last executing test programs:

1m37.291950657s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

1m17.021461947s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

1m1.295518606s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

49.778339009s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

36.184635728s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

15.260027004s ago: executing program 4 (id=187):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01002dbd7010fed903000000000000000180"], 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000001"], 0x18}}], 0x2, 0x844)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/162, 0xa2}, {&(0x7f0000000680)=""/4096, 0xd04}], 0x2}}], 0x1, 0x0, 0x0) (async, rerun: 32)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x6, 0x4, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x0, 0x0, 0xfa, 0x0, 0x1}, 0xe) (async, rerun: 32)
shutdown(r5, 0x0) (rerun: 32)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f00000000c0)="2b7f976dcea6156e56441ceac05e4bf7260894343072a96d89a5d7a61539f3deb505ec5ce82cc256d35b26243f7bfe11883ca2524878f10420b02b9f0b2153d51815715525a85364ff37", 0x4a) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffc, @local}]}, &(0x7f0000000240)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x2b}, &(0x7f00000001c0)=0x8) (async)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r8)

3.768789557s ago: executing program 0 (id=895):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002e00)={0xc, 0x17, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xa73}}}]}, 0x38}}, 0x24000098)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x7, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'gretap0\x00', &(0x7f0000000d00)={'syztnl0\x00', <r6=>0x0, 0x7, 0x8000, 0x3, 0xa, {{0x34, 0x4, 0x1, 0x8, 0xd0, 0x67, 0x0, 0x1, 0x29, 0x0, @remote, @local, {[@lsrr={0x83, 0x13, 0x12, [@multicast2, @dev={0xac, 0x14, 0x14, 0x30}, @local, @initdev={0xac, 0x1e, 0x3, 0x0}]}, @timestamp_prespec={0x44, 0xc, 0x1a, 0x3, 0xd, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xb}]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x1c, 0x7d, 0x3, 0x7, [{@local, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}]}, @timestamp={0x44, 0xc, 0x8b, 0x0, 0x8, [0x0, 0x6]}, @rr={0x7, 0x23, 0x64, [@empty, @rand_addr=0x64010101, @private=0xa010102, @empty, @remote, @local, @loopback, @local]}, @timestamp={0x44, 0x24, 0xdc, 0x0, 0x1, [0x4, 0x9cfe, 0xfffd, 0x9, 0x2, 0x100, 0x3, 0x3ff]}, @ssrr={0x89, 0x27, 0xbc, [@multicast1, @local, @dev={0xac, 0x14, 0x14, 0x29}, @multicast2, @local, @broadcast, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @local]}]}}}}})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1, &(0x7f0000000040), 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000c40)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002bbd7000fddbdf25010000000c00018008000100", @ANYRES32, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x40004}, 0x2000)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007000000", @ANYRES32=r12, @ANYBLOB="20000100", @ANYRES8=r10], 0x38}}, 0xc000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'syzkaller0\x00', <r13=>0x0})
r14 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r14, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r15=>0x0})
sendto$packet(r14, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r15, 0x1, 0x0, 0x6, @broadcast}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000340)={'tunl0\x00', <r16=>0x0, 0x7f00, 0x7800, 0x4, 0x806b, {{0xc, 0x4, 0x1, 0x1, 0x30, 0x64, 0x0, 0x8, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010100, {[@lsrr={0x83, 0x7, 0x42, [@multicast1]}, @ssrr={0x89, 0x13, 0xbd, [@remote, @remote, @rand_addr=0x64010102, @loopback]}, @noop, @noop]}}}}})
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000400)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'team0\x00', <r18=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r2, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000680)=ANY=[@ANYBLOB="a4040000", @ANYRES16=0x0, @ANYBLOB="04002dbd7000fbdbdf250200000008000100", @ANYRES32=r5, @ANYBLOB="54020280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000000000008000600", @ANYRES32=r6, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400008000003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32, @ANYBLOB="3c010ea6568d4b75027365725f6c696e6b7570000000008e00000000000000000000000000000000b945f9f9dfb369350400040008000600", @ANYRES32=r12, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000700000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400ff7f00003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400612000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="08000100", @ANYRES32=r16, @ANYBLOB="a80102803c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d00003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r17, @ANYBLOB="40000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000008000100", @ANYRES32=r18, @ANYBLOB="7c00028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000a00000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400030000000800070000000000"], 0x4a4}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

3.338484251s ago: executing program 1 (id=897):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={@map, 0xffffffffffffffff, 0x34, 0x0, 0xffffffffffffffff, @void, @value}, 0x20)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "ecf0ff19", "4e67cb72f328ac2f"}, 0x28)
writev(r1, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000100)="04d7eb04fb083f26dab77edbc1693b2822f9e7732289207d26b96d5ccbdf4116d80359f57ddfddf0556ed1faadcf984f4a87967b9f9f88750930763e3faed4f108af7b956d1d", 0x46}, {&(0x7f0000000240)="f21ec4ba6cae01b2f02f2592c7a7b6c6e2c4fcc61cf6f990a132a6319ced9b23789db08a8f81811875295a23e2751f99737ce09d3f", 0x35}], 0x3) (fail_nth: 2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e272f750375ed08a56331dbf9ed7a15e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800020004000000bdad446b9bbc7ace5b0dd385dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff00"/137, 0x89}], 0x1}, 0x0)
close(0x3)
r4 = accept4(r2, 0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000380)={<r5=>0x0, @broadcast, @remote}, &(0x7f0000000400)=0xc)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000440)={0x1, 0x0, 0x3, r5, 0x101}, 0xc)
sendmmsg$alg(r4, &(0x7f0000001800)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="0000000000000043f0", 0x9}], 0x1}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000030000000000000000002000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="040000000000400000000000000000000000000000000000000000004c8c259516"], 0x48)
r6 = socket$inet6(0xa, 0x806, 0x0)
listen(r6, 0x3)
r7 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
connect$inet(r7, &(0x7f0000000280)={0x2, 0x4e23}, 0x10)
accept$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

3.309387096s ago: executing program 0 (id=898):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='4\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="0b4eef6badc49c5ec0021fc7dad8bc0fa5abebb35a54a592d50a67c286b00be12cf37788baaf7f5694e8e08311daa673bec369969db0660295fac48cff2a0100ea644fd01fea48566fa6ce467796f794e17ab2", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "ecf0ff19", "4e67cb72f328ac2f"}, 0x28)
writev(r1, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000100)="04d7eb04fb083f26dab77edbc1693b2822f9e7732289207d26b96d5ccbdf4116d80359f57ddfddf0556ed1faadcf984f4a87967b9f9f88750930763e3faed4f108af7b956d1d", 0x46}, {&(0x7f0000000240)="f21ec4ba6cae01b2f02f2592c7a7b6c6e2c4fcc61cf6f990a132a6319ced9b23789db08a8f81811875295a23e2751f99737ce09d3f", 0x35}], 0x3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e272f750375ed08a56331dbf9ed7a15e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800020004000000bdad446b9bbc7ace5b0dd385dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff00"/137, 0x89}], 0x1}, 0x0)
close(0x3)
r4 = accept4(r2, 0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000380)={<r5=>0x0, @broadcast, @remote}, &(0x7f0000000400)=0xc)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000440)={0x1, 0x0, 0x3, r5, 0x101}, 0xc)
sendmmsg$alg(r4, &(0x7f0000001800)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="0000000000000043f0", 0x9}], 0x1}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000030000000000000000002000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="040000000000400000000000000000000000000000000000000000004c8c259516"], 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=r8, @ANYBLOB="00000000000b0000240012800b0001006272696467650000140002800800080088a8"], 0x44}}, 0x0)
r9 = socket$inet6(0xa, 0x806, 0x0)
listen(r9, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)

