[  298.430113][T12907] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2820'.
[  298.600066][T12920] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  298.671477][T12922] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[  298.851874][T12930] x_tables: duplicate underflow at hook 2
[  299.345827][T12940] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.354505][T12940] batadv_slave_0: entered promiscuous mode
[  299.441635][T12942] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2834'.
[  299.456498][T12944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2835'.
[  299.522051][T12942] macvlan2: entered promiscuous mode
[  299.727068][T12961] FAULT_INJECTION: forcing a failure.
[  299.727068][T12961] name failslab, interval 1, probability 0, space 0, times 0
[  299.741536][T12961] CPU: 0 UID: 0 PID: 12961 Comm: syz.0.2842 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  299.741567][T12961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  299.741587][T12961] Call Trace:
[  299.741595][T12961]  <TASK>
[  299.741604][T12961]  dump_stack_lvl+0x189/0x250
[  299.741640][T12961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.741670][T12961]  ? __pfx__printk+0x10/0x10
[  299.741696][T12961]  ? __pfx___might_resched+0x10/0x10
[  299.741719][T12961]  should_fail_ex+0x414/0x560
[  299.741750][T12961]  should_failslab+0xa8/0x100
[  299.741779][T12961]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  299.741805][T12961]  ? __alloc_skb+0x112/0x2d0
[  299.741834][T12961]  __alloc_skb+0x112/0x2d0
[  299.741862][T12961]  netlink_sendmsg+0x5c6/0xb30
[  299.741895][T12961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.741921][T12961]  ? aa_sock_msg_perm+0x94/0x160
[  299.741946][T12961]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  299.741967][T12961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.741991][T12961]  __sock_sendmsg+0x219/0x270
[  299.742014][T12961]  ____sys_sendmsg+0x505/0x830
[  299.742046][T12961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  299.742082][T12961]  ? import_iovec+0x74/0xa0
[  299.742113][T12961]  ___sys_sendmsg+0x21f/0x2a0
[  299.742142][T12961]  ? __pfx____sys_sendmsg+0x10/0x10
[  299.742209][T12961]  ? __fget_files+0x2a/0x420
[  299.742233][T12961]  ? __fget_files+0x3a0/0x420
[  299.742270][T12961]  __x64_sys_sendmsg+0x19b/0x260
[  299.742299][T12961]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  299.742344][T12961]  ? do_syscall_64+0xba/0x210
[  299.742374][T12961]  do_syscall_64+0xf6/0x210
[  299.742398][T12961]  ? asm_sysvec_call_function_single+0x1a/0x20
[  299.742419][T12961]  ? clear_bhb_loop+0x45/0xa0
[  299.742443][T12961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.742462][T12961] RIP: 0033:0x7ffbd6b8e969
[  299.742480][T12961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.742497][T12961] RSP: 002b:00007ffbd7979038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  299.742518][T12961] RAX: ffffffffffffffda RBX: 00007ffbd6db5fa0 RCX: 00007ffbd6b8e969
[  299.742533][T12961] RDX: 0000000000040880 RSI: 0000200000000000 RDI: 0000000000000004
[  299.742546][T12961] RBP: 00007ffbd7979090 R08: 0000000000000000 R09: 0000000000000000
[  299.742558][T12961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.742570][T12961] R13: 0000000000000000 R14: 00007ffbd6db5fa0 R15: 00007ffedf7b0058
[  299.742609][T12961]  </TASK>
[  300.263941][T12972] netlink: 'syz.0.2848': attribute type 10 has an invalid length.
[  300.462624][T12990] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2852'.
[  300.498260][T12991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2853'.
[  300.619192][T12998] netlink: 'syz.3.2856': attribute type 1 has an invalid length.
[  300.627916][T12998] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2856'.
[  300.876102][T13008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'.
[  301.069156][T13025] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2865'.
[  302.253548][T13082] FAULT_INJECTION: forcing a failure.
[  302.253548][T13082] name failslab, interval 1, probability 0, space 0, times 0
[  302.268714][T13082] CPU: 1 UID: 0 PID: 13082 Comm: syz.4.2886 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  302.268743][T13082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.268755][T13082] Call Trace:
[  302.268764][T13082]  <TASK>
[  302.268772][T13082]  dump_stack_lvl+0x189/0x250
[  302.268809][T13082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.268839][T13082]  ? __pfx__printk+0x10/0x10
[  302.268865][T13082]  ? __pfx___might_resched+0x10/0x10
[  302.268888][T13082]  should_fail_ex+0x414/0x560
[  302.268913][T13082]  should_failslab+0xa8/0x100
[  302.268941][T13082]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  302.268967][T13082]  ? __alloc_skb+0x112/0x2d0
[  302.268996][T13082]  __alloc_skb+0x112/0x2d0
[  302.269025][T13082]  netlink_sendmsg+0x5c6/0xb30
[  302.269057][T13082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.269083][T13082]  ? aa_sock_msg_perm+0x94/0x160
[  302.269106][T13082]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  302.269128][T13082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.269150][T13082]  __sock_sendmsg+0x219/0x270
[  302.269173][T13082]  ____sys_sendmsg+0x505/0x830
[  302.269206][T13082]  ? __pfx_____sys_sendmsg+0x10/0x10
[  302.269240][T13082]  ? import_iovec+0x74/0xa0
[  302.269272][T13082]  ___sys_sendmsg+0x21f/0x2a0
[  302.269309][T13082]  ? __pfx____sys_sendmsg+0x10/0x10
[  302.269373][T13082]  ? __fget_files+0x2a/0x420
[  302.269397][T13082]  ? __fget_files+0x3a0/0x420
[  302.269431][T13082]  __x64_sys_sendmsg+0x19b/0x260
[  302.269461][T13082]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  302.269504][T13082]  ? do_syscall_64+0xba/0x210
[  302.269532][T13082]  do_syscall_64+0xf6/0x210
[  302.269555][T13082]  ? clear_bhb_loop+0x45/0xa0
[  302.269577][T13082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.269594][T13082] RIP: 0033:0x7fb979d8e969
[  302.269610][T13082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.269625][T13082] RSP: 002b:00007fb97ac53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.269643][T13082] RAX: ffffffffffffffda RBX: 00007fb979fb5fa0 RCX: 00007fb979d8e969
[  302.269655][T13082] RDX: 00000000200400d4 RSI: 0000200000000140 RDI: 0000000000000004
[  302.269667][T13082] RBP: 00007fb97ac53090 R08: 0000000000000000 R09: 0000000000000000
[  302.269680][T13082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.269691][T13082] R13: 0000000000000000 R14: 00007fb979fb5fa0 R15: 00007ffff4afe818
[  302.269720][T13082]  </TASK>
[  302.584007][T13089] FAULT_INJECTION: forcing a failure.
[  302.584007][T13089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.601444][T13089] CPU: 1 UID: 0 PID: 13089 Comm: syz.2.2890 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  302.601472][T13089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.601484][T13089] Call Trace:
[  302.601493][T13089]  <TASK>
[  302.601501][T13089]  dump_stack_lvl+0x189/0x250
[  302.601533][T13089]  ? __lock_acquire+0xaac/0xd20
[  302.601563][T13089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.601589][T13089]  ? __pfx__printk+0x10/0x10
[  302.601609][T13089]  ? __might_fault+0xb0/0x130
[  302.601647][T13089]  should_fail_ex+0x414/0x560
[  302.601670][T13089]  _copy_from_user+0x2d/0xb0
[  302.601698][T13089]  ___sys_sendmsg+0x158/0x2a0
[  302.601728][T13089]  ? __pfx____sys_sendmsg+0x10/0x10
[  302.601795][T13089]  ? __fget_files+0x2a/0x420
[  302.601820][T13089]  ? __fget_files+0x3a0/0x420
[  302.601856][T13089]  __x64_sys_sendmsg+0x19b/0x260
[  302.601886][T13089]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  302.601930][T13089]  ? do_syscall_64+0xba/0x210
[  302.601958][T13089]  do_syscall_64+0xf6/0x210
[  302.601983][T13089]  ? clear_bhb_loop+0x45/0xa0
[  302.602008][T13089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.602026][T13089] RIP: 0033:0x7f6de5d8e969
[  302.602045][T13089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.602062][T13089] RSP: 002b:00007f6de6b5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.602082][T13089] RAX: ffffffffffffffda RBX: 00007f6de5fb5fa0 RCX: 00007f6de5d8e969
[  302.602096][T13089] RDX: 0000000024008080 RSI: 0000200000000c00 RDI: 0000000000000005
[  302.602109][T13089] RBP: 00007f6de6b5c090 R08: 0000000000000000 R09: 0000000000000000
[  302.602120][T13089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.602131][T13089] R13: 0000000000000000 R14: 00007f6de5fb5fa0 R15: 00007ffc67242aa8
[  302.602162][T13089]  </TASK>
[  302.602707][T13088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  302.858515][T13095] FAULT_INJECTION: forcing a failure.
[  302.858515][T13095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.872272][T13095] CPU: 1 UID: 0 PID: 13095 Comm: syz.1.2893 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  302.872301][T13095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.872314][T13095] Call Trace:
[  302.872322][T13095]  <TASK>
[  302.872330][T13095]  dump_stack_lvl+0x189/0x250
[  302.872368][T13095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.872411][T13095]  ? __pfx__printk+0x10/0x10
[  302.872444][T13095]  should_fail_ex+0x414/0x560
[  302.872468][T13095]  _copy_to_user+0x31/0xb0
[  302.872498][T13095]  simple_read_from_buffer+0xe1/0x170
[  302.872527][T13095]  proc_fail_nth_read+0x1df/0x250
[  302.872559][T13095]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.872590][T13095]  ? rw_verify_area+0x258/0x650
[  302.872609][T13095]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.872638][T13095]  vfs_read+0x1fd/0x980
[  302.872665][T13095]  ? __pfx___mutex_lock+0x10/0x10
[  302.872690][T13095]  ? __pfx_vfs_read+0x10/0x10
[  302.872713][T13095]  ? __fget_files+0x2a/0x420
[  302.872743][T13095]  ? __fget_files+0x3a0/0x420
[  302.872766][T13095]  ? __fget_files+0x2a/0x420
[  302.872801][T13095]  ksys_read+0x145/0x250
[  302.872825][T13095]  ? __pfx_ksys_read+0x10/0x10
[  302.872848][T13095]  ? do_syscall_64+0xba/0x210
[  302.872876][T13095]  do_syscall_64+0xf6/0x210
[  302.872901][T13095]  ? clear_bhb_loop+0x45/0xa0
[  302.872925][T13095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.872944][T13095] RIP: 0033:0x7f43f538d37c
[  302.872962][T13095] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  302.872978][T13095] RSP: 002b:00007f43f611a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  302.872998][T13095] RAX: ffffffffffffffda RBX: 00007f43f55b5fa0 RCX: 00007f43f538d37c
[  302.873013][T13095] RDX: 000000000000000f RSI: 00007f43f611a0a0 RDI: 0000000000000003
[  302.873024][T13095] RBP: 00007f43f611a090 R08: 0000000000000000 R09: 0000000000000000
[  302.873036][T13095] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001
[  302.873048][T13095] R13: 0000000000000001 R14: 00007f43f55b5fa0 R15: 00007ffeda311c78
[  302.873079][T13095]  </TASK>
[  303.582255][T13110] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2900'.
[  303.635050][T13112] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  303.855232][T13121] xt_l2tp: missing protocol rule (udp|l2tpip)
[  304.067291][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  304.077579][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  304.086283][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  304.097710][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  304.107011][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  304.917585][T13150] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2914'.
[  305.024606][T13155] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2914'.
[  305.455096][T13169] bond0: entered promiscuous mode
[  305.466204][T13169] bridge0: entered promiscuous mode
[  305.632269][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2921'.
[  305.638519][T13174] netlink: 'syz.3.2922': attribute type 3 has an invalid length.
[  305.673566][T13129] chnl_net:caif_netlink_parms(): no params data found
[  305.699255][T13174] netlink: 'syz.3.2922': attribute type 11 has an invalid length.
[  305.710116][T13174] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2922'.
[  305.790828][T13175] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2922'.
