last executing test programs:

1m13.873102283s ago: executing program 1 (id=729):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x1b00, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0x1e, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)

1m12.489655695s ago: executing program 1 (id=757):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xc0, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x60, 0x2f}, {0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xffffc90000000000}, {}, 0xfffffffc, 0x6e6bb4}}}, 0xc0}}, 0x0)

57.258542904s ago: executing program 1 (id=757):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xc0, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x60, 0x2f}, {0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xffffc90000000000}, {}, 0xfffffffc, 0x6e6bb4}}}, 0xc0}}, 0x0)

40.7925939s ago: executing program 1 (id=757):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xc0, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x60, 0x2f}, {0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xffffc90000000000}, {}, 0xfffffffc, 0x6e6bb4}}}, 0xc0}}, 0x0)

23.715345545s ago: executing program 1 (id=757):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xc0, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x60, 0x2f}, {0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xffffc90000000000}, {}, 0xfffffffc, 0x6e6bb4}}}, 0xc0}}, 0x0)

9.176915273s ago: executing program 1 (id=757):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@polexpire={0xc0, 0x1b, 0x57a500b9b82fd89, 0x0, 0x0, {{{@in6=@private0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x60, 0x2f}, {0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xffffc90000000000}, {}, 0xfffffffc, 0x6e6bb4}}}, 0xc0}}, 0x0)

1.735149869s ago: executing program 4 (id=1434):
syz_emit_ethernet(0x36, &(0x7f0000001800)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080045000028000000000002907800000000ffffffff12009070e001000200"/54], 0x0)

1.614030697s ago: executing program 0 (id=1435):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@getnexthop={0x20, 0x6a, 0x501, 0x0, 0x0, {}, [@NHA_MASTER={0x8, 0xa, 0x1}]}, 0x20}, 0x1, 0x0, 0xa6ffffff, 0x4004854}, 0x0)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)

1.586755541s ago: executing program 3 (id=1436):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
socket$netlink(0x10, 0x3, 0x8000000004)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@enum={0x3}]}, {0x0, [0x0, 0x0, 0x61]}}, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000004c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x448, 0x228, 0x98, 0x310, 0x98, 0x228, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x6, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0xff000000, 'bond_slave_0\x00', 'veth0_to_bond\x00', {}, {}, 0x11, 0x2}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0xff000000, 'veth1\x00', 'vlan1\x00', {0xff}, {}, 0x11, 0x2, 0x2a}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@socket0={{0x20}}, @common=@set={{0x40}, {{0x0, [0x0, 0x1, 0x0, 0x7, 0x6, 0x2], 0x6, 0x5}}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x6, 0xb}, {0xffffffffffffffff, 0x0, 0x4}}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@rand_addr, @multicast1, 0x0, 0xffffffff, 'pim6reg0\x00', 'dummy0\x00', {}, {}, 0x0, 0x1}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @TTL={0x28}}, {{@ip={@remote, @local, 0x0, 0xff, 'veth1_virt_wifi\x00', 'veth0_to_hsr\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10)

1.524964628s ago: executing program 4 (id=1437):
socket$inet(0x2, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0xa, 0x0, 0x2, 0x2}, 0x10}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x40, 0x25dfdbfb, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048050}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="3900000f1300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

1.495175506s ago: executing program 2 (id=1438):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x10000000000000)

1.433868081s ago: executing program 0 (id=1439):
socket(0x3, 0x3, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'veth0\x00', &(0x7f0000000240)=@ethtool_stats})
socket$nl_route(0x10, 0x3, 0x0)
write$cgroup_int(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r0, 0xc45af000)

1.337156518s ago: executing program 4 (id=1440):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), r0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x1, @loopback}, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0x1c8}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x2, 0x0, @void, @value, @void, @value}, 0x50)

1.329615676s ago: executing program 3 (id=1441):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd2b, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000, 0x0, 0x40801}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071101b01000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$netlink(0x10, 0x3, 0x9)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = gettid()
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x40000)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000800))
getgid()
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x1c}}], 0x20}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

1.298100068s ago: executing program 2 (id=1442):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in6=@remote, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) (async)
socket$inet6(0xa, 0x3, 0x87) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in6=@remote, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8) (async)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) (async)

1.149107889s ago: executing program 4 (id=1443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001280)=ANY=[@ANYBLOB='T\x00`\x00', @ANYRES16=r1, @ANYBLOB="010004000000000000000500000010000680040005000400050004000300300001800d0001007564703a73797a31000000000c00028008000400090000000e0001006574683a636169663000"], 0x54}}, 0x0)

1.05862187s ago: executing program 2 (id=1444):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$packet(r0, &(0x7f0000000040)={0x10, 0x6}, 0x14)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r1, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
connect$ax25(r1, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
socket$inet6(0xa, 0x3, 0x8000000003c)
socket$igmp6(0xa, 0x3, 0x2)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)

1.042389841s ago: executing program 0 (id=1445):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48010000", @ANYRES16, @ANYBLOB="200026bd7000fcdbdf25180000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000800000006001600390000000500120000000000060011000004000008000b00c3030000080001007063690011000200303030303a30303a31302e300000000008ffff000000000000000b000500000006001600370000000500120000000000060011000300000008000b0008000000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b004ef8000006001600050000000500120000000000060011000400000008000b0002000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b001904000006001600060000000500120000000000060011000101000008000b00ff000000"], 0x148}}, 0x400c8c0)

964.96291ms ago: executing program 4 (id=1446):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="01000000000000000000440000", @ANYRES16, @ANYRES64, @ANYRES16], 0x4c}}, 0x4000804)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000021000001000000000000000000"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r3], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

918.766486ms ago: executing program 3 (id=1447):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x100059, @private0, 0x6}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x7d, &(0x7f00000000c0)=@assoc_value={r1}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
recvmmsg$unix(r3, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000000)=0x1, 0x4)

817.351517ms ago: executing program 2 (id=1448):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010024bd7000fcdbdf25210000000800e3ff72ba19de35518168dca63faa06093636aac139", @ANYRES32=r7, @ANYBLOB="08009e0002100000"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x84)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r8 = socket$nl_audit(0x10, 0x3, 0x9)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x58)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r10, 0x8b32, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r9, 0x117, 0x5, 0x0, 0xe)
sendmsg$AUDIT_LIST_RULES(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000880}, 0x40000)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r3, @ANYBLOB="200001"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xd23, 0x0, 0x25dfdbff}, 0x18}}, 0x0)
bind$netlink(r0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))

761.102233ms ago: executing program 0 (id=1449):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000004000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b0100000000"], 0x38}, 0x0)

700.705309ms ago: executing program 3 (id=1450):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)={0x1c, r1, 0x201, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x0) (fail_nth: 8)

594.923783ms ago: executing program 0 (id=1451):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="d80000001c0081064e81f782db44b9040a1d08040e88a8ffff0002a1180002000600142603600e1208000f0000810401a8001605200001400200680803600cfab94dcf5c0461c1d67f6f94007134cf61e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f808db58b45296feb215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000)

288.992502ms ago: executing program 3 (id=1452):
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000060000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300030000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804)

247.81876ms ago: executing program 4 (id=1453):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000000)=0xfffffff7, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff)

233.373205ms ago: executing program 2 (id=1454):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@getnexthop={0x20, 0x6a, 0x501, 0x0, 0x0, {}, [@NHA_MASTER={0x8, 0xa, 0x1}]}, 0x20}, 0x1, 0x0, 0xffffffa6, 0x4004854}, 0x0)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)

37.274347ms ago: executing program 2 (id=1455):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="802100001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000580012800c0001006d6163766c616e00480002800800010010000000280005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000a000400aaaaaaaaaa00000008000300030000000a000400aaaaaaaaaabb000008000500", @ANYRES32=r1], 0x80}}, 0x0)

2.3919ms ago: executing program 3 (id=1456):
r0 = socket(0x3, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000380)=0x15, &(0x7f00000003c0)=0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x1b, &(0x7f0000000040)={&(0x7f0000000200)=@newtaction={0x14, 0x30, 0x1, 0x70bd2a}, 0x14}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0xbd04219890b395e9)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00f48c", @ANYRES16=r5, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r7, @ANYBLOB="08002600940900000800b70099000000"], 0x2c}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x278, r9, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x253, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="37e6fc966e04", {0x0, 0x7}}, 0x4c00, 0x5d, @default, @val, @void, [{0xdd, 0x91, "e131681a74b4152a5cb25b9e3449ad793f7c0231de6e548c14e8a54039dce655335f7ee83b352fcffd6faccfbef4759d1cb727d826a3be1756269db93ccc1a944209dfb0ecf47025f6f2d2a4b289ab069d8441b56aa5b7c3e371c349dcbac04b235ff208dc0a9178a7a5aad22c8e8c6caa249b74d9a8406aea9555a948f1312df07d75200c3f03b89c2dc6cc027db8778c"}, {0xdd, 0xb7, "872edd84228eef576424ccc956af466a2478aa3367f45b8207ebec62dda4a9af12225bfbf84637793d8771b1cba316616ab284cab467934fbbc911c1f753192a697dee5e8a14a1c629f437ed54861f5ff1088ba58a8d064760174e85fd1151ac8860a4a7734209cd3a5fb2ed504a2e1678489df99da83c29e6f7766982e4022f7a4927b57fad01d7c1d21045a0cbf8021dc8be818e3096e28eb4d5eb12a9f24a6d028623c512ede0a83f4a70c8dabc9ca09602b47bed84"}, {0xdd, 0xe1, "5e7f71638310f07fec4704c4474531014d4d109c6548a4c83240eb47070627dd21339a3fd1508ca0a10a51115670c5f5e5b2a346e1e774172d036f4db0ad4b14e634cfe490f31d5b9620f57fa60bb699b601da45b725952aeb0a47534fd996e98812586ab19e44ec72071fbba5568beae53e59f418bac912554f229e13bf12807a680ad1b1fc6343362c6a1356bc0f0bdcdb9a90fac7b7e4cd7223d424f2118768d6c12f49d70af935bc8f4391a200264ba8c593d22b1d0f51603cefa83f4b72901c5b2429121ff97a704e77c8e38da6f28f2017f6478718b4758535f2f4490530"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x1, 0x0]}]}, 0x278}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x1c, 0x4)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="310428bd7000ffffffff160000000c00018008000300040000000500030000000000"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000280)={'veth0\x00', &(0x7f0000000240)=@ethtool_stats})
socket$nl_route(0x10, 0x3, 0x0)
write$cgroup_int(r1, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0xc61b, 0x8008, 0x4, 0x1, <r11=>0x0}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={r11, 0x7134}, 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r1, 0xc45af000)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000070000004d0000000000000045000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x50)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'rose0\x00', &(0x7f00000002c0)=@ethtool_test={0x1a, 0x2, 0x5e00, 0x3, [0x0, 0x0, 0xd1]}})
r13 = socket(0x1e, 0x1, 0x0)
connect$tipc(r13, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x4001}}}, 0x10)

0s ago: executing program 0 (id=1457):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd2b, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000, 0x0, 0x40801}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071101b01000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$netlink(0x10, 0x3, 0x9)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = gettid()
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x40000)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000800))
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x1c}}], 0x20}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

kernel console output (not intermixed with test programs):