3.229604006s ago: executing program 3 (id=899):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000080900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140001007465616d30000000000000000000000008000740009c"], 0xd8}}, 0x800)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f00000002c0)={@private=0xa010102, @loopback}, 0xc)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000500)={<r3=>0x0, 0x48, "0cf169962668931b60c57c6a289f7c60f09808b7838cf2a2458ee3b0b69ff0710b05193ffe7b18dbcade1f9f04602bea21146d6e136a0f8cbbd76b4344792326bc660ed2176001c3"}, &(0x7f0000000580)=0x50)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f00000005c0)={r3, 0x9c, "cedd5479dfd333c93cda25121f64bc7049210728189336ed37656379ca8182f4550d8eb3997513b54077777afebb26ebde6b042836faa532f24ffce245d8f9a9b02432b9c72d839e0934bb89eabe98507a269d6bd75a0b389f2ca72c1313293472c159afc097c3b834dc4a033601e0b592766c639291d0943fdfef57847a6b11919f22b24910bc492514ca87ec3a1254bc67a484bb554da71156b886"}, &(0x7f0000000680)=0xa4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r9)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB='\\\x00\x00', @ANYRES16=r10, @ANYBLOB="0100ffffffff000000003900000008000300", @ANYRES32, @ANYBLOB="40005a803c000400060001"], 0x5c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000007c0)=ANY=[@ANYRESHEX=r9, @ANYRES32, @ANYRES8=r6, @ANYRES32=r8, @ANYBLOB="60003080050003"], 0x7c}}, 0x3d612e13b5b7e9c2)
sendmsg$nl_generic(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000280)={0x1c, 0x33, 0x1, 0x70bd2a, 0x25dbdbff, {0x2}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24001}, 0x4000000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0xf, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r11)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000001300)={'batadv0\x00', <r13=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r12, 0x83625fc5352ba305, 0xfefffffd, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r13}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004804}, 0x20000000) (fail_nth: 1)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x2}, 0x8)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r4, 0x2000000, 0x32, 0x0, &(0x7f00000000c0)="13435cb8b9f6ff004954ea5207e3137c3c9e9fbe213450", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.117286047s ago: executing program 1 (id=901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0xfffffffc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r7 = socket$inet(0x2, 0x2, 0x4)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="280000006e254309ecb4c2020266413adc19056872799a5834be1e2cbb514de842da3b51bb5b60fbbcc475c090bcfdbbee01834f9536036af61ea325739e10ed408f01972eee21610b43b0a319c78b9599e08acbd5e54cd6df689e0b1fbb543982c4621c2df9edcf2f1c8b7bf3a80e66a53f4820d649c52d5ebad0fbfe209cc0a1156afb301432b4699a550ee095a9273404717711185ea286e0ef9436ff5e405bc95b652434f4cc699e831bf7a6c3151c3e9cc0116f549e4bc13cf47998f5e3dfe600ee0f28486b166da41db03a013df150f289f15ec20284366cfbd693b1fa1131c4a7821e9263800fc0eb77544d1f5e401464fe13169aea57a434ea2ae1f3ed3824372135fd8d27a65ceab9d14c62d5538ff15b1cc332b20dde2974c220eba7cd3977f642a3f10a7dd58e1ef68449ddab3fac1cec5239d6152c7b954e39cd2b027a4a8698ab03dce596898d8937786a1bb6cfc08e607d59a047b214afadfef067c99ce1607fb6fa43253f7c8511f5f606f7c8a60a0dc61750bea9b65d00ae4deb2673", @ANYRES16=r6, @ANYBLOB="010000000000000000800100000014000180060001000200000008000300e0000001"], 0x28}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r8=>0x0})
setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000100)=0x1, 0x4)
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r8, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)="81b6417b463bc08ba929d1193f9a9ffa247ad00d87cc98bd19a75c3e8c977d378e58335cd24651", 0x27}], 0x1}, 0x4048081)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r10=>0x0})
bind$can_j1939(r9, &(0x7f00000000c0)={0x1d, r10, 0x0, {0x0, 0xf0}, 0x2}, 0x18)
r11 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r12, {0xfffd, 0xfff3}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)

2.712931605s ago: executing program 0 (id=902):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x404c080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="ffff000a3d40949e5b17ffd74100f16907b163d7b1132f6e1650c463fd6a6aeddd9f2253c56ab6e2def58e8721e94064795d0755154d5a31c76fe9f70d1359af11f633bff0e63bf50767fea73f7726a7a6bd7b053895906d51896415", @ANYRES16=r2, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e000000000000000000200003801c000380180001800c000200657468746f6f6c000800010007000000"], 0x4c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
accept4$netrom(r0, 0x0, &(0x7f0000000100), 0x80800)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r5, &(0x7f0000000400)={0x1a, 0x338, 0x0, 0x6, 0x0, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000ec0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc250d40f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c9837d5ac03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05452018aae05d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a9b893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4eba068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66ef0000009d75711ce1623e9c5452f42e09b388a14b22bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9287933152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66cf8aeb1f98bd67bfd38ec2beac3ca99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94d81150c68ab27987655e1dd676ceef54ad4d663f88b6f82a65f7c94a0e40cbb782ff536bd67ba81125f8e0af199094b407f630dc6eb3b79615a4e63f75ab30b1e475748cb5dce6581dc92f740a21fb8dec725b4f2a0b0972f852504245d5ce11cfdead09c9b6e094261084cd20c2294525061a4638c0bfd08dfa70d24bf85d9cfd940e1a4f1509bed8233f22506e5b000000000000862a01def6c9e879a87688ad151c14ae7ff8a090aebe7e4f936c26e565ae96d38ee5f794468caa17419e22ff13df60a95596490358a3b8121511e427d619ad87fe998702ea0b659eff3f5cd8f4094fdd6ba5eb877d10671d45facfe6629846170d99de670a9e72e21ed7363876612bf58a17142abccbbe4762f531067f92af24f5354f432ed1df74f8168d05de528f63a98bca22820439c567973de0077c068d1b70b6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000180)=[{r5}, {r4}, {r3}], 0x3, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9)
bind$inet6(r9, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r9, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r9, &(0x7f0000000340)="cf1b5172115cf2c9298d67df6ae3f81f856620ad8ecab2fa49fcbe1940c755e0739db3e8", 0x24, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)
shutdown(r9, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
socket(0x2, 0x80805, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x13, &(0x7f00000003c0)=ANY=[@ANYRESHEX=r1, @ANYBLOB="90c0651826"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.712662187s ago: executing program 2 (id=903):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001c00c9243bbd70000000020007000000", @ANYRES32=r1, @ANYBLOB="80008f0b0a000200aaaaaaaaaaaa00000600050001"], 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0)

2.327434517s ago: executing program 2 (id=904):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000900), &(0x7f0000000940)=r0}, 0x20)

2.247817205s ago: executing program 3 (id=905):
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r8}, 0x18)
sendmsg$TIPC_NL_MEDIA_SET(r7, 0x0, 0x8000)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r2, 0x890b, &(0x7f00000000c0)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

2.036380634s ago: executing program 1 (id=906):
socket$inet6(0xa, 0x2, 0x3a)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x366, &(0x7f0000000740)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0200", 0x330, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502"}, {0x7, 0x1, "000000050000000026000400"}, {0x0, 0x15, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab28"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x19, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x5, 0x11, "3f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05"}, {0x5, 0x1, "fc0fe85e8ee7"}]}}}}}}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000100))
write$tun(r0, &(0x7f0000000340)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @val={@void, {0x8100, 0x2, 0x0, 0x2}}, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x4f1c, 0x4e20, 0x8}}}}}}}, 0x42)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x2c, r6, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x80)
sendmmsg(r4, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)

1.927276996s ago: executing program 2 (id=907):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000000)=0x2, 0x4)
ioctl$sock_proto_private(r1, 0x89dd, &(0x7f0000001080))
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000240), r5)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r7}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x48, r6, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_team\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4009000}, 0x4090)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0500ff0000feffdbdf00158b0b4d7d2ab73333703a02c2e3fa1b0aab3dc1ae2ddeed3bb2c897af0dd7cf2a78c90a66c2725aec2ffa8873f50c1a8664233ef9c853bcd7c6e501a174d8485ddc090335aef9d95015428f0d3f44eee1bb712e47608a185f54ba1432625895b9d42a8ef2f5aec6769b5fd512950f2dc16980c98f78a98a28f382addd5f0ceadffa1806d371e8b451d9d7f62b0ad0ab21c8fbd036cbd99a5b562a65630224bca738e4", @ANYRES32=r4, @ANYBLOB="1c003080180001800c00038006000100000000000800010000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4004080}, 0x810)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELRULE={0xb0, 0x6, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_USERDATA={0x81, 0x7, 0x1, 0x0, "d49aa3dd131ce2fa580b9b667a45d3a97b5f7a54af462bffe3bfe2d218b79c4a0ac8d1e7a39638635d4419e53371b57db0afe5fee29da5e1008e078f5c3c283b8112ad0ff5291927b3f2056088b51b03444fea516492aab01129fd4e4d02e2e63349d929d549ca42180dd7fd32f40b099c8c628d6d523b1001788c371d"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xd8}, 0x1, 0x0, 0x0, 0x20048880}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x14)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[@ANYBLOB="54010000100033060000000000000000ffffffff000000000000000000000000e000000200000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000032000000ac14141a00000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000400720000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000028bd70002cbd700028bd700027bd700081000000"], 0x154}}, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r11 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r11, 0x6, 0x21, 0x0, &(0x7f0000000100))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES8], 0x44}}, 0x0)