[  306.007474][T13183] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  306.033456][T13183] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  306.153823][ T5832] Bluetooth: hci1: command tx timeout
[  306.181905][T13129] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.229595][T13129] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.243500][T13129] bridge_slave_0: entered allmulticast mode
[  306.252689][T13129] bridge_slave_0: entered promiscuous mode
[  306.304562][T13129] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.311945][T13129] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.319750][T13129] bridge_slave_1: entered allmulticast mode
[  306.328064][T13129] bridge_slave_1: entered promiscuous mode
[  306.419037][T13129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  306.438195][T13129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  306.492974][T13205] batadv_slave_0: left promiscuous mode
[  306.540712][T13129] team0: Port device team_slave_0 added
[  306.584770][T13129] team0: Port device team_slave_1 added
[  306.760855][T13129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.786260][T13129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.824298][T13129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.866923][T13129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.881945][T13129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.916228][T13129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.945235][T13217] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[  307.020249][T13129] hsr_slave_0: entered promiscuous mode
[  307.027749][T13129] hsr_slave_1: entered promiscuous mode
[  307.472171][T13232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2941'.
[  307.493587][T13129] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  307.505700][T13129] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.541282][T13234] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  307.727790][T13129] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  307.752572][T13129] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.835692][T13129] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  307.856458][T13129] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.919751][T13254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2948'.
[  307.952255][T13254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2948'.
[  308.117818][T13129] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  308.129714][T13129] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.234038][ T5832] Bluetooth: hci1: command tx timeout
[  308.571297][T13129] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  308.588174][T13129] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  308.601159][T13129] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  308.620364][T13129] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  308.650320][T13273] FAULT_INJECTION: forcing a failure.
[  308.650320][T13273] name failslab, interval 1, probability 0, space 0, times 0
[  308.689302][T13273] CPU: 0 UID: 0 PID: 13273 Comm: syz.2.2954 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  308.689332][T13273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  308.689344][T13273] Call Trace:
[  308.689352][T13273]  <TASK>
[  308.689361][T13273]  dump_stack_lvl+0x189/0x250
[  308.689397][T13273]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.689433][T13273]  ? __pfx__printk+0x10/0x10
[  308.689456][T13273]  ? __pfx___might_resched+0x10/0x10
[  308.689475][T13273]  ? fs_reclaim_acquire+0x7d/0x100
[  308.689509][T13273]  should_fail_ex+0x414/0x560
[  308.689535][T13273]  should_failslab+0xa8/0x100
[  308.689564][T13273]  __kmalloc_noprof+0xcb/0x4f0
[  308.689588][T13273]  ? tomoyo_encode+0x28b/0x550
[  308.689617][T13273]  tomoyo_encode+0x28b/0x550
[  308.689647][T13273]  tomoyo_realpath_from_path+0x58d/0x5d0
[  308.689674][T13273]  ? tomoyo_domain+0xda/0x130
[  308.689705][T13273]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  308.689737][T13273]  tomoyo_path_number_perm+0x1e8/0x5a0
[  308.689771][T13273]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  308.689823][T13273]  ? __lock_acquire+0xaac/0xd20
[  308.689872][T13273]  ? __fget_files+0x2a/0x420
[  308.689903][T13273]  ? __fget_files+0x3a0/0x420
[  308.689926][T13273]  ? __fget_files+0x2a/0x420
[  308.689956][T13273]  security_file_ioctl+0xcb/0x2d0
[  308.689990][T13273]  __se_sys_ioctl+0x47/0x170
[  308.690013][T13273]  do_syscall_64+0xf6/0x210
[  308.690040][T13273]  ? clear_bhb_loop+0x45/0xa0
[  308.690066][T13273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.690085][T13273] RIP: 0033:0x7f6de5d8e969
[  308.690103][T13273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.690121][T13273] RSP: 002b:00007f6de6b5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  308.690142][T13273] RAX: ffffffffffffffda RBX: 00007f6de5fb5fa0 RCX: 00007f6de5d8e969
[  308.690157][T13273] RDX: 00002000000004c0 RSI: 0000000000008914 RDI: 0000000000000004
[  308.690169][T13273] RBP: 00007f6de6b5c090 R08: 0000000000000000 R09: 0000000000000000
[  308.690182][T13273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.690194][T13273] R13: 0000000000000000 R14: 00007f6de5fb5fa0 R15: 00007ffc67242aa8
[  308.690227][T13273]  </TASK>
[  308.690249][T13273] ERROR: Out of memory at tomoyo_realpath_from_path.
[  309.032603][T13282] netlink: 'syz.3.2955': attribute type 1 has an invalid length.
[  309.125940][T13282] netlink: 'syz.3.2955': attribute type 11 has an invalid length.
[  309.158097][T13282] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2955'.
[  309.248877][T13129] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.285304][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2961'.
[  309.320818][T13129] 8021q: adding VLAN 0 to HW filter on device team0
[  309.331884][T13292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2961'.
[  309.393547][ T7186] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.400747][ T7186] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.428957][T13298] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  309.514509][T13295] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  309.552242][ T7186] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.559548][ T7186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.848933][T13318] netlink: 'syz.0.2967': attribute type 4 has an invalid length.
[  310.182990][T13129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.313818][ T5832] Bluetooth: hci1: command tx timeout
[  310.788746][T13129] veth0_vlan: entered promiscuous mode
[  310.813454][T13346] netlink: 'syz.1.2976': attribute type 2 has an invalid length.
[  310.847947][T13348] netlink: 'syz.2.2977': attribute type 10 has an invalid length.
[  310.852383][T13129] veth1_vlan: entered promiscuous mode
[  310.952056][T13129] veth0_macvtap: entered promiscuous mode
[  310.990317][T13129] veth1_macvtap: entered promiscuous mode
[  311.030242][T13351] netlink: 'syz.3.2978': attribute type 10 has an invalid length.
[  311.060385][T13129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  311.083442][T13129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.096983][T13129] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.106640][T13129] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.116278][T13129] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.133935][T13129] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.471328][ T7178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.513207][ T7178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.525390][T13375] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  311.618774][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.637484][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.099866][T13391] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2993'.
[  312.122751][T13393] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2994'.
[  312.407723][ T5832] Bluetooth: hci1: command tx timeout
[  312.772482][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  312.785526][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  312.794141][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  312.807268][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  312.815212][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  313.075960][ T7192] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.299427][ T7192] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.721288][ T7192] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.846408][T13436] batadv0: entered promiscuous mode
[  313.865289][T13436] team0: entered promiscuous mode
[  313.878118][T13436] team_slave_0: entered promiscuous mode
[  313.907233][T13436] hsr1: entered promiscuous mode
[  313.918320][T13436] hsr1: entered allmulticast mode
[  313.984176][T13436] batadv0: entered allmulticast mode
[  313.993708][T13436] team0: entered allmulticast mode
[  313.998876][T13436] team_slave_0: entered allmulticast mode
[  314.068069][ T7192] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.396802][T13453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3009'.
[  314.424404][T13453] openvswitch: netlink: Flow key attr not present in new flow.
[  314.875250][ T5832] Bluetooth: hci5: command tx timeout
[  315.012797][T13475] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3014'.
[  315.540676][ T7192] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  315.562078][ T7192] bridge0 (unregistering): left promiscuous mode
[  315.741778][ T7192] bond0 (unregistering): Released all slaves
[  315.759624][ T7192] bond1 (unregistering): Released all slaves
[  315.779020][ T7192] bond2 (unregistering): Released all slaves
[  315.799699][ T7192] bond3 (unregistering): Released all slaves
[  315.816403][ T7192] bond4 (unregistering): Released all slaves
[  315.832277][ T7192] bond5 (unregistering): Released all slaves
[  316.115581][T13510] FAULT_INJECTION: forcing a failure.
[  316.115581][T13510] name failslab, interval 1, probability 0, space 0, times 0
[  316.166699][T13510] CPU: 1 UID: 0 PID: 13510 Comm: syz.0.3023 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  316.166732][T13510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.166744][T13510] Call Trace:
[  316.166753][T13510]  <TASK>
[  316.166761][T13510]  dump_stack_lvl+0x189/0x250
[  316.166798][T13510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.166828][T13510]  ? __pfx__printk+0x10/0x10
[  316.166854][T13510]  ? __pfx___might_resched+0x10/0x10
[  316.166879][T13510]  should_fail_ex+0x414/0x560
[  316.166904][T13510]  should_failslab+0xa8/0x100
[  316.166932][T13510]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  316.166959][T13510]  ? __alloc_skb+0x112/0x2d0
[  316.166987][T13510]  __alloc_skb+0x112/0x2d0
[  316.167020][T13510]  netlink_sendmsg+0x5c6/0xb30
[  316.167054][T13510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.167081][T13510]  ? aa_sock_msg_perm+0x94/0x160
[  316.167105][T13510]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  316.167128][T13510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.167151][T13510]  __sock_sendmsg+0x219/0x270
[  316.167174][T13510]  ____sys_sendmsg+0x505/0x830
[  316.167207][T13510]  ? __pfx_____sys_sendmsg+0x10/0x10
[  316.167244][T13510]  ? import_iovec+0x74/0xa0
[  316.167276][T13510]  ___sys_sendmsg+0x21f/0x2a0
[  316.167304][T13510]  ? __pfx____sys_sendmsg+0x10/0x10
[  316.167370][T13510]  ? __fget_files+0x2a/0x420
[  316.167394][T13510]  ? __fget_files+0x3a0/0x420
[  316.167430][T13510]  __x64_sys_sendmsg+0x19b/0x260
[  316.167460][T13510]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  316.167505][T13510]  ? do_syscall_64+0xba/0x210
[  316.167535][T13510]  do_syscall_64+0xf6/0x210
[  316.167560][T13510]  ? clear_bhb_loop+0x45/0xa0
[  316.167585][T13510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.167604][T13510] RIP: 0033:0x7ffbd6b8e969
[  316.167622][T13510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.167644][T13510] RSP: 002b:00007ffbd7979038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  316.167666][T13510] RAX: ffffffffffffffda RBX: 00007ffbd6db5fa0 RCX: 00007ffbd6b8e969
[  316.167681][T13510] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  316.167693][T13510] RBP: 00007ffbd7979090 R08: 0000000000000000 R09: 0000000000000000
[  316.167705][T13510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.167717][T13510] R13: 0000000000000000 R14: 00007ffbd6db5fa0 R15: 00007ffedf7b0058
[  316.167749][T13510]  </TASK>
[  316.614572][T13519] FAULT_INJECTION: forcing a failure.
[  316.614572][T13519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  316.671119][T13519] CPU: 0 UID: 0 PID: 13519 Comm: syz.2.3026 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  316.671149][T13519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.671161][T13519] Call Trace:
[  316.671170][T13519]  <TASK>
[  316.671179][T13519]  dump_stack_lvl+0x189/0x250
[  316.671216][T13519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.671245][T13519]  ? __pfx__printk+0x10/0x10
[  316.671279][T13519]  should_fail_ex+0x414/0x560
[  316.671305][T13519]  _copy_to_user+0x31/0xb0
[  316.671337][T13519]  simple_read_from_buffer+0xe1/0x170
[  316.671368][T13519]  proc_fail_nth_read+0x1df/0x250
[  316.671399][T13519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  316.671430][T13519]  ? rw_verify_area+0x258/0x650
[  316.671451][T13519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  316.671479][T13519]  vfs_read+0x1fd/0x980
[  316.671506][T13519]  ? __pfx___mutex_lock+0x10/0x10
[  316.671532][T13519]  ? __pfx_vfs_read+0x10/0x10
[  316.671555][T13519]  ? __fget_files+0x2a/0x420
[  316.671586][T13519]  ? __fget_files+0x3a0/0x420
[  316.671610][T13519]  ? __fget_files+0x2a/0x420
[  316.671646][T13519]  ksys_read+0x145/0x250
[  316.671671][T13519]  ? __pfx_ksys_read+0x10/0x10
[  316.671697][T13519]  ? do_syscall_64+0xba/0x210
[  316.671727][T13519]  do_syscall_64+0xf6/0x210
[  316.671753][T13519]  ? clear_bhb_loop+0x45/0xa0
[  316.671784][T13519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.671803][T13519] RIP: 0033:0x7f6de5d8d37c
[  316.671822][T13519] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  316.671839][T13519] RSP: 002b:00007f6de6b5c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  316.671860][T13519] RAX: ffffffffffffffda RBX: 00007f6de5fb5fa0 RCX: 00007f6de5d8d37c
[  316.671875][T13519] RDX: 000000000000000f RSI: 00007f6de6b5c0a0 RDI: 0000000000000005
[  316.671887][T13519] RBP: 00007f6de6b5c090 R08: 0000000000000000 R09: 0000000000000000
[  316.671899][T13519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.671911][T13519] R13: 0000000000000000 R14: 00007f6de5fb5fa0 R15: 00007ffc67242aa8
[  316.671945][T13519]  </TASK>
[  316.942473][T13409] chnl_net:caif_netlink_parms(): no params data found
[  316.974333][ T5832] Bluetooth: hci5: command tx timeout
[  317.331938][T13540] netlink: 'syz.0.3032': attribute type 10 has an invalid length.