T7384] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  137.603472][ T7384]  </TASK>
[  138.151543][ T7388] FAULT_INJECTION: forcing a failure.
[  138.151543][ T7388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.165451][ T7388] CPU: 1 UID: 0 PID: 7388 Comm: syz.2.532 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  138.165478][ T7388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.165490][ T7388] Call Trace:
[  138.165498][ T7388]  <TASK>
[  138.165506][ T7388]  dump_stack_lvl+0x189/0x250
[  138.165543][ T7388]  ? __pfx____ratelimit+0x10/0x10
[  138.165571][ T7388]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.165601][ T7388]  ? __pfx__printk+0x10/0x10
[  138.165623][ T7388]  ? __might_fault+0xb0/0x130
[  138.165654][ T7388]  should_fail_ex+0x414/0x560
[  138.165684][ T7388]  _copy_from_user+0x2d/0xb0
[  138.165707][ T7388]  ___sys_sendmsg+0x158/0x2a0
[  138.165732][ T7388]  ? __pfx____sys_sendmsg+0x10/0x10
[  138.165788][ T7388]  ? __fget_files+0x2a/0x420
[  138.165809][ T7388]  ? __fget_files+0x3a0/0x420
[  138.165843][ T7388]  __x64_sys_sendmsg+0x19b/0x260
[  138.165867][ T7388]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  138.165899][ T7388]  ? __pfx_ksys_write+0x10/0x10
[  138.165917][ T7388]  ? rcu_is_watching+0x15/0xb0
[  138.165952][ T7388]  ? do_syscall_64+0xbe/0x3b0
[  138.165983][ T7388]  do_syscall_64+0xfa/0x3b0
[  138.166009][ T7388]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.166034][ T7388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.166053][ T7388]  ? clear_bhb_loop+0x60/0xb0
[  138.166078][ T7388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.166097][ T7388] RIP: 0033:0x7f037b38e929
[  138.166116][ T7388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.166132][ T7388] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  138.166153][ T7388] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  138.166168][ T7388] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  138.166180][ T7388] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  138.166192][ T7388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.166203][ T7388] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  138.166235][ T7388]  </TASK>
[  138.497721][ T7393] C: renamed from team_slave_0 (while UP)
[  138.585854][ T7393] netlink: 'syz.2.535': attribute type 1 has an invalid length.
[  138.593607][ T7393] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  138.752880][ T7409] Bluetooth: MGMT ver 1.23
[  138.909760][ T7415] __nla_validate_parse: 1 callbacks suppressed
[  138.909780][ T7415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.543'.
[  139.185699][ T7427] netlink: 96 bytes leftover after parsing attributes in process `syz.3.547'.
[  139.263021][ T7427] vlan2: entered allmulticast mode
[  139.268572][ T7427] gretap0: entered allmulticast mode
[  139.360482][ T7435] netlink: 16 bytes leftover after parsing attributes in process `syz.3.547'.
[  139.598492][ T7444] netlink: 20 bytes leftover after parsing attributes in process `syz.1.554'.
[  139.676636][ T7444] netlink: zone id is out of range
[  139.932326][ T7460] netlink: 146840 bytes leftover after parsing attributes in process `syz.2.562'.
[  140.217506][ T7475] netlink: 'syz.4.569': attribute type 10 has an invalid length.
[  140.244388][ T7475] netlink: 40 bytes leftover after parsing attributes in process `syz.4.569'.
[  140.256795][ T7476] netlink: 'syz.2.568': attribute type 27 has an invalid length.
[  140.307619][ T7478] netlink: 'syz.2.568': attribute type 27 has an invalid length.
[  140.359559][ T7475] team0: Port device geneve0 added
[  140.546413][ T7487] netlink: 'syz.2.573': attribute type 11 has an invalid length.
[  140.587232][ T7487] netlink: 64 bytes leftover after parsing attributes in process `syz.2.573'.
[  140.918282][ T7504] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.982075][ T7511] FAULT_INJECTION: forcing a failure.
[  140.982075][ T7511] name failslab, interval 1, probability 0, space 0, times 0
[  141.010659][ T7511] CPU: 0 UID: 0 PID: 7511 Comm: syz.0.585 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  141.010687][ T7511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.010700][ T7511] Call Trace:
[  141.010707][ T7511]  <TASK>
[  141.010716][ T7511]  dump_stack_lvl+0x189/0x250
[  141.010752][ T7511]  ? __pfx____ratelimit+0x10/0x10
[  141.010780][ T7511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.010811][ T7511]  ? __pfx__printk+0x10/0x10
[  141.010849][ T7511]  should_fail_ex+0x414/0x560
[  141.010882][ T7511]  should_failslab+0xa8/0x100
[  141.010907][ T7511]  kmem_cache_alloc_noprof+0x73/0x3c0
[  141.010928][ T7511]  ? skb_clone+0x212/0x3a0
[  141.010969][ T7511]  skb_clone+0x212/0x3a0
[  141.010996][ T7511]  __netlink_deliver_tap+0x404/0x850
[  141.011032][ T7511]  ? netlink_deliver_tap+0x2e/0x1b0
[  141.011054][ T7511]  netlink_deliver_tap+0x19c/0x1b0
[  141.011076][ T7511]  netlink_sendskb+0x68/0x140
[  141.011108][ T7511]  netlink_rcv_skb+0x28c/0x470
[  141.011129][ T7511]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  141.011159][ T7511]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.011192][ T7511]  ? bpf_lsm_capable+0x9/0x20
[  141.011211][ T7511]  ? security_capable+0x7e/0x2e0
[  141.011246][ T7511]  nfnetlink_rcv+0x26a/0x2520
[  141.011277][ T7511]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  141.011308][ T7511]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  141.011332][ T7511]  ? __dev_queue_xmit+0x27e/0x3a70
[  141.011357][ T7511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.011388][ T7511]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  141.011415][ T7511]  ? __pfx___dev_queue_xmit+0x10/0x10
[  141.011455][ T7511]  ? ref_tracker_free+0x63a/0x7d0
[  141.011483][ T7511]  ? __copy_skb_header+0xa7/0x550
[  141.011508][ T7511]  ? __pfx_ref_tracker_free+0x10/0x10
[  141.011537][ T7511]  ? __skb_clone+0x63/0x7a0
[  141.011565][ T7511]  ? __skb_clone+0x483/0x7a0
[  141.011596][ T7511]  ? skb_clone+0x246/0x3a0
[  141.011622][ T7511]  ? __netlink_deliver_tap+0x807/0x850
[  141.011642][ T7511]  ? netlink_deliver_tap+0x2e/0x1b0
[  141.011669][ T7511]  ? netlink_deliver_tap+0x2e/0x1b0
[  141.011689][ T7511]  ? netlink_deliver_tap+0x2e/0x1b0
[  141.011715][ T7511]  netlink_unicast+0x75b/0x8d0
[  141.011758][ T7511]  netlink_sendmsg+0x805/0xb30
[  141.011789][ T7511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.011814][ T7511]  ? aa_sock_msg_perm+0x94/0x160
[  141.011844][ T7511]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  141.011871][ T7511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.011893][ T7511]  __sock_sendmsg+0x21c/0x270
[  141.011925][ T7511]  ____sys_sendmsg+0x505/0x830
[  141.011961][ T7511]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.011995][ T7511]  ? import_iovec+0x74/0xa0
[  141.012021][ T7511]  ___sys_sendmsg+0x21f/0x2a0
[  141.012046][ T7511]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.012110][ T7511]  ? __fget_files+0x2a/0x420
[  141.012132][ T7511]  ? __fget_files+0x3a0/0x420
[  141.012167][ T7511]  __x64_sys_sendmsg+0x19b/0x260
[  141.012191][ T7511]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  141.012225][ T7511]  ? __pfx_ksys_write+0x10/0x10
[  141.012242][ T7511]  ? rcu_is_watching+0x15/0xb0
[  141.012267][ T7511]  ? do_syscall_64+0xbe/0x3b0
[  141.012300][ T7511]  do_syscall_64+0xfa/0x3b0
[  141.012325][ T7511]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.012350][ T7511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.012369][ T7511]  ? clear_bhb_loop+0x60/0xb0
[  141.012395][ T7511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.012414][ T7511] RIP: 0033:0x7f84eab8e929
[  141.012433][ T7511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.012449][ T7511] RSP: 002b:00007f84eb989038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.012472][ T7511] RAX: ffffffffffffffda RBX: 00007f84eadb5fa0 RCX: 00007f84eab8e929
[  141.012485][ T7511] RDX: 0000000000000000 RSI: 00002000000035c0 RDI: 0000000000000003
[  141.012498][ T7511] RBP: 00007f84eb989090 R08: 0000000000000000 R09: 0000000000000000
[  141.012510][ T7511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.012522][ T7511] R13: 0000000000000000 R14: 00007f84eadb5fa0 R15: 00007fff27944838
[  141.012555][ T7511]  </TASK>
[  141.430913][ T7514] FAULT_INJECTION: forcing a failure.
[  141.430913][ T7514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.444160][ T7514] CPU: 0 UID: 0 PID: 7514 Comm: syz.2.586 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  141.444186][ T7514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.444198][ T7514] Call Trace:
[  141.444206][ T7514]  <TASK>
[  141.444215][ T7514]  dump_stack_lvl+0x189/0x250
[  141.444251][ T7514]  ? __pfx____ratelimit+0x10/0x10
[  141.444278][ T7514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.444308][ T7514]  ? __pfx__printk+0x10/0x10
[  141.444331][ T7514]  ? __might_fault+0xb0/0x130
[  141.444364][ T7514]  should_fail_ex+0x414/0x560
[  141.444397][ T7514]  _copy_from_user+0x2d/0xb0
[  141.444419][ T7514]  ___sys_sendmsg+0x158/0x2a0
[  141.444445][ T7514]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.444508][ T7514]  ? __fget_files+0x2a/0x420
[  141.444530][ T7514]  ? __fget_files+0x3a0/0x420
[  141.444565][ T7514]  __x64_sys_sendmsg+0x19b/0x260
[  141.444590][ T7514]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  141.444624][ T7514]  ? __pfx_ksys_write+0x10/0x10
[  141.444641][ T7514]  ? rcu_is_watching+0x15/0xb0
[  141.444667][ T7514]  ? do_syscall_64+0xbe/0x3b0
[  141.444700][ T7514]  do_syscall_64+0xfa/0x3b0
[  141.444726][ T7514]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.444751][ T7514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.444771][ T7514]  ? clear_bhb_loop+0x60/0xb0
[  141.444796][ T7514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.444815][ T7514] RIP: 0033:0x7f037b38e929
[  141.444833][ T7514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.444849][ T7514] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.444870][ T7514] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  141.444885][ T7514] RDX: 0000000020000000 RSI: 0000200000000000 RDI: 0000000000000003
[  141.444905][ T7514] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  141.444918][ T7514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.444929][ T7514] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  141.444961][ T7514]  </TASK>
[  141.730736][ T7504] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.788002][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.4.589'.
[  141.841341][ T7520] netlink: 'syz.0.587': attribute type 1 has an invalid length.
[  141.853489][ T7504] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.884362][ T7520] netlink: 216 bytes leftover after parsing attributes in process `syz.0.587'.
[  141.974109][ T7504] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.035455][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.592'.
[  142.267620][ T7504] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.353597][ T7504] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.375650][ T7540] FAULT_INJECTION: forcing a failure.
[  142.375650][ T7540] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  142.422276][ T7504] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.431004][ T7540] CPU: 1 UID: 0 PID: 7540 Comm: syz.0.599 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  142.431031][ T7540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.431043][ T7540] Call Trace:
[  142.431052][ T7540]  <TASK>
[  142.431060][ T7540]  dump_stack_lvl+0x189/0x250
[  142.431097][ T7540]  ? __pfx____ratelimit+0x10/0x10
[  142.431125][ T7540]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.431156][ T7540]  ? __pfx__printk+0x10/0x10
[  142.431192][ T7540]  should_fail_ex+0x414/0x560
[  142.431225][ T7540]  _copy_to_user+0x31/0xb0
[  142.431249][ T7540]  simple_read_from_buffer+0xe1/0x170
[  142.431277][ T7540]  proc_fail_nth_read+0x1df/0x250
[  142.431307][ T7540]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.431336][ T7540]  ? rw_verify_area+0x258/0x650
[  142.431367][ T7540]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.431394][ T7540]  vfs_read+0x200/0x980
[  142.431419][ T7540]  ? __pfx___mutex_lock+0x10/0x10
[  142.431448][ T7540]  ? __pfx_vfs_read+0x10/0x10
[  142.431469][ T7540]  ? __fget_files+0x2a/0x420
[  142.431497][ T7540]  ? __fget_files+0x3a0/0x420
[  142.431528][ T7540]  ? __fget_files+0x2a/0x420
[  142.431561][ T7540]  ksys_read+0x145/0x250
[  142.431584][ T7540]  ? __pfx_ksys_read+0x10/0x10
[  142.431600][ T7540]  ? rcu_is_watching+0x15/0xb0
[  142.431626][ T7540]  ? do_syscall_64+0xbe/0x3b0
[  142.431658][ T7540]  do_syscall_64+0xfa/0x3b0
[  142.431684][ T7540]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.431709][ T7540]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.431728][ T7540]  ? clear_bhb_loop+0x60/0xb0
[  142.431753][ T7540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.431772][ T7540] RIP: 0033:0x7f84eab8d33c
[  142.431790][ T7540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  142.431807][ T7540] RSP: 002b:00007f84eb989030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  142.431828][ T7540] RAX: ffffffffffffffda RBX: 00007f84eadb5fa0 RCX: 00007f84eab8d33c
[  142.431843][ T7540] RDX: 000000000000000f RSI: 00007f84eb9890a0 RDI: 0000000000000004
[  142.431855][ T7540] RBP: 00007f84eb989090 R08: 0000000000000000 R09: 0000000000000000
[  142.431867][ T7540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  142.431879][ T7540] R13: 0000000000000000 R14: 00007f84eadb5fa0 R15: 00007fff27944838
[  142.431911][ T7540]  </TASK>
[  142.781363][ T7551] netlink: 'syz.2.601': attribute type 10 has an invalid length.
[  142.783107][ T7550] netlink: 'syz.3.604': attribute type 1 has an invalid length.
[  142.882973][ T7544] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  142.908655][ T7504] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.958263][ T7548] bridge_slave_0: left allmulticast mode
[  142.964082][ T7548] bridge_slave_0: left promiscuous mode
[  142.974429][ T7548] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.998947][ T7563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.010506][ T7548] bridge_slave_1: left allmulticast mode
[  143.029979][ T7548] bridge_slave_1: left promiscuous mode
[  143.040337][ T7548] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.063676][ T7548] bond0: (slave bond_slave_0): Releasing backup interface
[  143.077769][ T7548] bond0: (slave bond_slave_1): Releasing backup interface
[  143.114743][ T7548] team0: Port device C removed
[  143.138283][ T7548] team0: Port device team_slave_1 removed
[  143.147107][ T7548] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.154782][ T7548] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.165828][ T7548] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.173540][ T7548] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.200410][ T7551] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  143.219898][ T7551] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.236524][ T7551] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  143.278750][ T7544] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  143.286417][ T7544] IPv6: NLM_F_CREATE should be set when creating new route
[  143.293781][ T7544] IPv6: NLM_F_CREATE should be set when creating new route
[  143.315281][ T7566] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.698707][ T5901] IPVS: starting estimator thread 0...
[  143.782992][ T7594] netlink: 'syz.3.615': attribute type 1 has an invalid length.
[  143.825781][ T7591] IPVS: using max 24 ests per chain, 57600 per kthread
[  143.962955][ T7604] __nla_validate_parse: 3 callbacks suppressed
[  143.962975][ T7604] netlink: 28 bytes leftover after parsing attributes in process `syz.3.617'.
[  145.820536][ T7587] vlan2: entered allmulticast mode
[  145.825901][ T7587] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  145.877480][ T7608] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (8)
[  146.104709][ T7629] netlink: 'syz.2.621': attribute type 1 has an invalid length.
[  146.133408][ T7634] netlink: 36 bytes leftover after parsing attributes in process `syz.4.625'.
[  146.142774][ T7629] netlink: 228 bytes leftover after parsing attributes in process `syz.2.621'.
[  146.148763][ T7633] netlink: 96 bytes leftover after parsing attributes in process `syz.3.623'.
[  146.175082][ T7625] netlink: 'syz.2.621': attribute type 1 has an invalid length.
[  146.183188][ T7625] netlink: 228 bytes leftover after parsing attributes in process `syz.2.621'.
[  146.345808][ T7639] netlink: 'syz.1.627': attribute type 1 has an invalid length.
[  146.353532][ T7639] netlink: 216 bytes leftover after parsing attributes in process `syz.1.627'.
[  146.584195][ T7657] vxcan1: tx address claim with different name
[  146.637530][ T7660] syzkaller1: entered promiscuous mode
[  146.650527][ T7659] xt_CT: You must specify a L4 protocol and not use inversions on it
[  146.659040][ T7660] syzkaller1: entered allmulticast mode
[  146.782852][ T7666] netlink: 96 bytes leftover after parsing attributes in process `syz.1.636'.
[  147.850114][ T7664] tipc: Started in network mode
[  147.855049][ T7664] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[  147.864972][ T7664] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  148.137907][ T7677] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.210467][ T7682] netlink: 24 bytes leftover after parsing attributes in process `syz.0.642'.
[  148.318772][ T7677] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.408882][ T7692] netlink: 32 bytes leftover after parsing attributes in process `syz.4.646'.
[  148.478168][ T7677] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.536120][ T7698] xt_l2tp: v2 doesn't support IP mode
[  148.550482][ T7697] IPv4: Oversized IP packet from 127.202.26.0
[  148.566775][ T7677] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.867392][ T7677] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.084673][ T7677] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.109488][ T7719] FAULT_INJECTION: forcing a failure.
[  149.109488][ T7719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.145327][ T7719] CPU: 1 UID: 0 PID: 7719 Comm: syz.0.656 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  149.145355][ T7719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.145367][ T7719] Call Trace:
[  149.145374][ T7719]  <TASK>
[  149.145383][ T7719]  dump_stack_lvl+0x189/0x250
[  149.145420][ T7719]  ? __pfx____ratelimit+0x10/0x10
[  149.145446][ T7719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.145478][ T7719]  ? __pfx__printk+0x10/0x10
[  149.145500][ T7719]  ? __might_fault+0xb0/0x130
[  149.145533][ T7719]  should_fail_ex+0x414/0x560
[  149.145565][ T7719]  _copy_from_iter+0x1db/0x16f0
[  149.145601][ T7719]  ? rcu_is_watching+0x15/0xb0
[  149.145623][ T7719]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  149.145646][ T7719]  ? __pfx__copy_from_iter+0x10/0x10
[  149.145680][ T7719]  ? __build_skb_around+0x257/0x3e0
[  149.145704][ T7719]  ? netlink_sendmsg+0x642/0xb30
[  149.145722][ T7719]  ? skb_put+0x11b/0x210
[  149.145746][ T7719]  netlink_sendmsg+0x6b2/0xb30
[  149.145777][ T7719]  ? __pfx_netlink_sendmsg+0x10/0x10
[  149.145801][ T7719]  ? aa_sock_msg_perm+0x94/0x160
[  149.145830][ T7719]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  149.145857][ T7719]  ? __pfx_netlink_sendmsg+0x10/0x10
[  149.145886][ T7719]  __sock_sendmsg+0x21c/0x270
[  149.145917][ T7719]  sock_write_iter+0x258/0x330
[  149.145944][ T7719]  ? __pfx_sock_write_iter+0x10/0x10
[  149.145981][ T7719]  ? bpf_lsm_file_permission+0x9/0x20
[  149.146009][ T7719]  ? security_file_permission+0x75/0x290
[  149.146039][ T7719]  vfs_write+0x54b/0xa90
[  149.146064][ T7719]  ? __pfx_sock_write_iter+0x10/0x10
[  149.146090][ T7719]  ? __pfx_vfs_write+0x10/0x10
[  149.146120][ T7719]  ? __fget_files+0x2a/0x420
[  149.146152][ T7719]  ksys_write+0x145/0x250
[  149.146175][ T7719]  ? __pfx_ksys_write+0x10/0x10
[  149.146192][ T7719]  ? rcu_is_watching+0x15/0xb0
[  149.146216][ T7719]  ? do_syscall_64+0xbe/0x3b0
[  149.146248][ T7719]  do_syscall_64+0xfa/0x3b0
[  149.146274][ T7719]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.146304][ T7719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.146324][ T7719]  ? clear_bhb_loop+0x60/0xb0
[  149.146348][ T7719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.146368][ T7719] RIP: 0033:0x7f84eab8e929
[  149.146386][ T7719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.146402][ T7719] RSP: 002b:00007f84eb989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  149.146424][ T7719] RAX: ffffffffffffffda RBX: 00007f84eadb5fa0 RCX: 00007f84eab8e929
[  149.146438][ T7719] RDX: 000000000000001c RSI: 00002000000000c0 RDI: 0000000000000003
[  149.146450][ T7719] RBP: 00007f84eb989090 R08: 0000000000000000 R09: 0000000000000000
[  149.146463][ T7719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.146474][ T7719] R13: 0000000000000000 R14: 00007f84eadb5fa0 R15: 00007fff27944838
[  149.146505][ T7719]  </TASK>
[  149.267019][ T7714] syzkaller1: entered promiscuous mode
[  149.502887][ T7714] syzkaller1: entered allmulticast mode
[  149.561808][ T7677] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.621829][ T7677] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.202313][ T7752] FAULT_INJECTION: forcing a failure.
[  150.202313][ T7752] name failslab, interval 1, probability 0, space 0, times 0
[  150.206366][ T7749] tipc: Enabled bearer <eth:caif0>, priority 10
[  150.217823][ T7752] CPU: 1 UID: 0 PID: 7752 Comm: syz.3.669 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  150.217853][ T7752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.217868][ T7752] Call Trace:
[  150.217877][ T7752]  <TASK>
[  150.217887][ T7752]  dump_stack_lvl+0x189/0x250
[  150.217929][ T7752]  ? __pfx____ratelimit+0x10/0x10
[  150.217962][ T7752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.217999][ T7752]  ? __pfx__printk+0x10/0x10
[  150.218033][ T7752]  ? ref_tracker_alloc+0x318/0x460
[  150.218085][ T7752]  should_fail_ex+0x414/0x560
[  150.218122][ T7752]  should_failslab+0xa8/0x100
[  150.218150][ T7752]  kmem_cache_alloc_noprof+0x73/0x3c0
[  150.218173][ T7752]  ? skb_clone+0x212/0x3a0
[  150.218206][ T7752]  skb_clone+0x212/0x3a0
[  150.218236][ T7752]  __netlink_deliver_tap+0x404/0x850
[  150.218276][ T7752]  ? netlink_deliver_tap+0x2e/0x1b0
[  150.218301][ T7752]  netlink_deliver_tap+0x19c/0x1b0
[  150.218324][ T7752]  netlink_unicast+0x72f/0x8d0
[  150.218371][ T7752]  netlink_sendmsg+0x805/0xb30
[  150.218407][ T7752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.218435][ T7752]  ? aa_sock_msg_perm+0x94/0x160
[  150.218467][ T7752]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  150.218502][ T7752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.218527][ T7752]  __sock_sendmsg+0x21c/0x270
[  150.218564][ T7752]  sock_write_iter+0x258/0x330
[  150.218598][ T7752]  ? __pfx_sock_write_iter+0x10/0x10
[  150.218639][ T7752]  ? bpf_lsm_file_permission+0x9/0x20
[  150.218672][ T7752]  ? security_file_permission+0x75/0x290
[  150.218709][ T7752]  vfs_write+0x54b/0xa90
[  150.218737][ T7752]  ? __pfx_sock_write_iter+0x10/0x10
[  150.218767][ T7752]  ? __pfx_vfs_write+0x10/0x10
[  150.218802][ T7752]  ? __fget_files+0x2a/0x420
[  150.218840][ T7752]  ksys_write+0x145/0x250
[  150.218865][ T7752]  ? __pfx_ksys_write+0x10/0x10
[  150.218884][ T7752]  ? rcu_is_watching+0x15/0xb0
[  150.218912][ T7752]  ? do_syscall_64+0xbe/0x3b0
[  150.218948][ T7752]  do_syscall_64+0xfa/0x3b0
[  150.218977][ T7752]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.219005][ T7752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.219029][ T7752]  ? clear_bhb_loop+0x60/0xb0
[  150.219065][ T7752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.219086][ T7752] RIP: 0033:0x7f055c78e929
[  150.219107][ T7752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.219125][ T7752] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  150.219150][ T7752] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  150.219167][ T7752] RDX: 000000000000001c RSI: 00002000000000c0 RDI: 0000000000000003
[  150.219180][ T7752] RBP: 00007f055d545090 R08: 0000000000000000 R09: 0000000000000000
[  150.219195][ T7752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.219207][ T7752] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  150.219244][ T7752]  </TASK>
[  150.387204][ T7755] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  150.672452][ T7760] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.714885][ T7764] netlink: 'syz.3.674': attribute type 1 has an invalid length.
[  150.753546][ T7764] netlink: 172 bytes leftover after parsing attributes in process `syz.3.674'.
[  150.792454][ T7760] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.850622][ T7760] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.918263][ T7760] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.930321][ T7773] netlink: 36 bytes leftover after parsing attributes in process `syz.3.677'.
[  151.088555][ T7760] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.174076][ T7760] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.203671][ T7760] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.234052][ T7760] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.326053][ T5901] tipc: Node number set to 4269801491
[  151.504500][ T7793] netlink: 'syz.4.685': attribute type 1 has an invalid length.
[  151.555269][ T7793] netlink: 216 bytes leftover after parsing attributes in process `syz.4.685'.
[  151.630463][ T7797] netlink: 'syz.3.686': attribute type 1 has an invalid length.
[  151.655285][ T7797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.686'.
[  151.848365][ T7803] netlink: 'syz.0.689': attribute type 26 has an invalid length.
[  151.876611][ T7809] netlink: 36 bytes leftover after parsing attributes in process `syz.2.692'.
[  152.311617][ T7829] netlink: 40 bytes leftover after parsing attributes in process `syz.2.702'.
[  152.332794][ T7831] netlink: 'syz.3.703': attribute type 5 has an invalid length.
[  152.495440][ T7840] tipc: Started in network mode
[  152.501044][ T7840] tipc: Node identity , cluster identity 4711
[  152.507560][ T7840] tipc: Failed to obtain node identity
[  152.513277][ T7840] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  152.695392][ T7846] netlink: 36 bytes leftover after parsing attributes in process `syz.4.709'.
[  152.901949][ T7858] FAULT_INJECTION: forcing a failure.
[  152.901949][ T7858] name failslab, interval 1, probability 0, space 0, times 0
[  152.919657][ T7858] CPU: 1 UID: 0 PID: 7858 Comm: syz.2.714 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  152.919686][ T7858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.919698][ T7858] Call Trace:
[  152.919706][ T7858]  <TASK>
[  152.919715][ T7858]  dump_stack_lvl+0x189/0x250
[  152.919754][ T7858]  ? __pfx____ratelimit+0x10/0x10
[  152.919781][ T7858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.919813][ T7858]  ? __pfx__printk+0x10/0x10
[  152.919833][ T7858]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  152.919879][ T7858]  should_fail_ex+0x414/0x560
[  152.919912][ T7858]  should_failslab+0xa8/0x100
[  152.919937][ T7858]  kmem_cache_alloc_noprof+0x73/0x3c0
[  152.919958][ T7858]  ? skb_clone+0x212/0x3a0
[  152.919987][ T7858]  skb_clone+0x212/0x3a0
[  152.920015][ T7858]  __netlink_deliver_tap+0x404/0x850
[  152.920050][ T7858]  ? netlink_deliver_tap+0x2e/0x1b0
[  152.920072][ T7858]  netlink_deliver_tap+0x19c/0x1b0
[  152.920093][ T7858]  netlink_dump+0x8e4/0xe20
[  152.920126][ T7858]  ? __pfx_netlink_dump+0x10/0x10
[  152.920159][ T7858]  ? netlink_lookup+0x30/0x200
[  152.920177][ T7858]  ? netlink_lookup+0x30/0x200
[  152.920193][ T7858]  ? netlink_lookup+0x30/0x200
[  152.920217][ T7858]  __netlink_dump_start+0x5cb/0x7e0
[  152.920259][ T7858]  rtnetlink_rcv_msg+0x9eb/0xb70
[  152.920291][ T7858]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  152.920310][ T7858]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  152.920339][ T7858]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  152.920366][ T7858]  ? ref_tracker_free+0x63a/0x7d0
[  152.920395][ T7858]  ? __pfx_rtnl_dumpit+0x10/0x10
[  152.920424][ T7858]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  152.920445][ T7858]  ? __skb_clone+0x63/0x7a0
[  152.920476][ T7858]  netlink_rcv_skb+0x208/0x470
[  152.920497][ T7858]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  152.920530][ T7858]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  152.920572][ T7858]  ? netlink_deliver_tap+0x2e/0x1b0
[  152.920592][ T7858]  ? netlink_deliver_tap+0x2e/0x1b0
[  152.920618][ T7858]  netlink_unicast+0x75b/0x8d0
[  152.920661][ T7858]  netlink_sendmsg+0x805/0xb30
[  152.920692][ T7858]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.920716][ T7858]  ? aa_sock_msg_perm+0x94/0x160
[  152.920746][ T7858]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  152.920773][ T7858]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.920795][ T7858]  __sock_sendmsg+0x21c/0x270
[  152.920827][ T7858]  sock_write_iter+0x258/0x330
[  152.920856][ T7858]  ? __pfx_sock_write_iter+0x10/0x10
[  152.920894][ T7858]  ? bpf_lsm_file_permission+0x9/0x20
[  152.920923][ T7858]  ? security_file_permission+0x75/0x290
[  152.920956][ T7858]  vfs_write+0x54b/0xa90
[  152.920982][ T7858]  ? __pfx_sock_write_iter+0x10/0x10
[  152.921009][ T7858]  ? __pfx_vfs_write+0x10/0x10
[  152.921038][ T7858]  ? __fget_files+0x2a/0x420
[  152.921072][ T7858]  ksys_write+0x145/0x250
[  152.921094][ T7858]  ? __pfx_ksys_write+0x10/0x10
[  152.921111][ T7858]  ? rcu_is_watching+0x15/0xb0
[  152.921137][ T7858]  ? do_syscall_64+0xbe/0x3b0
[  152.921169][ T7858]  do_syscall_64+0xfa/0x3b0
[  152.921195][ T7858]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.921221][ T7858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.921241][ T7858]  ? clear_bhb_loop+0x60/0xb0
[  152.921266][ T7858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.921286][ T7858] RIP: 0033:0x7f037b38e929
[  152.921305][ T7858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.921322][ T7858] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.921344][ T7858] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  152.921361][ T7858] RDX: 000000000000001c RSI: 00002000000000c0 RDI: 0000000000000003
[  152.921374][ T7858] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  152.921387][ T7858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.921399][ T7858] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  152.921432][ T7858]  </TASK>
[  152.945477][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.713'.
[  153.407387][ T7869] netlink: 40 bytes leftover after parsing attributes in process `syz.2.716'.
[  153.433468][ T7872] netlink: 'syz.1.717': attribute type 5 has an invalid length.
[  154.019136][ T7897] netlink: 'syz.3.728': attribute type 5 has an invalid length.
[  154.037794][ T7896] netem: change failed
[  154.447540][ T7915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'.
[  154.868047][ T7935] netlink: 'syz.3.742': attribute type 5 has an invalid length.
[  155.475495][ T7965] No such timeout policy "syz0"
[  155.481482][ T7968] netlink: 'syz.3.755': attribute type 30 has an invalid length.
[  155.484393][   T36] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.707912][   T36] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.857447][   T36] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.098517][   T36] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.191524][ T5839] block nbd0: Receive control failed (result -32)
[  156.300115][ T7989] syzkaller1: entered promiscuous mode
[  156.325345][ T7989] syzkaller1: entered allmulticast mode
[  156.426399][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  156.436094][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  156.444475][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  156.452786][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  156.463098][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  156.521900][ T8002] __nla_validate_parse: 3 callbacks suppressed
[  156.521920][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.3.765'.
[  156.552635][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.765'.
[  156.873107][   T36] bridge_slave_1: left allmulticast mode
[  156.885067][ T5901] IPVS: starting estimator thread 0...
[  156.900898][   T36] bridge_slave_1: left promiscuous mode
[  156.930138][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.960651][   T36] bridge_slave_0: left allmulticast mode
[  156.975336][ T8019] IPVS: using max 32 ests per chain, 76800 per kthread
[  156.995309][   T36] bridge_slave_0: left promiscuous mode
[  157.012481][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.857685][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  157.870131][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  157.881383][   T36] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  157.894233][   T36] bond0 (unregistering): Released all slaves
[  158.223357][ T8051] netlink: 'syz.2.783': attribute type 1 has an invalid length.
[  158.433281][ T8057] FAULT_INJECTION: forcing a failure.
[  158.433281][ T8057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.485351][ T8057] CPU: 0 UID: 0 PID: 8057 Comm: syz.4.786 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  158.485382][ T8057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.485395][ T8057] Call Trace:
[  158.485403][ T8057]  <TASK>
[  158.485413][ T8057]  dump_stack_lvl+0x189/0x250
[  158.485450][ T8057]  ? __pfx____ratelimit+0x10/0x10
[  158.485477][ T8057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.485509][ T8057]  ? __pfx__printk+0x10/0x10
[  158.485532][ T8057]  ? __might_fault+0xb0/0x130
[  158.485565][ T8057]  should_fail_ex+0x414/0x560
[  158.485596][ T8057]  _copy_from_iter+0x1db/0x16f0
[  158.485633][ T8057]  ? rcu_is_watching+0x15/0xb0
[  158.485654][ T8057]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  158.485678][ T8057]  ? __pfx__copy_from_iter+0x10/0x10
[  158.485711][ T8057]  ? __build_skb_around+0x257/0x3e0
[  158.485734][ T8057]  ? netlink_sendmsg+0x642/0xb30
[  158.485753][ T8057]  ? skb_put+0x11b/0x210
[  158.485777][ T8057]  netlink_sendmsg+0x6b2/0xb30
[  158.485808][ T8057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.485833][ T8057]  ? aa_sock_msg_perm+0x94/0x160
[  158.485862][ T8057]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  158.485888][ T8057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.485910][ T8057]  __sock_sendmsg+0x21c/0x270
[  158.485951][ T8057]  sock_write_iter+0x258/0x330
[  158.485980][ T8057]  ? __pfx_sock_write_iter+0x10/0x10
[  158.486019][ T8057]  ? __pfx_aa_file_perm+0x10/0x10
[  158.486056][ T8057]  do_iter_readv_writev+0x56b/0x7f0
[  158.486083][ T8057]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  158.486111][ T8057]  ? bpf_lsm_file_permission+0x9/0x20
[  158.486139][ T8057]  ? security_file_permission+0x75/0x290
[  158.486164][ T8057]  ? rw_verify_area+0x258/0x650
[  158.486200][ T8057]  vfs_writev+0x31a/0x960
[  158.486230][ T8057]  ? __lock_acquire+0xab9/0xd20
[  158.486262][ T8057]  ? __pfx_vfs_writev+0x10/0x10
[  158.486303][ T8057]  ? __fget_files+0x2a/0x420
[  158.486332][ T8057]  ? __fget_files+0x3a0/0x420
[  158.486354][ T8057]  ? __fget_files+0x2a/0x420
[  158.486387][ T8057]  do_writev+0x14d/0x2d0
[  158.486415][ T8057]  ? __pfx_do_writev+0x10/0x10
[  158.486437][ T8057]  ? rcu_is_watching+0x15/0xb0
[  158.486462][ T8057]  ? do_syscall_64+0xbe/0x3b0
[  158.486493][ T8057]  do_syscall_64+0xfa/0x3b0
[  158.486519][ T8057]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.486545][ T8057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.486565][ T8057]  ? clear_bhb_loop+0x60/0xb0
[  158.486591][ T8057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.486610][ T8057] RIP: 0033:0x7fc5a4d8e929
[  158.486629][ T8057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.486647][ T8057] RSP: 002b:00007fc5a5b62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  158.486669][ T8057] RAX: ffffffffffffffda RBX: 00007fc5a4fb5fa0 RCX: 00007fc5a4d8e929
[  158.486684][ T8057] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004
[  158.486697][ T8057] RBP: 00007fc5a5b62090 R08: 0000000000000000 R09: 0000000000000000
[  158.486709][ T8057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.486720][ T8057] R13: 0000000000000000 R14: 00007fc5a4fb5fa0 R15: 00007ffdc5e121c8
[  158.486752][ T8057]  </TASK>
[  158.850835][ T5845] Bluetooth: hci3: command tx timeout
[  158.914400][ T8061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.787'.
[  159.141041][ T7997] chnl_net:caif_netlink_parms(): no params data found
