last executing test programs:

2m38.444885684s ago: executing program 2 (id=1302):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2m38.364148982s ago: executing program 2 (id=1303):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x1a6cc7, 0x370, 0x1d0, 0x5802, 0x294, 0x1d0, 0x294, 0x2a0, 0x378, 0x378, 0x2a0, 0x378, 0x3, 0x0, {[{{@ipv6={@mcast2, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, [0xffffff00, 0xff, 0xff000000, 0xff000000], [0xff, 0xff, 0xff, 0xff000000], 'veth0_to_hsr\x00', 'vlan0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x2, 0x4}, 0x0, 0xa8, 0x1d0, 0x52020000}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xe5f6, 'system_u:object_r:etc_aliases_t:s0\x00'}}}, {{@ipv6={@loopback, @remote, [], [0x0, 0x0, 0x0, 0xffffffff], 'ip6erspan0\x00', 'gre0\x00', {0xff}, {}, 0x73, 0x81, 0x4}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x2, 0x8, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0xd733043595a52279}, "a8e0930a1a884884", "74743275e5fc20c3ab14916504a8ca92", '\x00', "3e6a808941a488cc"}, 0x28)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
socket$kcm(0x11, 0xa, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x0, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6f94f90524fc6010000200d7070000053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4, 0x0, @loopback, 0x5}, 0x1c)

2m38.236048906s ago: executing program 2 (id=1304):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000600)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="00c139a03d000000000000000000000000000000b50a1d150cbd80c3519b36a2e67131d7d5a49bd3916ac63e1c1070ec34485096f43698b55625ea675ae31a19e853c75f8987b6d9f86e9bcd3a09a693f558a0a05b1c8bc11ee389be041836d3bce3ca", @ANYBLOB="ed4620d843e5dcc25c1f1395185acd44de8b84074c32aabe05e02396f0b130862cc7d8ff67717587d30fa34d23909287c591e74e1d80c5f990ff7dcc12ab769a8caac3b738f8f2cf5320ca0824b71ec15ac74fb0d6d26740628d86fb5c77d461e9e50fd4cce4dc77c24aad5d28d96b1dc0e18a245b2a6004edc66101b9404a7ab50e704ea1fd579fc928b43e612adabd8cc60ab70b2a8be1f8610d429475776dedd0d2bc1024f8e317afe9550385f2a25602483133549159f2c036730073414f10", @ANYRES32, @ANYBLOB="fd0000000000000000000000ffffffff00"/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r1, &(0x7f0000000180), 0x0}, 0x20)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_FLAGS={0x8}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ef"}]}], {0x14}}, 0xbc}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r4)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'sit0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}}]}, 0x3c}, 0x8, 0x3000000000002}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan4\x00'})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0x4c, 0x1a, 0x0, 0x75, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @empty, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@addrtype1={{0x28}, {0x0, 0x0, 0x8}}]}, @common=@inet=@SET1={0x28}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x88, r5, 0x100, 0x70bd29, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:init_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:dhcpd_state_t:s0\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000040}, 0x2000c010)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, 0x7, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4a}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x70, 0x5, 0x6, 0x101, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x40002}, 0x4800)

2m37.964763973s ago: executing program 2 (id=1305):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x41, 0x9, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x2}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x40000, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendto$inet6(r3, &(0x7f0000000300)="c4", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, '\x00', 0xf}, 0x3}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'dummy0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x4008800)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup, 0x1f, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r10 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r10, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
r11 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000380)={<r12=>0x0, @in={{0x2, 0x4e24, @empty}}, [0x4, 0x8, 0x3, 0x0, 0x7fffffff, 0x3, 0x5, 0xb3, 0xb, 0x7ff, 0x6, 0x10001, 0xfffffffffffffff9, 0x5]}, &(0x7f0000000480)=0x100)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000500)={0x5, 0x200, 0x4, 0x2, r12}, 0x10)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r13=>0x0})
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r13, @ANYBLOB="40002700060010"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bind$packet(r0, 0x0, 0x0)

2m36.957162493s ago: executing program 2 (id=1317):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0}) (async)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) (async)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r5, 0x5) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000c80)=[@in6={0xa, 0x4e20, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}], 0x1c)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) (async)
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r8, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async)
recvmsg$unix(r8, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x2022)
ioctl$SIOCSIFHWADDR(r9, 0xff04, 0x0) (async, rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(r9, 0xc020f509, &(0x7f0000000280)={<r10=>r7, 0x80000001, 0x1bd2, 0x2}) (rerun: 32)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f00000004c0)={r10})
sendto$inet(r9, &(0x7f0000000040)="ebc45976839504ef00b5fe5a72924f0273a5feb19e70d1d9524a03454b2bb0c2a742d27d7c3d231ede3b7c99e1c8de6d40561bdb9c9a3c6eb86bc5df2e0f49d1b9cd94d4b686b671866181e403a20b7442ffd4aa1b2c078432c1c1744dcd0623b2ff1a656057dd63a8cab65aeab7485d67f06e660bb4feeaefc542f13cdd4469bd79af38b0ee0ab994f0d2f6c47f129c7359f5eca15617d8bf2f021116f5a6b0a2d1ce81ca7365ab9173f52184911c2d3e69d087250a80838ac760531864393306593ada809d4d1d43ec6e95421d26ed46d32c805f3cc8bb182d2afeb35852f0d3c1590d44bc65ec", 0xe8, 0x4, &(0x7f0000000180)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) (async)
sendmsg$TIPC_NL_KEY_SET(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x18, 0x0, 0x400, 0x270bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x400c0) (async)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x1, 0x8001, 0x4, 0x480d8, r9, 0x6, '\x00', r2, r9, 0x0, 0x0, 0x2, 0x7, @value=r10, @void, @void, @value}, 0x50)

2m36.795786867s ago: executing program 2 (id=1318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
unshare(0x20000400)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x10)
r4 = epoll_create1(0x0)
epoll_pwait(r4, &(0x7f0000000200)=[{}], 0x1, 0x6e, 0x0, 0x0)
close(r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r2, 0x0, 0xb9b}, 0x18)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

2m21.460822284s ago: executing program 32 (id=1318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
unshare(0x20000400)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x10)
r4 = epoll_create1(0x0)
epoll_pwait(r4, &(0x7f0000000200)=[{}], 0x1, 0x6e, 0x0, 0x0)
close(r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r2, 0x0, 0xb9b}, 0x18)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

1m24.813030731s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

1m10.712425761s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

58.705854944s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

44.523073963s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

18.805097668s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

8.890981796s ago: executing program 5 (id=2374):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0218000014000000000000000000000005100600000000000a000000000000000000000000000000000000000000000000000000000000000800120000000000000000000000000006000000000000000000000000000000ac1e0001000000000000000000000000e000000200000000000000000000000005000500000000000a00000000000000fc00"/160], 0xa0}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x9f66})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#YP\xee\x9c2G\xf0\x81x\x97'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x3902, 0x0)

8.687019971s ago: executing program 5 (id=2379):
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
connect$llc(r0, &(0x7f0000000340)={0x1a, 0x322, 0x0, 0x0, 0x4, 0x90, @random="48bd00"}, 0x10)
r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r2, 0x80047210, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000640)='q![', 0x3}], 0x1}}], 0x1, 0x80)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={<r5=>0x0, <r6=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0xfd31}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r5, r6}}}], 0x20, 0x4004c}}], 0x1, 0x4)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r3, 0x0, r7, 0x0, 0x39000, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

8.200617205s ago: executing program 5 (id=2382):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r1, @ANYBLOB="1d00000000000000b708ff00000000bfa200000000000007020000f8ff00000085000000030000009500"/65], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000f80)="d8", 0x1}], 0x1}, 0x4000044) (async)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 64)
r6 = socket(0x2c, 0x3, 0x0) (async, rerun: 64)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1e00000000ffff00010000000001000004a10400", @ANYRES32, @ANYBLOB="000000c000"/20, @ANYRES32=r1, @ANYRES32, @ANYBLOB="010000030000000005000000080001000000000092cea0bd300ef7c4ea3169194105e5f3c49481a86e5ad612ae670939238341da75ee4624e412ff157fdb7e55fd34dd8d779533a23e90e568459e53baf701c73ffb16fd028c85c82da9c8395a323a3e110332e888c59f2ef077279ddf34373511fbcb51f7f4fdd9ae0c67f057177dc44b30bc197ac6", @ANYBLOB="120b8787ed25378f7e2965d6ee9971e9b14deed56677991d250ad21bd56a16a373a733622f1755df35465c7a38981000b91edea39f795a8734b3f555fe96992aaceee8c5c59d2f7af626091c4a2755b3012d52e332d24986b2da93", @ANYBLOB='\x00\x00\x00\x00'], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r7, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r6}, 0x20)
close(r6) (async)
setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000000180), 0x4) (async, rerun: 64)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 64)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r9) (async)
sendmsg$IEEE802154_START_REQ(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100fd81ffff000000000d000000050007001200000005001a007f000000060008428974a864d9000000000005001779a1a6d01137293f023edae940000000000006000a00ffff00000500"], 0xffffffffffffff06}, 0x1, 0x0, 0x0, 0x18000}, 0x0) (async)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 32)
r11 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/mnt\x00') (rerun: 32)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x4, [@float={0x6, 0x0, 0x0, 0x10, 0x18}, @typedef={0x6, 0x0, 0x0, 0x8, 0x3}, @enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0xd, 0x5}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x1, 0xed2c}}, @typedef={0x8, 0x0, 0x0, 0x8, 0x3}]}, {0x0, [0x2e, 0x61]}}, &(0x7f0000000600)=""/73, 0x6c, 0x49, 0x1, 0x8, 0x0, @void, @value}, 0x28) (async)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="000128bd7000fedbdf251400000008001d00", @ANYRES32=r11, @ANYBLOB="0c00060002000000000000000c00060096000000000000000800010001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x20080000) (async)
r12 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r12, 0x6, 0x9, 0x0, 0x0) (async, rerun: 32)
setsockopt$inet6_tcp_int(r12, 0x6, 0x4, &(0x7f0000000000)=0x101, 0x4) (async, rerun: 32)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x5d, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

8.187871021s ago: executing program 3 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000180001000700000000000018802000000003000500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8804}, 0x20040004)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800)

6.174728066s ago: executing program 5 (id=2386):
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x50}, 0x1, 0xffffff97, 0x0, 0x981763116ee7f1c9}, 0x8000)

5.9244826s ago: executing program 5 (id=2388):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x62, &(0x7f0000000000)={@local, @local, @val={@val, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f10200", 0x24, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, {[@sack={0x5, 0xa, [0x2, 0x0]}, @window={0x3, 0x3, 0x6}]}}}}}}}}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'\x00', &(0x7f0000000080)=@ethtool_sfeatures={0x3b, 0x1, [{0x6, 0x8001}]}})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000004000000711076000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5}, @IFLA_BOND_MIN_LINKS={0x8}]}}}]}, 0x44}}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000180)={'ip6gretap0\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.sectors_recursive\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
socket$igmp6(0xa, 0x3, 0x2) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async)
syz_emit_ethernet(0x62, &(0x7f0000000000)={@local, @local, @val={@val, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f10200", 0x24, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, {[@sack={0x5, 0xa, [0x2, 0x0]}, @window={0x3, 0x3, 0x6}]}}}}}}}}, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'\x00', &(0x7f0000000080)=@ethtool_sfeatures={0x3b, 0x1, [{0x6, 0x8001}]}}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000004000000711076000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5}, @IFLA_BOND_MIN_LINKS={0x8}]}}}]}, 0x44}}, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000180)={'ip6gretap0\x00'}) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.sectors_recursive\x00', 0x26e1, 0x0) (async)
close(r3) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) (async)

4.644563317s ago: executing program 5 (id=2391):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendto(r1, &(0x7f0000000240)="1194c9270ecbe2bdf5af5fc1301155fc5e6113efa78373b7bc5f24018f0aa7fd89e4f910243aba9ec3369aac108b9d414d29e8506e4d1d6bcca317b3a9abf701649ac0de18b2c7657c904f022c06c639f117135c0bccc0883e6f67e3e625517d93da3921e46dfe0579a282d7404bd3a7482b154a51b3955337af529c8fb47ccbb31594c8984d910f9e5127a9ed440d7933b8741441535556e63cdd75a1367d04f02ce7f21ec3c0edbaa3326a749ead0904b061f4020a8a7547718b95939e9673636f92546087bfc86c9aa0", 0xcb, 0x24040040, &(0x7f0000000080)=@qipcrtr={0x2a, 0x1, 0xbfff}, 0x80)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x80}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x2}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x84}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbfb, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x10)

2.199413145s ago: executing program 1 (id=2418):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x1, 0x0, 0x8, 0xc, 0x0, 0x20000, 0x25dfdbff, [@sadb_address={0x5, 0x6, 0x33, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}]}, 0x60}, 0x1, 0x7}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700040a54000000060a0b040000000016000000020000002800048024000165756500000014000280060001400800000001000100000600000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000500000ae37e90c8249f4f975b19154fa38d356dcca2b2b272224951ed27ec9d4481b2e453e5676d299fb87fff819cab36df6871a57506663eeda583ecae24ba3edc0b9dd288e3a48d663538360ebfe09b9effe10e3a5610f0d2d95f410d0f3d13cee4871530f7cdaaf8c891e2ec1104557afca1e3d043cf341f0086"], 0x7c}}, 0x40)

2.104014142s ago: executing program 1 (id=2419):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x400000000000004) (async)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4) (async)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000040), 0x4) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r5, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0)
shutdown(r0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000180)={0xb8, 0x7, 0xd2, 0x9}, 0x10) (async)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x402, @loopback}], 0x1c) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b9104006"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f001a0004004e000000e5b34400252e3b04ccde207a63f2734600000000e2ff", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="120000001000000000000000", @ANYRES32, @ANYBLOB="4d9ff02b4df5deadbb1283b13bf4f66efb58a3913d0b58dd640a5c109684e262a140ee7147f1e8ed56957d4dc27e3fe317e18e82a2f02d209673849c9c26635c9e9ff07c24359765f976a6fc06cdda9974284c03f893c36b2c2ec1010000000000000052eabba1b78262e07e9023c76499f56ae9dcc48879f283f8163bc15b", @ANYRES64=0x0], 0x20) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x4, &(0x7f0000000280)=ANY=[@ANYRES8=r6], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r8 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r8, &(0x7f0000000040)={0x18, 0x2, {0x0, @dev}}, 0x1e) (async)
connect$pptp(r8, &(0x7f0000000000)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0xee19f629a186b729) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async)
sendto$inet6(r0, &(0x7f00000002c0)="b8", 0x1, 0x200048d1, &(0x7f0000000040)={0xa, 0x4e20, 0xd, @loopback, 0xffffffff}, 0x1c) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x13, 0x0, 0x1, [@generic=' \bho']}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) (async)
r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r10, 0x10c, 0x0, &(0x7f0000000100), &(0x7f0000000140)=0x4) (async)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000300)={0x401, 0x3, 0x7, 0x544a, 0x2, 0x2, 0x9, 0x0, <r11=>0x0}, &(0x7f0000000340)=0x20)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000380)={r11, 0xb, 0x6, 0x1}, &(0x7f00000003c0)=0x10) (async)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000000c0)={0x0, 0x2}, 0x8)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x81, r5, 0x9}, 0xc) (async)
socket$nl_generic(0x10, 0x3, 0x10)

1.952554296s ago: executing program 0 (id=2420):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000010000000e00000000000000", @ANYRES32], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00'], 0x28}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000002001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000001000000000000000000000071121a000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0x600}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x2}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r2)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r2)
sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRESOCT=r0, @ANYBLOB="e6345e6b6f7c5279ed13ddaeb7018390b87a10ab69ee94bd98304ed6ba876c825e1cce098e2c4952cef2d87009838cb17894e7087d610800d4ffa0554858ee71847326603a130f4a92d3"], 0x1c}}, 0x4000000)

1.873458127s ago: executing program 1 (id=2422):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x28, r1, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x28}}, 0x20000000)

1.740548801s ago: executing program 0 (id=2423):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) (async)
socketpair(0x23, 0x6, 0x48, 0x0)
unshare(0x24020400) (async)
bind$packet(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0)={'team0\x00', <r4=>0x0}) (async)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
writev(r5, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000280)='e3u', 0x3}], 0x2) (async)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="44002e032500000000000035fb50b39527ae04d3da213dd01ca08dba509d2b8b522c5152c48656f65a810645a61fabe344ffac1719330dafdf6c122105307c8f6be43e5a790f8033ba3c019a9a56e7636639ae6dd494ab8017f75a73bde2013ed47a1364a7130240840f30c16255dd863db80c5f34c6134cacb1b99e", @ANYRES32=0x0, @ANYBLOB="0003400000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) (async)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, 0x0, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0) (async)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x1, @remote}, 0xa}}, 0x26) (async)
sendmmsg$inet(r8, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040) (async)
r9 = socket$key(0xf, 0x3, 0x2) (async)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newlink={0x58, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x98, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e21}, @IFLA_GRE_OKEY={0x8, 0x5, 0x6}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x4}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
sendmsg$key(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2, 0x4, 0x0, 0x3, 0x4, 0x0, 0x70bd28, 0x0, [@sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}]}, 0x20}}, 0x0)

1.681671533s ago: executing program 1 (id=2424):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) (async)
connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000000)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], &(0x7f0000000040)='GPL\x00', 0x7f, 0xda, &(0x7f0000000080)=""/218, 0x41000, 0x30, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x5, 0xb, 0x3, 0x7}, 0x10, 0xffffffffffffffff, 0x0, 0x4, &(0x7f00000001c0)=[0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000200)=[{0x1, 0x2, 0x2, 0x7}, {0x2, 0x1, 0xe, 0xb}, {0x4, 0x3, 0x7}, {0x4, 0x2, 0x10}], 0x10, 0x6, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @cgroup_sock_addr=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xcc82, @void, @value}, 0x94)

1.658706002s ago: executing program 0 (id=2425):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r0, 0x952de000)
unshare(0x2c060000)
unshare(0x24020400)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x3, 0x9)
r1 = socket$netlink(0x10, 0x3, 0x10)
getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd70000000000025000000080001007063690011000200303030303a30303a31302e300000000008008a00", @ANYRES32, @ANYBLOB="1a9bb3a0b3c3d081899cf6c2f66a6520e0e91977dedd2cb3ae7ed7c8c50d11529c3fcf868c6ebe9a90969205fc81cdd6d053d2ad65befe47af0c3bb033843393a5a07b1537bf73ac7dc159e73dc3c796b2fc3457abad729e940a564bcdf05388af51791eca04049d702a5d3c14f324a912f52ae9c17873e375b66eecf9a11f6bfb80760b408bba0e39db54a339cee664253953c3e0d1eff5eb1395feced0967d4ba006ec705fee88b17975c93f"], 0x38}}, 0x1)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c0c4)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r4, 0x40107447, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000000)=0x3)
socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet6(0xa, 0x1, 0xffffffff)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, {0x0, 0x0, 0x0, 0x2, 0x2}, {0x0, 0x5, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@broadcast}}, 0xe8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
socket$key(0xf, 0x3, 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090000000000fedbdf25070000001c00018008000700", @ANYRES32=0x0, @ANYBLOB="0600010000"], 0x30}, 0x1, 0x0, 0x0, 0x45040}, 0x0)
ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f0000000280)={0x0, &(0x7f0000000180)})
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000001c0)=0x80, 0x4)

1.46414276s ago: executing program 0 (id=2427):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x1, &(0x7f0000000100)=@raw=[@jmp={0x5, 0x0, 0x9, 0x0, 0x6, 0xfffffffffffffe88}], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711206000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008"], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x4000000) (async)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="fc1100001200010200"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000f504010007"], 0x11fc}}, 0x0)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000040)=r0)