[  317.918036][T13565] xt_TCPMSS: Only works on TCP SYN packets
[  318.000437][ T7192] hsr_slave_0: left promiscuous mode
[  318.016709][ T7192] hsr_slave_1: left promiscuous mode
[  318.113101][ T7192] veth1_macvtap: left promiscuous mode
[  318.140654][ T7192] veth0_macvtap: left promiscuous mode
[  318.167211][ T7192] veth1_vlan: left promiscuous mode
[  318.192689][ T7192] veth0_vlan: left promiscuous mode
[  318.768371][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3046'.
[  319.034052][ T5832] Bluetooth: hci5: command tx timeout
[  319.422997][ T7192] lo (unregistering): left allmulticast mode
[  319.462418][T13409] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.472603][T13409] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.484425][T13409] bridge_slave_0: entered allmulticast mode
[  319.492582][T13409] bridge_slave_0: entered promiscuous mode
[  319.596514][T13409] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.632089][T13409] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.643954][T13409] bridge_slave_1: entered allmulticast mode
[  319.652599][T13409] bridge_slave_1: entered promiscuous mode
[  319.854850][T13409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.892443][T13409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.939871][T13607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  320.071492][T13409] team0: Port device team_slave_0 added
[  320.093523][T13409] team0: Port device team_slave_1 added
[  320.197349][T13409] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.216905][T13409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.251236][T13409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.291322][T13409] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.308815][T13409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.376586][T13409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.433426][ T7192] IPVS: stop unused estimator thread 0...
[  320.618552][T13409] hsr_slave_0: entered promiscuous mode
[  320.639194][T13409] hsr_slave_1: entered promiscuous mode
[  320.652041][T13409] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  320.660294][T13409] Cannot create hsr debugfs directory
[  320.739632][T13639] bond0: entered promiscuous mode
[  320.753805][T13639] bond_slave_0: entered promiscuous mode
[  320.759723][T13639] bond_slave_1: entered promiscuous mode
[  321.113996][ T5832] Bluetooth: hci5: command tx timeout
[  321.249879][T13658] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3062'.
[  321.780923][T13680] netlink: 'syz.4.3066': attribute type 4 has an invalid length.
[  322.682143][T13409] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  322.787496][T13409] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  322.846824][T13409] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  322.908390][T13409] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  323.482111][T13409] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.715740][T13409] 8021q: adding VLAN 0 to HW filter on device team0
[  323.784616][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.791827][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.878725][ T7178] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.885991][ T7178] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.587841][T13773] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  324.627002][T13773] netlink: 'syz.3.3088': attribute type 7 has an invalid length.
[  324.967192][T13409] 8021q: adding VLAN 0 to HW filter on device batadv0
[  325.499976][T13409] veth0_vlan: entered promiscuous mode
[  325.546408][T13409] veth1_vlan: entered promiscuous mode
[  325.750693][T13409] veth0_macvtap: entered promiscuous mode
[  325.778180][T13409] veth1_macvtap: entered promiscuous mode
[  325.881487][T13409] batman_adv: batadv0: Interface activated: batadv_slave_0
[  325.966593][T13409] batman_adv: batadv0: Interface activated: batadv_slave_1
[  326.007382][T13409] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  326.020027][T13409] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  326.037592][T13409] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  326.037780][T13828] netlink: 'syz.4.3102': attribute type 1 has an invalid length.
[  326.058274][T13409] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  326.073574][T13828] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3102'.
[  326.148438][T13826] FAULT_INJECTION: forcing a failure.
[  326.148438][T13826] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.188978][T13826] CPU: 0 UID: 0 PID: 13826 Comm: syz.0.3103 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  326.189008][T13826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.189020][T13826] Call Trace:
[  326.189028][T13826]  <TASK>
[  326.189036][T13826]  dump_stack_lvl+0x189/0x250
[  326.189067][T13826]  ? __lock_acquire+0xaac/0xd20
[  326.189097][T13826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.189125][T13826]  ? __pfx__printk+0x10/0x10
[  326.189151][T13826]  ? __might_fault+0xb0/0x130
[  326.189187][T13826]  should_fail_ex+0x414/0x560
[  326.189212][T13826]  _copy_from_user+0x2d/0xb0
[  326.189239][T13826]  sock_do_ioctl+0x182/0x300
[  326.189272][T13826]  ? __pfx_sock_do_ioctl+0x10/0x10
[  326.189319][T13826]  sock_ioctl+0x576/0x790
[  326.189351][T13826]  ? __pfx_sock_ioctl+0x10/0x10
[  326.189383][T13826]  ? __fget_files+0x3a0/0x420
[  326.189408][T13826]  ? __fget_files+0x2a/0x420
[  326.189435][T13826]  ? bpf_lsm_file_ioctl+0x9/0x20
[  326.189460][T13826]  ? __pfx_sock_ioctl+0x10/0x10
[  326.189488][T13826]  __se_sys_ioctl+0xf9/0x170
[  326.189510][T13826]  do_syscall_64+0xf6/0x210
[  326.189536][T13826]  ? clear_bhb_loop+0x45/0xa0
[  326.189561][T13826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.189579][T13826] RIP: 0033:0x7ffbd6b8e969
[  326.189596][T13826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.189612][T13826] RSP: 002b:00007ffbd7979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  326.189633][T13826] RAX: ffffffffffffffda RBX: 00007ffbd6db5fa0 RCX: 00007ffbd6b8e969
[  326.189647][T13826] RDX: 00002000000004c0 RSI: 0000000000008914 RDI: 0000000000000006
[  326.189658][T13826] RBP: 00007ffbd7979090 R08: 0000000000000000 R09: 0000000000000000
[  326.189670][T13826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.189681][T13826] R13: 0000000000000000 R14: 00007ffbd6db5fa0 R15: 00007ffedf7b0058
[  326.189713][T13826]  </TASK>
[  326.200998][T13836] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3105'.
[  326.578784][ T5916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  326.609193][ T5916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  326.775634][ T7186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  326.818470][ T7186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.251104][T13891] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3118'.
[  328.550486][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  328.567068][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  328.583817][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  328.592741][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  328.601270][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  329.035822][T13914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3123'.
[  330.076734][T13934] netlink: 'syz.2.3127': attribute type 3 has an invalid length.
[  330.465225][T13945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3129'.
[  330.640771][ T7192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  330.650266][ T7192] bond_slave_0: left promiscuous mode
[  330.660401][ T7192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  330.671793][ T7192] bond_slave_1: left promiscuous mode
[  330.682089][ T7192] bond0 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  330.691978][ T7192] veth0_to_bond: left promiscuous mode
[  330.700487][ T7192] bond0 (unregistering): (slave bond5): Releasing backup interface
[  330.709795][ T7192] bond5 (unregistering): left promiscuous mode
[  330.716520][ T5832] Bluetooth: hci0: command tx timeout
[  330.724608][ T7192] bond0 (unregistering): Released all slaves
[  330.744409][ T7192] bond1 (unregistering): Released all slaves
[  330.763301][ T7192] bond2 (unregistering): Released all slaves
[  330.791986][ T7192] bond3 (unregistering): Released all slaves
[  330.820196][ T7192] bond4 (unregistering): Released all slaves
[  330.968194][ T7192] bond5 (unregistering): Released all slaves
[  331.021571][T13934] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3127'.
[  331.043328][T13929] batadv_slave_0: entered promiscuous mode
[  331.147075][T13961] netlink: 'syz.2.3130': attribute type 1 has an invalid length.
[  331.243295][T13967] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3131'.
[  331.252798][T13967] openvswitch: netlink: Flow key attr not present in new flow.
[  331.314353][ T7192] tipc: Disabling bearer <udp:syz0>
[  331.349782][ T7192] tipc: Left network mode
[  331.373558][T13971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3132'.
[  331.664104][T13974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3133'.
[  331.735026][T13981] xt_hashlimit: size too large, truncated to 1048576
[  331.784057][T13985] xt_hashlimit: size too large, truncated to 1048576
[  332.765629][T14002] FAULT_INJECTION: forcing a failure.
[  332.765629][T14002] name failslab, interval 1, probability 0, space 0, times 0
[  332.795089][ T5832] Bluetooth: hci0: command tx timeout
[  332.803711][T14002] CPU: 0 UID: 0 PID: 14002 Comm: syz.3.3136 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  332.803736][T14002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  332.803749][T14002] Call Trace:
[  332.803757][T14002]  <TASK>
[  332.803766][T14002]  dump_stack_lvl+0x189/0x250
[  332.803801][T14002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.803829][T14002]  ? __pfx__printk+0x10/0x10
[  332.803854][T14002]  ? ref_tracker_alloc+0x318/0x460
[  332.803880][T14002]  should_fail_ex+0x414/0x560
[  332.803905][T14002]  should_failslab+0xa8/0x100
[  332.803934][T14002]  kmem_cache_alloc_noprof+0x73/0x3c0
[  332.803958][T14002]  ? skb_clone+0x212/0x3a0
[  332.803991][T14002]  skb_clone+0x212/0x3a0
[  332.804024][T14002]  __netlink_deliver_tap+0x404/0x850
[  332.804061][T14002]  ? netlink_deliver_tap+0x2e/0x1b0
[  332.804085][T14002]  netlink_deliver_tap+0x19c/0x1b0
[  332.804109][T14002]  netlink_unicast+0x72f/0x8d0
[  332.804141][T14002]  netlink_sendmsg+0x805/0xb30
[  332.804175][T14002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  332.804202][T14002]  ? aa_sock_msg_perm+0x94/0x160
[  332.804227][T14002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  332.804258][T14002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  332.804282][T14002]  __sock_sendmsg+0x219/0x270
[  332.804306][T14002]  ____sys_sendmsg+0x505/0x830
[  332.804340][T14002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  332.804377][T14002]  ? import_iovec+0x74/0xa0
[  332.804409][T14002]  ___sys_sendmsg+0x21f/0x2a0
[  332.804438][T14002]  ? __pfx____sys_sendmsg+0x10/0x10
[  332.804508][T14002]  ? __fget_files+0x2a/0x420
[  332.804534][T14002]  ? __fget_files+0x3a0/0x420
[  332.804571][T14002]  __x64_sys_sendmsg+0x19b/0x260
[  332.804602][T14002]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  332.804648][T14002]  ? do_syscall_64+0xba/0x210
[  332.804679][T14002]  do_syscall_64+0xf6/0x210
[  332.804722][T14002]  ? clear_bhb_loop+0x45/0xa0
[  332.804748][T14002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.804767][T14002] RIP: 0033:0x7f03f7f8e969
[  332.804785][T14002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.804802][T14002] RSP: 002b:00007f03f8d6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  332.804823][T14002] RAX: ffffffffffffffda RBX: 00007f03f81b5fa0 RCX: 00007f03f7f8e969
[  332.804838][T14002] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  332.804850][T14002] RBP: 00007f03f8d6c090 R08: 0000000000000000 R09: 0000000000000000
[  332.804863][T14002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.804874][T14002] R13: 0000000000000000 R14: 00007f03f81b5fa0 R15: 00007ffdde09f648
[  332.804907][T14002]  </TASK>
[  333.211724][T14006] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3138'.