[  159.551886][   T36] hsr_slave_0: left promiscuous mode
[  159.605594][   T36] hsr_slave_1: left promiscuous mode
[  159.634752][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.666201][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.726596][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.742417][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.766827][ T8101] netlink: 40 bytes leftover after parsing attributes in process `syz.3.798'.
[  159.859558][   T36] veth1_macvtap: left promiscuous mode
[  159.872589][   T36] veth0_macvtap: left promiscuous mode
[  159.885513][   T36] veth1_vlan: left promiscuous mode
[  159.900319][   T36] veth0_vlan: left promiscuous mode
[  160.481980][   T36] team0 (unregistering): Port device team_slave_1 removed
[  160.531322][   T36] team0 (unregistering): Port device team_slave_0 removed
[  160.895613][ T5845] Bluetooth: hci3: command tx timeout
[  161.095893][ T8121] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.801'.
[  161.178514][ T7997] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.193559][ T7997] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.204098][ T7997] bridge_slave_0: entered allmulticast mode
[  161.213815][ T7997] bridge_slave_0: entered promiscuous mode
[  161.242948][ T7997] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.268810][ T7997] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.297406][ T7997] bridge_slave_1: entered allmulticast mode
[  161.337155][ T7997] bridge_slave_1: entered promiscuous mode
[  161.509432][ T7997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.557863][ T7997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.876526][ T7997] team0: Port device team_slave_0 added
[  161.920626][ T7997] team0: Port device team_slave_1 added
[  161.948977][ T8151] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.018990][   T36] IPVS: stop unused estimator thread 0...
[  162.197401][ T8151] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.213938][ T7997] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.239425][ T7997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.308343][ T7997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.389108][ T8151] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.477236][ T7997] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.515195][ T7997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.602388][ T7997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.700629][ T8151] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.870531][ T7997] hsr_slave_0: entered promiscuous mode
[  162.900394][ T7997] hsr_slave_1: entered promiscuous mode
[  162.917358][ T7997] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  162.944450][ T7997] Cannot create hsr debugfs directory
[  162.977975][ T5845] Bluetooth: hci3: command tx timeout
[  163.011055][ T8192] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.821'.
[  163.062404][ T8192] netlink: 'syz.0.821': attribute type 1 has an invalid length.
[  163.102614][ T8192] netlink: 'syz.0.821': attribute type 4 has an invalid length.
[  163.114709][ T8192] netlink: 192 bytes leftover after parsing attributes in process `syz.0.821'.
[  163.208801][ T8197] af_packet: tpacket_rcv: packet too big, clamped from 7 to 4294967272. macoff=96
[  163.219710][ T8151] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.272128][ T8151] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.350860][ T8151] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.446423][ T8209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.826'.
[  163.468550][ T8151] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.504677][ T8209] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.614952][ T8209] bridge_slave_1 (unregistering): left allmulticast mode
[  163.644200][ T8209] bridge_slave_1 (unregistering): left promiscuous mode
[  163.653630][ T8216] netlink: 36 bytes leftover after parsing attributes in process `syz.3.828'.
[  163.666260][ T8209] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.288128][ T8241] netlink: 'syz.3.833': attribute type 1 has an invalid length.
[  164.320036][ T8241] netlink: 216 bytes leftover after parsing attributes in process `syz.3.833'.
[  165.059315][ T5845] Bluetooth: hci3: command tx timeout
[  165.122756][ T8268] syzkaller1: entered promiscuous mode
[  165.139514][ T8268] syzkaller1: entered allmulticast mode
[  165.166303][ T8270] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  165.254100][ T8279] x_tables: ip_tables: cgroup.0 match: invalid size 8 (kernel) != (user) 16
[  165.278071][ T7997] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  165.349851][ T7997] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  165.433580][ T8286] netlink: 40 bytes leftover after parsing attributes in process `syz.0.849'.
[  165.473220][ T8282] netlink: 404 bytes leftover after parsing attributes in process `syz.2.847'.
[  165.493317][ T8282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.847'.
[  165.512054][ T8282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.847'.
[  165.558079][ T8282] netlink: 20 bytes leftover after parsing attributes in process `syz.2.847'.
[  165.570516][ T8289] netlink: 'syz.3.850': attribute type 10 has an invalid length.
[  165.583053][ T7997] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  165.645456][ T7997] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  165.901434][ T8306] pim6reg1: entered promiscuous mode
[  165.908401][ T8306] pim6reg1: entered allmulticast mode
[  166.118878][ T8312] Bluetooth: MGMT ver 1.23
[  166.291151][ T8322] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20001
[  166.454420][ T7997] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.542490][ T7997] 8021q: adding VLAN 0 to HW filter on device team0
[  166.949218][ T2956] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.956500][ T2956] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.983311][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.990604][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.436810][ T8363] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  167.478617][ T8363] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  167.953447][ T8386] openvswitch: netlink: Actions may not be safe on all matching packets
[  168.060333][ T7997] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.331724][ T7997] veth0_vlan: entered promiscuous mode
[  168.381237][ T7997] veth1_vlan: entered promiscuous mode
[  168.532924][ T7997] veth0_macvtap: entered promiscuous mode
[  168.568622][ T8408] __nla_validate_parse: 5 callbacks suppressed
[  168.568642][ T8408] netlink: 28 bytes leftover after parsing attributes in process `syz.4.885'.
[  168.594472][ T8408] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  168.629845][ T7997] veth1_macvtap: entered promiscuous mode
[  168.655680][ T8415] netlink: 388 bytes leftover after parsing attributes in process `syz.0.887'.
[  168.805657][ T8420] xt_hashlimit: size too large, truncated to 1048576
[  168.837109][ T7997] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.870864][ T7997] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.952412][ T7997] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.979177][ T7997] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.004841][ T7997] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.047213][ T7997] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.094733][ T8425] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  169.168432][ T8431] netlink: 'syz.4.892': attribute type 4 has an invalid length.
[  169.378128][ T8438] netlink: 20 bytes leftover after parsing attributes in process `syz.2.893'.
[  169.664325][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.704519][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.861300][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.885163][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.4.899'.
[  169.902010][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.239069][ T8469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'.
[  170.292860][ T8471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.903'.
[  170.670357][ T8484] netlink: 40 bytes leftover after parsing attributes in process `syz.0.906'.
[  170.742802][ T8488] FAULT_INJECTION: forcing a failure.
[  170.742802][ T8488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.769309][ T5938] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.799388][ T8488] CPU: 0 UID: 0 PID: 8488 Comm: syz.3.908 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  170.799419][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.799432][ T8488] Call Trace:
[  170.799440][ T8488]  <TASK>
[  170.799449][ T8488]  dump_stack_lvl+0x189/0x250
[  170.799487][ T8488]  ? __pfx____ratelimit+0x10/0x10
[  170.799515][ T8488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.799547][ T8488]  ? __pfx__printk+0x10/0x10
[  170.799585][ T8488]  should_fail_ex+0x414/0x560
[  170.799619][ T8488]  _copy_from_user+0x2d/0xb0
[  170.799640][ T8488]  __copy_msghdr+0x3c5/0x5b0
[  170.799668][ T8488]  ___sys_sendmsg+0x1a5/0x2a0
[  170.799693][ T8488]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.799763][ T8488]  ? __fget_files+0x2a/0x420
[  170.799786][ T8488]  ? __fget_files+0x3a0/0x420
[  170.799821][ T8488]  __sys_sendmmsg+0x227/0x430
[  170.799850][ T8488]  ? __pfx___sys_sendmmsg+0x10/0x10
[  170.799870][ T8488]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  170.799927][ T8488]  ? ksys_write+0x22a/0x250
[  170.799951][ T8488]  ? __pfx_ksys_write+0x10/0x10
[  170.799968][ T8488]  ? rcu_is_watching+0x15/0xb0
[  170.799996][ T8488]  __x64_sys_sendmmsg+0xa0/0xc0
[  170.800021][ T8488]  do_syscall_64+0xfa/0x3b0
[  170.800047][ T8488]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.800072][ T8488]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.800093][ T8488]  ? clear_bhb_loop+0x60/0xb0
[  170.800118][ T8488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.800137][ T8488] RIP: 0033:0x7f055c78e929
[  170.800155][ T8488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.800173][ T8488] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  170.800195][ T8488] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  170.800210][ T8488] RDX: 0000000000000001 RSI: 00002000000068c0 RDI: 0000000000000003
[  170.800223][ T8488] RBP: 00007f055d545090 R08: 0000000000000000 R09: 0000000000000000
[  170.800236][ T8488] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  170.800249][ T8488] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  170.800282][ T8488]  </TASK>
[  171.196173][ T5938] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.304131][ T8503] netlink: 36 bytes leftover after parsing attributes in process `syz.3.913'.
[  171.576332][ T8512] xt_hashlimit: size too large, truncated to 1048576
[  171.686213][ T5938] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.760874][ T8519] netlink: 12 bytes leftover after parsing attributes in process `syz.3.915'.
[  171.913481][ T8525] netlink: 'syz.0.919': attribute type 1 has an invalid length.
[  171.959382][ T5938] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.133224][ T8530] netlink: 'syz.2.920': attribute type 21 has an invalid length.
[  172.416218][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  172.428654][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  172.439439][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  172.451248][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  172.468413][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  172.515449][ T8542] FAULT_INJECTION: forcing a failure.
[  172.515449][ T8542] name failslab, interval 1, probability 0, space 0, times 0
[  172.543742][ T8542] CPU: 0 UID: 0 PID: 8542 Comm: syz.2.922 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  172.543773][ T8542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.543786][ T8542] Call Trace:
[  172.543794][ T8542]  <TASK>
[  172.543803][ T8542]  dump_stack_lvl+0x189/0x250
[  172.543841][ T8542]  ? __pfx____ratelimit+0x10/0x10
[  172.543869][ T8542]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.543901][ T8542]  ? __pfx__printk+0x10/0x10
[  172.543930][ T8542]  ? __pfx___might_resched+0x10/0x10
[  172.543948][ T8542]  ? fs_reclaim_acquire+0x7d/0x100
[  172.543979][ T8542]  should_fail_ex+0x414/0x560
[  172.544011][ T8542]  ? __pfx_sock_alloc_inode+0x10/0x10
[  172.544038][ T8542]  should_failslab+0xa8/0x100
[  172.544062][ T8542]  ? __pfx_sock_alloc_inode+0x10/0x10
[  172.544087][ T8542]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  172.544109][ T8542]  ? sock_alloc_inode+0x28/0xc0
[  172.544139][ T8542]  ? __pfx_sock_alloc_inode+0x10/0x10
[  172.544165][ T8542]  sock_alloc_inode+0x28/0xc0
[  172.544190][ T8542]  alloc_inode+0x67/0x1b0
[  172.544215][ T8542]  __sock_create+0x12d/0x9f0
[  172.544243][ T8542]  ? process_measurement+0x3d8/0x1a40
[  172.544274][ T8542]  ? ima_match_policy+0x10b/0x2150
[  172.544298][ T8542]  mptcp_subflow_create_socket+0xfd/0xb40
[  172.544330][ T8542]  ? look_up_lock_class+0x74/0x170
[  172.544359][ T8542]  ? register_lock_class+0x51/0x320
[  172.544391][ T8542]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  172.544425][ T8542]  ? __lock_acquire+0xab9/0xd20
[  172.544460][ T8542]  __mptcp_nmpc_sk+0x148/0x750
[  172.544485][ T8542]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  172.544502][ T8542]  ? __local_bh_enable_ip+0x12d/0x1c0
[  172.544534][ T8542]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.544562][ T8542]  ? __local_bh_enable_ip+0x12d/0x1c0
[  172.544596][ T8542]  mptcp_sendmsg_fastopen+0xd4/0x580
[  172.544642][ T8542]  mptcp_sendmsg+0x176c/0x1970
[  172.544671][ T8542]  ? __pfx___might_resched+0x10/0x10
[  172.544690][ T8542]  ? __lock_acquire+0xab9/0xd20
[  172.544742][ T8542]  ? aa_sk_perm+0x81e/0x950
[  172.544773][ T8542]  ? __pfx_aa_sk_perm+0x10/0x10
[  172.544797][ T8542]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  172.544835][ T8542]  ? inet6_sendmsg+0x101/0x120
[  172.544868][ T8542]  __sock_sendmsg+0xe5/0x270
[  172.544900][ T8542]  ____sys_sendmsg+0x52d/0x830
[  172.544929][ T8542]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.544963][ T8542]  ? import_iovec+0x74/0xa0
[  172.544988][ T8542]  ___sys_sendmsg+0x21f/0x2a0
[  172.545014][ T8542]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.545082][ T8542]  ? __fget_files+0x2a/0x420
[  172.545104][ T8542]  ? __fget_files+0x3a0/0x420
[  172.545138][ T8542]  __sys_sendmmsg+0x227/0x430
[  172.545166][ T8542]  ? __pfx___sys_sendmmsg+0x10/0x10
[  172.545186][ T8542]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  172.545244][ T8542]  ? ksys_write+0x22a/0x250
[  172.545268][ T8542]  ? __pfx_ksys_write+0x10/0x10
[  172.545286][ T8542]  ? rcu_is_watching+0x15/0xb0
[  172.545313][ T8542]  __x64_sys_sendmmsg+0xa0/0xc0
[  172.545338][ T8542]  do_syscall_64+0xfa/0x3b0
[  172.545365][ T8542]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.545391][ T8542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.545411][ T8542]  ? clear_bhb_loop+0x60/0xb0
[  172.545436][ T8542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.545456][ T8542] RIP: 0033:0x7f037b38e929
[  172.545475][ T8542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.545492][ T8542] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  172.545514][ T8542] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  172.545529][ T8542] RDX: 0000000000000001 RSI: 00002000000068c0 RDI: 0000000000000003
[  172.545543][ T8542] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  172.545555][ T8542] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  172.545568][ T8542] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  172.545601][ T8542]  </TASK>
[  173.030226][ T8542] socket: no more sockets
[  173.159349][ T8551] netlink: 'syz.3.926': attribute type 4 has an invalid length.
[  173.290698][ T5938] bridge_slave_1: left allmulticast mode
[  173.312609][ T5938] bridge_slave_1: left promiscuous mode
[  173.341305][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.421384][ T5938] bridge_slave_0: left allmulticast mode
[  173.441987][ T5938] bridge_slave_0: left promiscuous mode
[  173.449828][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.858496][ T5938] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.872407][ T5938] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.888353][ T5938] bond0 (unregistering): Released all slaves
[  173.911603][ T8556] netlink: 132 bytes leftover after parsing attributes in process `syz.4.928'.
[  174.179258][ T8581] netlink: 'syz.3.934': attribute type 1 has an invalid length.
[  174.218292][ T8581] netlink: 172 bytes leftover after parsing attributes in process `syz.3.934'.
[  174.427432][ T8592] FAULT_INJECTION: forcing a failure.
[  174.427432][ T8592] name failslab, interval 1, probability 0, space 0, times 0
[  174.460976][ T8594] netlink: 'syz.4.939': attribute type 4 has an invalid length.
[  174.477276][ T8592] CPU: 1 UID: 0 PID: 8592 Comm: syz.3.938 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  174.477306][ T8592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  174.477319][ T8592] Call Trace:
[  174.477327][ T8592]  <TASK>
[  174.477335][ T8592]  dump_stack_lvl+0x189/0x250
[  174.477372][ T8592]  ? __pfx____ratelimit+0x10/0x10
[  174.477399][ T8592]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.477430][ T8592]  ? __pfx__printk+0x10/0x10
[  174.477459][ T8592]  ? __pfx___might_resched+0x10/0x10
[  174.477476][ T8592]  ? fs_reclaim_acquire+0x7d/0x100
[  174.477506][ T8592]  should_fail_ex+0x414/0x560
[  174.477538][ T8592]  should_failslab+0xa8/0x100
[  174.477562][ T8592]  kmem_cache_alloc_noprof+0x73/0x3c0
[  174.477582][ T8592]  ? security_inode_alloc+0x39/0x330
[  174.477622][ T8592]  security_inode_alloc+0x39/0x330
[  174.477653][ T8592]  inode_init_always_gfp+0x9ed/0xdc0
[  174.477682][ T8592]  ? __pfx_sock_alloc_inode+0x10/0x10
[  174.477708][ T8592]  alloc_inode+0x82/0x1b0
[  174.477732][ T8592]  __sock_create+0x12d/0x9f0
[  174.477759][ T8592]  ? process_measurement+0x3d8/0x1a40
[  174.477789][ T8592]  ? ima_match_policy+0x10b/0x2150
[  174.477812][ T8592]  mptcp_subflow_create_socket+0xfd/0xb40
[  174.477844][ T8592]  ? look_up_lock_class+0x74/0x170
[  174.477871][ T8592]  ? register_lock_class+0x51/0x320
[  174.477901][ T8592]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  174.477934][ T8592]  ? __lock_acquire+0xab9/0xd20