1.922010773s ago: executing program 3 (id=908):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002e00)={0xc, 0x17, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xa73}}}]}, 0x38}}, 0x24000098)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x7, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'gretap0\x00', &(0x7f0000000d00)={'syztnl0\x00', <r6=>0x0, 0x7, 0x8000, 0x3, 0xa, {{0x34, 0x4, 0x1, 0x8, 0xd0, 0x67, 0x0, 0x1, 0x29, 0x0, @remote, @local, {[@lsrr={0x83, 0x13, 0x12, [@multicast2, @dev={0xac, 0x14, 0x14, 0x30}, @local, @initdev={0xac, 0x1e, 0x3, 0x0}]}, @timestamp_prespec={0x44, 0xc, 0x1a, 0x3, 0xd, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xb}]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x1c, 0x7d, 0x3, 0x7, [{@local, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}]}, @timestamp={0x44, 0xc, 0x8b, 0x0, 0x8, [0x0, 0x6]}, @rr={0x7, 0x23, 0x64, [@empty, @rand_addr=0x64010101, @private=0xa010102, @empty, @remote, @local, @loopback, @local]}, @timestamp={0x44, 0x24, 0xdc, 0x0, 0x1, [0x4, 0x9cfe, 0xfffd, 0x9, 0x2, 0x100, 0x3, 0x3ff]}, @ssrr={0x89, 0x27, 0xbc, [@multicast1, @local, @dev={0xac, 0x14, 0x14, 0x29}, @multicast2, @local, @broadcast, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @local]}]}}}}})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1, &(0x7f0000000040), 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000c40)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002bbd7000fddbdf25010000000c00018008000100", @ANYRES32, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x40004}, 0x2000)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007000000", @ANYRES32=r12, @ANYBLOB="20000100", @ANYRES8=r10], 0x38}}, 0xc000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'syzkaller0\x00', <r13=>0x0})
r14 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r14, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r15=>0x0})
sendto$packet(r14, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r15, 0x1, 0x0, 0x6, @broadcast}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000340)={'tunl0\x00', <r16=>0x0, 0x7f00, 0x7800, 0x4, 0x806b, {{0xc, 0x4, 0x1, 0x1, 0x30, 0x64, 0x0, 0x8, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010100, {[@lsrr={0x83, 0x7, 0x42, [@multicast1]}, @ssrr={0x89, 0x13, 0xbd, [@remote, @remote, @rand_addr=0x64010102, @loopback]}, @noop, @noop]}}}}})
getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000400)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'team0\x00', <r18=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r2, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000680)=ANY=[@ANYBLOB="a4040000", @ANYRES16=0x0, @ANYBLOB="04002dbd7000fbdbdf250200000008000100", @ANYRES32=r5, @ANYBLOB="54020280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000000000008000600", @ANYRES32=r6, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400008000003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32, @ANYBLOB="3c010ea6568d4b75027365725f6c696e6b7570000000008e00000000000000000000000000000000b945f9f9dfb369350400040008000600", @ANYRES32=r12, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000700000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400ff7f00003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400612000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="08000100", @ANYRES32=r16, @ANYBLOB="a80102803c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d00003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r17, @ANYBLOB="40000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000008000100", @ANYRES32=r18, @ANYBLOB="7c00028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000a00000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400030000000800070000000000"], 0x4a4}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

1.455604141s ago: executing program 0 (id=909):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x20000400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.state\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000200)={'wlan1\x00', @random="704cd37300"})

1.396072897s ago: executing program 2 (id=910):
socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x40000000015, 0x5, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

1.364798213s ago: executing program 3 (id=911):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1, 0x5c}, 0x6e)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000030400000000fedbdf2500000300", @ANYRES32=0x0, @ANYBLOB="0000be281f000000200012800b00010067656e65766500001000028004000e0005000a0001"], 0x40}}, 0x0)

952.461415ms ago: executing program 0 (id=912):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x7ff, 0x7}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='%\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="857e"], 0x20)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
listen(r2, 0x90101)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x80800)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x64, 0x0, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x800}, {0x5}, {0x6}, {0x8, 0xb, 0x6}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
sendmsg$NL80211_CMD_GET_INTERFACE(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x200088d0}, 0x8000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r5, &(0x7f0000000800)={&(0x7f0000000740), 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x14, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000440}, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000000020646c2500000000002020207b1af8ff00000000bfa1000000000000070100afbd01000000000000000000b7036eddd4d8000085000000060000009500000000000000bebf42be20ba7ddd3e798efd85588e9602e7ae06aaf89265867fdbd041558ea56193b5162db3f70ad97efc5c0e51205eae667f6d7d8a6acb1a6500"/173], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000e00001f487d5c0500"/23], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r6, &(0x7f0000000440)="bcd61af246894e673c80aecc6a6591335e51684241956c2e2682ded5fe3926310675ab6a66bb6bccc83f43227b16bd55a68453949fd13a07c7c2ed420b2a5e28eec349cec4f0ca13653045d7326b9bff8871bfd37fbafc1293871acf34a0b30727c087c602ec57d3d322706deeebb529c1f515965bcdf8e0db4e204c2b3b96000766c2f3278817d39179f5266cb599d6b9b2f5f1df1ae6da2c55552d35d1f1eed0996859825a085e5e13460510df04dfed8ae1ec9c1e06aea2f61a10c0dad0f64529d095db3be93eb591220f3c08a68192291616531d22de1424c7210030538575b5859a826f", &(0x7f0000000540)=""/102}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0xfffffffe}, 0x1c)
setsockopt$packet_int(r7, 0x107, 0xe, &(0x7f0000001400)=0x80, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000700)={&(0x7f00000003c0), 0xc, &(0x7f0000000400)={&(0x7f0000000680)={0x60, 0x1403, 0x800, 0x70bd28, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_vlan\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'dummy0\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4004800}, 0x40)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000000000000a4000000a400000009000000040000000000000e030000000000000001000000000000110400000000000000000000000a000004f13d00000300000003000000050000000e00000005000030818288ff0c00000005000000060000000e00000000000000070000000f00000004000000050000000800000000000000ff0000000300000005000000020000000500000000000000030000000e00000003000000765b0000090000000100000081000000002e0000612e"], 0x0, 0xc5, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

871.247453ms ago: executing program 3 (id=913):
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x2c060000)
unshare(0x24020400)
r1 = epoll_create1(0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000839c39ea1a8dbbe3dd007b8af8ff00000000bca2000000000000a6028000f8ffffffb703000008000000b704000000000000850000003300000095000000000000000578609405a7bb6f1a3a05017477c8b34f1657a22c97adfcd2c5dfa7a55c1c06c13f7b32ef60606d49b5e1efb40351ae481809e4e6606b809903aaf398666c73a3d32751dce8c75c607281a95635b577ea240cb8cc1cb60e4b66e7a21dd0fd8bd7a15f3afb5461950949dc5a2463744874"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a0000002900", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000cb9f2cfcc837c14b000000000000000000000000000000000000000200000000000000ffffe2ffe0ffffff000000000000000000000000000000000000000000000000000000000000e1069346585daf1fd01200000200"/121], 0xb8}}, 0x4004)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x5, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x6}, {0x0, 0xfffffffffffffffc}}}, 0xb8}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000005a40)={0x50002010})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4d2f02, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x25}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
unshare(0x4040600)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="000c000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)

740.411254ms ago: executing program 1 (id=914):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3f}, {0x85, 0x0, 0x0, 0x4}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_opts(r2, 0x0, 0x8, 0x0, &(0x7f0000000140))
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2={0xff, 0x5}, 0x7800, 0x700}})

537.55548ms ago: executing program 2 (id=915):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x9, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x700}}}, 0x24}}, 0x0)

355.352588ms ago: executing program 3 (id=916):
socket$inet6(0xa, 0x2, 0x3a)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x372, &(0x7f0000000740)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0200", 0x33c, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502"}, {0x7, 0x1, "000000050000000026000400"}, {0x0, 0x17, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd46"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x19, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x5, 0x11, "3f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05"}, {0x5, 0x1, "fc0fe85e8ee7"}]}}}}}}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000100))
write$tun(r0, &(0x7f0000000340)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @val={@void, {0x8100, 0x2, 0x0, 0x2}}, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x4f1c, 0x4e20, 0x8}}}}}}}, 0x42)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x2c, r6, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}}, 0x80)
sendmmsg(r4, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)

288.929449ms ago: executing program 1 (id=917):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000900), &(0x7f0000000940)=r0}, 0x20)

135.967256ms ago: executing program 1 (id=918):
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r8}, 0x18)
sendmsg$TIPC_NL_MEDIA_SET(r7, 0x0, 0x8000)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r2, 0x890b, &(0x7f00000000c0)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

27.274356ms ago: executing program 2 (id=919):
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