1.45463274s ago: executing program 1 (id=2428):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="6c0000060007010300000000000000000a0000000c000780080040000000020c0007800800014000000fff0c00064000000000000000050c0006400000091835dd000908000540000000020c40064000000000000000030c00034000000000000006cb"], 0x6c}}, 0x14)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400010076657468305f746f5f6873720000000008000240000000005c000000160a0101000b000000000000010000000900020073797a30400000000900010073797a300000000030000380"], 0xfc}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000400)={0x154, r3, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x2729}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_TX_RATES={0x11c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x0, 0xfcfa, 0x9, 0x2, 0x4, 0x10, 0x1]}}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xa, 0x9, 0x0, 0x894, 0xe, 0x3, 0xb, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x101, 0x8, 0x9, 0x2, 0x9, 0xda0c, 0x8001]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x9, 0x3, 0x18, 0x3, 0x2, 0x30, 0x3, 0x1b, 0x48, 0x16, 0x1b, 0x1, 0x48, 0x0, 0xc, 0x30, 0x36, 0x6c, 0x1, 0x60, 0x60, 0x24, 0x60, 0x5, 0x60, 0x18, 0x6c, 0x30, 0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x6, 0x4, 0xa1f9, 0xfff7, 0x4, 0x7, 0x20]}}]}, @NL80211_BAND_5GHZ={0x6c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x8, 0x2, [{0x4, 0x1}, {0x2, 0x1}, {0x0, 0xa}, {0x0, 0x4}]}, @NL80211_TXRATE_HT={0x39, 0x2, [{0x5, 0x4}, {0x7, 0x6}, {0x1, 0x6}, {0x4, 0x2}, {0x2, 0x7}, {0x0, 0x4}, {0x0, 0x1}, {0x0, 0x9}, {0x2, 0x4}, {0x4}, {0x3, 0x6}, {0x0, 0x4}, {0x1, 0x6}, {0x4, 0x5}, {0x0, 0x6}, {0x5, 0x2}, {0x0, 0x2}, {0x3, 0x1}, {0x0, 0x8}, {0x1, 0x6}, {0x0, 0x1}, {0x6}, {0x7, 0x9}, {0x0, 0x4}, {0x2, 0x6}, {0x4, 0x9}, {0x0, 0x1}, {0x1, 0x7}, {0x3, 0x2}, {0x1}, {0x0, 0xa}, {0x1, 0x5}, {0x0, 0x3}, {0x7, 0x7}, {0x3, 0x7}, {0x2, 0x6}, {0x4, 0x6}, {0x4}, {0x1, 0xa}, {0x2, 0x8}, {0x3, 0x6}, {0x7, 0x1}, {0x2, 0x2}, {0x0, 0x1}, {0x4, 0x4}, {0x3, 0x6}, {0x3, 0x5}, {0x2, 0x6}, {0x5, 0x7}, {0x0, 0x9}, {0x4, 0x1a}, {}, {0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff00, 0xcd2, 0x1, 0x2b8, 0x1, 0x192, 0x200, 0x3]}}]}]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008815) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000400)={0x154, r3, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x2729}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_TX_RATES={0x11c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x0, 0xfcfa, 0x9, 0x2, 0x4, 0x10, 0x1]}}]}, @NL80211_BAND_60GHZ={0x74, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xa, 0x9, 0x0, 0x894, 0xe, 0x3, 0xb, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x101, 0x8, 0x9, 0x2, 0x9, 0xda0c, 0x8001]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x9, 0x3, 0x18, 0x3, 0x2, 0x30, 0x3, 0x1b, 0x48, 0x16, 0x1b, 0x1, 0x48, 0x0, 0xc, 0x30, 0x36, 0x6c, 0x1, 0x60, 0x60, 0x24, 0x60, 0x5, 0x60, 0x18, 0x6c, 0x30, 0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x6, 0x4, 0xa1f9, 0xfff7, 0x4, 0x7, 0x20]}}]}, @NL80211_BAND_5GHZ={0x6c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x8, 0x2, [{0x4, 0x1}, {0x2, 0x1}, {0x0, 0xa}, {0x0, 0x4}]}, @NL80211_TXRATE_HT={0x39, 0x2, [{0x5, 0x4}, {0x7, 0x6}, {0x1, 0x6}, {0x4, 0x2}, {0x2, 0x7}, {0x0, 0x4}, {0x0, 0x1}, {0x0, 0x9}, {0x2, 0x4}, {0x4}, {0x3, 0x6}, {0x0, 0x4}, {0x1, 0x6}, {0x4, 0x5}, {0x0, 0x6}, {0x5, 0x2}, {0x0, 0x2}, {0x3, 0x1}, {0x0, 0x8}, {0x1, 0x6}, {0x0, 0x1}, {0x6}, {0x7, 0x9}, {0x0, 0x4}, {0x2, 0x6}, {0x4, 0x9}, {0x0, 0x1}, {0x1, 0x7}, {0x3, 0x2}, {0x1}, {0x0, 0xa}, {0x1, 0x5}, {0x0, 0x3}, {0x7, 0x7}, {0x3, 0x7}, {0x2, 0x6}, {0x4, 0x6}, {0x4}, {0x1, 0xa}, {0x2, 0x8}, {0x3, 0x6}, {0x7, 0x1}, {0x2, 0x2}, {0x0, 0x1}, {0x4, 0x4}, {0x3, 0x6}, {0x3, 0x5}, {0x2, 0x6}, {0x5, 0x7}, {0x0, 0x9}, {0x4, 0x1a}, {}, {0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff00, 0xcd2, 0x1, 0x2b8, 0x1, 0x192, 0x200, 0x3]}}]}]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008815)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r2, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x4}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x40, r2, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x40001)

1.288543806s ago: executing program 0 (id=2430):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r1 = bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r2}, 0x10) (async)
socket$inet6(0xa, 0x3, 0xfffffffc)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r4}, 0x18) (async)
connect$pppl2tp(r3, 0x0, 0x0) (async)
writev(r3, &(0x7f0000000180), 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000004) (async)
connect$bt_sco(r5, &(0x7f0000000000), 0x8)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'dummy0\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c58b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (async)
ioctl$FS_IOC_GETFSLABEL(r7, 0x400452c8, &(0x7f0000000100)) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, 0x0, 0x40000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))

1.284984483s ago: executing program 1 (id=2431):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000c00100004012200a4e2000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000c00100004012200a4e2000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000580), 0x2000cc0, r0}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000000040)=""/30, &(0x7f0000000240), &(0x7f0000000280), 0x1, r0}, 0x38)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0xc, @broadcast, 0x4e24, 0x1, 'fo\x00', 0x10, 0x7, 0x3c}, 0x2c)

1.144194606s ago: executing program 0 (id=2433):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x0, 0x0, 0x0, 0x4, 0xfa, &(0x7f00000007c0)=""/250, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x5, 0x6, 0x8, 0x8, 0x0, 0x2, 0xb, 0x8}, &(0x7f0000000180)={0x100000001, 0x2, 0x7fff, 0x22c, 0x5, 0x0, 0xa9e, 0x7}, &(0x7f00000001c0)={0x4, 0x9, 0x81, 0xa1, 0x3, 0xff, 0x1, 0xffff}, &(0x7f0000000200)={0x77359400}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f40)=@newtaction={0x464, 0x30, 0x300, 0x70bd25, 0x25dfdc01, {}, [{0x1b4, 0x1, [@m_xt={0xe0, 0x4, 0x0, 0x0, {{0x7}, {0xb8, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x30, 0x6, {0xbf19, 'security\x00', 0xff, 0x80, "a84886b6609b"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TARG={0x2a, 0x6, {0x0, 'filter\x00', 0x0, 0x4}}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TARG={0x2a, 0x6, {0xff, 'security\x00', 0xe, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xd0, 0x15, 0x0, 0x0, {{0xf}, {0x90, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @mcast1}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @loopback}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0x1, 0x4, 0x101, 0x8}, 0x1}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x1}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x4000, 0xffffff01, 0x1, 0x10000, 0x3}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}]}, {0x14, 0x6, "21325878461b1188706e922a7ac51eee"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, {0x4}, {0x298, 0x1, [@m_skbedit={0x13c, 0x18, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x4}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x2}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x6}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x0, 0x7}}]}, {0xe6, 0x6, "d6987441e6690e6c1709e2d486e1fe8d88ec09f6d6b6bbf2d16e9aba19d6975e592a9891b17a76ff8123f566297ca53ac86b3edf9f7be1630a7197090f0b0250d251d03591e54115549e0c501b8c17ed010589d8d6514f56fe4d8bf6f5586246388936077ae337f1cafd1d2ab7371eaa27c9e38ea6881cef4cfe462aef44cbb4ae4caffc03f3f59cc2b307479da4da58971658132cea4caa105254f98abc7fd2c5a766e0d2e5e37c9a70c9c769cb98e7a83cef615054af77abf2cded65a0538e13fe2f76f66c9c51c873074b34cdfef77e4f56a1328c68e16d8f2b37c16000f593a8"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_simple={0x158, 0x1c, 0x0, 0x0, {{0xb}, {0x60, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x4, 0xfffffff1, 0x10000000, 0x3bbe54a4, 0x101}}, @TCA_DEF_DATA={0xb, 0x3, 'filter\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x2, 0x10, 0x6, 0x3, 0x42}}, @TCA_DEF_PARMS={0x18, 0x2, {0xb75, 0xa, 0x10000000, 0x101, 0x7}}, @TCA_DEF_DATA={0x7, 0x3, '%.\x00'}]}, {0xd0, 0x6, "67574da486a6046e705fccd8579afa15ea5145f50ba28e8a6f3b8ff8a8e1edced0087174b62c51180aa59276b34b0a6df8b7f22817224a72d18e6c72ca7ed8e576c6ed475a501eb8a69f4c691ad94711a531888f3972aff1bc5b498321649b7e834e6cdf7f1176dd6ddc91977ed7dbcbdffac01aa221f328e5f05e3c1e79ccce2643843ba968bec2246c56502c3d3d25375e71f5827116e802aec255031f142d298b9877389d2db716d10a6db020a520abbc04ac6dceeee184d30934555a379bf2009efbc6c21718948bceda"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x464}}, 0x0)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000), 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816", 0xe0}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def", 0xe8}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad", 0x24}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b", 0x36}], 0x4}}], 0x1, 0xc0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401})
writev(r5, &(0x7f0000000280)=[{&(0x7f0000000080)="0bc3ff", 0x3}, {&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x00', 0x7}, {&(0x7f00000000c0)="2764ae4f65", 0x5}], 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
sendto$inet(r4, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x4000080)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xf00)

1.088903963s ago: executing program 4 (id=2434):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg$sock(r0, &(0x7f0000006740)=[{{&(0x7f0000000180)=@phonet={0x23, 0x9, 0x9, 0x9}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0xfffffff7}}], 0x18}}], 0x1, 0x20060001)

951.517548ms ago: executing program 4 (id=2435):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1e, &(0x7f0000001680)={@ipv4={'\x00', '\xff\xff', @remote}}, 0x14)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r3, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x1c}}, 0x0)

673.0737ms ago: executing program 4 (id=2436):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000003180)=@newtaction={0x14, 0x30, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x5}, {0xffff, 0xffff}, {0xffff, 0xe}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffeee, 0x2, {{0x2, 0x1ff, 0x5b42, 0x7}, 0x3ff, 0x1, 0x40, 0x512, 0x0, 0xa, 0x10, 0x1d, 0x7, 0x3ff, {0x8000, 0xb4, 0x5, 0xa, 0x0, 0x5}}}}]}, 0x78}}, 0x8000)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xe, 0x9}, {0xfff3, 0x5}, {0xe, 0x2613a1b406814a86}}}, 0x24}}, 0x44804)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r5 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000001280)=[{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000001400)="43174b", 0x3}, {&(0x7f0000000100)="41038f5324", 0x5}], 0x2, 0x0, 0x0, 0x44800}], 0x1, 0x4000)
syz_emit_ethernet(0x12, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff0e8aaaaaaabb81003c000002"], 0x0)

440.607812ms ago: executing program 4 (id=2437):
unshare(0x22020600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xa, 0x9, 0x8, 0x40, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000480), 0x1000, r0}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000100), &(0x7f0000000580)=""/4096}, 0x20)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0x0, 0xc13, 0x10}, 0xc)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000001200)={0x1d, r7, 0x0, {0x1}}, 0x18)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r8, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0], <r9=>0x0, 0x79, &(0x7f0000000600)=[{}], 0x8, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xc7, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x14, 0x4, 0x4, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r12 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r12, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r12, &(0x7f0000000200)={0x2, 0x3, @empty}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r11, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r12}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r11, &(0x7f0000000280), &(0x7f0000000100)=@tcp=r12, 0x1}, 0x20)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0x67, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1f, 0x25, &(0x7f0000000300)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @map_val={0x18, 0x4, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffe}, @map_val={0x18, 0x29a39fcb3f8be5be, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x0, 0x1, 0xd, 0x4, 0xa, 0x50, 0xfffffffffffffff0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa24}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x67, &(0x7f0000000480)=""/103, 0x41100, 0x10, '\x00', r7, @fallback=0x2a, r8, 0x8, &(0x7f0000000500)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, r9, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[r10, r11, 0x1, r13], 0x0, 0x10, 0x5, @void, @value}, 0x94)
r14 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002ec0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r14, 0x60, &(0x7f0000001400)}, 0xf)

257.077805ms ago: executing program 4 (id=2438):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe4, 0xe4, 0xc, [@enum64={0x8, 0xa, 0x0, 0x13, 0x1, 0x1, [{0xf, 0x8e6, 0xb}, {0x7, 0x6, 0x4}, {0x9, 0x7}, {0xb, 0x100, 0xf}, {0xe, 0x1, 0x3ff}, {0x8, 0x8539, 0x80000000}, {0x4, 0x9, 0xff}, {0xf, 0x7ff, 0x7}, {0xf, 0x8000000, 0xd}, {0x7, 0x5e59, 0x1000}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1, 0xffff}}, @union={0x9, 0x5, 0x0, 0x5, 0x1, 0x9, [{0xd, 0x4, 0x4}, {0x7, 0x3, 0x2}, {0x1, 0x3, 0xc5}, {0x1, 0x1, 0x9}, {0xc, 0x2, 0x7}]}]}, {0x0, [0x2e, 0x5f, 0x2e, 0x30, 0x61, 0x30, 0x0, 0x30, 0x0, 0x5f]}}, &(0x7f0000000800)=""/79, 0x108, 0x4f, 0x0, 0x4, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r1, @ANYBLOB="0000000000000000b70500000800000085000000690000e99b"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2d, '\x00', 0x0, @fallback=0xe, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x7, 0xff, 0xffffffff, 0x8000, r1, 0x8000, '\x00', 0x0, r3, 0x4, 0x5, 0x4, 0x3, @value, @void, @void, @value}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, &(0x7f00000002c0)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x6c3, 0x8}, 0x8)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2000}, 0x8, 0x10, &(0x7f0000000000)={0x2, 0xe}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r9}, 0x18)
r10 = socket$tipc(0x1e, 0x2, 0x0)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
setsockopt$inet_int(r11, 0x0, 0xf, &(0x7f00000001c0)=0x4, 0x56)
bind$tipc(r10, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x2}}, 0x10)
r12 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r12, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r12, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r12, &(0x7f0000000440)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x3}}, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bind$tipc(r10, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r13=>0x0})
r14 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r14, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r8, 0x1, 0x0, 0x1000000, {{}, {@val={0x8, 0x3, r13}, @void}}}, 0x1c}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
splice(r4, &(0x7f0000000880)=0xffffffffffff1b67, r5, &(0x7f00000008c0)=0xd93b, 0x0, 0x1)

0s ago: executing program 4 (id=2439):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0xa2}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200, 0x6c}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

kernel console output (not intermixed with test programs):