[  174.477967][ T8592]  __mptcp_nmpc_sk+0x148/0x750
[  174.477989][ T8592]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  174.478005][ T8592]  ? __local_bh_enable_ip+0x12d/0x1c0
[  174.478033][ T8592]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.478059][ T8592]  ? __local_bh_enable_ip+0x12d/0x1c0
[  174.478090][ T8592]  mptcp_sendmsg_fastopen+0xd4/0x580
[  174.478127][ T8592]  mptcp_sendmsg+0x176c/0x1970
[  174.478154][ T8592]  ? __pfx___might_resched+0x10/0x10
[  174.478172][ T8592]  ? __lock_acquire+0xab9/0xd20
[  174.478215][ T8592]  ? aa_sk_perm+0x81e/0x950
[  174.478243][ T8592]  ? __pfx_aa_sk_perm+0x10/0x10
[  174.478266][ T8592]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  174.478308][ T8592]  ? inet6_sendmsg+0x101/0x120
[  174.478340][ T8592]  __sock_sendmsg+0xe5/0x270
[  174.478371][ T8592]  ____sys_sendmsg+0x52d/0x830
[  174.478400][ T8592]  ? __pfx_____sys_sendmsg+0x10/0x10
[  174.478432][ T8592]  ? import_iovec+0x74/0xa0
[  174.478457][ T8592]  ___sys_sendmsg+0x21f/0x2a0
[  174.478482][ T8592]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.478545][ T8592]  ? __fget_files+0x2a/0x420
[  174.478586][ T8592]  ? __fget_files+0x3a0/0x420
[  174.478633][ T8592]  __sys_sendmmsg+0x227/0x430
[  174.478663][ T8592]  ? __pfx___sys_sendmmsg+0x10/0x10
[  174.478683][ T8592]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  174.478743][ T8592]  ? ksys_write+0x22a/0x250
[  174.478767][ T8592]  ? __pfx_ksys_write+0x10/0x10
[  174.478784][ T8592]  ? rcu_is_watching+0x15/0xb0
[  174.478812][ T8592]  __x64_sys_sendmmsg+0xa0/0xc0
[  174.478838][ T8592]  do_syscall_64+0xfa/0x3b0
[  174.478864][ T8592]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.478891][ T8592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.478911][ T8592]  ? clear_bhb_loop+0x60/0xb0
[  174.478937][ T8592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.478957][ T8592] RIP: 0033:0x7f055c78e929
[  174.478975][ T8592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.478992][ T8592] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  174.479012][ T8592] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  174.479027][ T8592] RDX: 0000000000000001 RSI: 00002000000068c0 RDI: 0000000000000003
[  174.479040][ T8592] RBP: 00007f055d545090 R08: 0000000000000000 R09: 0000000000000000
[  174.479053][ T8592] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  174.479065][ T8592] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  174.479098][ T8592]  </TASK>
[  174.565498][ T8592] socket: no more sockets
[  174.638375][ T5839] Bluetooth: hci3: command tx timeout
[  174.928862][ T8603] netlink: 132 bytes leftover after parsing attributes in process `syz.3.942'.
[  175.118753][ T8605] bridge_slave_0: left allmulticast mode
[  175.124713][ T8605] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.168601][ T8605] bridge_slave_1: left allmulticast mode
[  175.192605][ T8605] bridge_slave_1: left promiscuous mode
[  175.208819][ T8605] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.243682][ T8605] bond0: (slave bond_slave_0): Releasing backup interface
[  175.281446][ T8605] bond0: (slave bond_slave_1): Releasing backup interface
[  175.319451][ T8605] team0: Port device team_slave_0 removed
[  175.360800][ T8605] team0: Port device team_slave_1 removed
[  175.396961][ T8605] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.404466][ T8605] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.433935][ T8605] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.441840][ T8605] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.501330][ T8605] team0: Port device geneve0 removed
[  175.530646][ T8609] netlink: 164 bytes leftover after parsing attributes in process `syz.4.943'.
[  175.584605][ T8609] netlink: 164 bytes leftover after parsing attributes in process `syz.4.943'.
[  175.609209][ T8609] netlink: 60 bytes leftover after parsing attributes in process `syz.4.943'.
[  175.755393][ T5938] hsr_slave_0: left promiscuous mode
[  175.775179][ T5938] hsr_slave_1: left promiscuous mode
[  175.792448][ T5938] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.817880][ T5938] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.839558][ T5938] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.853972][ T5938] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.892778][ T5938] veth1_macvtap: left promiscuous mode
[  175.903348][ T5938] veth0_macvtap: left promiscuous mode
[  175.909745][ T5938] veth1_vlan: left promiscuous mode
[  175.918817][ T5938] veth0_vlan: left promiscuous mode
[  176.017075][ T8645] netlink: 'syz.3.951': attribute type 4 has an invalid length.
[  176.507830][ T5938] team0 (unregistering): Port device team_slave_1 removed
[  176.549394][ T5938] team0 (unregistering): Port device team_slave_0 removed
[  176.896547][ T5839] Bluetooth: hci3: command tx timeout
[  176.925470][ T8633] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  177.163187][ T8655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.955'.
[  177.447913][ T8535] chnl_net:caif_netlink_parms(): no params data found
[  177.663863][ T8677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.960'.
[  177.883100][ T8689] netlink: 'syz.2.963': attribute type 1 has an invalid length.
[  178.005048][ T8689] netlink: 'syz.2.963': attribute type 3 has an invalid length.
[  178.012911][ T8689] netlink: 216 bytes leftover after parsing attributes in process `syz.2.963'.
[  178.045837][ T8689] NCSI netlink: No device for ifindex 813332851
[  178.052304][ T8692] netlink: 'syz.2.963': attribute type 1 has an invalid length.
[  178.105966][ T8692] netlink: 'syz.2.963': attribute type 3 has an invalid length.
[  178.135452][ T8692] netlink: 216 bytes leftover after parsing attributes in process `syz.2.963'.
[  178.218684][ T8692] NCSI netlink: No device for ifindex 813332851
[  178.351241][ T8535] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.384463][ T8535] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.407491][ T8535] bridge_slave_0: entered allmulticast mode
[  178.435392][ T8535] bridge_slave_0: entered promiscuous mode
[  178.491238][ T8535] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.506905][ T8535] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.514354][ T8535] bridge_slave_1: entered allmulticast mode
[  178.527756][ T8716] FAULT_INJECTION: forcing a failure.
[  178.527756][ T8716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.544443][ T8535] bridge_slave_1: entered promiscuous mode
[  178.574374][ T8716] CPU: 0 UID: 0 PID: 8716 Comm: syz.2.970 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  178.574404][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.574422][ T8716] Call Trace:
[  178.574430][ T8716]  <TASK>
[  178.574439][ T8716]  dump_stack_lvl+0x189/0x250
[  178.574487][ T8716]  ? __pfx____ratelimit+0x10/0x10
[  178.574515][ T8716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.574547][ T8716]  ? __pfx__printk+0x10/0x10
[  178.574570][ T8716]  ? __might_fault+0xb0/0x130
[  178.574604][ T8716]  should_fail_ex+0x414/0x560
[  178.574638][ T8716]  _copy_from_user+0x2d/0xb0
[  178.574661][ T8716]  ___sys_sendmsg+0x158/0x2a0
[  178.574688][ T8716]  ? __pfx____sys_sendmsg+0x10/0x10
[  178.574751][ T8716]  ? __fget_files+0x2a/0x420
[  178.574774][ T8716]  ? __fget_files+0x3a0/0x420
[  178.574809][ T8716]  __x64_sys_sendmsg+0x19b/0x260
[  178.574835][ T8716]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  178.574870][ T8716]  ? __pfx_ksys_write+0x10/0x10
[  178.574897][ T8716]  ? do_syscall_64+0xbe/0x3b0
[  178.574929][ T8716]  do_syscall_64+0xfa/0x3b0
[  178.574980][ T8716]  ? lockdep_hardirqs_on+0x9c/0x150
[  178.575006][ T8716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.575027][ T8716]  ? clear_bhb_loop+0x60/0xb0
[  178.575053][ T8716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.575077][ T8716] RIP: 0033:0x7f037b38e929
[  178.575100][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.575117][ T8716] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.575148][ T8716] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  178.575163][ T8716] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  178.575175][ T8716] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  178.575188][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.575200][ T8716] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  178.575232][ T8716]  </TASK>
[  178.978885][ T5839] Bluetooth: hci3: command tx timeout
[  179.031531][ T8535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.070357][ T8535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.084089][ T8731] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.972'.
[  179.291487][ T8725] syzkaller1: entered promiscuous mode
[  179.297264][ T8725] syzkaller1: entered allmulticast mode
[  179.377806][ T8535] team0: Port device team_slave_0 added
[  179.434748][ T8535] team0: Port device team_slave_1 added
[  179.696942][ T8535] batman_adv: batadv0: Adding interface: batadv_slave_0
[  179.721311][ T8535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.751533][ T8762] netlink: 'syz.4.981': attribute type 9 has an invalid length.
[  179.763489][ T8535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  179.780393][ T8535] batman_adv: batadv0: Adding interface: batadv_slave_1
[  179.789079][ T8535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.892667][ T8535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.188362][ T8779] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.986'.
[  180.281676][ T8535] hsr_slave_0: entered promiscuous mode
[  180.324679][ T8535] hsr_slave_1: entered promiscuous mode
[  180.347775][ T8535] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  180.376370][ T8535] Cannot create hsr debugfs directory
[  180.420857][ T8782] veth0: entered promiscuous mode
[  180.440169][ T8791] tipc: Started in network mode
[  180.445070][ T8791] tipc: Node identity , cluster identity 4711
[  180.526201][ T8791] tipc: Failed to obtain node identity
[  180.544074][ T8791] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  180.561142][ T8798] netlink: 'syz.3.988': attribute type 10 has an invalid length.
[  180.616560][ T8798] netlink: 40 bytes leftover after parsing attributes in process `syz.3.988'.
[  180.663723][ T8785] netlink: 'syz.3.988': attribute type 4 has an invalid length.
[  180.803978][ T8798] dummy0: entered promiscuous mode
[  180.823879][ T8798] bridge0: port 3(dummy0) entered blocking state
[  180.855361][ T8798] bridge0: port 3(dummy0) entered disabled state
[  180.862061][ T8798] dummy0: entered allmulticast mode
[  180.889353][ T8798] bridge0: port 3(dummy0) entered blocking state
[  180.895985][ T8798] bridge0: port 3(dummy0) entered forwarding state
[  180.979641][ T8810] netlink: 'syz.0.995': attribute type 13 has an invalid length.
[  181.055339][ T5839] Bluetooth: hci3: command tx timeout
[  181.130985][ T8781] veth0: left promiscuous mode
[  181.145966][ T8810] veth0_macvtap: left promiscuous mode
[  181.158856][ T8810] macvtap0: entered allmulticast mode
[  181.168112][ T8810] macvtap0: refused to change device tx_queue_len
[  181.395682][ T8827] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1000'.
[  181.542092][ T8833] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1003'.
[  181.654152][ T8835] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  181.877569][ T8845] syzkaller1: entered promiscuous mode
[  181.888931][ T8845] syzkaller1: entered allmulticast mode
[  181.960761][   T30] audit: type=1800 audit(1749598754.314:3): pid=8849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1010" name="memory.events" dev="tmpfs" ino=1139 res=0 errno=0
[  182.015411][   T30] audit: type=1804 audit(1749598754.324:4): pid=8849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1010" name="/newroot/220/memory.events" dev="tmpfs" ino=1139 res=1 errno=0
[  182.690956][ T8882] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1017'.
[  182.993122][ T8894] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1020'.
[  183.012754][ T8895] netlink: 'syz.3.1021': attribute type 13 has an invalid length.
[  183.029046][ T8897] netlink: 'syz.3.1021': attribute type 13 has an invalid length.
[  183.060010][ T8535] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  183.077796][ T8900] FAULT_INJECTION: forcing a failure.
[  183.077796][ T8900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.102917][ T8535] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  183.129094][ T8900] CPU: 1 UID: 0 PID: 8900 Comm: syz.0.1022 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  183.129125][ T8900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.129138][ T8900] Call Trace:
[  183.129146][ T8900]  <TASK>
[  183.129156][ T8900]  dump_stack_lvl+0x189/0x250
[  183.129194][ T8900]  ? __pfx____ratelimit+0x10/0x10
[  183.129222][ T8900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.129254][ T8900]  ? __pfx__printk+0x10/0x10
[  183.129277][ T8900]  ? __might_fault+0xb0/0x130
[  183.129311][ T8900]  should_fail_ex+0x414/0x560
[  183.129344][ T8900]  _copy_from_iter+0x1db/0x16f0
[  183.129381][ T8900]  ? rcu_is_watching+0x15/0xb0
[  183.129402][ T8900]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  183.129426][ T8900]  ? __pfx__copy_from_iter+0x10/0x10
[  183.129460][ T8900]  ? __build_skb_around+0x257/0x3e0
[  183.129484][ T8900]  ? netlink_sendmsg+0x642/0xb30
[  183.129503][ T8900]  ? skb_put+0x11b/0x210
[  183.129528][ T8900]  netlink_sendmsg+0x6b2/0xb30
[  183.129559][ T8900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.129585][ T8900]  ? aa_sock_msg_perm+0x94/0x160
[  183.129614][ T8900]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  183.129641][ T8900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.129664][ T8900]  __sock_sendmsg+0x21c/0x270
[  183.129696][ T8900]  ____sys_sendmsg+0x505/0x830
[  183.129725][ T8900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.129759][ T8900]  ? import_iovec+0x74/0xa0
[  183.129785][ T8900]  ___sys_sendmsg+0x21f/0x2a0
[  183.129810][ T8900]  ? __pfx____sys_sendmsg+0x10/0x10
[  183.129882][ T8900]  ? __fget_files+0x2a/0x420
[  183.129906][ T8900]  ? __fget_files+0x3a0/0x420
[  183.129942][ T8900]  __x64_sys_sendmsg+0x19b/0x260
[  183.129968][ T8900]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  183.130002][ T8900]  ? __pfx_ksys_write+0x10/0x10
[  183.130020][ T8900]  ? rcu_is_watching+0x15/0xb0
[  183.130044][ T8900]  ? do_syscall_64+0xbe/0x3b0
[  183.130077][ T8900]  do_syscall_64+0xfa/0x3b0
[  183.130103][ T8900]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.130134][ T8900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.130155][ T8900]  ? clear_bhb_loop+0x60/0xb0
[  183.130180][ T8900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.130200][ T8900] RIP: 0033:0x7f84eab8e929
[  183.130219][ T8900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.130237][ T8900] RSP: 002b:00007f84eb989038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.130260][ T8900] RAX: ffffffffffffffda RBX: 00007f84eadb5fa0 RCX: 00007f84eab8e929
[  183.130275][ T8900] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  183.130288][ T8900] RBP: 00007f84eb989090 R08: 0000000000000000 R09: 0000000000000000
[  183.130301][ T8900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.130313][ T8900] R13: 0000000000000000 R14: 00007f84eadb5fa0 R15: 00007fff27944838
[  183.130347][ T8900]  </TASK>
[  183.433706][ T8535] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  183.451735][ T8535] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  183.576223][ T8912] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1024'.
[  183.884413][ T8535] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.963011][ T8535] 8021q: adding VLAN 0 to HW filter on device team0
[  184.021126][ T3576] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.028415][ T3576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.089527][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.096791][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.344121][ T8942] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1034'.
[  184.389488][ T8944] netlink: 'syz.2.1035': attribute type 21 has an invalid length.
[  184.423875][ T8944] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1035'.
[  184.453074][ T8944] IPVS: length: 24 != 1560
[  184.461865][ T8944] raw_sendmsg: syz.2.1035 forgot to set AF_INET. Fix it!
[  184.494013][ T8917] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  185.040578][ T8971] netlink: 'syz.3.1042': attribute type 1 has an invalid length.
[  185.078375][ T8971] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1042'.
[  185.081053][ T8535] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.264289][ T8535] veth0_vlan: entered promiscuous mode
[  185.286871][ T8979] netlink: 57 bytes leftover after parsing attributes in process `syz.4.1044'.
[  185.313213][ T8535] veth1_vlan: entered promiscuous mode
[  185.463258][ T8535] veth0_macvtap: entered promiscuous mode
[  185.543747][ T8535] veth1_macvtap: entered promiscuous mode
[  185.640678][ T8535] batman_adv: batadv0: Interface activated: batadv_slave_0
[  185.692079][ T8535] batman_adv: batadv0: Interface activated: batadv_slave_1
[  185.741798][ T8997] netlink: 'syz.3.1051': attribute type 1 has an invalid length.
[  185.777789][ T8535] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.823777][ T8535] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.847079][ T8535] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.864592][ T8535] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.980492][ T9004] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1052'.
[  186.284624][ T9022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1057'.
[  186.311036][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.355080][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.466504][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.474404][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.639158][ T9038] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1062'.
[  187.264730][ T9061] netlink: 'syz.2.1070': attribute type 1 has an invalid length.
[  187.335815][ T9061] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1070'.
[  187.369783][ T2956] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.581004][ T2956] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.924783][ T2956] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.270718][ T9100] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1081'.