[  333.392525][T14012] Bluetooth: MGMT ver 1.23
[  333.787978][T14030] netlink: 'syz.1.3143': attribute type 1 has an invalid length.
[  333.798976][T13900] chnl_net:caif_netlink_parms(): no params data found
[  333.888384][T14033] netlink: 'syz.4.3144': attribute type 10 has an invalid length.
[  333.917921][ T7192] hsr_slave_0: left promiscuous mode
[  333.964481][ T7192] hsr_slave_1: left promiscuous mode
[  333.978050][ T7192] batman_adv: batadv0: Removing interface: batadv_slave_0
[  333.998750][ T7192] batman_adv: batadv0: Removing interface: batadv_slave_1
[  334.248570][T14020] FAULT_INJECTION: forcing a failure.
[  334.248570][T14020] name fail_futex, interval 1, probability 0, space 0, times 1
[  334.264309][T14020] CPU: 1 UID: 0 PID: 14020 Comm: syz.2.3140 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  334.264338][T14020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.264351][T14020] Call Trace:
[  334.264360][T14020]  <TASK>
[  334.264368][T14020]  dump_stack_lvl+0x189/0x250
[  334.264406][T14020]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.264435][T14020]  ? __pfx__printk+0x10/0x10
[  334.264469][T14020]  should_fail_ex+0x414/0x560
[  334.264494][T14020]  get_futex_key+0x240/0xe10
[  334.264515][T14020]  ? look_up_lock_class+0x74/0x170
[  334.264543][T14020]  ? __pfx_get_futex_key+0x10/0x10
[  334.264566][T14020]  ? __lock_acquire+0xaac/0xd20
[  334.264601][T14020]  futex_wake+0xf8/0x500
[  334.264632][T14020]  ? __pfx_futex_wake+0x10/0x10
[  334.264676][T14020]  do_futex+0x395/0x420
[  334.264703][T14020]  ? __pfx_do_futex+0x10/0x10
[  334.264727][T14020]  ? __might_fault+0xb0/0x130
[  334.264756][T14020]  mm_release+0x188/0x390
[  334.264776][T14020]  ? __pfx_mm_release+0x10/0x10
[  334.264793][T14020]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.264829][T14020]  exit_mm+0xa8/0x2c0
[  334.264855][T14020]  ? __pfx_exit_mm+0x10/0x10
[  334.264878][T14020]  ? taskstats_exit+0x43c/0xa30
[  334.264899][T14020]  ? do_exit+0x577/0x2550
[  334.264922][T14020]  ? seccomp_filter_release+0xe3/0x120
[  334.264995][T14020]  do_exit+0x859/0x2550
[  334.265029][T14020]  ? do_raw_spin_lock+0x121/0x290
[  334.265051][T14020]  ? __pfx_do_exit+0x10/0x10
[  334.265074][T14020]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  334.265125][T14020]  do_group_exit+0x21c/0x2d0
[  334.265149][T14020]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.265175][T14020]  get_signal+0x125e/0x1310
[  334.265228][T14020]  arch_do_signal_or_restart+0x95/0x780
[  334.265252][T14020]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  334.265286][T14020]  ? local_irq_enable_exit_to_user+0x5/0x10
[  334.265320][T14020]  syscall_exit_to_user_mode+0x8b/0x120
[  334.265346][T14020]  do_syscall_64+0x103/0x210
[  334.265371][T14020]  ? clear_bhb_loop+0x45/0xa0
[  334.265397][T14020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.265416][T14020] RIP: 0033:0x7f6de5d8e969
[  334.265434][T14020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.265451][T14020] RSP: 002b:00007f6de6b3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  334.265472][T14020] RAX: fffffffffffffe00 RBX: 00007f6de5fb6080 RCX: 00007f6de5d8e969
[  334.265487][T14020] RDX: 0000000000008000 RSI: 0000200000000580 RDI: 0000000000000003
[  334.265500][T14020] RBP: 00007f6de6b3b090 R08: 0000000000000000 R09: 0000000000000000
[  334.265513][T14020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.265525][T14020] R13: 0000000000000001 R14: 00007f6de5fb6080 R15: 00007ffc67242aa8
[  334.265557][T14020]  </TASK>
[  334.874956][ T5832] Bluetooth: hci0: command tx timeout
[  335.250101][ T7192] team0 (unregistering): Port device team_slave_1 removed
[  335.313420][ T7192] team0 (unregistering): Port device team_slave_0 removed
[  335.353121][ T1040] smc: removing ib device syz0
[  335.722319][T14033] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.729996][T14033] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.751804][T14033] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.759084][T14033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  335.766715][T14033] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.773961][T14033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.787115][T14033] bridge0: entered promiscuous mode
[  335.792846][T14033] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  335.801751][T14041] netlink: 'syz.1.3146': attribute type 29 has an invalid length.
[  336.076040][T14068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3151'.
[  336.119697][T14068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3151'.
[  336.378335][T14085] netlink: 'syz.2.3154': attribute type 1 has an invalid length.
[  336.456624][T13900] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.490861][T13900] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.533925][T13900] bridge_slave_0: entered allmulticast mode
[  336.571474][T13900] bridge_slave_0: entered promiscuous mode
[  336.651013][T13900] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.671582][T13900] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.695659][T13900] bridge_slave_1: entered allmulticast mode
[  336.718827][T13900] bridge_slave_1: entered promiscuous mode
[  336.909888][T14091] bond0: left promiscuous mode
[  336.923716][T14091] bond_slave_0: left promiscuous mode
[  336.929396][T14091] bond_slave_1: left promiscuous mode
[  336.963723][ T5832] Bluetooth: hci0: command tx timeout
[  336.980312][T14091] bridge0: left promiscuous mode
[  337.377483][T14116] netlink: 'syz.4.3161': attribute type 1 has an invalid length.
[  337.506824][T13900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  337.636432][T13900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  338.000332][T13900] team0: Port device team_slave_0 added
[  338.049371][T14139] netlink: 'syz.4.3167': attribute type 1 has an invalid length.
[  338.141477][T13900] team0: Port device team_slave_1 added
[  338.175742][T14137] netlink: 'syz.1.3166': attribute type 1 has an invalid length.
[  338.183535][T14137] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3166'.
[  338.251454][T14148] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3168'.
[  338.581976][T13900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  338.611674][T13900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  338.701475][T13900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  338.783428][T13900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  338.828228][T13900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  338.868340][T13900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  339.116980][T14159] netlink: 'syz.3.3173': attribute type 9 has an invalid length.
[  339.220307][T14164] netlink: 'syz.2.3174': attribute type 4 has an invalid length.
[  339.299478][T14164] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3174'.
[  339.327522][T13900] hsr_slave_0: entered promiscuous mode
[  339.350310][T13900] hsr_slave_1: entered promiscuous mode
[  339.382861][T13900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  339.403171][T13900] Cannot create hsr debugfs directory
[  339.967170][T14193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  340.257293][T14209] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3185'.
[  340.294435][T14209] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3185'.
[  340.591976][T14222] netlink: 192 bytes leftover after parsing attributes in process `syz.1.3188'.
[  341.417988][T13900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  341.447797][T13900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  341.578393][T13900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  341.622631][T13900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  341.642722][T14257] netlink: 'syz.2.3198': attribute type 29 has an invalid length.
[  341.673210][T14260] FAULT_INJECTION: forcing a failure.
[  341.673210][T14260] name failslab, interval 1, probability 0, space 0, times 0
[  341.687390][T14260] CPU: 1 UID: 0 PID: 14260 Comm: syz.1.3199 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  341.687420][T14260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  341.687441][T14260] Call Trace:
[  341.687449][T14260]  <TASK>
[  341.687457][T14260]  dump_stack_lvl+0x189/0x250
[  341.687494][T14260]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.687522][T14260]  ? __pfx__printk+0x10/0x10
[  341.687548][T14260]  ? __pfx___might_resched+0x10/0x10
[  341.687566][T14260]  ? fs_reclaim_acquire+0x7d/0x100
[  341.687601][T14260]  should_fail_ex+0x414/0x560
[  341.687627][T14260]  should_failslab+0xa8/0x100
[  341.687654][T14260]  __kmalloc_cache_noprof+0x70/0x3d0
[  341.687677][T14260]  ? flow_change+0x437/0x1a50
[  341.687702][T14260]  flow_change+0x437/0x1a50
[  341.687722][T14260]  ? __pfx___mutex_lock+0x10/0x10
[  341.687748][T14260]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  341.687780][T14260]  ? __pfx_flow_change+0x10/0x10
[  341.687827][T14260]  tc_new_tfilter+0xdc7/0x15b0
[  341.687886][T14260]  ? __pfx_tc_new_tfilter+0x10/0x10
[  341.687949][T14260]  ? __pfx_tc_new_tfilter+0x10/0x10
[  341.687973][T14260]  rtnetlink_rcv_msg+0x7cc/0xb70
[  341.687999][T14260]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  341.688024][T14260]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  341.688051][T14260]  ? ref_tracker_free+0x63a/0x7d0
[  341.688070][T14260]  ? __copy_skb_header+0xa7/0x550
[  341.688107][T14260]  netlink_rcv_skb+0x219/0x490
[  341.688130][T14260]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  341.688153][T14260]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  341.688198][T14260]  ? netlink_deliver_tap+0x2e/0x1b0
[  341.688220][T14260]  ? netlink_deliver_tap+0x2e/0x1b0
[  341.688248][T14260]  netlink_unicast+0x758/0x8d0
[  341.688280][T14260]  netlink_sendmsg+0x805/0xb30
[  341.688311][T14260]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.688335][T14260]  ? aa_sock_msg_perm+0x94/0x160
[  341.688357][T14260]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  341.688377][T14260]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.688399][T14260]  __sock_sendmsg+0x219/0x270
[  341.688430][T14260]  ____sys_sendmsg+0x505/0x830
[  341.688462][T14260]  ? __pfx_____sys_sendmsg+0x10/0x10
[  341.688500][T14260]  ? import_iovec+0x74/0xa0
[  341.688532][T14260]  ___sys_sendmsg+0x21f/0x2a0
[  341.688561][T14260]  ? __pfx____sys_sendmsg+0x10/0x10
[  341.688627][T14260]  ? __fget_files+0x2a/0x420
[  341.688651][T14260]  ? __fget_files+0x3a0/0x420
[  341.688690][T14260]  __x64_sys_sendmsg+0x19b/0x260
[  341.688720][T14260]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  341.688766][T14260]  ? do_syscall_64+0xba/0x210
[  341.688795][T14260]  do_syscall_64+0xf6/0x210
[  341.688820][T14260]  ? clear_bhb_loop+0x45/0xa0
[  341.688845][T14260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.688864][T14260] RIP: 0033:0x7f869058e969
[  341.688882][T14260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.688899][T14260] RSP: 002b:00007f8691382038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  341.688920][T14260] RAX: ffffffffffffffda RBX: 00007f86907b5fa0 RCX: 00007f869058e969
[  341.688935][T14260] RDX: 00000000200400d4 RSI: 0000200000000140 RDI: 0000000000000004
[  341.688948][T14260] RBP: 00007f8691382090 R08: 0000000000000000 R09: 0000000000000000
[  341.688960][T14260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  341.688972][T14260] R13: 0000000000000000 R14: 00007f86907b5fa0 R15: 00007ffe975050a8
[  341.689005][T14260]  </TASK>
[  342.152887][T14257] netlink: 'syz.2.3198': attribute type 29 has an invalid length.
[  342.279301][T13900] 8021q: adding VLAN 0 to HW filter on device bond0
[  342.302975][T13900] 8021q: adding VLAN 0 to HW filter on device team0
[  342.332748][T14267] FAULT_INJECTION: forcing a failure.