0s ago: executing program 0 (id=920):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000000)=0x2, 0x4)
ioctl$sock_proto_private(r1, 0x89dd, &(0x7f0000001080))
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000240), r5)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r7}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x48, r6, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_team\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4009000}, 0x4090)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0500ff0000feffdbdf00158b0b4d7d2ab73333703a02c2e3fa1b0aab3dc1ae2ddeed3bb2c897af0dd7cf2a78c90a66c2725aec2ffa8873f50c1a8664233ef9c853bcd7c6e501a174d8485ddc090335aef9d95015428f0d3f44eee1bb712e47608a185f54ba1432625895b9d42a8ef2f5aec6769b5fd512950f2dc16980c98f78a98a28f382addd5f0ceadffa1806d371e8b451d9d7f62b0ad0ab21c8fbd036cbd99a5b562a65630224bca738e4", @ANYRES32=r4, @ANYBLOB="1c003080180001800c00038006000100000000000800010000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4004080}, 0x810)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELRULE={0xb0, 0x6, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_USERDATA={0x81, 0x7, 0x1, 0x0, "d49aa3dd131ce2fa580b9b667a45d3a97b5f7a54af462bffe3bfe2d218b79c4a0ac8d1e7a39638635d4419e53371b57db0afe5fee29da5e1008e078f5c3c283b8112ad0ff5291927b3f2056088b51b03444fea516492aab01129fd4e4d02e2e63349d929d549ca42180dd7fd32f40b099c8c628d6d523b1001788c371d"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xd8}, 0x1, 0x0, 0x0, 0x20048880}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x14)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[@ANYBLOB="54010000100033060000000000000000ffffffff000000000000000000000000e000000200000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000032000000ac14141a00000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000400720000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000028bd70002cbd700028bd700027bd700081000000"], 0x154}}, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r11 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r11, 0x6, 0x21, 0x0, &(0x7f0000000100))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES8], 0x44}}, 0x0)

kernel console output (not intermixed with test programs):