[  188.352588][ T2956] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.474081][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  188.482815][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  188.492656][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  188.504538][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  188.512759][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  188.930344][ T9120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1085'.
[  189.650081][ T2956] bridge_slave_1: left allmulticast mode
[  189.688528][ T2956] bridge_slave_1: left promiscuous mode
[  189.703089][ T2956] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.766483][ T2956] bridge_slave_0: left allmulticast mode
[  189.772211][ T2956] bridge_slave_0: left promiscuous mode
[  189.832193][ T2956] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.901281][ T9169] IPVS: set_ctl: invalid protocol: 51 0.0.0.0:20004
[  189.973286][ T9172] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1098'.
[  190.382460][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1104'.
[  190.577261][ T5839] Bluetooth: hci3: command tx timeout
[  190.610140][ T2956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.621794][ T2956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.632280][ T2956] bond0 (unregistering): Released all slaves
[  190.652756][ T9157] syzkaller1: entered promiscuous mode
[  190.659757][ T9157] syzkaller1: entered allmulticast mode
[  190.934963][ T9194] netlink: 'syz.4.1107': attribute type 1 has an invalid length.
[  190.954584][ T9194] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1107'.
[  190.993353][ T9107] chnl_net:caif_netlink_parms(): no params data found
[  191.008403][ T9197] netlink: 'syz.0.1108': attribute type 4 has an invalid length.
[  191.206571][ T9203] netlink: 'syz.2.1110': attribute type 1 has an invalid length.
[  191.214395][ T9203] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1110'.
[  191.462813][ T9210] bridge: RTM_NEWNEIGH with invalid ether address
[  191.565659][ T2956] hsr_slave_0: left promiscuous mode
[  191.610169][ T2956] hsr_slave_1: left promiscuous mode
[  191.637775][ T2956] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.655241][ T2956] batman_adv: batadv0: Removing interface: batadv_slave_0
[  191.684161][ T2956] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.700305][ T2956] batman_adv: batadv0: Removing interface: batadv_slave_1
[  191.786512][ T2956] veth1_macvtap: left promiscuous mode
[  191.792143][ T2956] veth0_macvtap: left promiscuous mode
[  191.843433][ T2956] veth1_vlan: left promiscuous mode
[  191.849750][ T2956] veth0_vlan: left promiscuous mode
[  191.895415][ T9231] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1119'.
[  192.351251][ T9247] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1121'.
[  192.407062][ T9249] netlink: 'syz.4.1121': attribute type 4 has an invalid length.
[  192.656648][ T5839] Bluetooth: hci3: command tx timeout
[  192.670615][ T2956] team0 (unregistering): Port device team_slave_1 removed
[  192.713359][ T2956] team0 (unregistering): Port device team_slave_0 removed
[  193.334522][ T9254] netlink: 'syz.2.1124': attribute type 1 has an invalid length.
[  193.371656][ T9107] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.383094][ T9107] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.383389][ T9254] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1124'.
[  193.421413][ T9107] bridge_slave_0: entered allmulticast mode
[  193.440399][ T9107] bridge_slave_0: entered promiscuous mode
[  193.454522][ T9107] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.462549][ T9107] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.470787][ T9107] bridge_slave_1: entered allmulticast mode
[  193.499236][ T9107] bridge_slave_1: entered promiscuous mode
[  193.649669][ T9107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.720388][ T9107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.848630][ T9272] vlan2: entered promiscuous mode
[  193.876509][ T9272] vlan2: entered allmulticast mode
[  193.887844][ T9272] hsr_slave_1: entered allmulticast mode
[  194.055064][ T9107] team0: Port device team_slave_0 added
[  194.074977][ T9107] team0: Port device team_slave_1 added
[  194.164921][ T9288] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20004
[  194.249615][ T9286] syzkaller1: entered promiscuous mode
[  194.266726][ T9286] syzkaller1: entered allmulticast mode
[  194.419559][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  194.445562][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.452588][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.512806][ T9107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.574698][ T9107] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.599138][ T9107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.686267][ T9107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.739220][ T5839] Bluetooth: hci3: command tx timeout
[  194.762561][ T9312] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.952454][ T9312] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.124947][ T9321] macvlan3: entered promiscuous mode
[  195.144908][ T9321] macvlan3: entered allmulticast mode
[  195.161619][ T9321] batadv0: entered promiscuous mode
[  195.184388][ T9321] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  195.195676][ T9321] bond0: (slave macvlan3): Enslaving as an active interface with an up link
[  195.208998][ T9312] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.338258][ T9107] hsr_slave_0: entered promiscuous mode
[  195.347355][ T9107] hsr_slave_1: entered promiscuous mode
[  195.353835][ T9107] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  195.362547][ T9107] Cannot create hsr debugfs directory
[  195.388147][ T9312] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.641025][ T9346] FAULT_INJECTION: forcing a failure.
[  195.641025][ T9346] name failslab, interval 1, probability 0, space 0, times 0
[  195.662960][ T9346] CPU: 0 UID: 0 PID: 9346 Comm: syz.2.1153 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  195.662990][ T9346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.663003][ T9346] Call Trace:
[  195.663012][ T9346]  <TASK>
[  195.663021][ T9346]  dump_stack_lvl+0x189/0x250
[  195.663058][ T9346]  ? __pfx____ratelimit+0x10/0x10
[  195.663086][ T9346]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.663119][ T9346]  ? __pfx__printk+0x10/0x10
[  195.663148][ T9346]  ? __pfx___might_resched+0x10/0x10
[  195.663167][ T9346]  ? fs_reclaim_acquire+0x7d/0x100
[  195.663198][ T9346]  should_fail_ex+0x414/0x560
[  195.663231][ T9346]  ? alloc_netdev_mqs+0x8e5/0x11e0
[  195.663256][ T9346]  should_failslab+0xa8/0x100
[  195.663282][ T9346]  __kvmalloc_node_noprof+0x161/0x5f0
[  195.663306][ T9346]  ? alloc_netdev_mqs+0x8e5/0x11e0
[  195.663330][ T9346]  ? __asan_memset+0x22/0x50
[  195.663363][ T9346]  alloc_netdev_mqs+0x8e5/0x11e0
[  195.663396][ T9346]  rtnl_create_link+0x31f/0xd10
[  195.663427][ T9346]  rtnl_newlink_create+0x25c/0xb00
[  195.663453][ T9346]  ? __mutex_lock+0x51b/0xe80
[  195.663488][ T9346]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  195.663507][ T9346]  ? rtnl_newlink+0x8db/0x1c70
[  195.663540][ T9346]  ? __pfx___mutex_lock+0x10/0x10
[  195.663581][ T9346]  ? ns_capable+0x8a/0xf0
[  195.663616][ T9346]  rtnl_newlink+0x16d6/0x1c70
[  195.663658][ T9346]  ? netlink_sendmsg+0x805/0xb30
[  195.663693][ T9346]  ? __pfx_rtnl_newlink+0x10/0x10
[  195.663752][ T9346]  ? kasan_quarantine_put+0xdd/0x220
[  195.663783][ T9346]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.663817][ T9346]  ? nlmon_xmit+0xb0/0x100
[  195.663834][ T9346]  ? kmem_cache_free+0x18f/0x400
[  195.663864][ T9346]  ? __local_bh_enable_ip+0x12d/0x1c0
[  195.663895][ T9346]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.663923][ T9346]  ? __local_bh_enable_ip+0x12d/0x1c0
[  195.663953][ T9346]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  195.663990][ T9346]  ? __dev_queue_xmit+0x27e/0x3a70
[  195.664030][ T9346]  ? __lock_acquire+0xab9/0xd20
[  195.664089][ T9346]  ? __pfx_rtnl_newlink+0x10/0x10
[  195.664119][ T9346]  rtnetlink_rcv_msg+0x7cf/0xb70
[  195.664154][ T9346]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  195.664187][ T9346]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  195.664215][ T9346]  ? ref_tracker_free+0x63a/0x7d0
[  195.664241][ T9346]  ? __copy_skb_header+0xa7/0x550
[  195.664266][ T9346]  ? __pfx_ref_tracker_free+0x10/0x10
[  195.664293][ T9346]  ? __skb_clone+0x63/0x7a0
[  195.664325][ T9346]  netlink_rcv_skb+0x208/0x470
[  195.664347][ T9346]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  195.664377][ T9346]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  195.664413][ T9346]  ? netlink_deliver_tap+0x2e/0x1b0
[  195.664433][ T9346]  ? netlink_deliver_tap+0x2e/0x1b0
[  195.664459][ T9346]  netlink_unicast+0x75b/0x8d0
[  195.664501][ T9346]  netlink_sendmsg+0x805/0xb30
[  195.664532][ T9346]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.664558][ T9346]  ? aa_sock_msg_perm+0x94/0x160
[  195.664588][ T9346]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  195.664615][ T9346]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.664643][ T9346]  __sock_sendmsg+0x21c/0x270
[  195.664675][ T9346]  ____sys_sendmsg+0x505/0x830
[  195.664705][ T9346]  ? __pfx_____sys_sendmsg+0x10/0x10
[  195.664740][ T9346]  ? import_iovec+0x74/0xa0
[  195.664767][ T9346]  ___sys_sendmsg+0x21f/0x2a0
[  195.664792][ T9346]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.664859][ T9346]  ? __fget_files+0x2a/0x420
[  195.664883][ T9346]  ? __fget_files+0x3a0/0x420
[  195.664919][ T9346]  __x64_sys_sendmsg+0x19b/0x260
[  195.664946][ T9346]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  195.664980][ T9346]  ? __pfx_ksys_write+0x10/0x10
[  195.664998][ T9346]  ? rcu_is_watching+0x15/0xb0
[  195.665024][ T9346]  ? do_syscall_64+0xbe/0x3b0
[  195.665057][ T9346]  do_syscall_64+0xfa/0x3b0
[  195.665083][ T9346]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.665107][ T9346]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.665127][ T9346]  ? clear_bhb_loop+0x60/0xb0
[  195.665151][ T9346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.665171][ T9346] RIP: 0033:0x7f037b38e929
[  195.665190][ T9346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.665208][ T9346] RSP: 002b:00007f037c1a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.665231][ T9346] RAX: ffffffffffffffda RBX: 00007f037b5b5fa0 RCX: 00007f037b38e929
[  195.665246][ T9346] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  195.665259][ T9346] RBP: 00007f037c1a3090 R08: 0000000000000000 R09: 0000000000000000
[  195.665271][ T9346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.665283][ T9346] R13: 0000000000000000 R14: 00007f037b5b5fa0 R15: 00007fff72de0168
[  195.665315][ T9346]  </TASK>
[  195.676700][ T9348] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1154'.
[  195.696566][ T9344] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1152'.
[  196.222286][ T9312] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.329035][ T9312] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.420184][ T9312] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.434991][ T9364] tipc: Started in network mode
[  196.441195][ T9364] tipc: Node identity , cluster identity 4711
[  196.447845][ T9364] tipc: Failed to obtain node identity
[  196.453490][ T9364] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  196.501187][ T9312] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.666714][ T9373] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1160'.
[  196.817122][ T5839] Bluetooth: hci3: command tx timeout
[  197.074753][ T9376] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.364406][ T9376] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.454824][ T9376] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.597587][ T9409] netlink: 'syz.3.1170': attribute type 1 has an invalid length.
[  197.607068][ T9408] netlink: 'syz.2.1171': attribute type 11 has an invalid length.
[  197.617572][ T9376] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.649733][ T9409] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1170'.
[  197.709833][ T9408] netlink: 'syz.2.1171': attribute type 4 has an invalid length.
[  197.929511][ T9376] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.984819][ T9376] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.067818][ T9107] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  198.112021][ T9107] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  198.153552][ T9107] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  198.204097][ T9376] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.272705][ T9107] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  198.314739][ T9376] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.347682][ T9431] FAULT_INJECTION: forcing a failure.
[  198.347682][ T9431] name failslab, interval 1, probability 0, space 0, times 0
[  198.402777][ T9431] CPU: 1 UID: 0 PID: 9431 Comm: syz.3.1179 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  198.402810][ T9431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.402823][ T9431] Call Trace:
[  198.402831][ T9431]  <TASK>
[  198.402840][ T9431]  dump_stack_lvl+0x189/0x250
[  198.402877][ T9431]  ? __pfx____ratelimit+0x10/0x10
[  198.402905][ T9431]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.402937][ T9431]  ? __pfx__printk+0x10/0x10
[  198.402963][ T9431]  ? __pfx___might_resched+0x10/0x10
[  198.402983][ T9431]  ? fs_reclaim_acquire+0x7d/0x100
[  198.403014][ T9431]  should_fail_ex+0x414/0x560
[  198.403049][ T9431]  should_failslab+0xa8/0x100
[  198.403075][ T9431]  __kmalloc_cache_noprof+0x70/0x3d0
[  198.403096][ T9431]  ? alloc_netdev_mqs+0xbd5/0x11e0
[  198.403120][ T9431]  ? __xdp_rxq_info_reg+0x189/0x2a0
[  198.403146][ T9431]  alloc_netdev_mqs+0xbd5/0x11e0
[  198.403180][ T9431]  rtnl_create_link+0x31f/0xd10
[  198.403213][ T9431]  rtnl_newlink_create+0x25c/0xb00
[  198.403241][ T9431]  ? __mutex_lock+0x51b/0xe80
[  198.403282][ T9431]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  198.403301][ T9431]  ? rtnl_newlink+0x8db/0x1c70
[  198.403335][ T9431]  ? __pfx___mutex_lock+0x10/0x10
[  198.403375][ T9431]  ? ns_capable+0x8a/0xf0
[  198.403410][ T9431]  rtnl_newlink+0x16d6/0x1c70
[  198.403443][ T9431]  ? netlink_sendmsg+0x805/0xb30
[  198.403478][ T9431]  ? __pfx_rtnl_newlink+0x10/0x10
[  198.403535][ T9431]  ? kasan_quarantine_put+0xdd/0x220
[  198.403566][ T9431]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.403600][ T9431]  ? nlmon_xmit+0xb0/0x100
[  198.403616][ T9431]  ? kmem_cache_free+0x18f/0x400
[  198.403646][ T9431]  ? __local_bh_enable_ip+0x12d/0x1c0
[  198.403678][ T9431]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.403705][ T9431]  ? __local_bh_enable_ip+0x12d/0x1c0
[  198.403736][ T9431]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  198.403772][ T9431]  ? __dev_queue_xmit+0x27e/0x3a70
[  198.403812][ T9431]  ? __lock_acquire+0xab9/0xd20
[  198.403871][ T9431]  ? __pfx_rtnl_newlink+0x10/0x10
[  198.403902][ T9431]  rtnetlink_rcv_msg+0x7cf/0xb70
[  198.403936][ T9431]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  198.403966][ T9431]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  198.403994][ T9431]  ? ref_tracker_free+0x63a/0x7d0
[  198.404021][ T9431]  ? __copy_skb_header+0xa7/0x550
[  198.404047][ T9431]  ? __pfx_ref_tracker_free+0x10/0x10
[  198.404075][ T9431]  ? __skb_clone+0x63/0x7a0
[  198.404108][ T9431]  netlink_rcv_skb+0x208/0x470
[  198.404130][ T9431]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  198.404162][ T9431]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  198.404199][ T9431]  ? netlink_deliver_tap+0x2e/0x1b0
[  198.404219][ T9431]  ? netlink_deliver_tap+0x2e/0x1b0
[  198.404246][ T9431]  netlink_unicast+0x75b/0x8d0
[  198.404297][ T9431]  netlink_sendmsg+0x805/0xb30
[  198.404329][ T9431]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.404355][ T9431]  ? aa_sock_msg_perm+0x94/0x160
[  198.404384][ T9431]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  198.404411][ T9431]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.404434][ T9431]  __sock_sendmsg+0x21c/0x270
[  198.404466][ T9431]  ____sys_sendmsg+0x505/0x830
[  198.404496][ T9431]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.404530][ T9431]  ? import_iovec+0x74/0xa0
[  198.404557][ T9431]  ___sys_sendmsg+0x21f/0x2a0
[  198.404582][ T9431]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.404649][ T9431]  ? __fget_files+0x2a/0x420
[  198.404672][ T9431]  ? __fget_files+0x3a0/0x420
[  198.404709][ T9431]  __x64_sys_sendmsg+0x19b/0x260
[  198.404735][ T9431]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  198.404769][ T9431]  ? __pfx_ksys_write+0x10/0x10
[  198.404797][ T9431]  ? do_syscall_64+0xbe/0x3b0
[  198.404829][ T9431]  do_syscall_64+0xfa/0x3b0
[  198.404854][ T9431]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.404879][ T9431]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.404900][ T9431]  ? clear_bhb_loop+0x60/0xb0
[  198.404925][ T9431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.404945][ T9431] RIP: 0033:0x7f055c78e929
[  198.404963][ T9431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.404982][ T9431] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  198.405004][ T9431] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  198.405019][ T9431] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  198.405032][ T9431] RBP: 00007f055d545090 R08: 0000000000000000 R09: 0000000000000000
[  198.405045][ T9431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  198.405057][ T9431] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  198.405092][ T9431]  </TASK>
[  198.905578][ T9434] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1180'.
[  198.914490][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1181'.
[  198.928199][ T9426] syzkaller1: entered promiscuous mode
[  198.934983][ T9426] syzkaller1: entered allmulticast mode
[  199.112266][ T9437] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1181'.
[  199.269500][ T9107] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.346306][ T9107] 8021q: adding VLAN 0 to HW filter on device team0