[  342.332748][T14267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  342.335945][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.346118][T14267] CPU: 1 UID: 0 PID: 14267 Comm: syz.2.3201 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  342.346147][T14267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.346161][T14267] Call Trace:
[  342.346170][T14267]  <TASK>
[  342.346179][T14267]  dump_stack_lvl+0x189/0x250
[  342.346213][T14267]  ? __lock_acquire+0xaac/0xd20
[  342.346247][T14267]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.346277][T14267]  ? __pfx__printk+0x10/0x10
[  342.346298][T14267]  ? __might_fault+0xb0/0x130
[  342.346338][T14267]  should_fail_ex+0x414/0x560
[  342.346366][T14267]  _copy_from_user+0x2d/0xb0
[  342.346405][T14267]  ____sys_sendmsg+0x2fe/0x830
[  342.346440][T14267]  ? __pfx_____sys_sendmsg+0x10/0x10
[  342.346479][T14267]  ? import_iovec+0x74/0xa0
[  342.346512][T14267]  ___sys_sendmsg+0x21f/0x2a0
[  342.346543][T14267]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.346613][T14267]  ? __fget_files+0x2a/0x420
[  342.346639][T14267]  ? __fget_files+0x3a0/0x420
[  342.346678][T14267]  __x64_sys_sendmsg+0x19b/0x260
[  342.346709][T14267]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.346757][T14267]  ? do_syscall_64+0xba/0x210
[  342.346788][T14267]  do_syscall_64+0xf6/0x210
[  342.346816][T14267]  ? clear_bhb_loop+0x45/0xa0
[  342.346842][T14267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.346863][T14267] RIP: 0033:0x7f6de5d8e969
[  342.346882][T14267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.346900][T14267] RSP: 002b:00007f6de6b5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.346924][T14267] RAX: ffffffffffffffda RBX: 00007f6de5fb5fa0 RCX: 00007f6de5d8e969
[  342.346940][T14267] RDX: 0000000004000081 RSI: 0000200000000000 RDI: 0000000000000003
[  342.346954][T14267] RBP: 00007f6de6b5c090 R08: 0000000000000000 R09: 0000000000000000
[  342.346967][T14267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.346979][T14267] R13: 0000000000000000 R14: 00007f6de5fb5fa0 R15: 00007ffc67242aa8
[  342.347014][T14267]  </TASK>
[  342.554996][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  342.590066][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.597370][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  342.668339][T14276] FAULT_INJECTION: forcing a failure.
[  342.668339][T14276] name failslab, interval 1, probability 0, space 0, times 0
[  342.695748][T14276] CPU: 0 UID: 0 PID: 14276 Comm: syz.3.3205 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  342.695779][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.695791][T14276] Call Trace:
[  342.695799][T14276]  <TASK>
[  342.695808][T14276]  dump_stack_lvl+0x189/0x250
[  342.695846][T14276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.695874][T14276]  ? __pfx__printk+0x10/0x10
[  342.695901][T14276]  ? __pfx___might_resched+0x10/0x10
[  342.695925][T14276]  should_fail_ex+0x414/0x560
[  342.695951][T14276]  should_failslab+0xa8/0x100
[  342.695979][T14276]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  342.696005][T14276]  ? __alloc_skb+0x112/0x2d0
[  342.696034][T14276]  __alloc_skb+0x112/0x2d0
[  342.696061][T14276]  netlink_sendmsg+0x5c6/0xb30
[  342.696096][T14276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.696121][T14276]  ? aa_sock_msg_perm+0x94/0x160
[  342.696144][T14276]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  342.696165][T14276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.696187][T14276]  __sock_sendmsg+0x219/0x270
[  342.696210][T14276]  ____sys_sendmsg+0x505/0x830
[  342.696241][T14276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  342.696276][T14276]  ? import_iovec+0x74/0xa0
[  342.696305][T14276]  ___sys_sendmsg+0x21f/0x2a0
[  342.696333][T14276]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.696411][T14276]  ? __fget_files+0x2a/0x420
[  342.696437][T14276]  ? __fget_files+0x3a0/0x420
[  342.696473][T14276]  __x64_sys_sendmsg+0x19b/0x260
[  342.696500][T14276]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.696543][T14276]  ? do_syscall_64+0xba/0x210
[  342.696572][T14276]  do_syscall_64+0xf6/0x210
[  342.696597][T14276]  ? clear_bhb_loop+0x45/0xa0
[  342.696628][T14276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.696646][T14276] RIP: 0033:0x7f03f7f8e969
[  342.696663][T14276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.696681][T14276] RSP: 002b:00007f03f8d6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.696701][T14276] RAX: ffffffffffffffda RBX: 00007f03f81b5fa0 RCX: 00007f03f7f8e969
[  342.696716][T14276] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  342.696728][T14276] RBP: 00007f03f8d6c090 R08: 0000000000000000 R09: 0000000000000000
[  342.696740][T14276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.696751][T14276] R13: 0000000000000000 R14: 00007f03f81b5fa0 R15: 00007ffdde09f648
[  342.696783][T14276]  </TASK>
[  343.148873][ T5884] IPVS: starting estimator thread 0...
[  343.274799][T14288] IPVS: using max 26 ests per chain, 62400 per kthread
[  343.841535][T14309] netlink: 'syz.2.3213': attribute type 2 has an invalid length.
[  343.983593][T13900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.171953][T13900] veth0_vlan: entered promiscuous mode
[  344.220048][T13900] veth1_vlan: entered promiscuous mode
[  344.239392][T14318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3215'.
[  344.283515][T13900] veth0_macvtap: entered promiscuous mode
[  344.306080][T13900] veth1_macvtap: entered promiscuous mode
[  344.358572][T13900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.417669][T13900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.453890][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  344.465024][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  344.489871][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  344.502902][T13900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.523284][T13900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.548897][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  344.556910][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  344.566931][T13900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.576468][T13900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.738116][T14306] infiniband syz0: set down
[  344.742712][T14306] infiniband syz0: added bond_slave_1
[  344.783966][T14306] syz0: rxe_create_cq: returned err = -12
[  344.790248][T14306] infiniband syz0: Couldn't create ib_mad CQ
[  344.824376][T14306] infiniband syz0: Couldn't open port 1
[  344.930272][ T7178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.968321][ T7178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.971530][T14306] RDS/IB: syz0: added
[  344.991939][T14306] smc: adding ib device syz0 with port count 1
[  345.029491][T14306] smc:    ib device syz0 port 1 has pnetid 
[  345.099898][ T7192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.137758][ T7192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.031312][T14322] chnl_net:caif_netlink_parms(): no params data found
[  346.266346][T14322] bridge0: port 1(bridge_slave_0) entered blocking state
[  346.287399][T14322] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.302677][T14322] bridge_slave_0: entered allmulticast mode
[  346.321125][T14322] bridge_slave_0: entered promiscuous mode
[  346.342327][T14322] bridge0: port 2(bridge_slave_1) entered blocking state
[  346.374040][T14322] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.394140][T14322] bridge_slave_1: entered allmulticast mode
[  346.401567][T14322] bridge_slave_1: entered promiscuous mode
[  346.633912][ T5832] Bluetooth: hci1: command tx timeout
[  346.682859][T14322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  346.906455][T14322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.156573][T14322] team0: Port device team_slave_0 added
[  347.179765][T14322] team0: Port device team_slave_1 added
[  347.189853][T14391] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3232'.
[  347.329362][T14392] sch_tbf: burst 1458 is lower than device syz_tun mtu (1514) !
[  347.385992][T14322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  347.403856][T14322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  347.470404][T14322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  347.534776][T14322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  347.552022][T14322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  347.586520][T14322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.599313][ T5832] Bluetooth: hci0: command tx timeout
[  347.766433][T14322] hsr_slave_0: entered promiscuous mode
[  347.783214][T14322] hsr_slave_1: entered promiscuous mode
[  347.790519][T14322] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  347.800647][T14322] Cannot create hsr debugfs directory
[  348.160462][T14322] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.369409][T14322] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.717001][ T5832] Bluetooth: hci1: command tx timeout
[  349.890136][T14322] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.087546][T14430] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3243'.
[  350.099689][T14322] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.146169][T14431] netlink: 'syz.0.3244': attribute type 2 has an invalid length.
[  350.207118][T14431] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3244'.
[  350.216521][T14431] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3244'.
[  350.471087][T14322] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  350.512270][T14322] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  350.519342][T14440] netlink: 'syz.0.3248': attribute type 10 has an invalid length.
[  350.550682][T14322] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  350.589266][T14322] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  350.745260][T14449] netlink: 'syz.3.3250': attribute type 29 has an invalid length.
[  350.770809][T14449] netlink: 'syz.3.3250': attribute type 29 has an invalid length.
[  350.803995][ T5832] Bluetooth: hci1: command tx timeout
[  350.854902][T14449] netlink: 'syz.3.3250': attribute type 29 has an invalid length.
[  350.953354][T14322] 8021q: adding VLAN 0 to HW filter on device bond0
[  351.047542][T14322] 8021q: adding VLAN 0 to HW filter on device team0
[  351.089466][T14456] FAULT_INJECTION: forcing a failure.
[  351.089466][T14456] name failslab, interval 1, probability 0, space 0, times 0
[  351.111707][ T7192] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.118974][ T7192] bridge0: port 1(bridge_slave_0) entered forwarding state
[  351.137658][ T7192] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.144950][ T7192] bridge0: port 2(bridge_slave_1) entered forwarding state
[  351.152601][T14456] CPU: 0 UID: 0 PID: 14456 Comm: syz.3.3252 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  351.152629][T14456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.152640][T14456] Call Trace:
[  351.152648][T14456]  <TASK>
[  351.152657][T14456]  dump_stack_lvl+0x189/0x250
[  351.152694][T14456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.152723][T14456]  ? __pfx__printk+0x10/0x10
[  351.152740][T14456]  ? __lock_acquire+0xaac/0xd20
[  351.152786][T14456]  should_fail_ex+0x414/0x560
[  351.152812][T14456]  should_failslab+0xa8/0x100
[  351.152846][T14456]  kmem_cache_alloc_noprof+0x73/0x3c0
[  351.152866][T14456]  ? skb_clone+0x212/0x3a0
[  351.152895][T14456]  skb_clone+0x212/0x3a0
[  351.152927][T14456]  __netlink_deliver_tap+0x404/0x850
[  351.152963][T14456]  ? netlink_deliver_tap+0x2e/0x1b0
[  351.152986][T14456]  netlink_deliver_tap+0x19c/0x1b0
[  351.153009][T14456]  netlink_sendskb+0x68/0x140
[  351.153042][T14456]  netlink_rcv_skb+0x2a0/0x490
[  351.153063][T14456]  ? __pfx_genl_rcv_msg+0x10/0x10
[  351.153091][T14456]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  351.153134][T14456]  ? down_read+0x1ad/0x2e0
[  351.153162][T14456]  genl_rcv+0x28/0x40
[  351.153187][T14456]  netlink_unicast+0x758/0x8d0
[  351.153218][T14456]  netlink_sendmsg+0x805/0xb30
[  351.153249][T14456]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.153276][T14456]  ? aa_sock_msg_perm+0x94/0x160
[  351.153300][T14456]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  351.153322][T14456]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.153345][T14456]  __sock_sendmsg+0x219/0x270
[  351.153368][T14456]  ____sys_sendmsg+0x505/0x830
[  351.153401][T14456]  ? __pfx_____sys_sendmsg+0x10/0x10
[  351.153436][T14456]  ? import_iovec+0x74/0xa0
[  351.153467][T14456]  ___sys_sendmsg+0x21f/0x2a0
[  351.153496][T14456]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.153565][T14456]  ? __fget_files+0x2a/0x420
[  351.153589][T14456]  ? __fget_files+0x3a0/0x420
[  351.153633][T14456]  __x64_sys_sendmsg+0x19b/0x260
[  351.153662][T14456]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.153709][T14456]  ? do_syscall_64+0xba/0x210
[  351.153738][T14456]  do_syscall_64+0xf6/0x210
[  351.153763][T14456]  ? clear_bhb_loop+0x45/0xa0
[  351.153789][T14456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.153809][T14456] RIP: 0033:0x7f03f7f8e969
[  351.153828][T14456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.153852][T14456] RSP: 002b:00007f03f8d6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.153873][T14456] RAX: ffffffffffffffda RBX: 00007f03f81b5fa0 RCX: 00007f03f7f8e969
[  351.153888][T14456] RDX: 0000000024008080 RSI: 0000200000000c00 RDI: 0000000000000005
[  351.153900][T14456] RBP: 00007f03f8d6c090 R08: 0000000000000000 R09: 0000000000000000
[  351.153911][T14456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.153921][T14456] R13: 0000000000000000 R14: 00007f03f81b5fa0 R15: 00007ffdde09f648
[  351.153953][T14456]  </TASK>
[  351.478386][T14455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  351.537225][T14460] netlink: 'syz.0.3254': attribute type 4 has an invalid length.