w'
[  323.362240][T12817] team0: Port device team_slave_0 added
[  323.421223][T12881] pim6reg: entered allmulticast mode
[  323.456545][T12817] team0: Port device team_slave_1 added
[  323.643708][T12817] batman_adv: batadv0: Adding interface: batadv_slave_0
[  323.658172][T12898] netlink: del zone limit has 4 unknown bytes
[  323.668107][T12817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.760636][T12817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  323.788945][T12902] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2039'.
[  323.807124][T12817] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.835223][T12817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.883233][T12817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.981233][T12909] netlink: 'syz.4.2043': attribute type 4 has an invalid length.
[  324.107448][T12817] hsr_slave_0: entered promiscuous mode
[  324.126322][T12817] hsr_slave_1: entered promiscuous mode
[  324.139605][T12817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  324.149486][T12817] Cannot create hsr debugfs directory
[  324.157578][T12912] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  324.166861][T12912] CPU: 1 UID: 0 PID: 12912 Comm: syz.1.2046 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  324.166883][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  324.166893][T12912] Call Trace:
[  324.166900][T12912]  <TASK>
[  324.166907][T12912]  dump_stack_lvl+0x189/0x250
[  324.166934][T12912]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.166951][T12912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.166973][T12912]  ? __pfx__printk+0x10/0x10
[  324.166992][T12912]  ? kernfs_path_from_node+0x2b/0x260
[  324.167016][T12912]  ? kernfs_path_from_node+0x216/0x260
[  324.167041][T12912]  sysfs_warn_dup+0x8e/0xa0
[  324.167062][T12912]  sysfs_do_create_link_sd+0xc0/0x110
[  324.167085][T12912]  device_add_class_symlinks+0x1cf/0x240
[  324.167108][T12912]  device_add+0x475/0xb50
[  324.167130][T12912]  wiphy_register+0x199a/0x26b0
[  324.167163][T12912]  ? __pfx_wiphy_register+0x10/0x10
[  324.167181][T12912]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  324.167207][T12912]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  324.167232][T12912]  ieee80211_register_hw+0x334b/0x4060
[  324.167267][T12912]  ? ieee80211_register_hw+0x14d1/0x4060
[  324.167299][T12912]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  324.167325][T12912]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  324.167355][T12912]  ? __hrtimer_setup+0x187/0x210
[  324.167377][T12912]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  324.167407][T12912]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  324.167457][T12912]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  324.167485][T12912]  ? trace_kmalloc+0x1f/0xd0
[  324.167508][T12912]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  324.167536][T12912]  ? kstrndup+0xbf/0x160
[  324.167570][T12912]  hwsim_new_radio_nl+0xea4/0x1b10
[  324.167596][T12912]  ? __pfx___nla_validate_parse+0x10/0x10
[  324.167628][T12912]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  324.167655][T12912]  ? __nla_parse+0x40/0x60
[  324.167677][T12912]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  324.167701][T12912]  genl_family_rcv_msg_doit+0x212/0x300
[  324.167722][T12912]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  324.167748][T12912]  ? bpf_lsm_capable+0x9/0x20
[  324.167769][T12912]  ? security_capable+0x7e/0x2e0
[  324.167792][T12912]  genl_rcv_msg+0x60e/0x790
[  324.167811][T12912]  ? __pfx_genl_rcv_msg+0x10/0x10
[  324.167825][T12912]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  324.167852][T12912]  netlink_rcv_skb+0x219/0x490
[  324.167872][T12912]  ? __pfx_genl_rcv_msg+0x10/0x10
[  324.167888][T12912]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  324.167928][T12912]  ? down_read+0x1ad/0x2e0
[  324.167947][T12912]  genl_rcv+0x28/0x40
[  324.167969][T12912]  netlink_unicast+0x758/0x8d0
[  324.167996][T12912]  netlink_sendmsg+0x805/0xb30
[  324.168025][T12912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.168048][T12912]  ? aa_sock_msg_perm+0x94/0x160
[  324.168067][T12912]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  324.168083][T12912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.168104][T12912]  __sock_sendmsg+0x219/0x270
[  324.168124][T12912]  ____sys_sendmsg+0x505/0x830
[  324.168150][T12912]  ? __pfx_____sys_sendmsg+0x10/0x10
[  324.168180][T12912]  ? import_iovec+0x74/0xa0
[  324.168204][T12912]  ___sys_sendmsg+0x21f/0x2a0
[  324.168228][T12912]  ? __pfx____sys_sendmsg+0x10/0x10
[  324.168281][T12912]  ? __fget_files+0x2a/0x420
[  324.168300][T12912]  ? __fget_files+0x3a0/0x420
[  324.168329][T12912]  __x64_sys_sendmsg+0x19b/0x260
[  324.168353][T12912]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  324.168395][T12912]  ? do_syscall_64+0xba/0x210
[  324.168416][T12912]  do_syscall_64+0xf6/0x210
[  324.168432][T12912]  ? clear_bhb_loop+0x45/0xa0
[  324.168452][T12912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.168467][T12912] RIP: 0033:0x7f459218e969
[  324.168481][T12912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.168494][T12912] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  324.168510][T12912] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  324.168521][T12912] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  324.168531][T12912] RBP: 00007f4592210ab1 R08: 0000000000000000 R09: 0000000000000000
[  324.168540][T12912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.168549][T12912] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  324.168574][T12912]  </TASK>
[  324.238935][T12921] netlink: 'syz.0.2047': attribute type 4 has an invalid length.
[  324.481013][ T5140] Bluetooth: hci1: command tx timeout
[  325.024545][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.037645][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.050395][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.058218][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.147301][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.167756][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x0
[  325.191054][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x3
[  325.202999][T12952] netlink: 'syz.0.2060': attribute type 4 has an invalid length.
[  325.212384][T12170] hid-generic 0005:16C0:5505.0001: unknown main item tag 0x1
[  325.281706][T12170] hid-generic 0005:16C0:5505.0001: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa
[  325.304294][T12955] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2059'.
[  325.546880][T12967] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  325.569706][T12967] CPU: 1 UID: 0 PID: 12967 Comm: syz.5.2063 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  325.569739][T12967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  325.569752][T12967] Call Trace:
[  325.569760][T12967]  <TASK>
[  325.569770][T12967]  dump_stack_lvl+0x189/0x250
[  325.569807][T12967]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.569831][T12967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.569861][T12967]  ? __pfx__printk+0x10/0x10
[  325.569888][T12967]  ? kernfs_path_from_node+0x2b/0x260
[  325.569921][T12967]  ? kernfs_path_from_node+0x216/0x260
[  325.569954][T12967]  sysfs_warn_dup+0x8e/0xa0
[  325.569982][T12967]  sysfs_do_create_link_sd+0xc0/0x110
[  325.570014][T12967]  device_add_class_symlinks+0x1cf/0x240
[  325.570045][T12967]  device_add+0x475/0xb50
[  325.570075][T12967]  wiphy_register+0x199a/0x26b0
[  325.570122][T12967]  ? __pfx_wiphy_register+0x10/0x10
[  325.570147][T12967]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  325.570184][T12967]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  325.570228][T12967]  ieee80211_register_hw+0x334b/0x4060
[  325.570277][T12967]  ? ieee80211_register_hw+0x14d1/0x4060
[  325.570322][T12967]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  325.570358][T12967]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  325.570400][T12967]  ? __hrtimer_setup+0x187/0x210
[  325.570430][T12967]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  325.570458][T12967]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  325.570530][T12967]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  325.570562][T12967]  ? trace_kmalloc+0x1f/0xd0
[  325.570585][T12967]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  325.570613][T12967]  ? kstrndup+0xbf/0x160
[  325.570646][T12967]  hwsim_new_radio_nl+0xea4/0x1b10
[  325.570671][T12967]  ? __pfx___nla_validate_parse+0x10/0x10
[  325.570713][T12967]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  325.570748][T12967]  ? __nla_parse+0x40/0x60
[  325.570779][T12967]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  325.570810][T12967]  genl_family_rcv_msg_doit+0x212/0x300
[  325.570840][T12967]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  325.570877][T12967]  ? bpf_lsm_capable+0x9/0x20
[  325.570907][T12967]  ? security_capable+0x7e/0x2e0
[  325.570937][T12967]  genl_rcv_msg+0x60e/0x790
[  325.570966][T12967]  ? __pfx_genl_rcv_msg+0x10/0x10
[  325.570984][T12967]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  325.571024][T12967]  netlink_rcv_skb+0x219/0x490
[  325.571052][T12967]  ? __pfx_genl_rcv_msg+0x10/0x10
[  325.571074][T12967]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  325.571132][T12967]  ? down_read+0x1ad/0x2e0
[  325.571158][T12967]  genl_rcv+0x28/0x40
[  325.571188][T12967]  netlink_unicast+0x758/0x8d0
[  325.571265][T12967]  netlink_sendmsg+0x805/0xb30
[  325.571306][T12967]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.571338][T12967]  ? aa_sock_msg_perm+0x94/0x160
[  325.571365][T12967]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  325.571388][T12967]  ? __pfx_netlink_sendmsg+0x10/0x10
[  325.571417][T12967]  __sock_sendmsg+0x219/0x270
[  325.571444][T12967]  ____sys_sendmsg+0x505/0x830
[  325.571481][T12967]  ? __pfx_____sys_sendmsg+0x10/0x10
[  325.571523][T12967]  ? import_iovec+0x74/0xa0
[  325.571557][T12967]  ___sys_sendmsg+0x21f/0x2a0
[  325.571590][T12967]  ? __pfx____sys_sendmsg+0x10/0x10
[  325.571665][T12967]  ? __fget_files+0x2a/0x420
[  325.571692][T12967]  ? __fget_files+0x3a0/0x420
[  325.571734][T12967]  __x64_sys_sendmsg+0x19b/0x260
[  325.571767][T12967]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  325.571818][T12967]  ? do_syscall_64+0xba/0x210
[  325.571846][T12967]  do_syscall_64+0xf6/0x210
[  325.571869][T12967]  ? clear_bhb_loop+0x45/0xa0
[  325.571896][T12967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.571917][T12967] RIP: 0033:0x7f542238e969
[  325.571937][T12967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.571956][T12967] RSP: 002b:00007f54231ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  325.571979][T12967] RAX: ffffffffffffffda RBX: 00007f54225b5fa0 RCX: 00007f542238e969
[  325.571996][T12967] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  325.572010][T12967] RBP: 00007f5422410ab1 R08: 0000000000000000 R09: 0000000000000000
[  325.572023][T12967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  325.572036][T12967] R13: 0000000000000000 R14: 00007f54225b5fa0 R15: 00007fff056f0418
[  325.572073][T12967]  </TASK>
[  326.121564][T12817] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  326.156917][T12817] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  326.174132][T12970] syzkaller1: entered promiscuous mode
[  326.192825][T12970] syzkaller1: entered allmulticast mode
[  326.199861][T12817] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  326.212960][T12817] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  326.233364][T12973] netlink: 'syz.1.2066': attribute type 4 has an invalid length.
[  326.315193][T12817] 8021q: adding VLAN 0 to HW filter on device bond0
[  326.366345][T12817] 8021q: adding VLAN 0 to HW filter on device team0
[  326.471512][T12982] netlink: 'syz.1.2068': attribute type 39 has an invalid length.
[  326.486531][ T3442] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.493783][ T3442] bridge0: port 1(bridge_slave_0) entered forwarding state
[  326.578647][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.585875][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.671524][ T5140] Bluetooth: hci1: command tx timeout
[  326.821361][T12998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2073'.
[  326.853282][T12998] netlink: 'syz.0.2073': attribute type 4 has an invalid length.
[  326.869222][T12998] netlink: 'syz.0.2073': attribute type 12 has an invalid length.
[  327.221585][T13011] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2078'.
[  327.305225][T13013] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  327.329040][T13013] CPU: 1 UID: 0 PID: 13013 Comm: syz.5.2079 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  327.329075][T13013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  327.329090][T13013] Call Trace:
[  327.329100][T13013]  <TASK>
[  327.329110][T13013]  dump_stack_lvl+0x189/0x250
[  327.329147][T13013]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.329171][T13013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.329201][T13013]  ? __pfx__printk+0x10/0x10
[  327.329227][T13013]  ? kernfs_path_from_node+0x2b/0x260
[  327.329260][T13013]  ? kernfs_path_from_node+0x216/0x260
[  327.329300][T13013]  sysfs_warn_dup+0x8e/0xa0
[  327.329329][T13013]  sysfs_do_create_link_sd+0xc0/0x110
[  327.329361][T13013]  device_add_class_symlinks+0x1cf/0x240
[  327.329392][T13013]  device_add+0x475/0xb50
[  327.329423][T13013]  wiphy_register+0x199a/0x26b0
[  327.329469][T13013]  ? __pfx_wiphy_register+0x10/0x10
[  327.329495][T13013]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  327.329530][T13013]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  327.329566][T13013]  ieee80211_register_hw+0x334b/0x4060
[  327.329612][T13013]  ? ieee80211_register_hw+0x14d1/0x4060
[  327.329654][T13013]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  327.329691][T13013]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  327.329731][T13013]  ? __hrtimer_setup+0x187/0x210
[  327.329760][T13013]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  327.329786][T13013]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  327.329856][T13013]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  327.329888][T13013]  ? trace_kmalloc+0x1f/0xd0
[  327.329909][T13013]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  327.329936][T13013]  ? kstrndup+0xbf/0x160
[  327.329969][T13013]  hwsim_new_radio_nl+0xea4/0x1b10
[  327.329993][T13013]  ? __pfx___nla_validate_parse+0x10/0x10
[  327.330038][T13013]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  327.330063][T13013]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  327.330095][T13013]  ? __nla_parse+0x40/0x60
[  327.330126][T13013]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  327.330157][T13013]  genl_family_rcv_msg_doit+0x212/0x300
[  327.330188][T13013]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  327.330225][T13013]  ? bpf_lsm_capable+0x9/0x20
[  327.330254][T13013]  ? security_capable+0x7e/0x2e0
[  327.330284][T13013]  genl_rcv_msg+0x60e/0x790
[  327.330321][T13013]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.330341][T13013]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  327.330381][T13013]  netlink_rcv_skb+0x219/0x490
[  327.330409][T13013]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.330432][T13013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  327.330489][T13013]  ? down_read+0x1ad/0x2e0
[  327.330516][T13013]  genl_rcv+0x28/0x40
[  327.330544][T13013]  netlink_unicast+0x758/0x8d0
[  327.330581][T13013]  netlink_sendmsg+0x805/0xb30
[  327.330618][T13013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  327.330648][T13013]  ? aa_sock_msg_perm+0x94/0x160
[  327.330673][T13013]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  327.330697][T13013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  327.330725][T13013]  __sock_sendmsg+0x219/0x270
[  327.330752][T13013]  ____sys_sendmsg+0x505/0x830
[  327.330787][T13013]  ? __pfx_____sys_sendmsg+0x10/0x10
[  327.330828][T13013]  ? import_iovec+0x74/0xa0
[  327.330862][T13013]  ___sys_sendmsg+0x21f/0x2a0
[  327.330894][T13013]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.330968][T13013]  ? __fget_files+0x2a/0x420
[  327.330995][T13013]  ? __fget_files+0x3a0/0x420
[  327.331036][T13013]  __x64_sys_sendmsg+0x19b/0x260
[  327.331070][T13013]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  327.331120][T13013]  ? do_syscall_64+0xba/0x210
[  327.331148][T13013]  do_syscall_64+0xf6/0x210
[  327.331171][T13013]  ? clear_bhb_loop+0x45/0xa0
[  327.331198][T13013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.331219][T13013] RIP: 0033:0x7f542238e969
[  327.331239][T13013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.331257][T13013] RSP: 002b:00007f54231ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.331280][T13013] RAX: ffffffffffffffda RBX: 00007f54225b5fa0 RCX: 00007f542238e969
[  327.331303][T13013] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  327.331317][T13013] RBP: 00007f5422410ab1 R08: 0000000000000000 R09: 0000000000000000
[  327.331330][T13013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  327.331342][T13013] R13: 0000000000000000 R14: 00007f54225b5fa0 R15: 00007fff056f0418
[  327.331378][T13013]  </TASK>
[  327.786025][T12817] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.832226][T13016] netlink: 'syz.0.2080': attribute type 4 has an invalid length.
[  327.893485][T12817] veth0_vlan: entered promiscuous mode
[  327.906958][T12817] veth1_vlan: entered promiscuous mode
[  327.948412][T12817] veth0_macvtap: entered promiscuous mode
[  327.959147][T12817] veth1_macvtap: entered promiscuous mode
[  327.982442][T12817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.993021][T12817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.006516][T12817] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.017306][T12817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.027804][T12817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.039484][T12817] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.131085][T12817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.139968][T12817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.152886][T12817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.162196][T12817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.331651][T13033] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2088'.
[  328.426065][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.445909][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.526666][T13040] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2089'.
[  328.606179][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.642355][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.642861][T13045] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  328.665140][T13040] netlink: 'syz.4.2089': attribute type 4 has an invalid length.
[  328.749648][T13045] No such timeout policy "syz1"
[  328.754730][ T5140] Bluetooth: hci1: command tx timeout
[  329.032892][T13065] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2094'.
[  329.203773][T13071] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  329.215599][T13071] CPU: 1 UID: 0 PID: 13071 Comm: syz.4.2095 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  329.215630][T13071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  329.215645][T13071] Call Trace:
[  329.215654][T13071]  <TASK>
[  329.215664][T13071]  dump_stack_lvl+0x189/0x250
[  329.215702][T13071]  ? lockdep_hardirqs_on+0x9c/0x150
[  329.215726][T13071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.215757][T13071]  ? __pfx__printk+0x10/0x10
[  329.215783][T13071]  ? kernfs_path_from_node+0x2b/0x260
[  329.215815][T13071]  ? kernfs_path_from_node+0x216/0x260
[  329.215845][T13071]  sysfs_warn_dup+0x8e/0xa0
[  329.215874][T13071]  sysfs_do_create_link_sd+0xc0/0x110
[  329.215904][T13071]  device_add_class_symlinks+0x1cf/0x240
[  329.215933][T13071]  device_add+0x475/0xb50
[  329.215963][T13071]  wiphy_register+0x199a/0x26b0
[  329.216008][T13071]  ? __pfx_wiphy_register+0x10/0x10
[  329.216033][T13071]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  329.216069][T13071]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  329.216112][T13071]  ieee80211_register_hw+0x334b/0x4060
[  329.216162][T13071]  ? ieee80211_register_hw+0x14d1/0x4060
[  329.216206][T13071]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  329.216241][T13071]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  329.216281][T13071]  ? __hrtimer_setup+0x187/0x210
[  329.216311][T13071]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  329.216340][T13071]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  329.216411][T13071]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  329.216444][T13071]  ? trace_kmalloc+0x1f/0xd0
[  329.216467][T13071]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  329.216494][T13071]  ? kstrndup+0xbf/0x160
[  329.216527][T13071]  hwsim_new_radio_nl+0xea4/0x1b10
[  329.216551][T13071]  ? __pfx___nla_validate_parse+0x10/0x10
[  329.216593][T13071]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  329.216617][T13071]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  329.216648][T13071]  ? __nla_parse+0x40/0x60
[  329.216678][T13071]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  329.216709][T13071]  genl_family_rcv_msg_doit+0x212/0x300
[  329.216740][T13071]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  329.216776][T13071]  ? bpf_lsm_capable+0x9/0x20
[  329.216805][T13071]  ? security_capable+0x7e/0x2e0
[  329.216838][T13071]  genl_rcv_msg+0x60e/0x790
[  329.216867][T13071]  ? __pfx_genl_rcv_msg+0x10/0x10
[  329.216885][T13071]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  329.216924][T13071]  netlink_rcv_skb+0x219/0x490
[  329.216952][T13071]  ? __pfx_genl_rcv_msg+0x10/0x10
[  329.216974][T13071]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  329.217029][T13071]  ? down_read+0x1ad/0x2e0
[  329.217056][T13071]  genl_rcv+0x28/0x40
[  329.217086][T13071]  netlink_unicast+0x758/0x8d0
[  329.217132][T13071]  netlink_sendmsg+0x805/0xb30
[  329.217171][T13071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.217201][T13071]  ? aa_sock_msg_perm+0x94/0x160
[  329.217225][T13071]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  329.217247][T13071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.217273][T13071]  __sock_sendmsg+0x219/0x270
[  329.217298][T13071]  ____sys_sendmsg+0x505/0x830
[  329.217332][T13071]  ? __pfx_____sys_sendmsg+0x10/0x10
[  329.217370][T13071]  ? import_iovec+0x74/0xa0
[  329.217403][T13071]  ___sys_sendmsg+0x21f/0x2a0
[  329.217434][T13071]  ? __pfx____sys_sendmsg+0x10/0x10
[  329.217504][T13071]  ? __fget_files+0x2a/0x420