53.207625][ T7323] wg1 speed is unknown, defaulting to 1000
[  154.011205][ T7383] netlink: 12 bytes leftover after parsing attributes in process `syz.1.395'.
[  154.038223][ T7384] netlink: 12 bytes leftover after parsing attributes in process `syz.2.396'.
[  154.078433][ T7384] 8021q: VLANs not supported on caif0
[  154.204479][ T7389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[  154.458825][ T7386] wg1 speed is unknown, defaulting to 1000
[  154.595804][ T7397] pimreg3: entered allmulticast mode
[  154.811467][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  154.830513][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  154.844069][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  154.853276][ T7400] xt_hashlimit: size too large, truncated to 1048576
[  154.861986][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  154.872724][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  155.176613][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  155.196686][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  155.553127][ T7399] wg1 speed is unknown, defaulting to 1000
[  155.682730][ T7417] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  155.690383][ T7417] IPv6: NLM_F_CREATE should be set when creating new route
[  155.697669][ T7417] IPv6: NLM_F_CREATE should be set when creating new route
[  155.707250][ T7419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.407'.
[  155.864598][ T7421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.408'.
[  155.998438][ T7421] 8021q: VLANs not supported on caif0
[  156.317861][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.412'.
[  156.355208][ T7432] netlink: 'syz.3.412': attribute type 2 has an invalid length.
[  156.682199][ T7434] xt_hashlimit: size too large, truncated to 1048576
[  156.936748][ T5842] Bluetooth: hci2: command tx timeout
[  157.185375][ T7445] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  157.337423][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  157.343668][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  158.142088][ T7464] netlink: 12 bytes leftover after parsing attributes in process `syz.0.421'.
[  158.160576][ T7399] chnl_net:caif_netlink_parms(): no params data found
[  158.184098][ T7464] 8021q: VLANs not supported on caif0
[  158.497312][ T7399] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.504522][ T7399] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.558040][ T7399] bridge_slave_0: entered allmulticast mode
[  158.572864][ T7399] bridge_slave_0: entered promiscuous mode
[  158.602419][ T7399] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.612841][ T7399] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.629732][ T7399] bridge_slave_1: entered allmulticast mode
[  158.637916][ T7399] bridge_slave_1: entered promiscuous mode
[  158.859256][ T7475] wg1 speed is unknown, defaulting to 1000
[  158.979955][ T7490] FAULT_INJECTION: forcing a failure.
[  158.979955][ T7490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.985605][ T7399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.013702][ T7490] CPU: 1 UID: 0 PID: 7490 Comm: syz.1.429 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  159.013732][ T7490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  159.013745][ T7490] Call Trace:
[  159.013753][ T7490]  <TASK>
[  159.013761][ T7490]  dump_stack_lvl+0x241/0x360
[  159.013799][ T7490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.013828][ T7490]  ? __pfx__printk+0x10/0x10
[  159.013868][ T7490]  should_fail_ex+0x424/0x570
[  159.013895][ T7490]  _copy_to_user+0x31/0xb0
[  159.013934][ T7490]  simple_read_from_buffer+0xc4/0x170
[  159.013968][ T7490]  proc_fail_nth_read+0x1ef/0x260
[  159.013992][ T7490]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.014017][ T7490]  ? rw_verify_area+0x246/0x630
[  159.014038][ T7490]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.014060][ T7490]  vfs_read+0x21f/0xb90
[  159.014089][ T7490]  ? __pfx___mutex_lock+0x10/0x10
[  159.014116][ T7490]  ? __pfx_vfs_read+0x10/0x10
[  159.014141][ T7490]  ? __fget_files+0x2a/0x420
[  159.014161][ T7490]  ? __fget_files+0x39d/0x420
[  159.014177][ T7490]  ? __fget_files+0x2a/0x420
[  159.014206][ T7490]  ksys_read+0x19d/0x2d0
[  159.014231][ T7490]  ? __pfx_ksys_read+0x10/0x10
[  159.014259][ T7490]  ? do_syscall_64+0xb6/0x230
[  159.014288][ T7490]  do_syscall_64+0xf3/0x230
[  159.014313][ T7490]  ? clear_bhb_loop+0x45/0xa0
[  159.014337][ T7490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.014356][ T7490] RIP: 0033:0x7fa24fd8bb7c
[  159.014374][ T7490] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  159.014389][ T7490] RSP: 002b:00007fa250b9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  159.014410][ T7490] RAX: ffffffffffffffda RBX: 00007fa24ffa5fa0 RCX: 00007fa24fd8bb7c
[  159.014424][ T7490] RDX: 000000000000000f RSI: 00007fa250b9e0a0 RDI: 0000000000000003
[  159.014436][ T7490] RBP: 00007fa250b9e090 R08: 0000000000000000 R09: 0000000000000000
[  159.014447][ T7490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  159.014459][ T7490] R13: 0000000000000000 R14: 00007fa24ffa5fa0 R15: 00007ffedf050998
[  159.014490][ T7490]  </TASK>
[  159.357651][ T5838] Bluetooth: hci2: command tx timeout
[  159.372802][ T7399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.392525][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.432'.
[  159.424862][ T7495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.430'.
[  159.526772][ T7502] netlink: 12 bytes leftover after parsing attributes in process `syz.3.433'.
[  159.544008][ T7502] 8021q: VLANs not supported on caif0
[  159.632496][ T7497] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  159.665076][ T7497] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  159.753565][ T7399] team0: Port device team_slave_0 added
[  159.793975][ T7399] team0: Port device team_slave_1 added
[  159.992903][ T7399] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.001485][ T7399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.032080][ T7399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.053737][ T7399] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.062846][ T7399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.095088][ T7399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.338056][ T7522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.437'.
[  160.483387][ T7399] hsr_slave_0: entered promiscuous mode
[  160.498506][ T7399] hsr_slave_1: entered promiscuous mode
[  160.505149][ T7399] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.513407][ T7399] Cannot create hsr debugfs directory
[  160.585840][    C0] vcan0: j1939_tp_rxtimer: 0xffff888012a0f000: rx timeout, send abort
[  161.004672][ T7540] netlink: 16 bytes leftover after parsing attributes in process `syz.1.441'.
[  161.087077][    C0] vcan0: j1939_tp_rxtimer: 0xffff888012a0f800: rx timeout, send abort
[  161.096121][    C0] vcan0: j1939_tp_rxtimer: 0xffff888012a0f000: abort rx timeout. Force session deactivation
[  161.212709][ T7399] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.410188][ T7399] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.426891][ T5838] Bluetooth: hci2: command tx timeout
[  161.488405][ T7556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.444'.
[  161.579944][ T7399] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.595382][    C0] vcan0: j1939_tp_rxtimer: 0xffff888012a0f800: abort rx timeout. Force session deactivation
[  161.707111][ T7399] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.132771][ T7399] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  162.201180][ T5892] wg1 speed is unknown, defaulting to 1000
[  162.202313][ T7399] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  162.256133][ T7399] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  162.280975][ T7399] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  162.484443][ T7590] xt_limit: Overflow, try lower: 167772/2147483648
[  162.515977][ T7590] netlink: 64 bytes leftover after parsing attributes in process `syz.0.453'.
[  162.707493][ T7399] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.799893][ T7592] wg1 speed is unknown, defaulting to 1000
[  162.811216][ T7399] 8021q: adding VLAN 0 to HW filter on device team0
[  162.829715][ T7600] xt_hashlimit: size too large, truncated to 1048576
[  162.889848][ T6076] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.897078][ T6076] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.908786][ T7604] FAULT_INJECTION: forcing a failure.
[  162.908786][ T7604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.914508][ T6076] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.929067][ T6076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.968149][ T7604] CPU: 0 UID: 0 PID: 7604 Comm: syz.3.460 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  162.968177][ T7604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.968189][ T7604] Call Trace:
[  162.968197][ T7604]  <TASK>
[  162.968205][ T7604]  dump_stack_lvl+0x241/0x360
[  162.968242][ T7604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.968271][ T7604]  ? __pfx__printk+0x10/0x10
[  162.968332][ T7604]  should_fail_ex+0x424/0x570
[  162.968359][ T7604]  _copy_from_user+0x2d/0xb0
[  162.968390][ T7604]  core_sys_select+0x542/0xab0
[  162.968433][ T7604]  ? __pfx_core_sys_select+0x10/0x10
[  162.968458][ T7604]  ? rcu_read_lock_any_held+0xbb/0x160
[  162.968493][ T7604]  ? vfs_write+0xb29/0xd10
[  162.968555][ T7604]  ? __pfx_vfs_write+0x10/0x10
[  162.968578][ T7604]  ? __pfx_set_user_sigmask+0x10/0x10
[  162.968601][ T7604]  ? __pfx_do_sys_openat2+0x10/0x10
[  162.968631][ T7604]  ? put_files_struct+0x23d/0x310
[  162.968668][ T7604]  __se_sys_pselect6+0x356/0x3e0
[  162.968708][ T7604]  ? __pfx___se_sys_pselect6+0x10/0x10
[  162.968746][ T7604]  ? __x64_sys_pselect6+0x21/0xf0
[  162.968778][ T7604]  do_syscall_64+0xf3/0x230
[  162.968804][ T7604]  ? clear_bhb_loop+0x45/0xa0
[  162.968828][ T7604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.968848][ T7604] RIP: 0033:0x7fd27ff8d169
[  162.968866][ T7604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.968882][ T7604] RSP: 002b:00007fd280d9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  162.968915][ T7604] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8d169
[  162.968929][ T7604] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000040
[  162.968941][ T7604] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  162.968953][ T7604] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  162.968965][ T7604] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  162.968995][ T7604]  </TASK>
[  163.497548][ T5842] Bluetooth: hci2: command tx timeout
[  163.722529][ T7399] 8021q: adding VLAN 0 to HW filter on device batadv0
[  164.057294][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  164.063507][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  164.557495][ T7399] veth0_vlan: entered promiscuous mode
[  164.639291][ T7399] veth1_vlan: entered promiscuous mode
[  164.716911][ T7646] netlink: 28 bytes leftover after parsing attributes in process `syz.0.470'.
[  164.778903][ T7646] netlink: 28 bytes leftover after parsing attributes in process `syz.0.470'.
[  164.794842][ T7646] netlink: 28 bytes leftover after parsing attributes in process `syz.0.470'.
[  164.825251][ T7649] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  165.038061][ T7399] veth0_macvtap: entered promiscuous mode
[  165.091942][ T7399] veth1_macvtap: entered promiscuous mode