[  351.563403][T14460] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3254'.
[  351.637473][T14462] bond0: entered promiscuous mode
[  351.642609][T14462] bond_slave_0: entered promiscuous mode
[  351.648651][T14462] bond_slave_1: entered promiscuous mode
[  351.656653][T14462] batadv0: entered promiscuous mode
[  351.662734][T14462] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  351.671273][T14462] Cannot create hsr debugfs directory
[  351.680733][T14462] 8021q: adding VLAN 0 to HW filter on device hsr1
[  351.698053][T14462] bond0: left promiscuous mode
[  351.702973][T14462] bond_slave_0: left promiscuous mode
[  351.714285][T14462] bond_slave_1: left promiscuous mode
[  351.733036][T14462] batadv0: left promiscuous mode
[  351.922993][T14475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'.
[  351.971441][T14480] set match dimension is over the limit!
[  352.021512][T14322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  352.180991][T14488] netlink: 'syz.3.3262': attribute type 29 has an invalid length.
[  352.255133][T14492] netlink: 'syz.3.3262': attribute type 29 has an invalid length.
[  352.303152][T14488] netlink: 'syz.3.3262': attribute type 29 has an invalid length.
[  352.738954][T14507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3268'.
[  352.749662][T14503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.765971][T14507] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  352.874361][ T5832] Bluetooth: hci1: command tx timeout
[  352.968669][T14322] veth0_vlan: entered promiscuous mode
[  352.996934][T14322] veth1_vlan: entered promiscuous mode
[  353.039897][T14322] veth0_macvtap: entered promiscuous mode
[  353.051978][T14322] veth1_macvtap: entered promiscuous mode
[  353.076977][T14322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  353.103071][T14322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  353.137521][T14322] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  353.173925][T14322] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  353.198396][T14322] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  353.219508][T14322] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  353.414979][T14530] netlink: 'syz.3.3275': attribute type 29 has an invalid length.
[  353.501760][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.545391][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.779142][ T7178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.826475][ T7178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.112431][T14541] team0: Device veth0_macvtap failed to register rx_handler
[  354.421289][T14546] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[  354.574193][T14552] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3282'.
[  354.779344][   T64] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.885943][   T64] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.963785][ T5832] Bluetooth: hci2: command 0x0406 tx timeout
[  355.123396][   T64] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.286475][   T64] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.468163][T14581] validate_nla: 4 callbacks suppressed
[  355.468187][T14581] netlink: 'syz.0.3288': attribute type 29 has an invalid length.
[  355.492426][T14581] netlink: 'syz.0.3288': attribute type 29 has an invalid length.
[  355.509731][T14581] netlink: 'syz.0.3288': attribute type 29 has an invalid length.
[  355.720635][T14583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3289'.
[  355.747278][   T64] bridge_slave_1: left allmulticast mode
[  355.773341][   T64] bridge_slave_1: left promiscuous mode
[  355.795565][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.859933][   T64] bridge_slave_0: left allmulticast mode
[  355.874785][   T64] bridge_slave_0: left promiscuous mode
[  355.896060][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.962817][T14599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3292'.
[  356.001599][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  356.012718][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  356.022345][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  356.032421][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  356.046559][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  356.870400][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.882285][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.893995][   T64] bond0 (unregistering): Released all slaves
[  357.496358][T14638] netlink: 'syz.3.3300': attribute type 29 has an invalid length.
[  357.739765][T14638] netlink: 'syz.3.3300': attribute type 29 has an invalid length.
[  357.839840][T14641] netlink: 'syz.3.3300': attribute type 29 has an invalid length.
[  358.077404][ T5846] Bluetooth: hci1: command tx timeout
[  358.364514][T14671] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[  358.579833][T14682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3309'.
[  358.601141][T14684] FAULT_INJECTION: forcing a failure.
[  358.601141][T14684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.633268][T14684] CPU: 0 UID: 0 PID: 14684 Comm: syz.3.3308 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  358.633299][T14684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  358.633311][T14684] Call Trace:
[  358.633319][T14684]  <TASK>
[  358.633328][T14684]  dump_stack_lvl+0x189/0x250
[  358.633367][T14684]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.633396][T14684]  ? __pfx__printk+0x10/0x10
[  358.633430][T14684]  should_fail_ex+0x414/0x560
[  358.633457][T14684]  _copy_to_user+0x31/0xb0
[  358.633487][T14684]  simple_read_from_buffer+0xe1/0x170
[  358.633518][T14684]  proc_fail_nth_read+0x1df/0x250
[  358.633549][T14684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.633581][T14684]  ? rw_verify_area+0x258/0x650
[  358.633606][T14684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.633633][T14684]  vfs_read+0x1fd/0x980
[  358.633661][T14684]  ? __pfx___mutex_lock+0x10/0x10
[  358.633685][T14684]  ? __pfx_vfs_read+0x10/0x10
[  358.633706][T14684]  ? __fget_files+0x2a/0x420
[  358.633735][T14684]  ? __fget_files+0x3a0/0x420
[  358.633757][T14684]  ? __fget_files+0x2a/0x420
[  358.633792][T14684]  ksys_read+0x145/0x250
[  358.633817][T14684]  ? __pfx_ksys_read+0x10/0x10
[  358.633843][T14684]  ? do_syscall_64+0xba/0x210
[  358.633873][T14684]  do_syscall_64+0xf6/0x210
[  358.633897][T14684]  ? clear_bhb_loop+0x45/0xa0
[  358.633920][T14684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.633939][T14684] RIP: 0033:0x7f03f7f8d37c
[  358.633957][T14684] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  358.633974][T14684] RSP: 002b:00007f03f8d2a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  358.633995][T14684] RAX: ffffffffffffffda RBX: 00007f03f81b6160 RCX: 00007f03f7f8d37c
[  358.634010][T14684] RDX: 000000000000000f RSI: 00007f03f8d2a0a0 RDI: 0000000000000006
[  358.634022][T14684] RBP: 00007f03f8d2a090 R08: 0000000000000000 R09: 0000000000000000
[  358.634034][T14684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.634046][T14684] R13: 0000000000000001 R14: 00007f03f81b6160 R15: 00007ffdde09f648
[  358.634079][T14684]  </TASK>
[  359.014515][   T64] hsr_slave_0: left promiscuous mode
[  359.023714][   T64] hsr_slave_1: left promiscuous mode
[  359.031181][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  359.039175][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  359.048341][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  359.062871][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  359.087370][   T64] veth1_macvtap: left promiscuous mode
[  359.093012][   T64] veth0_macvtap: left promiscuous mode
[  359.099457][   T64] veth1_vlan: left promiscuous mode
[  359.105263][   T64] veth0_vlan: left promiscuous mode
[  359.546120][   T64] team0 (unregistering): Port device team_slave_1 removed
[  359.586923][   T64] team0 (unregistering): Port device team_slave_0 removed
[  360.093000][T14694] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3313'.
[  360.155207][ T5846] Bluetooth: hci1: command tx timeout
[  360.384613][T14702] netlink: 'syz.3.3314': attribute type 29 has an invalid length.
[  360.412498][T14711] netlink: 'syz.3.3314': attribute type 29 has an invalid length.
[  360.451041][T14702] netlink: 'syz.3.3314': attribute type 29 has an invalid length.
[  360.525757][T14714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3317'.
[  360.567866][T14600] chnl_net:caif_netlink_parms(): no params data found
[  360.593715][T14714] openvswitch: netlink: Message has 8 unknown bytes.
[  360.882327][T14725] netlink: 340 bytes leftover after parsing attributes in process `syz.1.3321'.
[  360.932713][T14734] netlink: 'syz.3.3324': attribute type 10 has an invalid length.
[  361.332983][T14600] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.363914][T14600] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.371207][T14600] bridge_slave_0: entered allmulticast mode
[  361.389808][T14600] bridge_slave_0: entered promiscuous mode
[  361.449172][T14757] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3329'.
[  361.466422][T14758] netlink: 'syz.1.3330': attribute type 29 has an invalid length.
[  361.492230][T14600] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.507120][T14600] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.518503][T14600] bridge_slave_1: entered allmulticast mode
[  361.528181][T14600] bridge_slave_1: entered promiscuous mode
[  361.548107][T14762] netlink: 'syz.1.3330': attribute type 29 has an invalid length.
[  361.573041][T14755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  361.604172][T14758] netlink: 'syz.1.3330': attribute type 29 has an invalid length.
[  361.657870][T14600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  361.672665][T14600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.689378][T14768] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[  361.916578][T14600] team0: Port device team_slave_0 added
[  361.939032][T14600] team0: Port device team_slave_1 added
[  362.039252][T14600] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.047089][T14600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.075291][T14600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.091453][T14600] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.114436][T14600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.144895][T14600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.234043][ T5846] Bluetooth: hci1: command tx timeout
[  362.322152][T14600] hsr_slave_0: entered promiscuous mode
[  362.342653][T14600] hsr_slave_1: entered promiscuous mode
[  362.349935][T14600] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  362.361224][T14600] Cannot create hsr debugfs directory
[  362.548395][T14802] netlink: 'syz.0.3342': attribute type 29 has an invalid length.
[  362.559253][T14806] netlink: 'syz.3.3343': attribute type 8 has an invalid length.
[  362.587463][T14802] netlink: 'syz.0.3342': attribute type 29 has an invalid length.
[  362.601811][T14802] netlink: 'syz.0.3342': attribute type 29 has an invalid length.
[  363.286671][T14834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3353'.
[  363.400327][T14837] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3354'.
[  363.412847][T14837] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3354'.
[  363.680830][T14843] netlink: 'syz.0.3355': attribute type 29 has an invalid length.
[  363.726169][T14843] netlink: 'syz.0.3355': attribute type 29 has an invalid length.
[  363.738617][T14600] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  363.774572][T14600] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  363.822877][T14600] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  363.887893][T14600] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  364.252778][T14600] 8021q: adding VLAN 0 to HW filter on device bond0
[  364.324337][ T5846] Bluetooth: hci1: command tx timeout
[  364.328961][T14600] 8021q: adding VLAN 0 to HW filter on device team0
[  364.362939][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.370213][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.438240][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.445548][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  365.017363][T14898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3371'.
[  365.201590][T14600] 8021q: adding VLAN 0 to HW filter on device batadv0
[  365.628985][T14924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3377'.
[  366.061426][T14600] veth0_vlan: entered promiscuous mode
[  366.117969][T14600] veth1_vlan: entered promiscuous mode
[  366.312597][T14600] veth0_macvtap: entered promiscuous mode
[  366.350816][T14600] veth1_macvtap: entered promiscuous mode
[  366.456966][T14600] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.506148][T14600] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.575461][T14600] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.613692][T14600] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.622462][T14600] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.683717][T14600] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.734413][T14968] validate_nla: 12 callbacks suppressed
[  366.734435][T14968] netlink: 'syz.1.3391': attribute type 29 has an invalid length.
[  366.818532][T14971] netlink: 'syz.1.3391': attribute type 29 has an invalid length.
[  366.874726][T14974] netlink: 'syz.1.3391': attribute type 29 has an invalid length.
[  367.141012][ T7192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.143143][T14989] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3392'.
[  367.170734][ T7192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.352176][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.382791][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.500520][T14999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  368.080074][ T1164] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.325810][ T1164] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.533120][T15016] bond0: entered promiscuous mode
[  368.550216][T15016] bond_slave_0: entered promiscuous mode
[  368.563927][T15016] bond_slave_1: entered promiscuous mode
[  368.588555][T15017] vxcan1 speed is unknown, defaulting to 1000
[  368.761027][ T1164] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.820547][T15017] vxcan1 speed is unknown, defaulting to 1000
[  368.829042][T15017] vxcan1 speed is unknown, defaulting to 1000
[  369.059070][ T1164] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.574884][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  369.584910][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  369.595256][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  369.607515][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  369.618084][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  369.671825][T15017] infiniband syz2: set active
[  369.677039][ T1216] vxcan1 speed is unknown, defaulting to 1000
[  369.700074][ T1164] bridge_slave_1: left allmulticast mode
[  369.704644][T15017] infiniband syz2: added vxcan1
[  369.722881][T15017] syz2: rxe_create_cq: returned err = -12
[  369.725187][ T1164] bridge_slave_1: left promiscuous mode
[  369.729904][T15017] infiniband syz2: Couldn't create ib_mad CQ
[  369.744969][T15017] infiniband syz2: Couldn't open port 1
[  369.746053][T15045] netlink: 'syz.1.3406': attribute type 8 has an invalid length.