[  329.217530][T13071]  ? __fget_files+0x3a0/0x420
[  329.217568][T13071]  __x64_sys_sendmsg+0x19b/0x260
[  329.217599][T13071]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  329.217646][T13071]  ? do_syscall_64+0xba/0x210
[  329.217672][T13071]  do_syscall_64+0xf6/0x210
[  329.217694][T13071]  ? clear_bhb_loop+0x45/0xa0
[  329.217720][T13071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.217741][T13071] RIP: 0033:0x7fbc04f8e969
[  329.217760][T13071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.217778][T13071] RSP: 002b:00007fbc05d4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.217802][T13071] RAX: ffffffffffffffda RBX: 00007fbc051b5fa0 RCX: 00007fbc04f8e969
[  329.217817][T13071] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  329.217830][T13071] RBP: 00007fbc05010ab1 R08: 0000000000000000 R09: 0000000000000000
[  329.217844][T13071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  329.217857][T13071] R13: 0000000000000000 R14: 00007fbc051b5fa0 R15: 00007ffe94c9abf8
[  329.217892][T13071]  </TASK>
[  330.021242][T13091] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2106'.
[  330.030347][T13091] openvswitch: netlink: Flow actions attr not present in new flow.
[  330.135285][   T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.174579][T13096] tipc: Started in network mode
[  330.179660][T13096] tipc: Node identity 8640de4e1392, cluster identity 4711
[  330.199261][T13096] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  330.224735][T13101] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  330.240870][T13101] CPU: 0 UID: 0 PID: 13101 Comm: syz.4.2108 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  330.240903][T13101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  330.240917][T13101] Call Trace:
[  330.240927][T13101]  <TASK>
[  330.240937][T13101]  dump_stack_lvl+0x189/0x250
[  330.240973][T13101]  ? lockdep_hardirqs_on+0x9c/0x150
[  330.240996][T13101]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.241026][T13101]  ? __pfx__printk+0x10/0x10
[  330.241052][T13101]  ? kernfs_path_from_node+0x2b/0x260
[  330.241086][T13101]  ? kernfs_path_from_node+0x216/0x260
[  330.241126][T13101]  sysfs_warn_dup+0x8e/0xa0
[  330.241155][T13101]  sysfs_do_create_link_sd+0xc0/0x110
[  330.241187][T13101]  device_add_class_symlinks+0x1cf/0x240
[  330.241219][T13101]  device_add+0x475/0xb50
[  330.241251][T13101]  wiphy_register+0x199a/0x26b0
[  330.241298][T13101]  ? __pfx_wiphy_register+0x10/0x10
[  330.241324][T13101]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  330.241360][T13101]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  330.241395][T13101]  ieee80211_register_hw+0x334b/0x4060
[  330.241443][T13101]  ? ieee80211_register_hw+0x14d1/0x4060
[  330.241488][T13101]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  330.241525][T13101]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  330.241566][T13101]  ? __hrtimer_setup+0x187/0x210
[  330.241596][T13101]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  330.241623][T13101]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  330.241693][T13101]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  330.241726][T13101]  ? trace_kmalloc+0x1f/0xd0
[  330.241749][T13101]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  330.241776][T13101]  ? kstrndup+0xbf/0x160
[  330.241809][T13101]  hwsim_new_radio_nl+0xea4/0x1b10
[  330.241834][T13101]  ? __pfx___nla_validate_parse+0x10/0x10
[  330.241878][T13101]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  330.241903][T13101]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  330.241932][T13101]  ? __nla_parse+0x40/0x60
[  330.241960][T13101]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  330.241991][T13101]  genl_family_rcv_msg_doit+0x212/0x300
[  330.242020][T13101]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  330.242055][T13101]  ? bpf_lsm_capable+0x9/0x20
[  330.242084][T13101]  ? security_capable+0x7e/0x2e0
[  330.242121][T13101]  genl_rcv_msg+0x60e/0x790
[  330.242148][T13101]  ? __pfx_genl_rcv_msg+0x10/0x10
[  330.242167][T13101]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  330.242206][T13101]  netlink_rcv_skb+0x219/0x490
[  330.242234][T13101]  ? __pfx_genl_rcv_msg+0x10/0x10
[  330.242254][T13101]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  330.242308][T13101]  ? down_read+0x1ad/0x2e0
[  330.242336][T13101]  genl_rcv+0x28/0x40
[  330.242365][T13101]  netlink_unicast+0x758/0x8d0
[  330.242404][T13101]  netlink_sendmsg+0x805/0xb30
[  330.242443][T13101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.242475][T13101]  ? aa_sock_msg_perm+0x94/0x160
[  330.242500][T13101]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  330.242524][T13101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.242551][T13101]  __sock_sendmsg+0x219/0x270
[  330.242578][T13101]  ____sys_sendmsg+0x505/0x830
[  330.242615][T13101]  ? __pfx_____sys_sendmsg+0x10/0x10
[  330.242661][T13101]  ? import_iovec+0x74/0xa0
[  330.242697][T13101]  ___sys_sendmsg+0x21f/0x2a0
[  330.242730][T13101]  ? __pfx____sys_sendmsg+0x10/0x10
[  330.242805][T13101]  ? __fget_files+0x2a/0x420
[  330.242832][T13101]  ? __fget_files+0x3a0/0x420
[  330.242873][T13101]  __x64_sys_sendmsg+0x19b/0x260
[  330.242907][T13101]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  330.242957][T13101]  ? do_syscall_64+0xba/0x210
[  330.242985][T13101]  do_syscall_64+0xf6/0x210
[  330.243008][T13101]  ? clear_bhb_loop+0x45/0xa0
[  330.243035][T13101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.243055][T13101] RIP: 0033:0x7fbc04f8e969
[  330.243075][T13101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.243100][T13101] RSP: 002b:00007fbc05d4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  330.243122][T13101] RAX: ffffffffffffffda RBX: 00007fbc051b5fa0 RCX: 00007fbc04f8e969
[  330.243138][T13101] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  330.243151][T13101] RBP: 00007fbc05010ab1 R08: 0000000000000000 R09: 0000000000000000
[  330.243165][T13101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  330.243178][T13101] R13: 0000000000000000 R14: 00007fbc051b5fa0 R15: 00007ffe94c9abf8
[  330.243213][T13101]  </TASK>
[  330.776776][T13096] tipc: Disabling bearer <eth:syzkaller0>
[  331.180303][   T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.326271][   T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.368120][   T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.463575][   T52] bridge_slave_1: left allmulticast mode
[  331.469266][   T52] bridge_slave_1: left promiscuous mode
[  331.475234][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.485403][   T52] bridge_slave_0: left allmulticast mode
[  331.491502][   T52] bridge_slave_0: left promiscuous mode
[  331.497360][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.844731][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  331.855970][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  331.866285][   T52] bond0 (unregistering): Released all slaves
[  332.290403][T13111] netlink: 'syz.5.2111': attribute type 1 has an invalid length.
[  332.328448][T13112] netlink: 'syz.5.2111': attribute type 1 has an invalid length.
[  332.559139][   T52] hsr_slave_0: left promiscuous mode
[  332.585078][   T52] hsr_slave_1: left promiscuous mode
[  332.613077][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  332.630813][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  332.655903][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  332.680866][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  332.801042][   T52] veth1_macvtap: left promiscuous mode
[  332.819593][   T52] veth0_macvtap: left promiscuous mode
[  332.839958][   T52] veth1_vlan: left promiscuous mode
[  332.860143][   T52] veth0_vlan: left promiscuous mode
[  332.889441][   T56] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  332.899649][   T56] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  332.908688][   T56] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  332.919796][   T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  332.927700][   T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  333.475691][   T52] team0 (unregistering): Port device team_slave_1 removed
[  333.515709][   T52] team0 (unregistering): Port device team_slave_0 removed
[  334.018301][T13151] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  334.030694][T13151] CPU: 0 UID: 0 PID: 13151 Comm: syz.5.2122 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  334.030725][T13151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.030738][T13151] Call Trace:
[  334.030747][T13151]  <TASK>
[  334.030757][T13151]  dump_stack_lvl+0x189/0x250
[  334.030793][T13151]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.030815][T13151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.030846][T13151]  ? __pfx__printk+0x10/0x10
[  334.030871][T13151]  ? kernfs_path_from_node+0x2b/0x260
[  334.030903][T13151]  ? kernfs_path_from_node+0x216/0x260
[  334.030935][T13151]  sysfs_warn_dup+0x8e/0xa0
[  334.030964][T13151]  sysfs_do_create_link_sd+0xc0/0x110
[  334.030995][T13151]  device_add_class_symlinks+0x1cf/0x240
[  334.031026][T13151]  device_add+0x475/0xb50
[  334.031057][T13151]  wiphy_register+0x199a/0x26b0
[  334.031103][T13151]  ? __pfx_wiphy_register+0x10/0x10
[  334.031128][T13151]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  334.031164][T13151]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  334.031198][T13151]  ieee80211_register_hw+0x334b/0x4060
[  334.031246][T13151]  ? ieee80211_register_hw+0x14d1/0x4060
[  334.031291][T13151]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  334.031327][T13151]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  334.031368][T13151]  ? __hrtimer_setup+0x187/0x210
[  334.031398][T13151]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  334.031425][T13151]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  334.031508][T13151]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  334.031541][T13151]  ? trace_kmalloc+0x1f/0xd0
[  334.031564][T13151]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  334.031592][T13151]  ? kstrndup+0xbf/0x160
[  334.031625][T13151]  hwsim_new_radio_nl+0xea4/0x1b10
[  334.031650][T13151]  ? __pfx___nla_validate_parse+0x10/0x10
[  334.031694][T13151]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  334.031719][T13151]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  334.031752][T13151]  ? __nla_parse+0x40/0x60
[  334.031782][T13151]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  334.031814][T13151]  genl_family_rcv_msg_doit+0x212/0x300
[  334.031843][T13151]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  334.031880][T13151]  ? bpf_lsm_capable+0x9/0x20
[  334.031908][T13151]  ? security_capable+0x7e/0x2e0
[  334.031939][T13151]  genl_rcv_msg+0x60e/0x790
[  334.031968][T13151]  ? __pfx_genl_rcv_msg+0x10/0x10
[  334.031986][T13151]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  334.032025][T13151]  netlink_rcv_skb+0x219/0x490
[  334.032052][T13151]  ? __pfx_genl_rcv_msg+0x10/0x10
[  334.032075][T13151]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  334.032132][T13151]  ? down_read+0x1ad/0x2e0
[  334.032159][T13151]  genl_rcv+0x28/0x40
[  334.032189][T13151]  netlink_unicast+0x758/0x8d0
[  334.032227][T13151]  netlink_sendmsg+0x805/0xb30
[  334.032267][T13151]  ? __pfx_netlink_sendmsg+0x10/0x10
[  334.032299][T13151]  ? aa_sock_msg_perm+0x94/0x160
[  334.032324][T13151]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  334.032347][T13151]  ? __pfx_netlink_sendmsg+0x10/0x10
[  334.032376][T13151]  __sock_sendmsg+0x219/0x270
[  334.032402][T13151]  ____sys_sendmsg+0x505/0x830
[  334.032439][T13151]  ? __pfx_____sys_sendmsg+0x10/0x10
[  334.032485][T13151]  ? import_iovec+0x74/0xa0
[  334.032519][T13151]  ___sys_sendmsg+0x21f/0x2a0
[  334.032551][T13151]  ? __pfx____sys_sendmsg+0x10/0x10
[  334.032629][T13151]  ? __fget_files+0x2a/0x420
[  334.032655][T13151]  ? __fget_files+0x3a0/0x420
[  334.032697][T13151]  __x64_sys_sendmsg+0x19b/0x260
[  334.032731][T13151]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  334.032783][T13151]  ? do_syscall_64+0xba/0x210
[  334.032810][T13151]  do_syscall_64+0xf6/0x210
[  334.032834][T13151]  ? clear_bhb_loop+0x45/0xa0
[  334.032862][T13151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.032882][T13151] RIP: 0033:0x7f542238e969
[  334.032903][T13151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.032921][T13151] RSP: 002b:00007f54231ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  334.032944][T13151] RAX: ffffffffffffffda RBX: 00007f54225b5fa0 RCX: 00007f542238e969
[  334.032960][T13151] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  334.032973][T13151] RBP: 00007f5422410ab1 R08: 0000000000000000 R09: 0000000000000000
[  334.032986][T13151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  334.032999][T13151] R13: 0000000000000000 R14: 00007f54225b5fa0 R15: 00007fff056f0418
[  334.033036][T13151]  </TASK>
[  334.059995][T13156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2123'.
[  334.604384][T13156] bridge0: port 3(batadv0) entered disabled state
[  334.646484][T13156] bridge_slave_1: left allmulticast mode
[  334.652564][T13165] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2126'.
[  334.662663][T13156] bridge_slave_1: left promiscuous mode
[  334.684725][T13156] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.696317][T13156] bridge_slave_0: left allmulticast mode
[  334.709400][T13156] bridge_slave_0: left promiscuous mode
[  334.721060][T13156] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.934928][T13170] IPv6: sit2: Disabled Multicast RS
[  334.991491][ T5140] Bluetooth: hci1: command tx timeout
[  335.111958][T13178] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2131'.
[  335.151324][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2131'.
[  335.233748][T13184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2133'.
[  335.254783][T13148] chnl_net:caif_netlink_parms(): no params data found
[  335.268368][T13184] netlink: 'syz.1.2133': attribute type 4 has an invalid length.
[  335.303711][T13189] netlink: 'syz.5.2134': attribute type 1 has an invalid length.
[  335.381234][T13189] 8021q: adding VLAN 0 to HW filter on device bond1
[  335.483248][T13189] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  335.503423][T13194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2135'.
[  335.512889][T13194] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2135'.
[  335.550465][T13187] vlan2: entered allmulticast mode
[  335.556071][T13187] veth1: entered allmulticast mode
[  335.562497][T13187] veth1: entered promiscuous mode
[  335.575649][T13187] veth1: left promiscuous mode
[  335.584410][T13187] bond1: (slave vlan2): making interface the new active one
[  335.596011][T13187] veth1: entered promiscuous mode
[  335.609561][T13187] vlan2: entered promiscuous mode
[  335.620666][T13187] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  335.723176][T13202] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  335.748472][T13202] CPU: 0 UID: 0 PID: 13202 Comm: syz.1.2137 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  335.748507][T13202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.748522][T13202] Call Trace:
[  335.748531][T13202]  <TASK>
[  335.748542][T13202]  dump_stack_lvl+0x189/0x250
[  335.748586][T13202]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.748609][T13202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.748639][T13202]  ? __pfx__printk+0x10/0x10
[  335.748666][T13202]  ? kernfs_path_from_node+0x2b/0x260
[  335.748701][T13202]  ? kernfs_path_from_node+0x216/0x260
[  335.748735][T13202]  sysfs_warn_dup+0x8e/0xa0
[  335.748764][T13202]  sysfs_do_create_link_sd+0xc0/0x110
[  335.748795][T13202]  device_add_class_symlinks+0x1cf/0x240
[  335.748827][T13202]  device_add+0x475/0xb50
[  335.748858][T13202]  wiphy_register+0x199a/0x26b0
[  335.748905][T13202]  ? __pfx_wiphy_register+0x10/0x10
[  335.748931][T13202]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  335.748968][T13202]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  335.749002][T13202]  ieee80211_register_hw+0x334b/0x4060
[  335.749051][T13202]  ? ieee80211_register_hw+0x14d1/0x4060
[  335.749095][T13202]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  335.749131][T13202]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  335.749173][T13202]  ? __hrtimer_setup+0x187/0x210
[  335.749204][T13202]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  335.749233][T13202]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  335.749305][T13202]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  335.749338][T13202]  ? trace_kmalloc+0x1f/0xd0
[  335.749360][T13202]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  335.749388][T13202]  ? kstrndup+0xbf/0x160
[  335.749421][T13202]  hwsim_new_radio_nl+0xea4/0x1b10
[  335.749446][T13202]  ? __pfx___nla_validate_parse+0x10/0x10
[  335.749489][T13202]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  335.749514][T13202]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  335.749546][T13202]  ? __nla_parse+0x40/0x60
[  335.749576][T13202]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  335.749613][T13202]  genl_family_rcv_msg_doit+0x212/0x300
[  335.749643][T13202]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  335.749680][T13202]  ? bpf_lsm_capable+0x9/0x20
[  335.749710][T13202]  ? security_capable+0x7e/0x2e0
[  335.749742][T13202]  genl_rcv_msg+0x60e/0x790
[  335.749771][T13202]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.749790][T13202]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  335.749829][T13202]  netlink_rcv_skb+0x219/0x490
[  335.749858][T13202]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.749879][T13202]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  335.749936][T13202]  ? down_read+0x1ad/0x2e0
[  335.749964][T13202]  genl_rcv+0x28/0x40
[  335.749994][T13202]  netlink_unicast+0x758/0x8d0
[  335.750033][T13202]  netlink_sendmsg+0x805/0xb30
[  335.750072][T13202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.750104][T13202]  ? aa_sock_msg_perm+0x94/0x160
[  335.750130][T13202]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  335.750154][T13202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.750182][T13202]  __sock_sendmsg+0x219/0x270
[  335.750209][T13202]  ____sys_sendmsg+0x505/0x830
[  335.750247][T13202]  ? __pfx_____sys_sendmsg+0x10/0x10
[  335.750293][T13202]  ? import_iovec+0x74/0xa0
[  335.750329][T13202]  ___sys_sendmsg+0x21f/0x2a0
[  335.750362][T13202]  ? __pfx____sys_sendmsg+0x10/0x10
[  335.750439][T13202]  ? __fget_files+0x2a/0x420
[  335.750466][T13202]  ? __fget_files+0x3a0/0x420
[  335.750507][T13202]  __x64_sys_sendmsg+0x19b/0x260
[  335.750539][T13202]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  335.750599][T13202]  ? do_syscall_64+0xba/0x210
[  335.750627][T13202]  do_syscall_64+0xf6/0x210
[  335.750651][T13202]  ? clear_bhb_loop+0x45/0xa0
[  335.750678][T13202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.750698][T13202] RIP: 0033:0x7f459218e969
[  335.750717][T13202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.750735][T13202] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  335.750757][T13202] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  335.750773][T13202] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  335.750787][T13202] RBP: 00007f4592210ab1 R08: 0000000000000000 R09: 0000000000000000
[  335.750801][T13202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  335.750813][T13202] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  335.750850][T13202]  </TASK>
[  336.269138][T13148] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.276614][T13148] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.283992][T13148] bridge_slave_0: entered allmulticast mode
[  336.291856][T13148] bridge_slave_0: entered promiscuous mode
[  336.313771][T13148] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.338114][T13148] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.346923][T13148] bridge_slave_1: entered allmulticast mode
[  336.354971][T13148] bridge_slave_1: entered promiscuous mode
[  336.368321][T13214] gretap1: entered promiscuous mode
[  336.385662][T13214] gretap1: entered allmulticast mode
[  336.483316][T13148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  336.503038][T13228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2145'.
[  336.509320][T13218] netlink: 'syz.1.2142': attribute type 4 has an invalid length.
[  336.521165][T13148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  336.589056][T13148] team0: Port device team_slave_0 added
[  336.599233][T13148] team0: Port device team_slave_1 added
[  336.610989][T13231] netlink: 'syz.4.2146': attribute type 1 has an invalid length.
[  336.647657][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  336.688591][T13236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2146'.
[  336.698493][T13236] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2146'.
[  336.711834][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  336.813033][T13148] batman_adv: batadv0: Adding interface: batadv_slave_0
[  336.821090][T13148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.854400][T13241] netlink: 'syz.0.2150': attribute type 1 has an invalid length.
[  336.867498][T13148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  336.880947][T13243] netlink: 'syz.0.2150': attribute type 1 has an invalid length.
[  336.903711][T13148] batman_adv: batadv0: Adding interface: batadv_slave_1
[  336.917786][T13148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.987661][T13148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  337.073132][   T56] Bluetooth: hci1: command tx timeout
[  337.081879][T13245] netlink: 'syz.5.2148': attribute type 4 has an invalid length.
[  337.131771][T13252] netlink: 'syz.1.2152': attribute type 1 has an invalid length.
[  337.243890][T13250] xt_cgroup: invalid path, errno=-2
[  337.424078][T13252] 8021q: adding VLAN 0 to HW filter on device bond5
[  337.524249][T13257] vlan0: entered allmulticast mode
[  337.529438][T13257] veth1: entered allmulticast mode
[  337.578350][T13257] bond5: (slave vlan0): Opening slave failed
[  337.646086][T13148] hsr_slave_0: entered promiscuous mode
[  337.666758][T13148] hsr_slave_1: entered promiscuous mode
[  337.684340][T13148] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  337.694810][T13148] Cannot create hsr debugfs directory
[  337.827284][T13255] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.017845][T13255] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.102864][T13280] smc: net device bond0 applied user defined pnetid SYZ0
[  338.114381][T13284] smc: net device bond0 erased user defined pnetid SYZ0