[  199.378409][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.385653][ T5938] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.507580][ T1006] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.514833][ T1006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.744319][ T9465] syzkaller1: entered promiscuous mode
[  199.768817][ T9465] syzkaller1: entered allmulticast mode
[  199.923175][ T9479] veth1_vlan: left promiscuous mode
[  199.944375][ T9479] macvlan0: entered promiscuous mode
[  199.979579][ T9479] macvlan0: entered allmulticast mode
[  200.049740][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1194'.
[  200.069814][ T9489] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'.
[  200.218189][ T9494] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1195'.
[  201.166727][ T9107] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.241516][ T9528] syzkaller1: entered promiscuous mode
[  201.265219][ T9528] syzkaller1: entered allmulticast mode
[  201.410937][ T9547] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1211'.
[  201.601421][ T9107] veth0_vlan: entered promiscuous mode
[  201.651415][ T9554] bond0: option mode: unable to set because the bond device has slaves
[  201.681410][ T9107] veth1_vlan: entered promiscuous mode
[  201.817079][ T9107] veth0_macvtap: entered promiscuous mode
[  201.873061][ T9561] netlink: 'syz.3.1217': attribute type 1 has an invalid length.
[  201.890960][ T9107] veth1_macvtap: entered promiscuous mode
[  201.962778][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_0
[  201.990628][ T9107] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.029480][ T9107] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.041446][ T9107] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.063538][ T9107] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.088058][ T9107] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.121268][ T9570] FAULT_INJECTION: forcing a failure.
[  202.121268][ T9570] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.182506][ T9570] CPU: 0 UID: 0 PID: 9570 Comm: syz.0.1220 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  202.182536][ T9570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  202.182548][ T9570] Call Trace:
[  202.182556][ T9570]  <TASK>
[  202.182565][ T9570]  dump_stack_lvl+0x189/0x250
[  202.182602][ T9570]  ? __pfx____ratelimit+0x10/0x10
[  202.182629][ T9570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.182661][ T9570]  ? __pfx__printk+0x10/0x10
[  202.182684][ T9570]  ? __might_fault+0xb0/0x130
[  202.182717][ T9570]  should_fail_ex+0x414/0x560
[  202.182750][ T9570]  _copy_from_iter+0x1db/0x16f0
[  202.182783][ T9570]  ? __lock_acquire+0xab9/0xd20
[  202.182823][ T9570]  ? __pfx__copy_from_iter+0x10/0x10
[  202.182872][ T9570]  tun_get_user+0x20f/0x3ce0
[  202.182919][ T9570]  ? aa_file_perm+0x11f/0xed0
[  202.182949][ T9570]  ? __pfx_tun_get_user+0x10/0x10
[  202.182966][ T9570]  ? aa_file_perm+0x11f/0xed0
[  202.182994][ T9570]  ? aa_file_perm+0x3e7/0xed0
[  202.183036][ T9570]  ? ref_tracker_alloc+0x318/0x460
[  202.183063][ T9570]  ? __lock_acquire+0xab9/0xd20
[  202.183093][ T9570]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  202.183128][ T9570]  ? tun_get+0x1c/0x2f0
[  202.183166][ T9570]  ? tun_get+0x1c/0x2f0
[  202.183195][ T9570]  ? tun_get+0x1c/0x2f0
[  202.183231][ T9570]  tun_chr_write_iter+0x113/0x200
[  202.183264][ T9570]  vfs_write+0x54b/0xa90
[  202.183287][ T9570]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  202.183316][ T9570]  ? __pfx_vfs_write+0x10/0x10
[  202.183344][ T9570]  ? __fget_files+0x2a/0x420
[  202.183377][ T9570]  ksys_write+0x145/0x250
[  202.183400][ T9570]  ? __pfx_ksys_write+0x10/0x10
[  202.183417][ T9570]  ? rcu_is_watching+0x15/0xb0
[  202.183441][ T9570]  ? do_syscall_64+0xbe/0x3b0
[  202.183474][ T9570]  do_syscall_64+0xfa/0x3b0
[  202.183500][ T9570]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.183526][ T9570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.183546][ T9570]  ? clear_bhb_loop+0x60/0xb0
[  202.183569][ T9570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.183589][ T9570] RIP: 0033:0x7f84eab8e929
[  202.183608][ T9570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.183624][ T9570] RSP: 002b:00007f84eb989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  202.183646][ T9570] RAX: ffffffffffffffda RBX: 00007f84eadb5fa0 RCX: 00007f84eab8e929
[  202.183662][ T9570] RDX: 000000000000fdef RSI: 0000200000000100 RDI: 0000000000000003
[  202.183676][ T9570] RBP: 00007f84eb989090 R08: 0000000000000000 R09: 0000000000000000
[  202.183689][ T9570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.183701][ T9570] R13: 0000000000000000 R14: 00007f84eadb5fa0 R15: 00007fff27944838
[  202.183733][ T9570]  </TASK>
[  202.506153][ T9574] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1221'.
[  202.920347][ T2956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.961282][ T2956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.024449][ T9592] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  203.483340][ T3576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.497460][ T3576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.778791][ T9621] netlink: 'syz.3.1229': attribute type 4 has an invalid length.
[  203.863187][ T9592] geneve2: entered promiscuous mode
[  203.868633][ T9592] geneve2: entered allmulticast mode
[  204.003604][ T9629] netlink: 'syz.3.1231': attribute type 1 has an invalid length.
[  204.047047][ T9629] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1231'.
[  204.411824][ T3576] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.569875][ T3576] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.652615][ T3576] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.708806][ T3576] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.839051][ T3576] bridge_slave_1: left allmulticast mode
[  204.844781][ T3576] bridge_slave_1: left promiscuous mode
[  204.850835][ T3576] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.861144][ T3576] bridge_slave_0: left allmulticast mode
[  204.867670][ T3576] bridge_slave_0: left promiscuous mode
[  204.874539][ T3576] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.604591][ T3576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.631781][ T3576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.643397][ T3576] bond0 (unregistering): Released all slaves
[  205.675921][ T9651] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1239'.
[  205.693650][ T9651] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  205.745588][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  205.796018][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  205.804533][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  205.819761][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  205.837695][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  205.852748][ T9672] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1243'.
[  206.233229][ T9681] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.289841][ T9688] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1247'.
[  206.387776][ T9681] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.493645][ T9700] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1251'.
[  206.681887][ T9681] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.832746][ T3576] hsr_slave_0: left promiscuous mode
[  206.855004][ T3576] hsr_slave_1: left promiscuous mode
[  206.879860][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  206.911159][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.948469][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  206.965386][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.084922][ T3576] veth1_macvtap: left promiscuous mode
[  207.102856][ T3576] veth0_macvtap: left promiscuous mode
[  207.127919][ T3576] veth1_vlan: left promiscuous mode
[  207.147708][ T3576] veth0_vlan: left promiscuous mode
[  207.642416][ T3576] team0 (unregistering): Port device team_slave_1 removed
[  207.680900][ T3576] team0 (unregistering): Port device team_slave_0 removed
[  207.935478][   T51] Bluetooth: hci3: command tx timeout
[  208.072867][ T9681] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.154225][ T9727] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  208.429184][ T9681] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.560454][ T9681] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.582775][ T9743] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1264'.
[  208.620140][ T9747] netlink: 'syz.4.1267': attribute type 1 has an invalid length.
[  208.655372][ T9681] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.657369][ T9747] netlink: 'syz.4.1267': attribute type 4 has an invalid length.
[  208.719868][ T9744] netlink: 'syz.4.1267': attribute type 1 has an invalid length.
[  208.744754][ T9681] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.753281][ T9747] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1267'.
[  208.789055][ T9744] netlink: 'syz.4.1267': attribute type 4 has an invalid length.
[  208.834183][ T9744] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1267'.
[  209.336591][ T9668] chnl_net:caif_netlink_parms(): no params data found
[  209.366424][ T9780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1274'.
[  209.431693][ T9780] netlink: 'syz.0.1274': attribute type 3 has an invalid length.
[  210.023849][ T5846] Bluetooth: hci3: command 0x041b tx timeout
[  210.143290][ T9805] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1278'.
[  210.261459][ T9668] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.313763][ T9668] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.355686][ T9668] bridge_slave_0: entered allmulticast mode
[  210.363610][ T9668] bridge_slave_0: entered promiscuous mode
[  210.426273][ T9668] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.433482][ T9668] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.491284][ T9668] bridge_slave_1: entered allmulticast mode
[  210.521271][ T9812] IPVS: set_ctl: invalid protocol: 98 172.20.20.12:20001
[  210.529663][ T9668] bridge_slave_1: entered promiscuous mode
[  210.652560][ T9819] netlink: 'syz.3.1284': attribute type 5 has an invalid length.
[  210.800305][ T9668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.884578][ T9668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.924597][ T9826] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1287'.
[  211.202470][ T9668] team0: Port device team_slave_0 added
[  211.234716][ T9668] team0: Port device team_slave_1 added
[  211.397373][ T9847] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1293'.
[  211.436370][ T9668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.443429][ T9668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.594390][ T9854] netlink: 'syz.0.1296': attribute type 1 has an invalid length.
[  211.604220][ T9854] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1296'.
[  211.635141][ T9668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.790042][ T9668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.824058][ T9668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.863973][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  211.868424][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  211.876495][ T9668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.993426][ T9869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1299'.
[  212.056884][ T9871] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1299'.
[  212.090747][ T9870] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  212.098955][   T51] Bluetooth: hci3: command 0x041b tx timeout
[  212.119279][ T9866] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.274256][ T9871] 8021q: adding VLAN 0 to HW filter on device bond2
[  212.327818][ T9668] hsr_slave_0: entered promiscuous mode
[  212.337449][ T9668] hsr_slave_1: entered promiscuous mode
[  212.344830][ T9668] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.372940][ T9668] Cannot create hsr debugfs directory
[  212.395208][ T9866] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.435234][ T9884] netlink: 'syz.3.1303': attribute type 1 has an invalid length.
[  212.505709][ T9884] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1303'.
[  212.525728][ T9866] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.717991][ T9866] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.079779][ T9866] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  213.088810][ T9903] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1311'.
[  213.359296][ T9866] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.699859][ T9926] netlink: 'syz.0.1317': attribute type 21 has an invalid length.
[  213.708014][ T9926] IPv6: NLM_F_CREATE should be specified when creating new route
[  213.718891][ T9926] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  213.726214][ T9926] IPv6: NLM_F_CREATE should be set when creating new route
[  213.733727][ T9926] IPv6: NLM_F_CREATE should be set when creating new route
[  213.741025][ T9926] IPv6: NLM_F_CREATE should be set when creating new route
[  214.175936][   T51] Bluetooth: hci3: command 0x041b tx timeout
[  214.749809][ T9957] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1327'.
[  214.783918][ T9668] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  214.854075][ T9668] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  214.889117][ T9668] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  214.946503][ T9966] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1330'.
[  214.970333][ T9668] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  214.987603][ T9966] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1330'.
[  215.123726][    C1] Unknown status report in ack skb
[  215.313392][ T9984] netlink: 'syz.3.1334': attribute type 15 has an invalid length.
[  215.358491][ T9984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1334'.
[  215.412712][ T9668] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.475035][ T9668] 8021q: adding VLAN 0 to HW filter on device team0
[  215.511722][ T1006] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.518985][ T1006] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.566286][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.573551][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.899184][T10004] tipc: Started in network mode
[  215.914417][T10004] tipc: Node identity , cluster identity 4711
[  215.943595][T10004] tipc: Failed to obtain node identity
[  215.970571][T10004] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  216.062791][T10010] x_tables: ip_tables: osf match: only valid for protocol 6
[  216.095803][T10010] x_tables: ip_tables: osf match: only valid for protocol 6
[  216.103345][T10010] x_tables: ip_tables: osf match: only valid for protocol 6
[  216.255306][   T51] Bluetooth: hci3: command 0x041b tx timeout
[  216.463979][ T9668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.639588][ T9668] veth0_vlan: entered promiscuous mode
[  216.686581][ T9668] veth1_vlan: entered promiscuous mode
[  216.856550][ T9668] veth0_macvtap: entered promiscuous mode
[  216.907732][ T9668] veth1_macvtap: entered promiscuous mode
[  217.017228][ T9668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  217.089764][ T9668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.130554][ T9668] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.171238][ T9668] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.190366][ T9668] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  217.203260][ T9668] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.426944][T10061] netlink: 'syz.4.1355': attribute type 10 has an invalid length.
[  217.469552][T10064] netlink: 'syz.0.1356': attribute type 1 has an invalid length.
[  217.501377][T10064] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1356'.
[  217.545734][T10061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.570732][T10061] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  217.697856][ T1006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.743188][ T1006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.881321][ T5938] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.919508][ T5938] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.921144][T10079] netlink: 'syz.0.1361': attribute type 1 has an invalid length.
[  218.394907][T10096] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1368'.
[  218.447637][T10096] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1368'.
[  218.560329][T10104] tipc: Started in network mode
[  218.579541][T10104] tipc: Node identity , cluster identity 4711
[  218.597037][T10104] tipc: Failed to obtain node identity
[  218.609730][T10104] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  218.645870][T10096] macvlan0: left promiscuous mode
[  218.658243][T10096] macvlan0: left allmulticast mode
[  218.770168][T10112] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1373'.
[  218.948099][ T1006] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.077183][ T1006] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.237687][ T1006] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.373550][ T1006] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.602822][ T1006] bridge_slave_1: left allmulticast mode
[  219.616195][ T1006] bridge_slave_1: left promiscuous mode
[  219.622044][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.635022][ T1006] bridge_slave_0: left allmulticast mode
[  219.642061][ T1006] bridge_slave_0: left promiscuous mode
[  219.648787][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.186842][T10155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1382'.
[  220.330812][T10159] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1383'.
[  220.680898][ T1006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.693070][ T1006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.708977][ T1006] bond0 (unregistering): Released all slaves
[  220.849355][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  220.859222][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  220.884002][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  220.898761][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  220.907284][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  221.079117][T10181] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1388'.