[  369.770476][ T1164] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.801298][ T1164] bridge_slave_0: left allmulticast mode
[  369.809346][T15017] RDS/IB: syz2: added
[  369.813444][T15017] smc: adding ib device syz2 with port count 1
[  369.820996][ T1164] bridge_slave_0: left promiscuous mode
[  369.832515][ T1164] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.842704][T15048] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3407'.
[  369.843243][T15017] smc:    ib device syz2 port 1 has pnetid 
[  370.413355][T15071] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3409'.
[  370.595758][ T1164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.612420][ T1164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.624484][ T1164] bond0 (unregistering): Released all slaves
[  370.651016][ T1216] vxcan1 speed is unknown, defaulting to 1000
[  370.791125][T15061] veth7: entered allmulticast mode
[  370.864664][T15017] vxcan1 speed is unknown, defaulting to 1000
[  371.564315][T15017] vxcan1 speed is unknown, defaulting to 1000
[  371.675551][ T5846] Bluetooth: hci1: command tx timeout
[  372.206460][T15117] netlink: 'syz.1.3420': attribute type 8 has an invalid length.
[  372.439517][T15017] vxcan1 speed is unknown, defaulting to 1000
[  372.679407][T15141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3427'.
[  373.098933][T15042] chnl_net:caif_netlink_parms(): no params data found
[  373.239300][T15017] vxcan1 speed is unknown, defaulting to 1000
[  373.618012][T15042] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.634383][T15042] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.654264][T15042] bridge_slave_0: entered allmulticast mode
[  373.683384][T15042] bridge_slave_0: entered promiscuous mode
[  373.744555][T15042] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.753818][ T5846] Bluetooth: hci1: command tx timeout
[  373.781347][T15042] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.812770][T15042] bridge_slave_1: entered allmulticast mode
[  373.857828][T15042] bridge_slave_1: entered promiscuous mode
[  373.952152][T15042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.985495][T15042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.108632][T15017] vxcan1 speed is unknown, defaulting to 1000
[  374.128299][T15042] team0: Port device team_slave_0 added
[  374.178452][T15042] team0: Port device team_slave_1 added
[  374.279744][T15196] mac80211_hwsim hwsim10 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  374.393558][T15042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.414636][T15042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.518130][T15042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.586513][T15042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.593520][T15042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.684769][T15042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.819083][T15042] hsr_slave_0: entered promiscuous mode
[  374.837081][T15042] hsr_slave_1: entered promiscuous mode
[  374.850334][T15042] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  374.867193][T15042] Cannot create hsr debugfs directory
[  374.950179][T15017] vxcan1 speed is unknown, defaulting to 1000
[  375.664107][T15231] netlink: 'syz.2.3444': attribute type 10 has an invalid length.
[  375.714163][T15233] netlink: 'syz.3.3445': attribute type 1 has an invalid length.
[  375.721955][T15233] netlink: 228 bytes leftover after parsing attributes in process `syz.3.3445'.
[  375.825831][T15017] vxcan1 speed is unknown, defaulting to 1000
[  375.834114][ T5846] Bluetooth: hci1: command tx timeout
[  375.906928][T15238] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  376.218246][T15252] netlink: 'syz.1.3449': attribute type 1 has an invalid length.
[  376.240381][T15252] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3449'.
[  376.596023][T15017] vxcan1 speed is unknown, defaulting to 1000
[  376.839023][T15042] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  376.881965][T15042] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  376.913247][T15042] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  376.937970][T15042] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  377.101508][T15042] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.150903][T15042] 8021q: adding VLAN 0 to HW filter on device team0
[  377.169498][T15017] vxcan1 speed is unknown, defaulting to 1000
[  377.181590][ T7178] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.190198][ T7178] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.260510][ T7178] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.267760][ T7178] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.882635][T15042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.915625][ T5846] Bluetooth: hci1: command tx timeout
[  378.965352][ T1164] hsr_slave_0: left promiscuous mode
[  379.012248][ T1164] hsr_slave_1: left promiscuous mode
[  379.027525][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  379.059716][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_0
[  379.099460][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  379.110985][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_1
[  379.202087][ T1164] veth1_macvtap: left promiscuous mode
[  379.216220][ T1164] veth0_macvtap: left promiscuous mode
[  379.243874][ T1164] veth1_vlan: left promiscuous mode
[  379.249270][ T1164] veth0_vlan: left promiscuous mode
[  379.304761][T15333] netlink: 'syz.0.3465': attribute type 10 has an invalid length.
[  379.941304][ T1164] team0 (unregistering): Port device team_slave_1 removed
[  379.995904][ T1164] team0 (unregistering): Port device team_slave_0 removed
[  380.514854][T15333] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.523411][T15333] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.547924][T15333] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.555245][T15333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.562764][T15333] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.570003][T15333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.593304][T15333] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  380.754431][T15042] veth0_vlan: entered promiscuous mode
[  380.906264][T15042] veth1_vlan: entered promiscuous mode
[  381.258957][T15042] veth0_macvtap: entered promiscuous mode
[  381.356732][T15042] veth1_macvtap: entered promiscuous mode
[  381.383441][T15042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.567783][T15042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  381.620225][T15042] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.643845][T15042] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.666466][T15042] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.685666][T15042] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.958214][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.981976][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.120331][ T7182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.174548][ T7182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.491433][T15392] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  382.630648][T15401] veth0: entered promiscuous mode
[  382.647292][T15401] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3480'.
[  383.088856][ T7182] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.146858][T15408] syzkaller1: entered allmulticast mode
[  383.275700][ T7182] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.390868][ T7182] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.468150][ T7182] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.721820][ T7182] bridge_slave_1: left allmulticast mode
[  383.731841][ T7182] bridge_slave_1: left promiscuous mode
[  383.744601][ T7182] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.763871][ T7182] bridge_slave_0: left allmulticast mode
[  383.769643][ T7182] bridge_slave_0: left promiscuous mode
[  383.794982][ T7182] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.497274][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  384.510482][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  384.532655][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  384.541908][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  384.565137][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  384.872379][ T7182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  384.899439][ T7182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  384.917440][ T7182] bond0 (unregistering): Released all slaves
[  385.789792][T15504] netlink: 'syz.0.3497': attribute type 1 has an invalid length.
[  385.866310][T15504] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3497'.
[  385.922590][T15460] vxcan1 speed is unknown, defaulting to 1000
[  386.153409][T15514] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3499'.
[  386.449103][T15526] FAULT_INJECTION: forcing a failure.
[  386.449103][T15526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.503144][T15526] CPU: 1 UID: 0 PID: 15526 Comm: syz.1.3502 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  386.503174][T15526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.503192][T15526] Call Trace:
[  386.503204][T15526]  <TASK>
[  386.503213][T15526]  dump_stack_lvl+0x189/0x250
[  386.503246][T15526]  ? __lock_acquire+0xaac/0xd20
[  386.503277][T15526]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.503305][T15526]  ? __pfx__printk+0x10/0x10
[  386.503326][T15526]  ? __might_fault+0xb0/0x130
[  386.503364][T15526]  should_fail_ex+0x414/0x560
[  386.503390][T15526]  _copy_from_user+0x2d/0xb0
[  386.503419][T15526]  __sys_bpf+0x1ed/0x860
[  386.503446][T15526]  ? __pfx___sys_bpf+0x10/0x10
[  386.503485][T15526]  ? ksys_write+0x1f0/0x250
[  386.503506][T15526]  ? rcu_is_watching+0x15/0xb0
[  386.503548][T15526]  __x64_sys_bpf+0x7c/0x90
[  386.503570][T15526]  do_syscall_64+0xf6/0x210
[  386.503600][T15526]  ? clear_bhb_loop+0x45/0xa0
[  386.503624][T15526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.503651][T15526] RIP: 0033:0x7f869058e969
[  386.503669][T15526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.503686][T15526] RSP: 002b:00007f8691382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  386.503707][T15526] RAX: ffffffffffffffda RBX: 00007f86907b5fa0 RCX: 00007f869058e969
[  386.503722][T15526] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 000000000000000a
[  386.503735][T15526] RBP: 00007f8691382090 R08: 0000000000000000 R09: 0000000000000000
[  386.503747][T15526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.503758][T15526] R13: 0000000000000000 R14: 00007f86907b5fa0 R15: 00007ffe975050a8
[  386.503789][T15526]  </TASK>
[  386.726024][ T5846] Bluetooth: hci1: command tx timeout
[  387.007059][T15539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3504'.
[  387.121838][T15545] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3507'.
[  387.404846][ T7182] hsr_slave_0: left promiscuous mode
[  387.428740][ T7182] hsr_slave_1: left promiscuous mode
[  387.456853][ T7182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  387.478041][ T7182] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.480309][T15561] openvswitch: netlink: Flow key attr not present in new flow.
[  387.518093][ T7182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  387.543873][ T7182] batman_adv: batadv0: Removing interface: batadv_slave_1
[  387.618300][ T7182] veth1_macvtap: left promiscuous mode
[  387.624271][ T7182] veth0_macvtap: left promiscuous mode
[  387.631408][ T7182] veth1_vlan: left promiscuous mode
[  387.638882][ T7182] veth0_vlan: left promiscuous mode
[  388.308460][ T7182] team0 (unregistering): Port device team_slave_1 removed
[  388.349595][ T7182] team0 (unregistering): Port device team_slave_0 removed
[  388.541412][T15579] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3515'.
[  388.779783][T15581] netlink: 'syz.1.3516': attribute type 10 has an invalid length.
[  388.798046][ T5846] Bluetooth: hci1: command tx timeout
[  388.909706][T15557] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  389.046084][T15584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3517'.
[  389.120969][T15460] chnl_net:caif_netlink_parms(): no params data found
[  389.283007][T15598] netlink: 'syz.0.3521': attribute type 4 has an invalid length.
[  389.312598][T15598] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3521'.
[  389.631426][T15612] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3523'.
[  389.674281][T15612] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3523'.
[  389.761770][T15619] netlink: 'syz.3.3525': attribute type 1 has an invalid length.
[  389.819818][T15615] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3524'.
[  389.836096][T15622] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3525'.
[  389.861818][T15595] netlink: 'syz.1.3520': attribute type 4 has an invalid length.
[  389.873632][T15622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3525'.
[  390.006257][T15460] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.024200][T15460] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.031509][T15460] bridge_slave_0: entered allmulticast mode
[  390.043158][T15460] bridge_slave_0: entered promiscuous mode
[  390.086177][T15460] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.106791][T15460] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.124008][T15460] bridge_slave_1: entered allmulticast mode
[  390.140109][T15460] bridge_slave_1: entered promiscuous mode
[  390.500183][T15460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.518518][T15460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.622574][T15650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3531'.
[  390.679916][T15655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3533'.
[  390.690203][T15655] openvswitch: netlink: Key type 8198 is out of range max 32
[  390.724118][T15590] vxcan1 speed is unknown, defaulting to 1000
[  390.737406][T15460] team0: Port device team_slave_0 added
[  390.767573][T15460] team0: Port device team_slave_1 added
[  390.873929][ T5846] Bluetooth: hci1: command tx timeout
[  391.045543][T15460] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.055327][T15460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.082317][T15460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.138686][T15460] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.150823][T15460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.189438][T15460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.232432][T15671] netlink: 'syz.3.3538': attribute type 1 has an invalid length.