[  338.177039][T13255] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.246925][T13260] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  338.336454][T13255] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.561704][T13295] netlink: 'syz.1.2165': attribute type 4 has an invalid length.
[  338.585212][T13255] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  338.609034][T13255] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  338.826697][T13255] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  338.920052][T13255] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  338.991042][T13308] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  339.002509][T13308] CPU: 0 UID: 0 PID: 13308 Comm: syz.5.2170 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  339.002542][T13308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.002557][T13308] Call Trace:
[  339.002566][T13308]  <TASK>
[  339.002575][T13308]  dump_stack_lvl+0x189/0x250
[  339.002614][T13308]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.002636][T13308]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.002667][T13308]  ? __pfx__printk+0x10/0x10
[  339.002693][T13308]  ? kernfs_path_from_node+0x2b/0x260
[  339.002728][T13308]  ? kernfs_path_from_node+0x216/0x260
[  339.002762][T13308]  sysfs_warn_dup+0x8e/0xa0
[  339.002791][T13308]  sysfs_do_create_link_sd+0xc0/0x110
[  339.002823][T13308]  device_add_class_symlinks+0x1cf/0x240
[  339.002854][T13308]  device_add+0x475/0xb50
[  339.002884][T13308]  wiphy_register+0x199a/0x26b0
[  339.002932][T13308]  ? __pfx_wiphy_register+0x10/0x10
[  339.002956][T13308]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  339.002992][T13308]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  339.003027][T13308]  ieee80211_register_hw+0x334b/0x4060
[  339.003075][T13308]  ? ieee80211_register_hw+0x14d1/0x4060
[  339.003129][T13308]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  339.003165][T13308]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  339.003208][T13308]  ? __hrtimer_setup+0x187/0x210
[  339.003238][T13308]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  339.003267][T13308]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  339.003336][T13308]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  339.003370][T13308]  ? trace_kmalloc+0x1f/0xd0
[  339.003393][T13308]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  339.003421][T13308]  ? kstrndup+0xbf/0x160
[  339.003453][T13308]  hwsim_new_radio_nl+0xea4/0x1b10
[  339.003479][T13308]  ? __pfx___nla_validate_parse+0x10/0x10
[  339.003522][T13308]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  339.003547][T13308]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  339.003578][T13308]  ? __nla_parse+0x40/0x60
[  339.003608][T13308]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  339.003638][T13308]  genl_family_rcv_msg_doit+0x212/0x300
[  339.003667][T13308]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  339.003702][T13308]  ? bpf_lsm_capable+0x9/0x20
[  339.003730][T13308]  ? security_capable+0x7e/0x2e0
[  339.003760][T13308]  genl_rcv_msg+0x60e/0x790
[  339.003788][T13308]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.003807][T13308]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  339.003848][T13308]  netlink_rcv_skb+0x219/0x490
[  339.003877][T13308]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.003898][T13308]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  339.003949][T13308]  ? down_read+0x1ad/0x2e0
[  339.003975][T13308]  genl_rcv+0x28/0x40
[  339.004005][T13308]  netlink_unicast+0x758/0x8d0
[  339.004042][T13308]  netlink_sendmsg+0x805/0xb30
[  339.004080][T13308]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.004124][T13308]  ? aa_sock_msg_perm+0x94/0x160
[  339.004151][T13308]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  339.004175][T13308]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.004205][T13308]  __sock_sendmsg+0x219/0x270
[  339.004232][T13308]  ____sys_sendmsg+0x505/0x830
[  339.004269][T13308]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.004308][T13308]  ? import_iovec+0x74/0xa0
[  339.004341][T13308]  ___sys_sendmsg+0x21f/0x2a0
[  339.004374][T13308]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.004447][T13308]  ? __fget_files+0x2a/0x420
[  339.004474][T13308]  ? __fget_files+0x3a0/0x420
[  339.004515][T13308]  __x64_sys_sendmsg+0x19b/0x260
[  339.004548][T13308]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  339.004595][T13308]  ? do_syscall_64+0xba/0x210
[  339.004622][T13308]  do_syscall_64+0xf6/0x210
[  339.004645][T13308]  ? clear_bhb_loop+0x45/0xa0
[  339.004672][T13308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.004691][T13308] RIP: 0033:0x7f542238e969
[  339.004711][T13308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.004728][T13308] RSP: 002b:00007f54231ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.004750][T13308] RAX: ffffffffffffffda RBX: 00007f54225b5fa0 RCX: 00007f542238e969
[  339.004766][T13308] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  339.004780][T13308] RBP: 00007f5422410ab1 R08: 0000000000000000 R09: 0000000000000000
[  339.004792][T13308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.004804][T13308] R13: 0000000000000000 R14: 00007f54225b5fa0 R15: 00007fff056f0418
[  339.004839][T13308]  </TASK>
[  339.445147][   T56] Bluetooth: hci1: command tx timeout
[  339.550020][T13312] netlink: 'syz.1.2172': attribute type 4 has an invalid length.
[  339.649633][T13318] netlink: 'syz.5.2175': attribute type 10 has an invalid length.
[  339.740047][T13321] __nla_validate_parse: 5 callbacks suppressed
[  339.740066][T13321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2174'.
[  339.766966][T13321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2174'.
[  339.779154][T13321] netlink: 'syz.4.2174': attribute type 1 has an invalid length.
[  339.794941][T13321] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2174'.
[  339.809681][T13321] block nbd1: Unsupported socket: shutdown callout must be supported.
[  340.066085][T13148] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  340.118079][T13148] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  340.154132][T13148] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  340.188670][T13148] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  340.222334][T13344] syz_tun: entered allmulticast mode
[  340.291306][T13344] dvmrp1: entered allmulticast mode
[  340.405271][T13343] syz_tun: left allmulticast mode
[  340.459249][T13352] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2185'.
[  340.553428][T13148] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.586394][T13148] 8021q: adding VLAN 0 to HW filter on device team0
[  340.629929][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.637207][ T7781] bridge0: port 1(bridge_slave_0) entered forwarding state
[  340.707033][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.714300][ T7781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  340.745737][T13368] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  340.764995][T13368] CPU: 1 UID: 0 PID: 13368 Comm: syz.0.2191 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  340.765026][T13368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  340.765040][T13368] Call Trace:
[  340.765049][T13368]  <TASK>
[  340.765059][T13368]  dump_stack_lvl+0x189/0x250
[  340.765095][T13368]  ? lockdep_hardirqs_on+0x9c/0x150
[  340.765118][T13368]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.765149][T13368]  ? __pfx__printk+0x10/0x10
[  340.765175][T13368]  ? kernfs_path_from_node+0x2b/0x260
[  340.765208][T13368]  ? kernfs_path_from_node+0x216/0x260
[  340.765241][T13368]  sysfs_warn_dup+0x8e/0xa0
[  340.765271][T13368]  sysfs_do_create_link_sd+0xc0/0x110
[  340.765303][T13368]  device_add_class_symlinks+0x1cf/0x240
[  340.765335][T13368]  device_add+0x475/0xb50
[  340.765367][T13368]  wiphy_register+0x199a/0x26b0
[  340.765414][T13368]  ? __pfx_wiphy_register+0x10/0x10
[  340.765441][T13368]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  340.765478][T13368]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  340.765512][T13368]  ieee80211_register_hw+0x334b/0x4060
[  340.765560][T13368]  ? ieee80211_register_hw+0x14d1/0x4060
[  340.765604][T13368]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  340.765641][T13368]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  340.765682][T13368]  ? __hrtimer_setup+0x187/0x210
[  340.765712][T13368]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  340.765740][T13368]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  340.765811][T13368]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  340.765843][T13368]  ? trace_kmalloc+0x1f/0xd0
[  340.765866][T13368]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  340.765904][T13368]  ? kstrndup+0xbf/0x160
[  340.765940][T13368]  hwsim_new_radio_nl+0xea4/0x1b10
[  340.765965][T13368]  ? __pfx___nla_validate_parse+0x10/0x10
[  340.766010][T13368]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  340.766051][T13368]  ? __nla_parse+0x40/0x60
[  340.766083][T13368]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  340.766116][T13368]  genl_family_rcv_msg_doit+0x212/0x300
[  340.766146][T13368]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  340.766183][T13368]  ? bpf_lsm_capable+0x9/0x20
[  340.766211][T13368]  ? security_capable+0x7e/0x2e0
[  340.766242][T13368]  genl_rcv_msg+0x60e/0x790
[  340.766271][T13368]  ? __pfx_genl_rcv_msg+0x10/0x10
[  340.766290][T13368]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  340.766329][T13368]  netlink_rcv_skb+0x219/0x490
[  340.766357][T13368]  ? __pfx_genl_rcv_msg+0x10/0x10
[  340.766379][T13368]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  340.766436][T13368]  ? down_read+0x1ad/0x2e0
[  340.766462][T13368]  genl_rcv+0x28/0x40
[  340.766492][T13368]  netlink_unicast+0x758/0x8d0
[  340.766530][T13368]  netlink_sendmsg+0x805/0xb30
[  340.766570][T13368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.766602][T13368]  ? aa_sock_msg_perm+0x94/0x160
[  340.766628][T13368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  340.766651][T13368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.766679][T13368]  __sock_sendmsg+0x219/0x270
[  340.766706][T13368]  ____sys_sendmsg+0x505/0x830
[  340.766743][T13368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  340.766784][T13368]  ? import_iovec+0x74/0xa0
[  340.766818][T13368]  ___sys_sendmsg+0x21f/0x2a0
[  340.766851][T13368]  ? __pfx____sys_sendmsg+0x10/0x10
[  340.766936][T13368]  ? __fget_files+0x2a/0x420
[  340.766962][T13368]  ? __fget_files+0x3a0/0x420
[  340.767004][T13368]  __x64_sys_sendmsg+0x19b/0x260
[  340.767039][T13368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  340.767084][T13368]  ? rcu_is_watching+0x15/0xb0
[  340.767128][T13368]  do_syscall_64+0xf6/0x210
[  340.767153][T13368]  ? clear_bhb_loop+0x45/0xa0
[  340.767180][T13368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.767199][T13368] RIP: 0033:0x7f260b98e969
[  340.767219][T13368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.767237][T13368] RSP: 002b:00007f260c770038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  340.767259][T13368] RAX: ffffffffffffffda RBX: 00007f260bbb5fa0 RCX: 00007f260b98e969
[  340.767275][T13368] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  340.767289][T13368] RBP: 00007f260ba10ab1 R08: 0000000000000000 R09: 0000000000000000
[  340.767302][T13368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  340.767315][T13368] R13: 0000000000000000 R14: 00007f260bbb5fa0 R15: 00007fff3a95f5f8
[  340.767351][T13368]  </TASK>
[  341.247781][T13369] netlink: 'syz.5.2190': attribute type 4 has an invalid length.
[  341.280160][T13369] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2190'.
[  341.369609][T13380] netlink: 'syz.4.2194': attribute type 4 has an invalid length.
[  341.471915][   T56] Bluetooth: hci1: command tx timeout
[  341.588253][T13390] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2195'.
[  341.745841][T13387] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2195'.
[  341.846095][T13148] 8021q: adding VLAN 0 to HW filter on device batadv0
[  341.976341][T13148] veth0_vlan: entered promiscuous mode
[  342.027527][T13148] veth1_vlan: entered promiscuous mode
[  342.035328][T13408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2200'.
[  342.163028][T13148] veth0_macvtap: entered promiscuous mode
[  342.219471][T13148] veth1_macvtap: entered promiscuous mode
[  342.323436][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.361990][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.397519][T13148] batman_adv: batadv0: Interface activated: batadv_slave_0
[  342.419485][T13420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2203'.
[  342.432394][T13148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.444226][T13148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.496620][T13148] batman_adv: batadv0: Interface activated: batadv_slave_1
[  342.549993][T13148] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  342.578475][T13148] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  342.604102][T13148] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  342.618661][T13148] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  342.661905][T13422] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  342.669944][T13422] CPU: 0 UID: 0 PID: 13422 Comm: syz.1.2204 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  342.669974][T13422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.669989][T13422] Call Trace:
[  342.669997][T13422]  <TASK>
[  342.670008][T13422]  dump_stack_lvl+0x189/0x250
[  342.670044][T13422]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.670067][T13422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.670098][T13422]  ? __pfx__printk+0x10/0x10
[  342.670124][T13422]  ? kernfs_path_from_node+0x2b/0x260
[  342.670158][T13422]  ? kernfs_path_from_node+0x216/0x260
[  342.670192][T13422]  sysfs_warn_dup+0x8e/0xa0
[  342.670220][T13422]  sysfs_do_create_link_sd+0xc0/0x110
[  342.670252][T13422]  device_add_class_symlinks+0x1cf/0x240
[  342.670284][T13422]  device_add+0x475/0xb50
[  342.670314][T13422]  wiphy_register+0x199a/0x26b0
[  342.670362][T13422]  ? __pfx_wiphy_register+0x10/0x10
[  342.670387][T13422]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  342.670424][T13422]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  342.670459][T13422]  ieee80211_register_hw+0x334b/0x4060
[  342.670510][T13422]  ? ieee80211_register_hw+0x14d1/0x4060
[  342.670555][T13422]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  342.670592][T13422]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  342.670634][T13422]  ? __hrtimer_setup+0x187/0x210
[  342.670663][T13422]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  342.670700][T13422]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  342.670773][T13422]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  342.670805][T13422]  ? trace_kmalloc+0x1f/0xd0
[  342.670828][T13422]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  342.670855][T13422]  ? kstrndup+0xbf/0x160
[  342.670890][T13422]  hwsim_new_radio_nl+0xea4/0x1b10
[  342.670914][T13422]  ? __pfx___nla_validate_parse+0x10/0x10
[  342.670959][T13422]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  342.670995][T13422]  ? __nla_parse+0x40/0x60
[  342.671024][T13422]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  342.671056][T13422]  genl_family_rcv_msg_doit+0x212/0x300
[  342.671085][T13422]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  342.671122][T13422]  ? bpf_lsm_capable+0x9/0x20
[  342.671150][T13422]  ? security_capable+0x7e/0x2e0
[  342.671180][T13422]  genl_rcv_msg+0x60e/0x790
[  342.671209][T13422]  ? __pfx_genl_rcv_msg+0x10/0x10
[  342.671237][T13422]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  342.671277][T13422]  netlink_rcv_skb+0x219/0x490
[  342.671306][T13422]  ? __pfx_genl_rcv_msg+0x10/0x10
[  342.671328][T13422]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  342.671390][T13422]  ? down_read+0x1ad/0x2e0
[  342.671416][T13422]  genl_rcv+0x28/0x40
[  342.671444][T13422]  netlink_unicast+0x758/0x8d0
[  342.671483][T13422]  netlink_sendmsg+0x805/0xb30
[  342.671523][T13422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.671555][T13422]  ? aa_sock_msg_perm+0x94/0x160
[  342.671580][T13422]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  342.671602][T13422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.671630][T13422]  __sock_sendmsg+0x219/0x270
[  342.671657][T13422]  ____sys_sendmsg+0x505/0x830
[  342.671704][T13422]  ? __pfx_____sys_sendmsg+0x10/0x10
[  342.671746][T13422]  ? import_iovec+0x74/0xa0
[  342.671781][T13422]  ___sys_sendmsg+0x21f/0x2a0
[  342.671814][T13422]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.671891][T13422]  ? __fget_files+0x2a/0x420
[  342.671917][T13422]  ? __fget_files+0x3a0/0x420
[  342.671958][T13422]  __x64_sys_sendmsg+0x19b/0x260
[  342.671991][T13422]  ? __might_fault+0xb0/0x130
[  342.672021][T13422]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.672066][T13422]  ? rcu_is_watching+0x15/0xb0
[  342.672109][T13422]  do_syscall_64+0xf6/0x210
[  342.672145][T13422]  ? clear_bhb_loop+0x45/0xa0
[  342.672188][T13422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.672208][T13422] RIP: 0033:0x7f459218e969
[  342.672227][T13422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.672245][T13422] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.672266][T13422] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  342.672282][T13422] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  342.672296][T13422] RBP: 00007f4592210ab1 R08: 0000000000000000 R09: 0000000000000000
[  342.672310][T13422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  342.672322][T13422] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  342.672357][T13422]  </TASK>
[  343.337069][ T3442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.345450][ T3442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.366504][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.396369][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.499145][T13434] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2207'.
[  344.067671][T13458] netlink: 'syz.5.2215': attribute type 1 has an invalid length.
[  344.099991][T13458] macvtap1: entered promiscuous mode
[  344.110289][T13458] vlan0: entered promiscuous mode
[  344.134002][T13458] macvtap1: entered allmulticast mode
[  344.139454][T13458] vlan0: entered allmulticast mode
[  344.152637][T13458] veth0_vlan: entered allmulticast mode
[  344.168000][T13458] vlan0: left allmulticast mode
[  344.175643][T13458] veth0_vlan: left allmulticast mode
[  344.188171][T13458] vlan0: left promiscuous mode
[  344.289715][T13464] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  344.344610][T13464] CPU: 1 UID: 0 PID: 13464 Comm: syz.1.2217 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  344.344645][T13464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  344.344661][T13464] Call Trace:
[  344.344670][T13464]  <TASK>
[  344.344681][T13464]  dump_stack_lvl+0x189/0x250
[  344.344720][T13464]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.344744][T13464]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.344776][T13464]  ? __pfx__printk+0x10/0x10
[  344.344803][T13464]  ? kernfs_path_from_node+0x2b/0x260
[  344.344844][T13464]  ? kernfs_path_from_node+0x216/0x260
[  344.344878][T13464]  sysfs_warn_dup+0x8e/0xa0
[  344.344908][T13464]  sysfs_do_create_link_sd+0xc0/0x110
[  344.344941][T13464]  device_add_class_symlinks+0x1cf/0x240
[  344.344973][T13464]  device_add+0x475/0xb50
[  344.345004][T13464]  wiphy_register+0x199a/0x26b0
[  344.345052][T13464]  ? __pfx_wiphy_register+0x10/0x10
[  344.345077][T13464]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  344.345114][T13464]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  344.345150][T13464]  ieee80211_register_hw+0x334b/0x4060
[  344.345199][T13464]  ? ieee80211_register_hw+0x14d1/0x4060
[  344.345244][T13464]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  344.345282][T13464]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  344.345324][T13464]  ? __hrtimer_setup+0x187/0x210
[  344.345355][T13464]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  344.345383][T13464]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  344.345454][T13464]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  344.345488][T13464]  ? trace_kmalloc+0x1f/0xd0
[  344.345511][T13464]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  344.345538][T13464]  ? kstrndup+0xbf/0x160
[  344.345571][T13464]  hwsim_new_radio_nl+0xea4/0x1b10
[  344.345597][T13464]  ? __pfx___nla_validate_parse+0x10/0x10
[  344.345642][T13464]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  344.345667][T13464]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  344.345699][T13464]  ? __nla_parse+0x40/0x60
[  344.345730][T13464]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  344.345762][T13464]  genl_family_rcv_msg_doit+0x212/0x300
[  344.345792][T13464]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  344.345837][T13464]  ? bpf_lsm_capable+0x9/0x20
[  344.345865][T13464]  ? security_capable+0x7e/0x2e0
[  344.345897][T13464]  genl_rcv_msg+0x60e/0x790
[  344.345927][T13464]  ? __pfx_genl_rcv_msg+0x10/0x10
[  344.345946][T13464]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  344.345985][T13464]  netlink_rcv_skb+0x219/0x490
[  344.346014][T13464]  ? __pfx_genl_rcv_msg+0x10/0x10
[  344.346036][T13464]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  344.346094][T13464]  ? down_read+0x1ad/0x2e0
[  344.346122][T13464]  genl_rcv+0x28/0x40
[  344.346151][T13464]  netlink_unicast+0x758/0x8d0
[  344.346190][T13464]  netlink_sendmsg+0x805/0xb30
[  344.346231][T13464]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.346263][T13464]  ? aa_sock_msg_perm+0x94/0x160
[  344.346289][T13464]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  344.346312][T13464]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.346341][T13464]  __sock_sendmsg+0x219/0x270
[  344.346368][T13464]  ____sys_sendmsg+0x505/0x830
[  344.346407][T13464]  ? __pfx_____sys_sendmsg+0x10/0x10
[  344.346450][T13464]  ? import_iovec+0x74/0xa0
[  344.346484][T13464]  ___sys_sendmsg+0x21f/0x2a0
[  344.346517][T13464]  ? __pfx____sys_sendmsg+0x10/0x10
[  344.346596][T13464]  ? __fget_files+0x2a/0x420
[  344.346623][T13464]  ? __fget_files+0x3a0/0x420
[  344.346664][T13464]  __x64_sys_sendmsg+0x19b/0x260
[  344.346698][T13464]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  344.346750][T13464]  ? do_syscall_64+0xba/0x210
[  344.346779][T13464]  do_syscall_64+0xf6/0x210
[  344.346803][T13464]  ? clear_bhb_loop+0x45/0xa0
[  344.346839][T13464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.346860][T13464] RIP: 0033:0x7f459218e969