[  165.139223][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.182848][ T7652] xt_hashlimit: size too large, truncated to 1048576
[  165.348019][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.382699][ T7399] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.431917][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.492519][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.522250][ T7399] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.565267][ T7399] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.595654][ T7399] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.636497][ T7399] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.675381][ T7399] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.956782][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.476'.
[  166.000255][ T6032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.020018][ T6032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.069936][ T7665] netlink: 20 bytes leftover after parsing attributes in process `syz.1.476'.
[  166.175430][ T7668] netlink: 'syz.2.477': attribute type 11 has an invalid length.
[  166.231577][ T2128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.242498][ T2128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.175287][ T7693] wg1 speed is unknown, defaulting to 1000
[  167.370301][ T7704] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'.
[  167.394276][ T7706] netlink: 12 bytes leftover after parsing attributes in process `syz.1.485'.
[  167.444166][ T7706] 8021q: VLANs not supported on nlmon0
[  167.660328][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'.
[  168.122731][ T7719] xt_hashlimit: size too large, truncated to 1048576
[  168.308973][ T5842] Bluetooth: hci2: command 0x0405 tx timeout
[  169.838127][ T7740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.494'.
[  169.914858][ T7744] FAULT_INJECTION: forcing a failure.
[  169.914858][ T7744] name failslab, interval 1, probability 0, space 0, times 0
[  169.964390][ T7744] CPU: 1 UID: 0 PID: 7744 Comm: syz.0.496 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  169.964422][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  169.964434][ T7744] Call Trace:
[  169.964443][ T7744]  <TASK>
[  169.964451][ T7744]  dump_stack_lvl+0x241/0x360
[  169.964492][ T7744]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.964523][ T7744]  ? __pfx__printk+0x10/0x10
[  169.964557][ T7744]  ? __pfx___might_resched+0x10/0x10
[  169.964588][ T7744]  should_fail_ex+0x424/0x570
[  169.964616][ T7744]  should_failslab+0xac/0x100
[  169.964648][ T7744]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  169.964679][ T7744]  ? __alloc_skb+0x1c2/0x480
[  169.964704][ T7744]  __alloc_skb+0x1c2/0x480
[  169.964730][ T7744]  ? __pfx___alloc_skb+0x10/0x10
[  169.964752][ T7744]  ? netlink_autobind+0xd6/0x2f0
[  169.964770][ T7744]  ? netlink_autobind+0x2b0/0x2f0
[  169.964794][ T7744]  netlink_sendmsg+0x638/0xcd0
[  169.964839][ T7744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.964876][ T7744]  ? aa_sock_msg_perm+0x91/0x160
[  169.964911][ T7744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.964940][ T7744]  __sock_sendmsg+0x221/0x270
[  169.964980][ T7744]  ____sys_sendmsg+0x523/0x860
[  169.965013][ T7744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  169.965033][ T7744]  ? __fget_files+0x2a/0x420
[  169.965056][ T7744]  ? __fget_files+0x2a/0x420
[  169.965094][ T7744]  __sys_sendmsg+0x271/0x360
[  169.965122][ T7744]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.965210][ T7744]  ? do_syscall_64+0xb6/0x230
[  169.965241][ T7744]  do_syscall_64+0xf3/0x230
[  169.965269][ T7744]  ? clear_bhb_loop+0x45/0xa0
[  169.965294][ T7744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.965319][ T7744] RIP: 0033:0x7fbf1a98d169
[  169.965339][ T7744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.965355][ T7744] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.965377][ T7744] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  169.965392][ T7744] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004
[  169.965404][ T7744] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  169.965417][ T7744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.965428][ T7744] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  169.965460][ T7744]  </TASK>
[  170.431859][ T7749] netlink: 28 bytes leftover after parsing attributes in process `syz.0.498'.
[  170.436904][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  170.450054][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  170.469263][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  170.488110][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  170.497692][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  170.603824][ T7747] wg1 speed is unknown, defaulting to 1000
[  170.900507][ T7759] netlink: 68 bytes leftover after parsing attributes in process `syz.2.502'.
[  171.170286][ T7765] netlink: 'syz.2.504': attribute type 11 has an invalid length.
[  171.421435][ T7773] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  171.546312][ T7779] netlink: 28 bytes leftover after parsing attributes in process `syz.3.511'.
[  171.968122][ T7747] chnl_net:caif_netlink_parms(): no params data found
[  172.341885][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'.
[  172.377523][ T7812] netlink: 'syz.0.518': attribute type 11 has an invalid length.
[  172.424951][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.456199][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.476804][ T7747] bridge_slave_0: entered allmulticast mode
[  172.497316][ T7747] bridge_slave_0: entered promiscuous mode
[  172.523130][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.537516][ T5842] Bluetooth: hci2: command tx timeout
[  172.544358][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.559494][ T7747] bridge_slave_1: entered allmulticast mode
[  172.567481][ T7747] bridge_slave_1: entered promiscuous mode
[  172.682666][ T7747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.748879][ T7747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.812425][ T7830] netlink: 28 bytes leftover after parsing attributes in process `syz.3.523'.
[  172.920296][ T7747] team0: Port device team_slave_0 added
[  172.932635][ T7747] team0: Port device team_slave_1 added
[  173.071577][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.085389][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.146024][ T7747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.162781][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.171279][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.209738][ T7849] netlink: 44 bytes leftover after parsing attributes in process `syz.0.525'.
[  173.225632][ T7747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.315244][ T7851] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  173.516230][ T7747] hsr_slave_0: entered promiscuous mode
[  173.533803][ T7747] hsr_slave_1: entered promiscuous mode
[  173.542042][ T7747] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  173.555873][ T7857] netlink: 'syz.3.531': attribute type 11 has an invalid length.
[  173.563814][ T7747] Cannot create hsr debugfs directory
[  173.576615][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  173.582777][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  173.792348][ T7860] netlink: 'syz.0.532': attribute type 39 has an invalid length.
[  173.855886][ T7860] netlink: 36 bytes leftover after parsing attributes in process `syz.0.532'.
[  173.914335][ T7865] netlink: 40 bytes leftover after parsing attributes in process `syz.0.532'.
[  174.132469][ T7869] FAULT_INJECTION: forcing a failure.
[  174.132469][ T7869] name failslab, interval 1, probability 0, space 0, times 0
[  174.162102][ T7869] CPU: 0 UID: 0 PID: 7869 Comm: syz.0.536 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  174.162131][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  174.162143][ T7869] Call Trace:
[  174.162151][ T7869]  <TASK>
[  174.162170][ T7869]  dump_stack_lvl+0x241/0x360
[  174.162208][ T7869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.162238][ T7869]  ? __pfx__printk+0x10/0x10
[  174.162273][ T7869]  ? __pfx___might_resched+0x10/0x10
[  174.162304][ T7869]  should_fail_ex+0x424/0x570
[  174.162332][ T7869]  should_failslab+0xac/0x100
[  174.162362][ T7869]  __kmalloc_cache_noprof+0x73/0x370
[  174.162391][ T7869]  ? sctp_add_bind_addr+0x89/0x3a0
[  174.162425][ T7869]  sctp_add_bind_addr+0x89/0x3a0
[  174.162459][ T7869]  sctp_bind_addr_copy+0xad/0x3b0
[  174.162487][ T7869]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  174.162517][ T7869]  sctp_connect_new_asoc+0x337/0x700
[  174.162543][ T7869]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  174.162565][ T7869]  ? sctp_endpoint_lookup_assoc+0x7c/0x250
[  174.162591][ T7869]  ? sctp_endpoint_lookup_assoc+0x7c/0x250
[  174.162610][ T7869]  ? sctp_endpoint_lookup_assoc+0x217/0x250
[  174.162640][ T7869]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  174.162665][ T7869]  sctp_sendmsg+0x2009/0x3620
[  174.162719][ T7869]  ? __pfx_sctp_sendmsg+0x10/0x10
[  174.162742][ T7869]  ? aa_sk_perm+0x96f/0xac0
[  174.162785][ T7869]  ? inet_sendmsg+0x330/0x390
[  174.162813][ T7869]  __sock_sendmsg+0x1a6/0x270
[  174.162842][ T7869]  __sys_sendto+0x365/0x4c0
[  174.162865][ T7869]  ? __pfx___sys_sendto+0x10/0x10
[  174.162895][ T7869]  ? __fget_files+0x2a/0x420
[  174.162924][ T7869]  ? ksys_write+0x275/0x2d0
[  174.162960][ T7869]  __x64_sys_sendto+0xde/0x100
[  174.162982][ T7869]  do_syscall_64+0xf3/0x230
[  174.163007][ T7869]  ? clear_bhb_loop+0x45/0xa0
[  174.163029][ T7869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.163048][ T7869] RIP: 0033:0x7fbf1a98d169
[  174.163066][ T7869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.163081][ T7869] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  174.163102][ T7869] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  174.163117][ T7869] RDX: 0000000000000001 RSI: 0000200000000500 RDI: 0000000000000003
[  174.163129][ T7869] RBP: 00007fbf187f6090 R08: 0000200000000140 R09: 000000000000001c
[  174.163141][ T7869] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000001
[  174.163153][ T7869] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  174.163184][ T7869]  </TASK>
[  174.616617][ T5842] Bluetooth: hci2: command tx timeout
[  174.794045][ T7747] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.837678][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.541'.
[  174.868036][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.541'.
[  174.882329][ T7881] netlink: 'syz.3.541': attribute type 1 has an invalid length.
[  174.890343][ T7881] netlink: 10 bytes leftover after parsing attributes in process `syz.3.541'.
[  174.937959][ T7881] nbd: socks must be embedded in a SOCK_ITEM attr
[  174.952149][ T7747] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.966026][ T7881] block nbd0: shutting down sockets
[  175.170634][ T7747] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.305363][ T7747] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.531240][ T7902] FAULT_INJECTION: forcing a failure.
[  175.531240][ T7902] name failslab, interval 1, probability 0, space 0, times 0
[  175.565632][ T7902] CPU: 0 UID: 0 PID: 7902 Comm: syz.3.549 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  175.565661][ T7902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  175.565674][ T7902] Call Trace:
[  175.565682][ T7902]  <TASK>
[  175.565690][ T7902]  dump_stack_lvl+0x241/0x360