[  221.194165][T10185] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1387'.
[  221.720060][ T1006] hsr_slave_0: left promiscuous mode
[  221.737860][ T1006] hsr_slave_1: left promiscuous mode
[  221.744030][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.774510][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.804452][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.822488][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.879447][ T1006] veth1_macvtap: left promiscuous mode
[  221.894488][ T1006] veth0_macvtap: left promiscuous mode
[  221.910205][ T1006] veth1_vlan: left promiscuous mode
[  221.918260][ T1006] veth0_vlan: left promiscuous mode
[  222.693865][ T1006] team0 (unregistering): Port device team_slave_1 removed
[  222.750340][ T1006] team0 (unregistering): Port device team_slave_0 removed
[  222.978202][ T5845] Bluetooth: hci3: command tx timeout
[  223.957801][T10171] chnl_net:caif_netlink_parms(): no params data found
[  224.646966][T10301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1418'.
[  224.678725][T10171] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.707933][T10171] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.738152][T10171] bridge_slave_0: entered allmulticast mode
[  224.771618][T10171] bridge_slave_0: entered promiscuous mode
[  224.854828][T10171] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.885415][T10171] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.892736][T10171] bridge_slave_1: entered allmulticast mode
[  224.955631][T10171] bridge_slave_1: entered promiscuous mode
[  225.074381][ T5845] Bluetooth: hci3: command tx timeout
[  225.184574][T10171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.283612][T10171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.528076][T10171] team0: Port device team_slave_0 added
[  225.589403][T10171] team0: Port device team_slave_1 added
[  225.903356][T10171] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.923086][T10171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.979078][T10171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.076678][T10171] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.083705][T10171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.175935][T10350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1433'.
[  226.191761][T10171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.442043][T10361] set match dimension is over the limit!
[  226.619307][T10171] hsr_slave_0: entered promiscuous mode
[  226.630533][T10171] hsr_slave_1: entered promiscuous mode
[  226.659633][T10171] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  226.675514][T10171] Cannot create hsr debugfs directory
[  227.135448][ T5845] Bluetooth: hci3: command tx timeout
[  227.164867][T10392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1448'.
[  227.212358][T10395] FAULT_INJECTION: forcing a failure.
[  227.212358][T10395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.257963][T10395] CPU: 1 UID: 0 PID: 10395 Comm: syz.3.1450 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  227.257994][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.258007][T10395] Call Trace:
[  227.258015][T10395]  <TASK>
[  227.258024][T10395]  dump_stack_lvl+0x189/0x250
[  227.258060][T10395]  ? __pfx____ratelimit+0x10/0x10
[  227.258088][T10395]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.258118][T10395]  ? __pfx__printk+0x10/0x10
[  227.258154][T10395]  should_fail_ex+0x414/0x560
[  227.258186][T10395]  _copy_to_user+0x31/0xb0
[  227.258210][T10395]  simple_read_from_buffer+0xe1/0x170
[  227.258237][T10395]  proc_fail_nth_read+0x1df/0x250
[  227.258266][T10395]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.258296][T10395]  ? rw_verify_area+0x258/0x650
[  227.258326][T10395]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.258352][T10395]  vfs_read+0x200/0x980
[  227.258377][T10395]  ? __pfx___mutex_lock+0x10/0x10
[  227.258405][T10395]  ? __pfx_vfs_read+0x10/0x10
[  227.258426][T10395]  ? __fget_files+0x2a/0x420
[  227.258454][T10395]  ? __fget_files+0x3a0/0x420
[  227.258475][T10395]  ? __fget_files+0x2a/0x420
[  227.258508][T10395]  ksys_read+0x145/0x250
[  227.258535][T10395]  ? __pfx_ksys_read+0x10/0x10
[  227.258552][T10395]  ? rcu_is_watching+0x15/0xb0
[  227.258577][T10395]  ? do_syscall_64+0xbe/0x3b0
[  227.258608][T10395]  do_syscall_64+0xfa/0x3b0
[  227.258634][T10395]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.258658][T10395]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.258678][T10395]  ? clear_bhb_loop+0x60/0xb0
[  227.258702][T10395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.258721][T10395] RIP: 0033:0x7f055c78d33c
[  227.258740][T10395] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  227.258757][T10395] RSP: 002b:00007f055d545030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  227.258779][T10395] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78d33c
[  227.258793][T10395] RDX: 000000000000000f RSI: 00007f055d5450a0 RDI: 0000000000000003
[  227.258806][T10395] RBP: 00007f055d545090 R08: 0000000000000000 R09: 0000000000000000
[  227.258818][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.258830][T10395] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  227.258861][T10395]  </TASK>
[  227.713247][T10402] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1451'.
[  228.002423][    C0] ------------[ cut here ]------------
[  228.008122][    C0] UBSAN: array-index-out-of-bounds in net/wireless/scan.c:3288:35
[  228.016052][    C0] index 1 is out of range for type 'u8[0]' (aka 'unsigned char[0]')
[  228.024082][    C0] CPU: 0 UID: 0 PID: 10421 Comm: syz.3.1456 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  228.024114][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  228.024129][    C0] Call Trace:
[  228.024138][    C0]  <IRQ>
[  228.024148][    C0]  dump_stack_lvl+0x189/0x250
[  228.024194][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.024236][    C0]  ? __pfx__printk+0x10/0x10
[  228.024258][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  228.024287][    C0]  ? __lock_acquire+0xab9/0xd20
[  228.024325][    C0]  ubsan_epilogue+0xa/0x40
[  228.024350][    C0]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  228.024397][    C0]  cfg80211_inform_bss_frame_data+0x660/0x7b0
[  228.024434][    C0]  ? ieee80211_bss_info_update+0x2dc/0x9e0
[  228.024470][    C0]  ieee80211_bss_info_update+0x746/0x9e0
[  228.024507][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  228.024556][    C0]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  228.024587][    C0]  ieee80211_scan_rx+0x593/0xa20
[  228.024625][    C0]  ieee80211_rx_list+0x22fc/0x2d80
[  228.024674][    C0]  ? __pfx_ieee80211_rx_list+0x10/0x10
[  228.024719][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.024749][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.024793][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.024821][    C0]  ieee80211_rx_napi+0x1a8/0x3d0
[  228.024855][    C0]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[  228.024891][    C0]  ? skb_dequeue+0x10e/0x150
[  228.024927][    C0]  ieee80211_handle_queued_frames+0xe8/0x1f0
[  228.024962][    C0]  tasklet_action_common+0x36c/0x580
[  228.024994][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[  228.025016][    C0]  ? sched_clock_cpu+0x74/0x430
[  228.025050][    C0]  ? lapic_next_event+0x11/0x20
[  228.025087][    C0]  ? clockevents_program_event+0x24d/0x360
[  228.025120][    C0]  ? workqueue_softirq_action+0xd4/0x150
[  228.025149][    C0]  handle_softirqs+0x286/0x870
[  228.025188][    C0]  ? do_softirq+0xec/0x180
[  228.025239][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  228.025279][    C0]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  228.025309][    C0]  do_softirq+0xec/0x180
[  228.025340][    C0]  </IRQ>
[  228.025348][    C0]  <TASK>
[  228.025358][    C0]  ? __pfx_do_softirq+0x10/0x10
[  228.025394][    C0]  ? ieee80211_set_qos_hdr+0x1ca/0x520
[  228.025431][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  228.025464][    C0]  __local_bh_enable_ip+0x17d/0x1c0
[  228.025500][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  228.025536][    C0]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  228.025567][    C0]  ? ieee80211_tx_skb_tid+0x2f/0x420
[  228.025591][    C0]  ? ieee80211_tx_skb_tid+0x2f/0x420
[  228.025619][    C0]  ieee80211_tx_skb_tid+0x266/0x420
[  228.025652][    C0]  ieee80211_mgmt_tx+0x1c25/0x21d0
[  228.025690][    C0]  ? ieee80211_mgmt_tx+0x1478/0x21d0
[  228.025721][    C0]  ? ieee80211_mgmt_tx+0xab0/0x21d0
[  228.025763][    C0]  cfg80211_mlme_mgmt_tx+0x7f2/0x1620
[  228.025805][    C0]  nl80211_tx_mgmt+0x9fd/0xd50
[  228.025853][    C0]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  228.025888][    C0]  ? __pfx_netdev_run_todo+0x10/0x10
[  228.025919][    C0]  ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10
[  228.025960][    C0]  ? nl80211_pre_doit+0x4f1/0x930
[  228.025995][    C0]  genl_family_rcv_msg_doit+0x215/0x300
[  228.026034][    C0]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  228.026078][    C0]  ? bpf_lsm_capable+0x9/0x20
[  228.026100][    C0]  ? security_capable+0x7e/0x2e0
[  228.026137][    C0]  genl_rcv_msg+0x60e/0x790
[  228.026173][    C0]  ? __pfx_genl_rcv_msg+0x10/0x10
[  228.026198][    C0]  ? ref_tracker_free+0x63a/0x7d0
[  228.026241][    C0]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  228.026264][    C0]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  228.026296][    C0]  ? __pfx_nl80211_post_doit+0x10/0x10
[  228.026324][    C0]  ? __pfx_ref_tracker_free+0x10/0x10
[  228.026367][    C0]  netlink_rcv_skb+0x208/0x470
[  228.026390][    C0]  ? __pfx_genl_rcv_msg+0x10/0x10
[  228.026419][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  228.026460][    C0]  ? down_read+0x1ad/0x2e0
[  228.026497][    C0]  genl_rcv+0x28/0x40
[  228.026522][    C0]  netlink_unicast+0x75b/0x8d0
[  228.026567][    C0]  netlink_sendmsg+0x805/0xb30
[  228.026599][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.026626][    C0]  ? aa_sock_msg_perm+0x94/0x160
[  228.026657][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  228.026685][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.026708][    C0]  __sock_sendmsg+0x21c/0x270
[  228.026742][    C0]  ____sys_sendmsg+0x505/0x830
[  228.026771][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[  228.026806][    C0]  ? import_iovec+0x74/0xa0
[  228.026835][    C0]  ___sys_sendmsg+0x21f/0x2a0
[  228.026862][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[  228.026928][    C0]  ? __fget_files+0x2a/0x420
[  228.026953][    C0]  ? __fget_files+0x3a0/0x420
[  228.026991][    C0]  __x64_sys_sendmsg+0x19b/0x260
[  228.027019][    C0]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  228.027056][    C0]  ? rcu_is_watching+0x15/0xb0
[  228.027083][    C0]  ? do_syscall_64+0xbe/0x3b0
[  228.027118][    C0]  do_syscall_64+0xfa/0x3b0
[  228.027148][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  228.027177][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.027200][    C0]  ? clear_bhb_loop+0x60/0xb0
[  228.027237][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.027259][    C0] RIP: 0033:0x7f055c78e929
[  228.027280][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.027301][    C0] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  228.027326][    C0] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  228.027344][    C0] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000009
[  228.027359][    C0] RBP: 00007f055c810b39 R08: 0000000000000000 R09: 0000000000000000
[  228.027373][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  228.027387][    C0] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  228.027423][    C0]  </TASK>
[  228.600974][    C0] ---[ end trace ]---
[  228.605011][    C0] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  228.612255][    C0] CPU: 0 UID: 0 PID: 10421 Comm: syz.3.1456 Not tainted 6.15.0-syzkaller-12434-gdc9c67820f81 #0 PREEMPT(full) 
[  228.624020][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  228.634123][    C0] Call Trace:
[  228.637446][    C0]  <IRQ>
[  228.640319][    C0]  dump_stack_lvl+0x99/0x250
[  228.644959][    C0]  ? __asan_memcpy+0x40/0x70
[  228.649607][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.654863][    C0]  ? __pfx__printk+0x10/0x10
[  228.659507][    C0]  panic+0x2db/0x790
[  228.663460][    C0]  ? __pfx_panic+0x10/0x10
[  228.667917][    C0]  ? _printk+0xcf/0x120
[  228.672121][    C0]  ? __pfx__printk+0x10/0x10
[  228.676752][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  228.681992][    C0]  check_panic_on_warn+0x89/0xb0
[  228.686971][    C0]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  228.692754][    C0]  cfg80211_inform_bss_frame_data+0x660/0x7b0
[  228.698875][    C0]  ? ieee80211_bss_info_update+0x2dc/0x9e0
[  228.704733][    C0]  ieee80211_bss_info_update+0x746/0x9e0
[  228.710416][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  228.716633][    C0]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  228.722482][    C0]  ieee80211_scan_rx+0x593/0xa20
[  228.727472][    C0]  ieee80211_rx_list+0x22fc/0x2d80
[  228.732653][    C0]  ? __pfx_ieee80211_rx_list+0x10/0x10
[  228.738176][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.743242][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.748321][    C0]  ? ieee80211_rx_napi+0xca/0x3d0
[  228.753391][    C0]  ieee80211_rx_napi+0x1a8/0x3d0
[  228.758375][    C0]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[  228.763892][    C0]  ? skb_dequeue+0x10e/0x150
[  228.768533][    C0]  ieee80211_handle_queued_frames+0xe8/0x1f0
[  228.774562][    C0]  tasklet_action_common+0x36c/0x580
[  228.779895][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[  228.785739][    C0]  ? sched_clock_cpu+0x74/0x430
[  228.790637][    C0]  ? lapic_next_event+0x11/0x20
[  228.795535][    C0]  ? clockevents_program_event+0x24d/0x360
[  228.801384][    C0]  ? workqueue_softirq_action+0xd4/0x150
[  228.807060][    C0]  handle_softirqs+0x286/0x870
[  228.811885][    C0]  ? do_softirq+0xec/0x180
[  228.816355][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  228.821699][    C0]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  228.827726][    C0]  do_softirq+0xec/0x180
[  228.832020][    C0]  </IRQ>
[  228.834978][    C0]  <TASK>
[  228.837937][    C0]  ? __pfx_do_softirq+0x10/0x10
[  228.842846][    C0]  ? ieee80211_set_qos_hdr+0x1ca/0x520
[  228.848352][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  228.853690][    C0]  __local_bh_enable_ip+0x17d/0x1c0
[  228.858939][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  228.864713][    C0]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  228.870737][    C0]  ? ieee80211_tx_skb_tid+0x2f/0x420
[  228.876062][    C0]  ? ieee80211_tx_skb_tid+0x2f/0x420
[  228.881391][    C0]  ieee80211_tx_skb_tid+0x266/0x420
[  228.886636][    C0]  ieee80211_mgmt_tx+0x1c25/0x21d0
[  228.891807][    C0]  ? ieee80211_mgmt_tx+0x1478/0x21d0
[  228.897145][    C0]  ? ieee80211_mgmt_tx+0xab0/0x21d0
[  228.902406][    C0]  cfg80211_mlme_mgmt_tx+0x7f2/0x1620
[  228.907850][    C0]  nl80211_tx_mgmt+0x9fd/0xd50
[  228.912683][    C0]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  228.918020][    C0]  ? __pfx_netdev_run_todo+0x10/0x10
[  228.923350][    C0]  ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10
[  228.929655][    C0]  ? nl80211_pre_doit+0x4f1/0x930
[  228.934733][    C0]  genl_family_rcv_msg_doit+0x215/0x300
[  228.940336][    C0]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  228.946463][    C0]  ? bpf_lsm_capable+0x9/0x20
[  228.951174][    C0]  ? security_capable+0x7e/0x2e0
[  228.956166][    C0]  genl_rcv_msg+0x60e/0x790
[  228.960726][    C0]  ? __pfx_genl_rcv_msg+0x10/0x10
[  228.965794][    C0]  ? ref_tracker_free+0x63a/0x7d0
[  228.970862][    C0]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  228.976280][    C0]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  228.981611][    C0]  ? __pfx_nl80211_post_doit+0x10/0x10
[  228.987121][    C0]  ? __pfx_ref_tracker_free+0x10/0x10
[  228.992552][    C0]  netlink_rcv_skb+0x208/0x470
[  228.997355][    C0]  ? __pfx_genl_rcv_msg+0x10/0x10
[  229.002423][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  229.007767][    C0]  ? down_read+0x1ad/0x2e0
[  229.012247][    C0]  genl_rcv+0x28/0x40
[  229.016281][    C0]  netlink_unicast+0x75b/0x8d0
[  229.021121][    C0]  netlink_sendmsg+0x805/0xb30
[  229.025942][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  229.031272][    C0]  ? aa_sock_msg_perm+0x94/0x160
[  229.036261][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  229.041594][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  229.046921][    C0]  __sock_sendmsg+0x21c/0x270
[  229.051644][    C0]  ____sys_sendmsg+0x505/0x830
[  229.056454][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[  229.061789][    C0]  ? import_iovec+0x74/0xa0
[  229.066334][    C0]  ___sys_sendmsg+0x21f/0x2a0
[  229.071055][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[  229.076339][    C0]  ? __fget_files+0x2a/0x420
[  229.080968][    C0]  ? __fget_files+0x3a0/0x420
[  229.085697][    C0]  __x64_sys_sendmsg+0x19b/0x260
[  229.090682][    C0]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  229.096196][    C0]  ? rcu_is_watching+0x15/0xb0
[  229.101002][    C0]  ? do_syscall_64+0xbe/0x3b0
[  229.105730][    C0]  do_syscall_64+0xfa/0x3b0
[  229.110281][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  229.115530][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.121634][    C0]  ? clear_bhb_loop+0x60/0xb0
[  229.126358][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.132291][    C0] RIP: 0033:0x7f055c78e929
[  229.136739][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.156388][    C0] RSP: 002b:00007f055d545038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  229.165023][    C0] RAX: ffffffffffffffda RBX: 00007f055c9b5fa0 RCX: 00007f055c78e929
[  229.173037][    C0] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000009
[  229.181145][    C0] RBP: 00007f055c810b39 R08: 0000000000000000 R09: 0000000000000000
[  229.189155][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  229.197163][    C0] R13: 0000000000000000 R14: 00007f055c9b5fa0 R15: 00007ffe99cde338
[  229.205183][    C0]  </TASK>
[  229.208719][    C0] Kernel Offset: disabled
[  229.213095][    C0] Rebooting in 86400 seconds..