[  344.346879][T13464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.346897][T13464] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.346922][T13464] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  344.346937][T13464] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  344.346951][T13464] RBP: 00007f4592210ab1 R08: 0000000000000000 R09: 0000000000000000
[  344.346964][T13464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  344.346977][T13464] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  344.347013][T13464]  </TASK>
[  344.955766][ T7781] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.388321][ T7781] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.466310][ T7781] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.545624][ T7781] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.637133][ T7781] bridge_slave_1: left allmulticast mode
[  345.642885][ T7781] bridge_slave_1: left promiscuous mode
[  345.648606][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.658756][ T7781] bridge_slave_0: left allmulticast mode
[  345.664775][ T7781] bridge_slave_0: left promiscuous mode
[  345.670486][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.026240][ T7781] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  346.038552][ T7781] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  346.049271][ T7781] bond0 (unregistering): Released all slaves
[  346.366343][T13470] __nla_validate_parse: 4 callbacks suppressed
[  346.366363][T13470] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2218'.
[  346.434401][ T7781] hsr_slave_0: left promiscuous mode
[  346.456196][T13478] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2218'.
[  346.479409][ T7781] hsr_slave_1: left promiscuous mode
[  346.487433][T13479] FAULT_INJECTION: forcing a failure.
[  346.487433][T13479] name failslab, interval 1, probability 0, space 0, times 0
[  346.490238][ T7781] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  346.517170][ T7781] batman_adv: batadv0: Removing interface: batadv_slave_0
[  346.530743][T13479] CPU: 0 UID: 0 PID: 13479 Comm: syz.1.2222 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  346.530777][T13479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  346.530790][T13479] Call Trace:
[  346.530798][T13479]  <TASK>
[  346.530807][T13479]  dump_stack_lvl+0x189/0x250
[  346.530845][T13479]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.530874][T13479]  ? __pfx__printk+0x10/0x10
[  346.530900][T13479]  ? __pfx___might_resched+0x10/0x10
[  346.530919][T13479]  ? fs_reclaim_acquire+0x7d/0x100
[  346.530953][T13479]  should_fail_ex+0x414/0x560
[  346.530979][T13479]  should_failslab+0xa8/0x100
[  346.531007][T13479]  __kmalloc_noprof+0xcb/0x4f0
[  346.531032][T13479]  ? bpf_ctx_init+0xbd/0x1d0
[  346.531060][T13479]  bpf_ctx_init+0xbd/0x1d0
[  346.531086][T13479]  bpf_prog_test_run_xdp+0x2bb/0xf90
[  346.531129][T13479]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  346.531159][T13479]  ? __fget_files+0x2a/0x420
[  346.531191][T13479]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  346.531217][T13479]  bpf_prog_test_run+0x2a9/0x340
[  346.531247][T13479]  __sys_bpf+0x4a4/0x860
[  346.531274][T13479]  ? __pfx___sys_bpf+0x10/0x10
[  346.531313][T13479]  ? ksys_write+0x1f0/0x250
[  346.531333][T13479]  ? rcu_is_watching+0x15/0xb0
[  346.531375][T13479]  __x64_sys_bpf+0x7c/0x90
[  346.531397][T13479]  do_syscall_64+0xf6/0x210
[  346.531420][T13479]  ? clear_bhb_loop+0x45/0xa0
[  346.531444][T13479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.531462][T13479] RIP: 0033:0x7f459218e969
[  346.531480][T13479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.531497][T13479] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  346.531517][T13479] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  346.531531][T13479] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 000000000000000a
[  346.531544][T13479] RBP: 00007f4592f17090 R08: 0000000000000000 R09: 0000000000000000
[  346.531557][T13479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.531568][T13479] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  346.531601][T13479]  </TASK>
[  346.758420][ T7781] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  346.766291][ T7781] batman_adv: batadv0: Removing interface: batadv_slave_1
[  346.847512][ T7781] veth1_macvtap: left promiscuous mode
[  346.869682][ T7781] veth0_macvtap: left promiscuous mode
[  346.884069][ T7781] veth1_vlan: left promiscuous mode
[  346.899765][ T7781] veth0_vlan: left promiscuous mode
[  347.024517][ T5140] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  347.039986][ T5140] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  347.049344][ T5140] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  347.058769][ T5140] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  347.070487][ T5140] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  347.215834][T13496] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2224'.
[  347.228054][T13497] netlink: 'syz.4.2225': attribute type 4 has an invalid length.
[  347.619843][ T7781] team0 (unregistering): Port device team_slave_1 removed
[  347.669436][ T7781] team0 (unregistering): Port device team_slave_0 removed
[  348.091281][T13487] dvmrp1: left allmulticast mode
[  348.155549][T13486] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2225'.
[  348.356956][T13502] syzkaller1: entered promiscuous mode
[  348.368913][T13506] xt_ecn: cannot match TCP bits for non-tcp packets
[  348.375975][T13502] syzkaller1: entered allmulticast mode
[  348.907740][T13518] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  348.931617][T13518] CPU: 0 UID: 0 PID: 13518 Comm: syz.0.2232 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  348.931651][T13518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  348.931664][T13518] Call Trace:
[  348.931674][T13518]  <TASK>
[  348.931684][T13518]  dump_stack_lvl+0x189/0x250
[  348.931720][T13518]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.931742][T13518]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.931771][T13518]  ? __pfx__printk+0x10/0x10
[  348.931796][T13518]  ? kernfs_path_from_node+0x2b/0x260
[  348.931828][T13518]  ? kernfs_path_from_node+0x216/0x260
[  348.931860][T13518]  sysfs_warn_dup+0x8e/0xa0
[  348.931886][T13518]  sysfs_do_create_link_sd+0xc0/0x110
[  348.931935][T13518]  device_add_class_symlinks+0x1cf/0x240
[  348.931966][T13518]  device_add+0x475/0xb50
[  348.932009][T13518]  wiphy_register+0x199a/0x26b0
[  348.932055][T13518]  ? __pfx_wiphy_register+0x10/0x10
[  348.932079][T13518]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  348.932115][T13518]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  348.932148][T13518]  ieee80211_register_hw+0x334b/0x4060
[  348.932205][T13518]  ? ieee80211_register_hw+0x14d1/0x4060
[  348.932248][T13518]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  348.932284][T13518]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  348.932324][T13518]  ? __hrtimer_setup+0x187/0x210
[  348.932353][T13518]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  348.932381][T13518]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  348.932450][T13518]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  348.932481][T13518]  ? trace_kmalloc+0x1f/0xd0
[  348.932503][T13518]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  348.932529][T13518]  ? kstrndup+0xbf/0x160
[  348.932560][T13518]  hwsim_new_radio_nl+0xea4/0x1b10
[  348.932584][T13518]  ? __pfx___nla_validate_parse+0x10/0x10
[  348.932626][T13518]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  348.932666][T13518]  ? __nla_parse+0x40/0x60
[  348.932696][T13518]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  348.932727][T13518]  genl_family_rcv_msg_doit+0x212/0x300
[  348.932755][T13518]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  348.932792][T13518]  ? bpf_lsm_capable+0x9/0x20
[  348.932819][T13518]  ? security_capable+0x7e/0x2e0
[  348.932849][T13518]  genl_rcv_msg+0x60e/0x790
[  348.932877][T13518]  ? __pfx_genl_rcv_msg+0x10/0x10
[  348.932895][T13518]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  348.932933][T13518]  netlink_rcv_skb+0x219/0x490
[  348.932961][T13518]  ? __pfx_genl_rcv_msg+0x10/0x10
[  348.932982][T13518]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  348.933037][T13518]  ? down_read+0x1ad/0x2e0
[  348.933063][T13518]  genl_rcv+0x28/0x40
[  348.933092][T13518]  netlink_unicast+0x758/0x8d0
[  348.933129][T13518]  netlink_sendmsg+0x805/0xb30
[  348.933173][T13518]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.933203][T13518]  ? aa_sock_msg_perm+0x94/0x160
[  348.933228][T13518]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  348.933251][T13518]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.933278][T13518]  __sock_sendmsg+0x219/0x270
[  348.933303][T13518]  ____sys_sendmsg+0x505/0x830
[  348.933338][T13518]  ? __pfx_____sys_sendmsg+0x10/0x10
[  348.933379][T13518]  ? import_iovec+0x74/0xa0
[  348.933431][T13518]  ___sys_sendmsg+0x21f/0x2a0
[  348.933464][T13518]  ? __pfx____sys_sendmsg+0x10/0x10
[  348.933541][T13518]  ? __fget_files+0x2a/0x420
[  348.933567][T13518]  ? __fget_files+0x3a0/0x420
[  348.933608][T13518]  __x64_sys_sendmsg+0x19b/0x260
[  348.933642][T13518]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  348.933693][T13518]  ? do_syscall_64+0xba/0x210
[  348.933721][T13518]  do_syscall_64+0xf6/0x210
[  348.933745][T13518]  ? clear_bhb_loop+0x45/0xa0
[  348.933772][T13518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.933793][T13518] RIP: 0033:0x7f260b98e969
[  348.933812][T13518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.933830][T13518] RSP: 002b:00007f260c770038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.933852][T13518] RAX: ffffffffffffffda RBX: 00007f260bbb5fa0 RCX: 00007f260b98e969
[  348.933868][T13518] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  348.933882][T13518] RBP: 00007f260ba10ab1 R08: 0000000000000000 R09: 0000000000000000
[  348.933895][T13518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  348.933908][T13518] R13: 0000000000000000 R14: 00007f260bbb5fa0 R15: 00007fff3a95f5f8
[  348.933945][T13518]  </TASK>
[  349.391193][   T56] Bluetooth: hci1: command tx timeout
[  349.478500][T13516] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  349.502141][T13516] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  349.582618][ T1132] vlan2: left promiscuous mode
[  349.753139][T13488] chnl_net:caif_netlink_parms(): no params data found
[  349.821061][T13531] FAULT_INJECTION: forcing a failure.
[  349.821061][T13531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.834305][T13531] CPU: 0 UID: 0 PID: 13531 Comm: syz.0.2235 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  349.834333][T13531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  349.834346][T13531] Call Trace:
[  349.834354][T13531]  <TASK>
[  349.834364][T13531]  dump_stack_lvl+0x189/0x250
[  349.834404][T13531]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.834434][T13531]  ? __pfx__printk+0x10/0x10
[  349.834467][T13531]  should_fail_ex+0x414/0x560
[  349.834494][T13531]  _copy_to_user+0x31/0xb0
[  349.834525][T13531]  simple_read_from_buffer+0xe1/0x170
[  349.834556][T13531]  proc_fail_nth_read+0x1df/0x250
[  349.834588][T13531]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.834620][T13531]  ? rw_verify_area+0x258/0x650
[  349.834643][T13531]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.834674][T13531]  vfs_read+0x1fd/0x980
[  349.834704][T13531]  ? __pfx___mutex_lock+0x10/0x10
[  349.834727][T13531]  ? __pfx_vfs_read+0x10/0x10
[  349.834752][T13531]  ? __fget_files+0x2a/0x420
[  349.834784][T13531]  ? __fget_files+0x3a0/0x420
[  349.834809][T13531]  ? __fget_files+0x2a/0x420
[  349.834845][T13531]  ksys_read+0x145/0x250
[  349.834867][T13531]  ? rcu_is_watching+0x15/0xb0
[  349.834901][T13531]  ? __pfx_ksys_read+0x10/0x10
[  349.834928][T13531]  ? do_syscall_64+0xba/0x210
[  349.834955][T13531]  do_syscall_64+0xf6/0x210
[  349.834978][T13531]  ? clear_bhb_loop+0x45/0xa0
[  349.835004][T13531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.835024][T13531] RIP: 0033:0x7f260b98d37c
[  349.835042][T13531] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  349.835059][T13531] RSP: 002b:00007f260c770030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  349.835081][T13531] RAX: ffffffffffffffda RBX: 00007f260bbb5fa0 RCX: 00007f260b98d37c
[  349.835096][T13531] RDX: 000000000000000f RSI: 00007f260c7700a0 RDI: 0000000000000004
[  349.835109][T13531] RBP: 00007f260c770090 R08: 0000000000000000 R09: 0000000000000000
[  349.835121][T13531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.835134][T13531] R13: 0000000000000000 R14: 00007f260bbb5fa0 R15: 00007fff3a95f5f8
[  349.835176][T13531]  </TASK>
[  350.210091][T13537] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2237'.
[  350.231493][T13488] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.240871][T13488] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.248197][T13488] bridge_slave_0: entered allmulticast mode
[  350.267835][T13488] bridge_slave_0: entered promiscuous mode
[  350.278741][T13535] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2236'.
[  350.292919][T13535] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2236'.
[  350.328874][T13488] bridge0: port 2(bridge_slave_1) entered blocking state
[  350.336303][T13488] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.344247][T13488] bridge_slave_1: entered allmulticast mode
[  350.352372][T13488] bridge_slave_1: entered promiscuous mode
[  350.417764][T13535] ipvlan3: entered promiscuous mode
[  350.459449][T13535] bridge0: port 1(ipvlan3) entered blocking state
[  350.481664][T13535] bridge0: port 1(ipvlan3) entered disabled state
[  350.493123][T13535] ipvlan3: entered allmulticast mode
[  350.502750][T13547] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2240'.
[  350.519077][T13535] bridge0: entered allmulticast mode
[  350.528152][T13535] ipvlan3: left allmulticast mode
[  350.547326][T13535] bridge0: left allmulticast mode
[  350.616801][T13550] netlink: 'syz.1.2241': attribute type 4 has an invalid length.
[  350.616818][T13553] netlink: 'syz.5.2240': attribute type 4 has an invalid length.
[  350.728877][T13488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  350.775631][T13488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  350.945625][T13488] team0: Port device team_slave_0 added
[  350.995490][T13488] team0: Port device team_slave_1 added
[  351.068175][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2246'.
[  351.077932][T13567] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  351.093480][T13567] CPU: 1 UID: 0 PID: 13567 Comm: syz.4.2245 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  351.093535][T13567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.093561][T13567] Call Trace:
[  351.093577][T13567]  <TASK>
[  351.093596][T13567]  dump_stack_lvl+0x189/0x250
[  351.093661][T13567]  ? lockdep_hardirqs_on+0x9c/0x150
[  351.093686][T13567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.093718][T13567]  ? __pfx__printk+0x10/0x10
[  351.093745][T13567]  ? kernfs_path_from_node+0x2b/0x260
[  351.093779][T13567]  ? kernfs_path_from_node+0x216/0x260
[  351.093813][T13567]  sysfs_warn_dup+0x8e/0xa0
[  351.093842][T13567]  sysfs_do_create_link_sd+0xc0/0x110
[  351.093874][T13567]  device_add_class_symlinks+0x1cf/0x240
[  351.093906][T13567]  device_add+0x475/0xb50
[  351.093938][T13567]  wiphy_register+0x199a/0x26b0
[  351.093987][T13567]  ? __pfx_wiphy_register+0x10/0x10
[  351.094012][T13567]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  351.094048][T13567]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  351.094084][T13567]  ieee80211_register_hw+0x334b/0x4060
[  351.094134][T13567]  ? ieee80211_register_hw+0x14d1/0x4060
[  351.094180][T13567]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  351.094228][T13567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  351.094271][T13567]  ? __hrtimer_setup+0x187/0x210
[  351.094301][T13567]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  351.094330][T13567]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  351.094403][T13567]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  351.094436][T13567]  ? trace_kmalloc+0x1f/0xd0
[  351.094460][T13567]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  351.094492][T13567]  ? kstrndup+0xbf/0x160
[  351.094526][T13567]  hwsim_new_radio_nl+0xea4/0x1b10
[  351.094551][T13567]  ? __pfx___nla_validate_parse+0x10/0x10
[  351.094597][T13567]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  351.094635][T13567]  ? __nla_parse+0x40/0x60
[  351.094666][T13567]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  351.094699][T13567]  genl_family_rcv_msg_doit+0x212/0x300
[  351.094729][T13567]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  351.094768][T13567]  ? bpf_lsm_capable+0x9/0x20
[  351.094797][T13567]  ? security_capable+0x7e/0x2e0
[  351.094830][T13567]  genl_rcv_msg+0x60e/0x790
[  351.094859][T13567]  ? __pfx_genl_rcv_msg+0x10/0x10
[  351.094878][T13567]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  351.094917][T13567]  netlink_rcv_skb+0x219/0x490
[  351.094946][T13567]  ? __pfx_genl_rcv_msg+0x10/0x10
[  351.094969][T13567]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  351.095026][T13567]  ? down_read+0x1ad/0x2e0
[  351.095054][T13567]  genl_rcv+0x28/0x40
[  351.095085][T13567]  netlink_unicast+0x758/0x8d0
[  351.095124][T13567]  netlink_sendmsg+0x805/0xb30
[  351.095164][T13567]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.095197][T13567]  ? aa_sock_msg_perm+0x94/0x160
[  351.095232][T13567]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  351.095256][T13567]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.095295][T13567]  __sock_sendmsg+0x219/0x270
[  351.095322][T13567]  ____sys_sendmsg+0x505/0x830
[  351.095359][T13567]  ? __pfx_____sys_sendmsg+0x10/0x10
[  351.095400][T13567]  ? import_iovec+0x74/0xa0
[  351.095433][T13567]  ___sys_sendmsg+0x21f/0x2a0
[  351.095465][T13567]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.095540][T13567]  ? __fget_files+0x2a/0x420
[  351.095567][T13567]  ? __fget_files+0x3a0/0x420
[  351.095607][T13567]  __x64_sys_sendmsg+0x19b/0x260
[  351.095640][T13567]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.095691][T13567]  ? do_syscall_64+0xba/0x210
[  351.095719][T13567]  do_syscall_64+0xf6/0x210
[  351.095742][T13567]  ? clear_bhb_loop+0x45/0xa0
[  351.095769][T13567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.095789][T13567] RIP: 0033:0x7fbc04f8e969
[  351.095808][T13567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.095825][T13567] RSP: 002b:00007fbc05d4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.095847][T13567] RAX: ffffffffffffffda RBX: 00007fbc051b5fa0 RCX: 00007fbc04f8e969
[  351.095862][T13567] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  351.095874][T13567] RBP: 00007fbc05010ab1 R08: 0000000000000000 R09: 0000000000000000
[  351.095887][T13567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  351.095898][T13567] R13: 0000000000000000 R14: 00007fbc051b5fa0 R15: 00007ffe94c9abf8
[  351.095933][T13567]  </TASK>
[  351.526691][   T56] Bluetooth: hci1: command tx timeout
[  351.577807][T13488] batman_adv: batadv0: Adding interface: batadv_slave_0
[  351.599071][T13563] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2243'.
[  351.632370][T13488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.676391][T13563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2243'.
[  351.687385][T13563] netlink: 'syz.1.2243': attribute type 18 has an invalid length.
[  351.709363][T13488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.794960][T13488] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.802578][T13488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.836599][T13488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  351.854822][T13578] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2248'.
[  351.912270][T13576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2248'.
[  351.936543][T13576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2248'.
[  351.961109][T13577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2248'.
[  351.970355][T13577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2248'.
[  352.010663][T13576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2248'.
[  352.032831][T13488] hsr_slave_0: entered promiscuous mode
[  352.036027][T13582] ipt_ECN: cannot use operation on non-tcp rule
[  352.039714][T13488] hsr_slave_1: entered promiscuous mode
[  352.055965][T13488] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  352.063737][T13488] Cannot create hsr debugfs directory
[  352.179141][T13584] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2251'.
[  352.343694][T13590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2252'.
[  352.676414][T13604] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  352.706196][T13604] CPU: 1 UID: 0 PID: 13604 Comm: syz.4.2258 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  352.706229][T13604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  352.706243][T13604] Call Trace:
[  352.706252][T13604]  <TASK>
[  352.706261][T13604]  dump_stack_lvl+0x189/0x250
[  352.706297][T13604]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.706319][T13604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.706348][T13604]  ? __pfx__printk+0x10/0x10
[  352.706374][T13604]  ? kernfs_path_from_node+0x2b/0x260
[  352.706407][T13604]  ? kernfs_path_from_node+0x216/0x260
[  352.706439][T13604]  sysfs_warn_dup+0x8e/0xa0
[  352.706467][T13604]  sysfs_do_create_link_sd+0xc0/0x110
[  352.706497][T13604]  device_add_class_symlinks+0x1cf/0x240
[  352.706527][T13604]  device_add+0x475/0xb50
[  352.706556][T13604]  wiphy_register+0x199a/0x26b0
[  352.706602][T13604]  ? __pfx_wiphy_register+0x10/0x10
[  352.706625][T13604]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  352.706660][T13604]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  352.706694][T13604]  ieee80211_register_hw+0x334b/0x4060
[  352.706741][T13604]  ? ieee80211_register_hw+0x14d1/0x4060
[  352.706784][T13604]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  352.706820][T13604]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  352.706861][T13604]  ? __hrtimer_setup+0x187/0x210
[  352.706890][T13604]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  352.706918][T13604]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  352.706999][T13604]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  352.707029][T13604]  ? trace_kmalloc+0x1f/0xd0
[  352.707051][T13604]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  352.707078][T13604]  ? kstrndup+0xbf/0x160
[  352.707111][T13604]  hwsim_new_radio_nl+0xea4/0x1b10
[  352.707135][T13604]  ? __pfx___nla_validate_parse+0x10/0x10