[  391.736451][T15460] hsr_slave_0: entered promiscuous mode
[  391.761859][T15460] hsr_slave_1: entered promiscuous mode
[  391.777670][T15689] ==================================================================
[  391.781118][T15460] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  391.785766][T15689] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990
[  391.785803][T15689] Read of size 1 at addr ffff8880787cac30 by task syz.0.3541/15689
[  391.785821][T15689] 
[  391.785833][T15689] CPU: 0 UID: 0 PID: 15689 Comm: syz.0.3541 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  391.785858][T15689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  391.785872][T15689] Call Trace:
[  391.785881][T15689]  <TASK>
[  391.785891][T15689]  dump_stack_lvl+0x189/0x250
[  391.785933][T15689]  ? __virt_addr_valid+0x18c/0x540
[  391.785963][T15689]  ? rcu_is_watching+0x15/0xb0
[  391.785995][T15689]  ? __kasan_check_byte+0x12/0x40
[  391.786022][T15689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.786051][T15689]  ? rcu_is_watching+0x15/0xb0
[  391.786083][T15689]  ? lock_release+0x4b/0x3e0
[  391.786116][T15689]  ? __virt_addr_valid+0x18c/0x540
[  391.786144][T15689]  ? __virt_addr_valid+0x469/0x540
[  391.786171][T15689]  print_report+0xb4/0x290
[  391.786197][T15689]  ? rose_get_neigh+0x391/0x990
[  391.786224][T15689]  kasan_report+0x118/0x150
[  391.786253][T15689]  ? rose_get_neigh+0x391/0x990
[  391.786285][T15689]  rose_get_neigh+0x391/0x990
[  391.786318][T15689]  rose_connect+0x416/0x10a0
[  391.786341][T15689]  ? __pfx_current_check_access_socket+0x10/0x10
[  391.786368][T15689]  ? aa_sk_perm+0x81e/0x950
[  391.786388][T15689]  ? __might_fault+0xb0/0x130
[  391.786414][T15689]  ? __pfx_rose_connect+0x10/0x10
[  391.786436][T15689]  ? aa_af_perm+0x1d0/0x2b0
[  391.786455][T15689]  ? tomoyo_socket_connect_permission+0x164/0x290
[  391.786488][T15689]  ? bpf_lsm_socket_connect+0x9/0x20
[  391.786515][T15689]  __sys_connect+0x313/0x440
[  391.786541][T15689]  ? __pfx___sys_connect+0x10/0x10
[  391.786578][T15689]  __x64_sys_connect+0x7a/0x90
[  391.786602][T15689]  do_syscall_64+0xf6/0x210
[  391.786629][T15689]  ? clear_bhb_loop+0x45/0xa0
[  391.786654][T15689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.786675][T15689] RIP: 0033:0x7f95c198e969
[  391.786694][T15689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.786714][T15689] RSP: 002b:00007f95c2847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  391.786738][T15689] RAX: ffffffffffffffda RBX: 00007f95c1bb5fa0 RCX: 00007f95c198e969
[  391.786754][T15689] RDX: 000000000000001c RSI: 00002000000001c0 RDI: 0000000000000006
[  391.786769][T15689] RBP: 00007f95c1a10ab1 R08: 0000000000000000 R09: 0000000000000000
[  391.786782][T15689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  391.786796][T15689] R13: 0000000000000000 R14: 00007f95c1bb5fa0 R15: 00007fffcaff30b8
[  391.786823][T15689]  </TASK>
[  391.786830][T15689] 
[  391.798351][T15460] Cannot create hsr debugfs directory
[  391.801016][T15689] Allocated by task 15418:
[  392.065486][T15689]  kasan_save_track+0x3e/0x80
[  392.070178][T15689]  __kasan_kmalloc+0x93/0xb0
[  392.074779][T15689]  __kmalloc_cache_noprof+0x230/0x3d0
[  392.080172][T15689]  alloc_bprm+0x80/0xbc0
[  392.084424][T15689]  do_execveat_common+0x1b3/0x6a0
[  392.089454][T15689]  __x64_sys_execve+0x94/0xb0
[  392.094135][T15689]  do_syscall_64+0xf6/0x210
[  392.098673][T15689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.104572][T15689] 
[  392.106891][T15689] Freed by task 15418:
[  392.110956][T15689]  kasan_save_track+0x3e/0x80
[  392.115638][T15689]  kasan_save_free_info+0x46/0x50
[  392.120675][T15689]  __kasan_slab_free+0x62/0x70
[  392.125445][T15689]  kfree+0x193/0x440
[  392.129344][T15689]  do_execveat_common+0x34e/0x6a0
[  392.134375][T15689]  __x64_sys_execve+0x94/0xb0
[  392.139059][T15689]  do_syscall_64+0xf6/0x210
[  392.143569][T15689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.149470][T15689] 
[  392.151793][T15689] The buggy address belongs to the object at ffff8880787cac00
[  392.151793][T15689]  which belongs to the cache kmalloc-512 of size 512
[  392.165863][T15689] The buggy address is located 48 bytes inside of
[  392.165863][T15689]  freed 512-byte region [ffff8880787cac00, ffff8880787cae00)
[  392.179586][T15689] 
[  392.181913][T15689] The buggy address belongs to the physical page:
[  392.188336][T15689] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x787c8
[  392.197127][T15689] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  392.205626][T15689] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  392.213528][T15689] page_type: f5(slab)
[  392.217519][T15689] raw: 00fff00000000040 ffff88801a041c80 ffffea0001faf000 dead000000000003
[  392.226106][T15689] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  392.234698][T15689] head: 00fff00000000040 ffff88801a041c80 ffffea0001faf000 dead000000000003
[  392.243371][T15689] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  392.252052][T15689] head: 00fff00000000002 ffffea0001e1f201 00000000ffffffff 00000000ffffffff
[  392.260727][T15689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  392.269401][T15689] page dumped because: kasan: bad access detected
[  392.275818][T15689] page_owner tracks the page as allocated
[  392.281531][T15689] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5830, tgid 5830 (syz-executor), ts 88456889972, free_ts 88355488277
[  392.302893][T15689]  post_alloc_hook+0x1d8/0x230
[  392.307670][T15689]  get_page_from_freelist+0x21ce/0x22b0
[  392.313243][T15689]  __alloc_frozen_pages_noprof+0x181/0x370
[  392.319059][T15689]  alloc_pages_mpol+0x232/0x4a0
[  392.323916][T15689]  allocate_slab+0x8a/0x3b0
[  392.328419][T15689]  ___slab_alloc+0xbfc/0x1480
[  392.333107][T15689]  __kmalloc_noprof+0x305/0x4f0
[  392.337982][T15689]  fib6_info_alloc+0x30/0xf0
[  392.342580][T15689]  ip6_route_info_create+0x4b3/0x1360
[  392.347960][T15689]  ip6_route_add+0x28/0x160
[  392.352489][T15689]  inet6_addr_add+0x6b2/0xc00
[  392.357180][T15689]  inet6_rtm_newaddr+0x93d/0xd20
[  392.362126][T15689]  rtnetlink_rcv_msg+0x7cc/0xb70
[  392.367072][T15689]  netlink_rcv_skb+0x219/0x490
[  392.371836][T15689]  netlink_unicast+0x758/0x8d0
[  392.376595][T15689]  netlink_sendmsg+0x805/0xb30
[  392.381363][T15689] page last free pid 5921 tgid 5921 stack trace:
[  392.387686][T15689]  __free_frozen_pages+0xb0e/0xcd0
[  392.392808][T15689]  __put_partials+0x161/0x1c0
[  392.397491][T15689]  put_cpu_partial+0x17c/0x250
[  392.402265][T15689]  __slab_free+0x2f7/0x400
[  392.406679][T15689]  qlist_free_all+0x9a/0x140
[  392.411272][T15689]  kasan_quarantine_reduce+0x148/0x160
[  392.416732][T15689]  __kasan_slab_alloc+0x22/0x80
[  392.421587][T15689]  __kmalloc_noprof+0x224/0x4f0
[  392.426440][T15689]  tomoyo_realpath_from_path+0xe3/0x5d0
[  392.431989][T15689]  tomoyo_realpath_nofollow+0xbb/0x100
[  392.437448][T15689]  tomoyo_find_next_domain+0x251/0x1aa0
[  392.443005][T15689]  tomoyo_bprm_check_security+0x11c/0x180
[  392.448732][T15689]  security_bprm_check+0x89/0x270
[  392.453768][T15689]  bprm_execve+0x8ee/0x1440
[  392.458303][T15689]  kernel_execve+0x8f0/0x9f0
[  392.462907][T15689]  call_usermodehelper_exec_async+0x210/0x360
[  392.469002][T15689] 
[  392.471326][T15689] Memory state around the buggy address:
[  392.476953][T15689]  ffff8880787cab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.485016][T15689]  ffff8880787cab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  392.493077][T15689] >ffff8880787cac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  392.501133][T15689]                                      ^
[  392.506767][T15689]  ffff8880787cac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  392.514826][T15689]  ffff8880787cad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  392.522879][T15689] ==================================================================
[  392.531092][T15689] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  392.538322][T15689] CPU: 0 UID: 0 PID: 15689 Comm: syz.0.3541 Not tainted 6.15.0-rc5-syzkaller-00149-g314007549d89 #0 PREEMPT(full) 
[  392.550409][T15689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  392.560476][T15689] Call Trace:
[  392.563761][T15689]  <TASK>
[  392.566695][T15689]  dump_stack_lvl+0x99/0x250
[  392.571296][T15689]  ? __asan_memcpy+0x40/0x70
[  392.575893][T15689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.581102][T15689]  ? __pfx__printk+0x10/0x10
[  392.585710][T15689]  panic+0x2db/0x790
[  392.589621][T15689]  ? __pfx_panic+0x10/0x10
[  392.594047][T15689]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  392.599951][T15689]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  392.605852][T15689]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  392.612181][T15689]  ? print_memory_metadata+0x314/0x400
[  392.617654][T15689]  ? rose_get_neigh+0x391/0x990
[  392.622516][T15689]  check_panic_on_warn+0x89/0xb0
[  392.627493][T15689]  ? rose_get_neigh+0x391/0x990
[  392.632358][T15689]  end_report+0x78/0x160
[  392.636610][T15689]  kasan_report+0x129/0x150
[  392.641123][T15689]  ? rose_get_neigh+0x391/0x990
[  392.646005][T15689]  rose_get_neigh+0x391/0x990
[  392.650694][T15689]  rose_connect+0x416/0x10a0
[  392.655292][T15689]  ? __pfx_current_check_access_socket+0x10/0x10
[  392.661628][T15689]  ? aa_sk_perm+0x81e/0x950
[  392.666138][T15689]  ? __might_fault+0xb0/0x130
[  392.670825][T15689]  ? __pfx_rose_connect+0x10/0x10
[  392.675856][T15689]  ? aa_af_perm+0x1d0/0x2b0
[  392.680364][T15689]  ? tomoyo_socket_connect_permission+0x164/0x290
[  392.686790][T15689]  ? bpf_lsm_socket_connect+0x9/0x20
[  392.692084][T15689]  __sys_connect+0x313/0x440
[  392.696684][T15689]  ? __pfx___sys_connect+0x10/0x10
[  392.701807][T15689]  __x64_sys_connect+0x7a/0x90
[  392.706574][T15689]  do_syscall_64+0xf6/0x210
[  392.711085][T15689]  ? clear_bhb_loop+0x45/0xa0
[  392.715770][T15689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.721666][T15689] RIP: 0033:0x7f95c198e969
[  392.726086][T15689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.745715][T15689] RSP: 002b:00007f95c2847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  392.754140][T15689] RAX: ffffffffffffffda RBX: 00007f95c1bb5fa0 RCX: 00007f95c198e969
[  392.762112][T15689] RDX: 000000000000001c RSI: 00002000000001c0 RDI: 0000000000000006
[  392.770087][T15689] RBP: 00007f95c1a10ab1 R08: 0000000000000000 R09: 0000000000000000
[  392.778065][T15689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  392.786039][T15689] R13: 0000000000000000 R14: 00007f95c1bb5fa0 R15: 00007fffcaff30b8
[  392.794028][T15689]  </TASK>
[  392.797354][T15689] Kernel Offset: disabled
[  392.801686][T15689] Rebooting in 86400 seconds..