[  352.707178][T13604]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  352.707224][T13604]  ? __nla_parse+0x40/0x60
[  352.707252][T13604]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  352.707283][T13604]  genl_family_rcv_msg_doit+0x212/0x300
[  352.707312][T13604]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  352.707347][T13604]  ? bpf_lsm_capable+0x9/0x20
[  352.707374][T13604]  ? security_capable+0x7e/0x2e0
[  352.707403][T13604]  genl_rcv_msg+0x60e/0x790
[  352.707430][T13604]  ? __pfx_genl_rcv_msg+0x10/0x10
[  352.707448][T13604]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  352.707503][T13604]  netlink_rcv_skb+0x219/0x490
[  352.707530][T13604]  ? __pfx_genl_rcv_msg+0x10/0x10
[  352.707551][T13604]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  352.707606][T13604]  ? down_read+0x1ad/0x2e0
[  352.707632][T13604]  genl_rcv+0x28/0x40
[  352.707660][T13604]  netlink_unicast+0x758/0x8d0
[  352.707705][T13604]  netlink_sendmsg+0x805/0xb30
[  352.707744][T13604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  352.707776][T13604]  ? aa_sock_msg_perm+0x94/0x160
[  352.707801][T13604]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  352.707824][T13604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  352.707852][T13604]  __sock_sendmsg+0x219/0x270
[  352.707890][T13604]  ____sys_sendmsg+0x505/0x830
[  352.707931][T13604]  ? __pfx_____sys_sendmsg+0x10/0x10
[  352.707972][T13604]  ? import_iovec+0x74/0xa0
[  352.708005][T13604]  ___sys_sendmsg+0x21f/0x2a0
[  352.708036][T13604]  ? __pfx____sys_sendmsg+0x10/0x10
[  352.708114][T13604]  ? __fget_files+0x2a/0x420
[  352.708141][T13604]  ? __fget_files+0x3a0/0x420
[  352.708182][T13604]  __x64_sys_sendmsg+0x19b/0x260
[  352.708223][T13604]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  352.708274][T13604]  ? do_syscall_64+0xba/0x210
[  352.708301][T13604]  do_syscall_64+0xf6/0x210
[  352.708323][T13604]  ? asm_sysvec_call_function_single+0x1a/0x20
[  352.708344][T13604]  ? clear_bhb_loop+0x45/0xa0
[  352.708369][T13604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.708388][T13604] RIP: 0033:0x7fbc04f8e969
[  352.708407][T13604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.708425][T13604] RSP: 002b:00007fbc05d4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  352.708447][T13604] RAX: ffffffffffffffda RBX: 00007fbc051b5fa0 RCX: 00007fbc04f8e969
[  352.708462][T13604] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  352.708475][T13604] RBP: 00007fbc05010ab1 R08: 0000000000000000 R09: 0000000000000000
[  352.708488][T13604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  352.708500][T13604] R13: 0000000000000000 R14: 00007fbc051b5fa0 R15: 00007ffe94c9abf8
[  352.708535][T13604]  </TASK>
[  352.789960][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031934800: rx timeout, send abort
[  353.294251][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031934400: rx timeout, send abort
[  353.557632][   T56] Bluetooth: hci1: command tx timeout
[  353.775772][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031934800: abort rx timeout. Force session deactivation
[  353.807494][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031934400: abort rx timeout. Force session deactivation
[  355.639585][   T56] Bluetooth: hci1: command tx timeout
[  359.279699][T13488] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  359.689047][T13488] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  360.217744][T13488] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  360.509585][T13488] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  365.574484][T13488] 8021q: adding VLAN 0 to HW filter on device bond0
[  365.654524][T13488] 8021q: adding VLAN 0 to HW filter on device team0
[  365.663677][T13652] netlink: 'syz.1.2273': attribute type 1 has an invalid length.
[  365.672383][T13648] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2271'.
[  365.689593][T13648] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  365.739364][T13652] bond6: entered promiscuous mode
[  365.770191][T13652] 8021q: adding VLAN 0 to HW filter on device bond6
[  365.970976][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  365.978166][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  366.021031][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  366.028247][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  366.080304][T13664] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  366.098411][T13664] CPU: 1 UID: 0 PID: 13664 Comm: syz.1.2274 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  366.098443][T13664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  366.098458][T13664] Call Trace:
[  366.098466][T13664]  <TASK>
[  366.098477][T13664]  dump_stack_lvl+0x189/0x250
[  366.098513][T13664]  ? lockdep_hardirqs_on+0x9c/0x150
[  366.098535][T13664]  ? __pfx_dump_stack_lvl+0x10/0x10
[  366.098565][T13664]  ? __pfx__printk+0x10/0x10
[  366.098591][T13664]  ? kernfs_path_from_node+0x2b/0x260
[  366.098625][T13664]  ? kernfs_path_from_node+0x216/0x260
[  366.098657][T13664]  sysfs_warn_dup+0x8e/0xa0
[  366.098686][T13664]  sysfs_do_create_link_sd+0xc0/0x110
[  366.098717][T13664]  device_add_class_symlinks+0x1cf/0x240
[  366.098748][T13664]  device_add+0x475/0xb50
[  366.098777][T13664]  wiphy_register+0x199a/0x26b0
[  366.098826][T13664]  ? __pfx_wiphy_register+0x10/0x10
[  366.098850][T13664]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  366.098885][T13664]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  366.098918][T13664]  ieee80211_register_hw+0x334b/0x4060
[  366.098971][T13664]  ? ieee80211_register_hw+0x14d1/0x4060
[  366.099014][T13664]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  366.099049][T13664]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.099089][T13664]  ? __hrtimer_setup+0x187/0x210
[  366.099118][T13664]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  366.099150][T13664]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  366.099229][T13664]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  366.099277][T13664]  ? trace_kmalloc+0x1f/0xd0
[  366.099299][T13664]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  366.099326][T13664]  ? kstrndup+0xbf/0x160
[  366.099368][T13664]  hwsim_new_radio_nl+0xea4/0x1b10
[  366.099408][T13664]  ? __pfx___nla_validate_parse+0x10/0x10
[  366.099450][T13664]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  366.099486][T13664]  ? __nla_parse+0x40/0x60
[  366.099515][T13664]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  366.099546][T13664]  genl_family_rcv_msg_doit+0x212/0x300
[  366.099575][T13664]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  366.099611][T13664]  ? bpf_lsm_capable+0x9/0x20
[  366.099638][T13664]  ? security_capable+0x7e/0x2e0
[  366.099668][T13664]  genl_rcv_msg+0x60e/0x790
[  366.099695][T13664]  ? __pfx_genl_rcv_msg+0x10/0x10
[  366.099713][T13664]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  366.099751][T13664]  netlink_rcv_skb+0x219/0x490
[  366.099778][T13664]  ? __pfx_genl_rcv_msg+0x10/0x10
[  366.099799][T13664]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  366.099852][T13664]  ? down_read+0x1ad/0x2e0
[  366.099878][T13664]  genl_rcv+0x28/0x40
[  366.099907][T13664]  netlink_unicast+0x758/0x8d0
[  366.099943][T13664]  netlink_sendmsg+0x805/0xb30
[  366.099999][T13664]  ? __pfx_netlink_sendmsg+0x10/0x10
[  366.100030][T13664]  ? aa_sock_msg_perm+0x94/0x160
[  366.100054][T13664]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  366.100076][T13664]  ? __pfx_netlink_sendmsg+0x10/0x10
[  366.100104][T13664]  __sock_sendmsg+0x219/0x270
[  366.100131][T13664]  ____sys_sendmsg+0x505/0x830
[  366.100167][T13664]  ? __pfx_____sys_sendmsg+0x10/0x10
[  366.100207][T13664]  ? import_iovec+0x74/0xa0
[  366.100240][T13664]  ___sys_sendmsg+0x21f/0x2a0
[  366.100271][T13664]  ? __pfx____sys_sendmsg+0x10/0x10
[  366.100343][T13664]  ? __fget_files+0x2a/0x420
[  366.100368][T13664]  ? __fget_files+0x3a0/0x420
[  366.100407][T13664]  __x64_sys_sendmsg+0x19b/0x260
[  366.100439][T13664]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  366.100487][T13664]  ? do_syscall_64+0xba/0x210
[  366.100512][T13664]  do_syscall_64+0xf6/0x210
[  366.100534][T13664]  ? clear_bhb_loop+0x45/0xa0
[  366.100559][T13664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.100579][T13664] RIP: 0033:0x7f459218e969
[  366.100598][T13664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.100615][T13664] RSP: 002b:00007f4592f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  366.100638][T13664] RAX: ffffffffffffffda RBX: 00007f45923b5fa0 RCX: 00007f459218e969
[  366.100653][T13664] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  366.100667][T13664] RBP: 00007f4592210ab1 R08: 0000000000000000 R09: 0000000000000000
[  366.100680][T13664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  366.100692][T13664] R13: 0000000000000000 R14: 00007f45923b5fa0 R15: 00007fff59ca59e8
[  366.100726][T13664]  </TASK>
[  367.159146][T13694] netlink: 3168 bytes leftover after parsing attributes in process `syz.1.2281'.
[  367.182823][T13694] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2281'.
[  367.208211][T13691] veth1_to_bond: entered allmulticast mode
[  367.219479][T13693] veth1_to_bond: entered promiscuous mode
[  367.286613][T13693] veth1_to_bond: left promiscuous mode
[  367.308794][T13693] veth1_to_bond: left allmulticast mode
[  367.495703][T13488] 8021q: adding VLAN 0 to HW filter on device batadv0
[  367.505515][T13706] delete_channel: no stack
[  367.826856][T13727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2290'.
[  367.957397][T13705] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  367.966323][T13705] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  367.975051][T13705] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  367.983530][T13705] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  368.522321][T13488] veth0_vlan: entered promiscuous mode
[  368.651290][T13488] veth1_vlan: entered promiscuous mode
[  368.857045][T13488] veth0_macvtap: entered promiscuous mode
[  368.895306][T13488] veth1_macvtap: entered promiscuous mode
[  368.953436][T13488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  368.986362][T13760] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2301'.
[  369.000555][T13488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.031849][T13488] batman_adv: batadv0: Interface activated: batadv_slave_0
[  369.039306][T13760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2301'.
[  369.056861][T13762] ieee802154 phy1 wpan1: encryption failed: -22
[  369.096127][T13488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.115593][T13488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.145367][T13488] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.173367][T13488] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.182923][T13488] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.193796][T13488] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.202831][T13488] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  369.239531][T13767] netlink: 'syz.0.2302': attribute type 4 has an invalid length.
[  369.357453][T13770] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2305'.
[  369.409740][ T7775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.435296][ T7775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.465326][T13778] netlink: 'syz.5.2305': attribute type 4 has an invalid length.
[  369.593000][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.608926][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.794984][T13790] netlink: 'syz.4.2312': attribute type 1 has an invalid length.
[  369.803147][T13790] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2312'.
[  369.925967][T13793] macsec4: entered promiscuous mode
[  369.933663][T13793] batadv0: entered promiscuous mode
[  369.956914][T13793] batadv0: left promiscuous mode
[  370.175537][ T7775] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.305689][ T7775] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.507372][ T7775] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.627636][ T7775] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.781154][ T7775] bridge_slave_1: left allmulticast mode
[  370.786846][ T7775] bridge_slave_1: left promiscuous mode
[  370.792760][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.802699][ T7775] bridge_slave_0: left allmulticast mode
[  370.809294][ T7775] bridge_slave_0: left promiscuous mode
[  370.815469][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.145622][ T7775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.158133][ T7775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.169698][ T7775] bond0 (unregistering): Released all slaves
[  371.410377][ T7775] hsr_slave_0: left promiscuous mode
[  371.416868][ T7775] hsr_slave_1: left promiscuous mode
[  371.426558][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.434177][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.446545][ T7775] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.454115][ T7775] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.477164][ T7775] veth1_macvtap: left promiscuous mode
[  371.482774][ T7775] veth0_macvtap: left promiscuous mode
[  371.488357][ T7775] veth1_vlan: left promiscuous mode
[  371.493910][ T7775] veth0_vlan: left promiscuous mode
[  371.991384][T13807] netlink: 'syz.1.2316': attribute type 1 has an invalid length.
[  371.999177][T13807] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2316'.
[  372.081079][T13806] netlink: 'syz.1.2316': attribute type 1 has an invalid length.
[  372.106986][T13806] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2316'.
[  372.207044][ T7775] team0 (unregistering): Port device team_slave_1 removed
[  372.318410][ T7775] team0 (unregistering): Port device team_slave_0 removed
[  372.475143][ T5140] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  372.488626][ T5140] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  372.499714][ T5140] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  372.530375][ T5140] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  372.545837][ T5140] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  373.130449][T13825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2319'.
[  373.167877][T13823] netlink: 'syz.0.2329': attribute type 4 has an invalid length.
[  374.010055][T13817] chnl_net:caif_netlink_parms(): no params data found
[  374.167342][T13817] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.177908][T13817] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.190434][T13817] bridge_slave_0: entered allmulticast mode
[  374.208887][T13817] bridge_slave_0: entered promiscuous mode
[  374.238602][T13817] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.246190][T13817] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.264340][T13817] bridge_slave_1: entered allmulticast mode
[  374.281569][T13817] bridge_slave_1: entered promiscuous mode
[  374.365954][T13855] xt_ecn: cannot match TCP bits for non-tcp packets
[  374.392239][T13817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  374.406371][T13817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.568767][T13817] team0: Port device team_slave_0 added
[  374.600610][ T5845] Bluetooth: hci1: command tx timeout
[  374.608968][T13817] team0: Port device team_slave_1 added
[  374.634421][T13860] netlink: 'syz.1.2328': attribute type 1 has an invalid length.
[  374.650764][T13860] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2328'.
[  374.707497][T13817] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.719646][T13817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.754320][T13817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.797612][T13817] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.813197][T13817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.857708][T13817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  375.170442][T13817] hsr_slave_0: entered promiscuous mode
[  375.180120][T13869] sctp: [Deprecated]: syz.1.2332 (pid 13869) Use of int in max_burst socket option deprecated.
[  375.180120][T13869] Use struct sctp_assoc_value instead
[  375.207350][T13817] hsr_slave_1: entered promiscuous mode
[  375.231587][T13817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  375.239198][T13817] Cannot create hsr debugfs directory
[  375.419596][T13876] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2335'.
[  375.473569][ T5845] Bluetooth: hci5: command 0x0406 tx timeout
[  375.858427][T13885] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2338'.
[  375.886778][T13885] netlink: 'syz.5.2338': attribute type 7 has an invalid length.
[  375.912007][T13885] netlink: 'syz.5.2338': attribute type 8 has an invalid length.
[  375.954016][T13885] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2338'.
[  376.356061][T13893] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2341'.
[  376.562185][T13817] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  376.600114][T13817] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  376.642828][T13817] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  376.670697][   T56] Bluetooth: hci1: command tx timeout
[  376.695131][T13817] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  376.728958][T13909] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2347'.
[  376.874155][T13915] netlink: 19 bytes leftover after parsing attributes in process `syz.0.2349'.
[  376.933541][T13817] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.005736][T13817] 8021q: adding VLAN 0 to HW filter on device team0
[  377.055815][ T1132] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.063158][ T1132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.239760][T13930] netlink: 'syz.0.2351': attribute type 4 has an invalid length.
[  377.294743][ T1132] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.301960][ T1132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.309969][T13933] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2353'.
[  377.436804][T13817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  377.485694][T13937] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  377.517535][T13935] pim6reg1: entered promiscuous mode
[  377.523341][T13935] pim6reg1: entered allmulticast mode
[  377.568853][T13942] netlink: 'syz.5.2355': attribute type 1 has an invalid length.
[  377.628287][T13939] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2355'.
[  377.770046][T13942] 8021q: adding VLAN 0 to HW filter on device bond2
[  377.892952][T13943] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2354'.
[  377.921748][T13943] syzkaller0: entered promiscuous mode
[  377.927287][T13943] syzkaller0: entered allmulticast mode
[  378.165339][T13817] 8021q: adding VLAN 0 to HW filter on device batadv0
[  378.303859][T13943] 8021q: adding VLAN 0 to HW filter on device bond4
[  378.363530][T13943] team0: Port device bond4 added
[  378.504278][T13964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2358'.
[  378.516594][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  378.543906][T13964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2358'.
[  378.594019][T13964] macsec4: entered allmulticast mode
[  378.599376][T13964] gretap0: entered allmulticast mode
[  378.628970][T13964] gretap0: left allmulticast mode
[  378.629801][T13961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2358'.
[  378.751250][ T5845] Bluetooth: hci1: command tx timeout
[  378.890281][T13817] veth0_vlan: entered promiscuous mode
[  378.969489][T13817] veth1_vlan: entered promiscuous mode
[  379.042457][T13985] netlink: 'syz.5.2364': attribute type 4 has an invalid length.
[  379.051619][T13977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2363'.
[  379.083261][T13986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2366'.
[  379.102118][T13817] veth0_macvtap: entered promiscuous mode
[  379.115659][T13817] veth1_macvtap: entered promiscuous mode
[  379.122663][T13977] block nbd1: shutting down sockets
[  379.193915][T13990] netlink: 'syz.0.2367': attribute type 4 has an invalid length.
[  379.206038][T13817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.230859][T13817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.262341][T13817] batman_adv: batadv0: Interface activated: batadv_slave_0
[  379.284189][T13817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.314187][T13817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.336579][T13817] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.369110][T13817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.387090][T13817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  379.397965][T13817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  379.407388][T13817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  379.607858][T13996] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  379.700301][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.730384][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.853497][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.873223][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.420441][T14029] veth7: entered promiscuous mode
[  380.591926][ T5845] Bluetooth: hci2: command 0x0405 tx timeout
[  380.623688][T14040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2383'.
[  380.701110][T14040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2383'.
[  380.739869][T14040] netlink: 'syz.0.2383': attribute type 18 has an invalid length.
[  380.985476][ T1132] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.160407][ T1132] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.226755][ T1132] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.298572][ T1132] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.426742][ T1132] bridge_slave_1: left allmulticast mode
[  381.432495][ T1132] bridge_slave_1: left promiscuous mode
[  381.438238][ T1132] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.448825][ T1132] bridge_slave_0: left allmulticast mode
[  381.455814][ T1132] bridge_slave_0: left promiscuous mode
[  381.461710][ T1132] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.785821][ T1132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  381.797030][ T1132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  381.808033][ T1132] bond0 (unregistering): Released all slaves
[  382.048493][ T1132] hsr_slave_0: left promiscuous mode
[  382.058772][ T1132] hsr_slave_1: left promiscuous mode
[  382.067180][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  382.074852][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_0
[  382.083784][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  382.091447][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_1
[  382.114683][ T1132] veth1_macvtap: left promiscuous mode
[  382.120336][ T1132] veth0_macvtap: left promiscuous mode
[  382.126053][ T1132] veth1_vlan: left promiscuous mode
[  382.131933][ T1132] veth0_vlan: left promiscuous mode
[  382.730956][ T1132] team0 (unregistering): Port device team_slave_1 removed
[  382.783229][T14060] netlink: 'syz.1.2385': attribute type 4 has an invalid length.
[  382.901431][ T1132] team0 (unregistering): Port device team_slave_0 removed
[  383.230093][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  383.243280][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  383.260112][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  383.271079][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  383.279576][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  383.796808][T14069] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  383.939307][T14076] __nla_validate_parse: 1 callbacks suppressed
[  383.939327][T14076] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2389'.
[  384.378005][T14087] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2393'.
[  384.447635][T14089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2394'.
[  384.752746][T14072] chnl_net:caif_netlink_parms(): no params data found
[  384.920170][T14102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2397'.
[  385.116756][T14072] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.128288][T14072] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.141172][T14072] bridge_slave_0: entered allmulticast mode
[  385.157616][T14072] bridge_slave_0: entered promiscuous mode
[  385.169394][T14072] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.185248][T14072] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.196742][T14072] bridge_slave_1: entered allmulticast mode
[  385.209557][T14072] bridge_slave_1: entered promiscuous mode
[  385.310924][ T5845] Bluetooth: hci1: command tx timeout
[  385.319164][T14072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.350154][T14072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.563060][T14072] team0: Port device team_slave_0 added
[  385.588641][T14072] team0: Port device team_slave_1 added
[  385.710004][T14072] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.727350][T14072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.780182][T14072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.856007][T14072] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.865487][T14072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.950607][T14072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.985111][T14144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  385.993832][T14144] batadv_slave_1: entered promiscuous mode
[  386.037462][T14151] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2410'.
[  386.049318][T14151] tipc: Invalid UDP bearer configuration
[  386.049372][T14151] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  386.097456][T14149] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2410'.
[  386.107430][T14149] tipc: Invalid UDP bearer configuration
[  386.107487][T14149] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  386.247117][T14072] hsr_slave_0: entered promiscuous mode
[  386.265501][T14072] hsr_slave_1: entered promiscuous mode
[  386.278267][T14072] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  386.289285][T14072] Cannot create hsr debugfs directory
[  386.515959][T14170] openvswitch: netlink: Flow actions attr not present in new flow.
[  386.615696][T14175] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2416'.
[  386.631387][T14170] block nbd1: server does not support multiple connections per device.
[  386.650974][T14170] block nbd1: shutting down sockets
[  386.736551][T14178] xt_CT: No such helper "snmp"
[  386.876289][T14190] geneve0: entered allmulticast mode
[  387.123133][   T30] audit: type=1800 audit(1747175589.715:40): pid=14204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2425" name="memory.events" dev="tmpfs" ino=3028 res=0 errno=0
[  387.169924][T14204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2425'.
[  387.179221][   T30] audit: type=1804 audit(1747175589.755:41): pid=14204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2425" name="memory.events" dev="tmpfs" ino=3028 res=1 errno=0
[  387.200843][T14204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2425'.
[  387.365140][T14215] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2428'.
[  387.390842][ T5845] Bluetooth: hci1: command tx timeout
[  387.397624][T14217] ªªªªª»: renamed from vcan0 (while UP)
[  387.488304][T14072] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  387.510251][T14072] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  387.536776][T14072] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  387.549017][T14072] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  387.749459][T14225] IPVS: set_ctl: invalid protocol: 12 255.255.255.255:20004
[  387.778235][T14072] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.840196][T14072] 8021q: adding VLAN 0 to HW filter on device team0
[  387.862965][ T1132] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.870150][ T1132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.933456][ T1132] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.940662][ T1132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.545303][T14072] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.677830][T14072] veth0_vlan: entered promiscuous mode
[  388.726661][T14072] veth1_vlan: entered promiscuous mode
[  388.753584][    C0] ==================================================================
[  388.761708][    C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0
[  388.769645][    C0] Read of size 2 at addr ffff88802f3afc2a by task syz-executor/14072
[  388.777736][    C0] 
[  388.780084][    C0] CPU: 0 UID: 0 PID: 14072 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  388.780108][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  388.780128][    C0] Call Trace:
[  388.780138][    C0]  <IRQ>
[  388.780146][    C0]  dump_stack_lvl+0x189/0x250
[  388.780173][    C0]  ? __virt_addr_valid+0x18c/0x540
[  388.780195][    C0]  ? rcu_is_watching+0x15/0xb0
[  388.780219][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.780241][    C0]  ? rcu_is_watching+0x15/0xb0
[  388.780265][    C0]  ? lock_release+0x4b/0x3e0
[  388.780289][    C0]  ? __virt_addr_valid+0x18c/0x540
[  388.780309][    C0]  ? __virt_addr_valid+0x469/0x540
[  388.780331][    C0]  print_report+0xb4/0x290
[  388.780350][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  388.780367][    C0]  kasan_report+0x118/0x150
[  388.780389][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  388.780411][    C0]  rose_timer_expiry+0x471/0x4b0
[  388.780430][    C0]  call_timer_fn+0x17b/0x5f0
[  388.780451][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  388.780468][    C0]  ? call_timer_fn+0xbe/0x5f0
[  388.780491][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  388.780521][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  388.780544][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.780559][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  388.780578][    C0]  __run_timer_base+0x61a/0x860
[  388.780596][    C0]  ? ktime_get+0x3e/0x1f0
[  388.780617][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  388.780635][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  388.780661][    C0]  run_timer_softirq+0xb7/0x180
[  388.780680][    C0]  handle_softirqs+0x283/0x870
[  388.780696][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  388.780713][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  388.780732][    C0]  __irq_exit_rcu+0xca/0x1f0
[  388.780752][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  388.780771][    C0]  irq_exit_rcu+0x9/0x30
[  388.780783][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  388.780808][    C0]  </IRQ>
[  388.780814][    C0]  <TASK>
[  388.780821][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  388.780840][    C0] RIP: 0010:lock_release+0x2b5/0x3e0
[  388.780864][    C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 fb ce d7 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[  388.780879][    C0] RSP: 0018:ffffc90004ecf550 EFLAGS: 00000206
[  388.780895][    C0] RAX: c3768632447e6e00 RBX: 0000000000000206 RCX: c3768632447e6e00
[  388.780907][    C0] RDX: 0000000000000000 RSI: ffffffff8d93d26b RDI: ffffffff8bc1d4a0
[  388.780920][    C0] RBP: ffff88802ea1e4f0 R08: ffffc90004ecfa60 R09: 0000000000000000
[  388.780932][    C0] R10: ffffc90004ecf6d8 R11: fffff520009d9edd R12: 0000000000000000
[  388.780944][    C0] R13: 0000000000000000 R14: ffffffff8df3b860 R15: ffff88802ea1da00
[  388.780966][    C0]  ? unwind_next_frame+0xa5/0x2390
[  388.780988][    C0]  ? unwind_next_frame+0xa5/0x2390
[  388.781008][    C0]  unwind_next_frame+0x19a9/0x2390
[  388.781031][    C0]  ? unwind_next_frame+0xa5/0x2390
[  388.781051][    C0]  ? kmem_cache_free+0x192/0x3f0
[  388.781074][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  388.781092][    C0]  arch_stack_walk+0x11c/0x150
[  388.781116][    C0]  ? skb_release_data+0x688/0x8b0
[  388.781141][    C0]  stack_trace_save+0x9c/0xe0
[  388.781157][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  388.781179][    C0]  kasan_save_track+0x3e/0x80
[  388.781196][    C0]  ? kasan_save_track+0x3e/0x80
[  388.781213][    C0]  ? kasan_save_free_info+0x46/0x50
[  388.781237][    C0]  ? __kasan_slab_free+0x62/0x70
[  388.781255][    C0]  ? kmem_cache_free+0x192/0x3f0
[  388.781297][    C0]  ? skb_release_data+0x688/0x8b0
[  388.781319][    C0]  kasan_save_free_info+0x46/0x50
[  388.781344][    C0]  __kasan_slab_free+0x62/0x70
[  388.781362][    C0]  kmem_cache_free+0x192/0x3f0
[  388.781384][    C0]  skb_release_data+0x688/0x8b0
[  388.781412][    C0]  consume_skb+0x9e/0xf0
[  388.781432][    C0]  netlink_recvmsg+0x5d3/0xe00
[  388.781459][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  388.781481][    C0]  ? __pfx_aa_sk_perm+0x10/0x10
[  388.781499][    C0]  ? aa_sock_msg_perm+0x94/0x160
[  388.781517][    C0]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  388.781536][    C0]  ? security_socket_recvmsg+0x7e/0x2e0
[  388.781558][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  388.781579][    C0]  sock_recvmsg+0x229/0x270
[  388.781597][    C0]  __sys_recvfrom+0x1f6/0x340
[  388.781619][    C0]  ? __pfx___sys_recvfrom+0x10/0x10
[  388.781645][    C0]  ? fput_close_sync+0x119/0x200
[  388.781676][    C0]  ? rcu_is_watching+0x15/0xb0
[  388.781703][    C0]  __x64_sys_recvfrom+0xde/0x100
[  388.781726][    C0]  do_syscall_64+0xf6/0x210
[  388.781749][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  388.781765][    C0]  ? clear_bhb_loop+0x45/0xa0
[  388.781782][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.781797][    C0] RIP: 0033:0x7fdaa5190734
[  388.781811][    C0] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[  388.781825][    C0] RSP: 002b:00007fff72789890 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  388.781840][    C0] RAX: ffffffffffffffda RBX: 00007fdaa5ee4620 RCX: 00007fdaa5190734
[  388.781852][    C0] RDX: 0000000000001000 RSI: 00007fdaa5ee4670 RDI: 0000000000000003
[  388.781863][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  388.781873][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  388.781882][    C0] R13: 0000000000000000 R14: 00007fdaa5ee4670 R15: 0000000000000000
[  388.781900][    C0]  </TASK>
[  388.781906][    C0] 
[  389.319396][    C0] Allocated by task 9665:
[  389.323755][    C0]  kasan_save_track+0x3e/0x80
[  389.328529][    C0]  __kasan_kmalloc+0x93/0xb0
[  389.333121][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[  389.338501][    C0]  rose_add_node+0x23a/0xde0
[  389.343088][    C0]  rose_rt_ioctl+0xa48/0xfb0
[  389.347672][    C0]  rose_ioctl+0x3ce/0x8b0
[  389.352015][    C0]  sock_do_ioctl+0xd9/0x300
[  389.356512][    C0]  sock_ioctl+0x576/0x790
[  389.360838][    C0]  __se_sys_ioctl+0xf9/0x170
[  389.365429][    C0]  do_syscall_64+0xf6/0x210
[  389.369926][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.375818][    C0] 
[  389.378140][    C0] Freed by task 14161:
[  389.382196][    C0]  kasan_save_track+0x3e/0x80
[  389.386870][    C0]  kasan_save_free_info+0x46/0x50
[  389.391901][    C0]  __kasan_slab_free+0x62/0x70
[  389.396664][    C0]  kfree+0x193/0x440
[  389.400559][    C0]  rose_rt_device_down+0x66d/0x6c0
[  389.405665][    C0]  rose_device_event+0x603/0x6a0
[  389.410614][    C0]  notifier_call_chain+0x1b3/0x3e0
[  389.415738][    C0]  __dev_notify_flags+0x18d/0x2e0
[  389.420768][    C0]  netif_change_flags+0xe8/0x1a0
[  389.425713][    C0]  dev_change_flags+0x130/0x260
[  389.430566][    C0]  dev_ioctl+0x7b4/0x1150
[  389.434899][    C0]  sock_do_ioctl+0x22c/0x300
[  389.439483][    C0]  sock_ioctl+0x576/0x790
[  389.443831][    C0]  __se_sys_ioctl+0xf9/0x170
[  389.448422][    C0]  do_syscall_64+0xf6/0x210
[  389.452926][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.458819][    C0] 
[  389.461143][    C0] The buggy address belongs to the object at ffff88802f3afc00
[  389.461143][    C0]  which belongs to the cache kmalloc-512 of size 512
[  389.475196][    C0] The buggy address is located 42 bytes inside of
[  389.475196][    C0]  freed 512-byte region [ffff88802f3afc00, ffff88802f3afe00)
[  389.488923][    C0] 
[  389.491247][    C0] The buggy address belongs to the physical page:
[  389.497748][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f3ac
[  389.506509][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  389.515010][    C0] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  389.522898][    C0] page_type: f5(slab)
[  389.526879][    C0] raw: 00fff00000000040 ffff88801a041c80 ffffea000045b900 dead000000000003
[  389.535458][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  389.544043][    C0] head: 00fff00000000040 ffff88801a041c80 ffffea000045b900 dead000000000003
[  389.552738][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  389.561410][    C0] head: 00fff00000000002 ffffea0000bceb01 00000000ffffffff 00000000ffffffff
[  389.570079][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  389.578759][    C0] page dumped because: kasan: bad access detected
[  389.585174][    C0] page_owner tracks the page as allocated
[  389.590883][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1154, tgid 1154 (kworker/u8:6), ts 206062963672, free_ts 205049794280
[  389.610329][    C0]  post_alloc_hook+0x1d8/0x230
[  389.615103][    C0]  get_page_from_freelist+0x21e0/0x22c0
[  389.620656][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  389.626469][    C0]  alloc_pages_mpol+0x232/0x4a0
[  389.631318][    C0]  allocate_slab+0x8a/0x3b0
[  389.635826][    C0]  ___slab_alloc+0xbfc/0x1480
[  389.640533][    C0]  __kmalloc_cache_noprof+0x296/0x3d0
[  389.645906][    C0]  batadv_forw_packet_alloc+0x1e9/0x390
[  389.651453][    C0]  batadv_iv_ogm_queue_add+0x85f/0xd30
[  389.656918][    C0]  batadv_iv_ogm_schedule+0xabd/0xea0
[  389.662298][    C0]  batadv_iv_send_outstanding_bat_ogm_packet+0x6c6/0x7e0
[  389.669329][    C0]  process_scheduled_works+0xadb/0x17a0
[  389.674884][    C0]  worker_thread+0x8a0/0xda0
[  389.679482][    C0]  kthread+0x70e/0x8a0
[  389.683556][    C0]  ret_from_fork+0x4b/0x80
[  389.687974][    C0]  ret_from_fork_asm+0x1a/0x30
[  389.692735][    C0] page last free pid 7775 tgid 7775 stack trace:
[  389.699052][    C0]  __free_frozen_pages+0xb14/0xce0
[  389.704171][    C0]  __put_partials+0x161/0x1c0
[  389.708861][    C0]  put_cpu_partial+0x17c/0x250
[  389.713622][    C0]  __slab_free+0x2f7/0x400
[  389.718034][    C0]  qlist_free_all+0x9a/0x140
[  389.722614][    C0]  kasan_quarantine_reduce+0x148/0x160
[  389.728092][    C0]  __kasan_slab_alloc+0x22/0x80
[  389.732946][    C0]  __kmalloc_cache_noprof+0x1be/0x3d0
[  389.738319][    C0]  netdevice_event+0x3a1/0x8a0
[  389.743089][    C0]  notifier_call_chain+0x1b3/0x3e0
[  389.748201][    C0]  unregister_netdevice_many_notify+0x15d8/0x2320
[  389.754619][    C0]  default_device_exit_batch+0x819/0x890
[  389.760272][    C0]  ops_undo_list+0x522/0x990
[  389.764866][    C0]  cleanup_net+0x4c5/0x8a0
[  389.769282][    C0]  process_scheduled_works+0xadb/0x17a0
[  389.774837][    C0]  worker_thread+0x8a0/0xda0
[  389.779429][    C0] 
[  389.781748][    C0] Memory state around the buggy address:
[  389.787375][    C0]  ffff88802f3afb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  389.795435][    C0]  ffff88802f3afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  389.803489][    C0] >ffff88802f3afc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  389.811546][    C0]                                   ^
[  389.816912][    C0]  ffff88802f3afc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  389.824968][    C0]  ffff88802f3afd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  389.833020][    C0] ==================================================================
[  389.841269][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  389.848487][    C0] CPU: 0 UID: 0 PID: 14072 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) 
[  389.860744][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  389.870840][    C0] Call Trace:
[  389.874126][    C0]  <IRQ>
[  389.876973][    C0]  dump_stack_lvl+0x99/0x250
[  389.881590][    C0]  ? __asan_memcpy+0x40/0x70
[  389.886179][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  389.891386][    C0]  ? __pfx__printk+0x10/0x10
[  389.895982][    C0]  panic+0x2db/0x790
[  389.899915][    C0]  ? __pfx_panic+0x10/0x10
[  389.904345][    C0]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  389.910248][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  389.916148][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  389.922483][    C0]  ? print_memory_metadata+0x314/0x400
[  389.927949][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  389.933061][    C0]  check_panic_on_warn+0x89/0xb0
[  389.938006][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  389.943121][    C0]  end_report+0x78/0x160
[  389.947370][    C0]  kasan_report+0x129/0x150
[  389.951879][    C0]  ? rose_timer_expiry+0x471/0x4b0
[  389.956994][    C0]  rose_timer_expiry+0x471/0x4b0
[  389.961933][    C0]  call_timer_fn+0x17b/0x5f0
[  389.966529][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  389.971987][    C0]  ? call_timer_fn+0xbe/0x5f0
[  389.976686][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  389.981804][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.987024][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  389.992216][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[  389.997677][    C0]  __run_timer_base+0x61a/0x860
[  390.002536][    C0]  ? ktime_get+0x3e/0x1f0
[  390.006868][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  390.012238][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  390.018485][    C0]  run_timer_softirq+0xb7/0x180
[  390.023335][    C0]  handle_softirqs+0x283/0x870
[  390.028107][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  390.032869][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  390.038175][    C0]  __irq_exit_rcu+0xca/0x1f0
[  390.042761][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  390.047960][    C0]  irq_exit_rcu+0x9/0x30
[  390.052202][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  390.057857][    C0]  </IRQ>
[  390.060786][    C0]  <TASK>
[  390.063716][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  390.069722][    C0] RIP: 0010:lock_release+0x2b5/0x3e0
[  390.075016][    C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 fb ce d7 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[  390.094630][    C0] RSP: 0018:ffffc90004ecf550 EFLAGS: 00000206
[  390.100706][    C0] RAX: c3768632447e6e00 RBX: 0000000000000206 RCX: c3768632447e6e00
[  390.108683][    C0] RDX: 0000000000000000 RSI: ffffffff8d93d26b RDI: ffffffff8bc1d4a0
[  390.116677][    C0] RBP: ffff88802ea1e4f0 R08: ffffc90004ecfa60 R09: 0000000000000000
[  390.124669][    C0] R10: ffffc90004ecf6d8 R11: fffff520009d9edd R12: 0000000000000000
[  390.132799][    C0] R13: 0000000000000000 R14: ffffffff8df3b860 R15: ffff88802ea1da00
[  390.140912][    C0]  ? unwind_next_frame+0xa5/0x2390
[  390.146052][    C0]  ? unwind_next_frame+0xa5/0x2390
[  390.151214][    C0]  unwind_next_frame+0x19a9/0x2390
[  390.156366][    C0]  ? unwind_next_frame+0xa5/0x2390
[  390.161500][    C0]  ? kmem_cache_free+0x192/0x3f0
[  390.166462][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  390.172635][    C0]  arch_stack_walk+0x11c/0x150
[  390.177416][    C0]  ? skb_release_data+0x688/0x8b0
[  390.182457][    C0]  stack_trace_save+0x9c/0xe0
[  390.187141][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  390.192527][    C0]  kasan_save_track+0x3e/0x80
[  390.197230][    C0]  ? kasan_save_track+0x3e/0x80
[  390.202099][    C0]  ? kasan_save_free_info+0x46/0x50
[  390.207310][    C0]  ? __kasan_slab_free+0x62/0x70
[  390.212304][    C0]  ? kmem_cache_free+0x192/0x3f0
[  390.217289][    C0]  ? skb_release_data+0x688/0x8b0
[  390.222329][    C0]  kasan_save_free_info+0x46/0x50
[  390.227364][    C0]  __kasan_slab_free+0x62/0x70
[  390.232142][    C0]  kmem_cache_free+0x192/0x3f0
[  390.236916][    C0]  skb_release_data+0x688/0x8b0
[  390.241801][    C0]  consume_skb+0x9e/0xf0
[  390.246051][    C0]  netlink_recvmsg+0x5d3/0xe00
[  390.250823][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  390.256116][    C0]  ? __pfx_aa_sk_perm+0x10/0x10
[  390.260967][    C0]  ? aa_sock_msg_perm+0x94/0x160
[  390.265904][    C0]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  390.271188][    C0]  ? security_socket_recvmsg+0x7e/0x2e0
[  390.276737][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  390.282024][    C0]  sock_recvmsg+0x229/0x270
[  390.286530][    C0]  __sys_recvfrom+0x1f6/0x340
[  390.291213][    C0]  ? __pfx___sys_recvfrom+0x10/0x10
[  390.296418][    C0]  ? fput_close_sync+0x119/0x200
[  390.301373][    C0]  ? rcu_is_watching+0x15/0xb0
[  390.306171][    C0]  __x64_sys_recvfrom+0xde/0x100
[  390.311112][    C0]  do_syscall_64+0xf6/0x210
[  390.315632][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  390.321787][    C0]  ? clear_bhb_loop+0x45/0xa0
[  390.326468][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.332359][    C0] RIP: 0033:0x7fdaa5190734
[  390.336773][    C0] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[  390.356468][    C0] RSP: 002b:00007fff72789890 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  390.364885][    C0] RAX: ffffffffffffffda RBX: 00007fdaa5ee4620 RCX: 00007fdaa5190734
[  390.372857][    C0] RDX: 0000000000001000 RSI: 00007fdaa5ee4670 RDI: 0000000000000003
[  390.380826][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.388808][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  390.396798][    C0] R13: 0000000000000000 R14: 00007fdaa5ee4670 R15: 0000000000000000
[  390.404801][    C0]  </TASK>
[  390.408184][    C0] Kernel Offset: disabled
[  390.412515][    C0] Rebooting in 86400 seconds..