[  175.565729][ T7902]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.565759][ T7902]  ? __pfx__printk+0x10/0x10
[  175.565794][ T7902]  ? __pfx___might_resched+0x10/0x10
[  175.565825][ T7902]  should_fail_ex+0x424/0x570
[  175.565854][ T7902]  should_failslab+0xac/0x100
[  175.565885][ T7902]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  175.565916][ T7902]  ? __alloc_skb+0x1c2/0x480
[  175.565940][ T7902]  __alloc_skb+0x1c2/0x480
[  175.565966][ T7902]  ? __pfx___alloc_skb+0x10/0x10
[  175.565993][ T7902]  ? netlink_ack_tlv_len+0x6e/0x200
[  175.566027][ T7902]  netlink_ack+0x147/0xa70
[  175.566054][ T7902]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  175.566092][ T7902]  ? ref_tracker_free+0x63e/0x7e0
[  175.566124][ T7902]  netlink_rcv_skb+0x296/0x480
[  175.566156][ T7902]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  175.566188][ T7902]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  175.566238][ T7902]  ? netlink_deliver_tap+0x2e/0x1b0
[  175.566282][ T7902]  ? netlink_deliver_tap+0x2e/0x1b0
[  175.566316][ T7902]  netlink_unicast+0x7f8/0x9a0
[  175.566354][ T7902]  ? __pfx_netlink_unicast+0x10/0x10
[  175.566384][ T7902]  ? skb_put+0x114/0x1f0
[  175.566414][ T7902]  netlink_sendmsg+0x8c3/0xcd0
[  175.566458][ T7902]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.566493][ T7902]  ? aa_sock_msg_perm+0x91/0x160
[  175.566530][ T7902]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.566558][ T7902]  __sock_sendmsg+0x221/0x270
[  175.566591][ T7902]  ____sys_sendmsg+0x523/0x860
[  175.566622][ T7902]  ? __pfx_____sys_sendmsg+0x10/0x10
[  175.566642][ T7902]  ? __fget_files+0x2a/0x420
[  175.566665][ T7902]  ? __fget_files+0x2a/0x420
[  175.566694][ T7902]  __sys_sendmsg+0x271/0x360
[  175.566722][ T7902]  ? __pfx___sys_sendmsg+0x10/0x10
[  175.566809][ T7902]  ? do_syscall_64+0xb6/0x230
[  175.566840][ T7902]  do_syscall_64+0xf3/0x230
[  175.566867][ T7902]  ? clear_bhb_loop+0x45/0xa0
[  175.566892][ T7902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.566911][ T7902] RIP: 0033:0x7fd27ff8d169
[  175.566929][ T7902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.566945][ T7902] RSP: 002b:00007fd280d9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.566966][ T7902] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8d169
[  175.566981][ T7902] RDX: 0000000000000880 RSI: 00002000000018c0 RDI: 0000000000000005
[  175.566993][ T7902] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  175.567005][ T7902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.567017][ T7902] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  175.567049][ T7902]  </TASK>
[  175.892164][ T7747] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  175.946735][ T7915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'.
[  175.958211][ T7747] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  176.020508][ T7747] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  176.171992][ T7747] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  176.209729][ T7919] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  176.304421][ T7925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.555'.
[  176.354597][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.404254][ T7747] 8021q: adding VLAN 0 to HW filter on device team0
[  176.451229][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.458529][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.483695][ T7930] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  176.515770][ T6076] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.523027][ T6076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.537459][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  176.544344][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  176.699419][ T5838] Bluetooth: hci2: command tx timeout
[  176.837954][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.340070][ T7747] veth0_vlan: entered promiscuous mode
[  177.395509][ T7747] veth1_vlan: entered promiscuous mode
[  177.464146][ T7958] FAULT_INJECTION: forcing a failure.
[  177.464146][ T7958] name failslab, interval 1, probability 0, space 0, times 0
[  177.497616][ T7958] CPU: 0 UID: 0 PID: 7958 Comm: syz.2.564 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  177.497646][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  177.497658][ T7958] Call Trace:
[  177.497666][ T7958]  <TASK>
[  177.497675][ T7958]  dump_stack_lvl+0x241/0x360
[  177.497716][ T7958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.497746][ T7958]  ? __pfx__printk+0x10/0x10
[  177.497780][ T7958]  ? __pfx___might_resched+0x10/0x10
[  177.497813][ T7958]  should_fail_ex+0x424/0x570
[  177.497840][ T7958]  should_failslab+0xac/0x100
[  177.497871][ T7958]  __kmalloc_noprof+0xdf/0x4d0
[  177.497900][ T7958]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  177.497924][ T7958]  ? apparmor_capable+0x13b/0x1b0
[  177.497950][ T7958]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  177.497984][ T7958]  genl_rcv_msg+0x819/0xf00
[  177.498018][ T7958]  ? __pfx_genl_rcv_msg+0x10/0x10
[  177.498039][ T7958]  ? __dev_queue_xmit+0x1780/0x3f60
[  177.498061][ T7958]  ? kasan_save_track+0x3f/0x80
[  177.498082][ T7958]  ? __kasan_slab_alloc+0x66/0x80
[  177.498112][ T7958]  ? do_syscall_64+0xf3/0x230
[  177.498166][ T7958]  ? __lock_acquire+0xad5/0xd80
[  177.498189][ T7958]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  177.498208][ T7958]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  177.498229][ T7958]  ? __pfx_nl80211_post_doit+0x10/0x10
[  177.498263][ T7958]  netlink_rcv_skb+0x208/0x480
[  177.498296][ T7958]  ? __pfx_genl_rcv_msg+0x10/0x10
[  177.498321][ T7958]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  177.498392][ T7958]  ? netlink_deliver_tap+0x2e/0x1b0
[  177.498429][ T7958]  genl_rcv+0x28/0x40
[  177.498450][ T7958]  netlink_unicast+0x7f8/0x9a0
[  177.498504][ T7958]  ? __pfx_netlink_unicast+0x10/0x10
[  177.498533][ T7958]  ? skb_put+0x114/0x1f0
[  177.498567][ T7958]  netlink_sendmsg+0x8c3/0xcd0
[  177.498613][ T7958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.498648][ T7958]  ? aa_sock_msg_perm+0x91/0x160
[  177.498683][ T7958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.498711][ T7958]  __sock_sendmsg+0x221/0x270
[  177.498743][ T7958]  ____sys_sendmsg+0x523/0x860
[  177.498783][ T7958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  177.498803][ T7958]  ? __fget_files+0x2a/0x420
[  177.498826][ T7958]  ? __fget_files+0x2a/0x420
[  177.498854][ T7958]  __sys_sendmsg+0x271/0x360
[  177.498883][ T7958]  ? __pfx___sys_sendmsg+0x10/0x10
[  177.498991][ T7958]  ? do_syscall_64+0xb6/0x230
[  177.499023][ T7958]  do_syscall_64+0xf3/0x230
[  177.499049][ T7958]  ? clear_bhb_loop+0x45/0xa0
[  177.499074][ T7958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.499094][ T7958] RIP: 0033:0x7fc878d8d169
[  177.499112][ T7958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.499128][ T7958] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  177.499151][ T7958] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  177.499166][ T7958] RDX: 0000000020000880 RSI: 00002000000026c0 RDI: 0000000000000004
[  177.499179][ T7958] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  177.499191][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.499203][ T7958] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  177.499235][ T7958]  </TASK>
[  177.953053][ T7962] netlink: 132 bytes leftover after parsing attributes in process `syz.1.566'.
[  178.051216][ T7747] veth0_macvtap: entered promiscuous mode
[  178.062681][ T7747] veth1_macvtap: entered promiscuous mode
[  178.082952][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.093518][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.103665][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.115935][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.127762][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.237733][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.264963][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.356519][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.374404][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.395967][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.450340][ T7747] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.482681][ T7747] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.496516][ T7747] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.505357][ T7747] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.687875][ T6076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.720179][ T6076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.778041][ T5838] Bluetooth: hci2: command tx timeout
[  178.848409][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.885407][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.070542][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.577'.
[  179.104850][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.577'.
[  179.387006][ T8004] FAULT_INJECTION: forcing a failure.
[  179.387006][ T8004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.413328][ T8004] CPU: 1 UID: 0 PID: 8004 Comm: syz.0.581 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  179.413359][ T8004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.413371][ T8004] Call Trace:
[  179.413379][ T8004]  <TASK>
[  179.413388][ T8004]  dump_stack_lvl+0x241/0x360
[  179.413428][ T8004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.413458][ T8004]  ? __pfx__printk+0x10/0x10
[  179.413504][ T8004]  should_fail_ex+0x424/0x570
[  179.413533][ T8004]  _copy_from_user+0x2d/0xb0
[  179.413564][ T8004]  kstrtouint_from_user+0xce/0x1a0
[  179.413593][ T8004]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  179.413623][ T8004]  ? __lock_acquire+0xad5/0xd80
[  179.413658][ T8004]  proc_fail_nth_write+0xac/0x2d0
[  179.413681][ T8004]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  179.413711][ T8004]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  179.413740][ T8004]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  179.413765][ T8004]  vfs_write+0x2bc/0xd10
[  179.413796][ T8004]  ? fdget_pos+0x247/0x310
[  179.413819][ T8004]  ? __pfx_vfs_write+0x10/0x10
[  179.413847][ T8004]  ? __fget_files+0x2a/0x420
[  179.413868][ T8004]  ? __fget_files+0x39d/0x420
[  179.413885][ T8004]  ? __fget_files+0x2a/0x420
[  179.413915][ T8004]  ksys_write+0x19d/0x2d0
[  179.413942][ T8004]  ? __pfx_ksys_write+0x10/0x10
[  179.413974][ T8004]  ? do_syscall_64+0xb6/0x230
[  179.414005][ T8004]  do_syscall_64+0xf3/0x230
[  179.414032][ T8004]  ? clear_bhb_loop+0x45/0xa0
[  179.414057][ T8004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.414077][ T8004] RIP: 0033:0x7fbf1a98bc1f
[  179.414096][ T8004] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  179.414112][ T8004] RSP: 002b:00007fbf187f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  179.414134][ T8004] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbf1a98bc1f
[  179.414148][ T8004] RDX: 0000000000000001 RSI: 00007fbf187f60a0 RDI: 0000000000000007
[  179.414160][ T8004] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  179.414173][ T8004] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  179.414185][ T8004] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  179.414224][ T8004]  </TASK>
[  179.900474][ T8013] FAULT_INJECTION: forcing a failure.
[  179.900474][ T8013] name failslab, interval 1, probability 0, space 0, times 0
[  179.918541][ T8013] CPU: 1 UID: 0 PID: 8013 Comm: syz.3.585 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  179.918573][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.918586][ T8013] Call Trace:
[  179.918595][ T8013]  <TASK>
[  179.918604][ T8013]  dump_stack_lvl+0x241/0x360
[  179.918645][ T8013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.918676][ T8013]  ? __pfx__printk+0x10/0x10
[  179.918711][ T8013]  ? __pfx___might_resched+0x10/0x10
[  179.918741][ T8013]  should_fail_ex+0x424/0x570
[  179.918770][ T8013]  should_failslab+0xac/0x100
[  179.918825][ T8013]  __kmalloc_noprof+0xdf/0x4d0
[  179.918854][ T8013]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  179.918885][ T8013]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  179.918924][ T8013]  tomoyo_realpath_from_path+0xcf/0x5e0
[  179.918972][ T8013]  tomoyo_path_number_perm+0x245/0x790
[  179.919004][ T8013]  ? tomoyo_path_number_perm+0x215/0x790
[  179.919035][ T8013]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  179.919071][ T8013]  ? ksys_write+0x24e/0x2d0
[  179.919103][ T8013]  ? __lock_acquire+0xad5/0xd80
[  179.919147][ T8013]  ? __fget_files+0x2a/0x420
[  179.919166][ T8013]  ? __fget_files+0x2a/0x420
[  179.919195][ T8013]  ? __fget_files+0x2a/0x420
[  179.919221][ T8013]  security_file_ioctl+0xc6/0x2a0
[  179.919248][ T8013]  __se_sys_ioctl+0x46/0x160
[  179.919276][ T8013]  do_syscall_64+0xf3/0x230
[  179.919305][ T8013]  ? clear_bhb_loop+0x45/0xa0
[  179.919329][ T8013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.919349][ T8013] RIP: 0033:0x7fd27ff8d169
[  179.919368][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.919385][ T8013] RSP: 002b:00007fd280d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  179.919407][ T8013] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8d169
[  179.919422][ T8013] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000005
[  179.919436][ T8013] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  179.919449][ T8013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.919461][ T8013] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  179.919494][ T8013]  </TASK>
[  179.919503][ T8013] ERROR: Out of memory at tomoyo_realpath_from_path.
[  180.189854][ T5944] hid (null): unknown global tag 0xe
[  180.958930][ T5944] hid-generic 0005:15C2:0A0F.0001: unknown global tag 0xe
[  180.966212][ T5944] hid-generic 0005:15C2:0A0F.0001: item 0 2 1 14 parsing failed
[  180.974701][ T5944] hid-generic 0005:15C2:0A0F.0001: probe with driver hid-generic failed with error -22
[  181.819740][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  181.827649][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  182.370816][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  182.382362][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  182.390755][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  182.403327][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  182.411618][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  182.588756][ T8068] wg1 speed is unknown, defaulting to 1000
[  182.921800][ T8083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.608'.
[  182.992940][ T8083] xfrm1: entered allmulticast mode
[  183.238037][ T8094] FAULT_INJECTION: forcing a failure.
[  183.238037][ T8094] name failslab, interval 1, probability 0, space 0, times 0
[  183.306955][ T8094] CPU: 0 UID: 0 PID: 8094 Comm: syz.2.613 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  183.306986][ T8094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  183.306999][ T8094] Call Trace:
[  183.307006][ T8094]  <TASK>
[  183.307015][ T8094]  dump_stack_lvl+0x241/0x360
[  183.307052][ T8094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.307082][ T8094]  ? __pfx__printk+0x10/0x10
[  183.307113][ T8094]  ? __pfx___might_resched+0x10/0x10
[  183.307143][ T8094]  should_fail_ex+0x424/0x570
[  183.307170][ T8094]  should_failslab+0xac/0x100
[  183.307201][ T8094]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  183.307248][ T8094]  ? __alloc_skb+0x1c2/0x480
[  183.307272][ T8094]  __alloc_skb+0x1c2/0x480
[  183.307298][ T8094]  ? __pfx___alloc_skb+0x10/0x10
[  183.307320][ T8094]  ? netlink_autobind+0xd6/0x2f0
[  183.307338][ T8094]  ? netlink_autobind+0x2b0/0x2f0
[  183.307362][ T8094]  netlink_sendmsg+0x638/0xcd0
[  183.307407][ T8094]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.307443][ T8094]  ? aa_sock_msg_perm+0x91/0x160
[  183.307478][ T8094]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.307507][ T8094]  __sock_sendmsg+0x221/0x270
[  183.307539][ T8094]  ____sys_sendmsg+0x523/0x860
[  183.307572][ T8094]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.307592][ T8094]  ? __fget_files+0x2a/0x420
[  183.307614][ T8094]  ? __fget_files+0x2a/0x420
[  183.307644][ T8094]  __sys_sendmsg+0x271/0x360
[  183.307672][ T8094]  ? __pfx___sys_sendmsg+0x10/0x10
[  183.307755][ T8094]  ? do_syscall_64+0xb6/0x230
[  183.307785][ T8094]  do_syscall_64+0xf3/0x230
[  183.307812][ T8094]  ? clear_bhb_loop+0x45/0xa0
[  183.307838][ T8094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.307858][ T8094] RIP: 0033:0x7fc878d8d169
[  183.307877][ T8094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.307902][ T8094] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.307926][ T8094] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  183.307940][ T8094] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  183.307953][ T8094] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  183.307966][ T8094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.307978][ T8094] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  183.308010][ T8094]  </TASK>
[  183.563962][ T8099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.615'.
[  183.659871][ T8096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.611'.
[  184.206175][ T8068] chnl_net:caif_netlink_parms(): no params data found
[  184.305608][ T8129] FAULT_INJECTION: forcing a failure.
[  184.305608][ T8129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.322868][ T8129] CPU: 0 UID: 0 PID: 8129 Comm: syz.2.625 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  184.322898][ T8129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  184.322910][ T8129] Call Trace:
[  184.322918][ T8129]  <TASK>
[  184.322927][ T8129]  dump_stack_lvl+0x241/0x360
[  184.322965][ T8129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.322994][ T8129]  ? __pfx__printk+0x10/0x10
[  184.323037][ T8129]  should_fail_ex+0x424/0x570
[  184.323065][ T8129]  _copy_from_user+0x2d/0xb0
[  184.323096][ T8129]  copy_msghdr_from_user+0xb3/0x580
[  184.323131][ T8129]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  184.323157][ T8129]  ? __fget_files+0x2a/0x420
[  184.323178][ T8129]  ? __fget_files+0x2a/0x420
[  184.323205][ T8129]  __sys_sendmsg+0x20a/0x360
[  184.323233][ T8129]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.323313][ T8129]  ? do_syscall_64+0xb6/0x230
[  184.323342][ T8129]  do_syscall_64+0xf3/0x230
[  184.323369][ T8129]  ? clear_bhb_loop+0x45/0xa0
[  184.323392][ T8129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.323411][ T8129] RIP: 0033:0x7fc878d8d169
[  184.323429][ T8129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.323446][ T8129] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.323468][ T8129] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  184.323482][ T8129] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  184.323494][ T8129] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  184.323506][ T8129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.323518][ T8129] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  184.323548][ T8129]  </TASK>
[  184.520995][ T5842] Bluetooth: hci2: command tx timeout
[  184.807638][ T8068] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.814869][ T8068] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.831545][ T8144] sctp: [Deprecated]: syz.2.629 (pid 8144) Use of struct sctp_assoc_value in delayed_ack socket option.
[  184.831545][ T8144] Use struct sctp_sack_info instead
[  184.859932][ T8147] FAULT_INJECTION: forcing a failure.
[  184.859932][ T8147] name failslab, interval 1, probability 0, space 0, times 0
[  184.874005][ T8068] bridge_slave_0: entered allmulticast mode
[  184.888539][ T8068] bridge_slave_0: entered promiscuous mode
[  184.889240][ T8147] CPU: 1 UID: 0 PID: 8147 Comm: syz.0.630 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  184.889269][ T8147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  184.889283][ T8147] Call Trace:
[  184.889293][ T8147]  <TASK>
[  184.889301][ T8147]  dump_stack_lvl+0x241/0x360
[  184.889342][ T8147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.889373][ T8147]  ? __pfx__printk+0x10/0x10
[  184.889409][ T8147]  ? __pfx___might_resched+0x10/0x10
[  184.889444][ T8147]  should_fail_ex+0x424/0x570
[  184.889473][ T8147]  should_failslab+0xac/0x100
[  184.889506][ T8147]  __kmalloc_cache_noprof+0x73/0x370
[  184.889545][ T8147]  ? ip_set_create+0x338/0x1960
[  184.889574][ T8147]  ip_set_create+0x338/0x1960
[  184.889602][ T8147]  ? __pfx_rcu_is_watching+0x1/0x10
[  184.889632][ T8147]  ? trace_contention_end+0x3c/0x120
[  184.889665][ T8147]  ? __pfx_ip_set_create+0x10/0x10
[  184.889726][ T8147]  ? nfnetlink_rcv_msg+0x227/0x1190
[  184.889752][ T8147]  nfnetlink_rcv_msg+0xbf7/0x1190
[  184.889775][ T8147]  ? nfnetlink_rcv_msg+0x227/0x1190
[  184.889826][ T8147]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  184.889847][ T8147]  ? stack_trace_save+0x11a/0x1d0
[  184.889906][ T8147]  ? kmem_cache_free+0x197/0x410
[  184.889933][ T8147]  ? nlmon_xmit+0xaf/0x100
[  184.889962][ T8147]  ? dev_hard_start_xmit+0x2d9/0x830
[  184.889984][ T8147]  ? __dev_queue_xmit+0x1b80/0x3f60
[  184.890006][ T8147]  ? __netlink_deliver_tap+0x561/0x7f0
[  184.890036][ T8147]  ? netlink_deliver_tap+0x19d/0x1b0
[  184.890066][ T8147]  ? netlink_unicast+0x7c6/0x9a0
[  184.890091][ T8147]  ? netlink_sendmsg+0x8c3/0xcd0
[  184.890121][ T8147]  ? __sock_sendmsg+0x221/0x270
[  184.890167][ T8147]  netlink_rcv_skb+0x208/0x480
[  184.890198][ T8147]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  184.890225][ T8147]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  184.890272][ T8147]  ? apparmor_capable+0x13b/0x1b0
[  184.890297][ T8147]  ? bpf_lsm_capable+0x9/0x10
[  184.890322][ T8147]  ? security_capable+0x7e/0x2d0
[  184.890359][ T8147]  nfnetlink_rcv+0x296/0x28f0
[  184.890386][ T8147]  ? __dev_queue_xmit+0x2f9/0x3f60
[  184.890410][ T8147]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  184.890437][ T8147]  ? __dev_queue_xmit+0x2f9/0x3f60
[  184.890461][ T8147]  ? __dev_queue_xmit+0x2f9/0x3f60
[  184.890487][ T8147]  ? __dev_queue_xmit+0x1780/0x3f60
[  184.890509][ T8147]  ? kasan_save_track+0x3f/0x80
[  184.890537][ T8147]  ? __kasan_slab_alloc+0x66/0x80
[  184.890570][ T8147]  ? do_syscall_64+0xf3/0x230
[  184.890603][ T8147]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  184.890625][ T8147]  ? __dev_queue_xmit+0x2f9/0x3f60
[  184.890655][ T8147]  ? __pfx___dev_queue_xmit+0x10/0x10
[  184.890700][ T8147]  ? ref_tracker_free+0x63e/0x7e0
[  184.890725][ T8147]  ? __asan_memcpy+0x40/0x70
[  184.890746][ T8147]  ? __pfx_ref_tracker_free+0x10/0x10
[  184.890768][ T8147]  ? __skb_clone+0x5c/0x6d0
[  184.890810][ T8147]  ? skb_clone+0x240/0x390
[  184.890847][ T8147]  ? netlink_deliver_tap+0x2e/0x1b0
[  184.890886][ T8147]  ? netlink_deliver_tap+0x2e/0x1b0
[  184.890920][ T8147]  netlink_unicast+0x7f8/0x9a0
[  184.890959][ T8147]  ? __pfx_netlink_unicast+0x10/0x10
[  184.890990][ T8147]  ? skb_put+0x114/0x1f0
[  184.891016][ T8147]  netlink_sendmsg+0x8c3/0xcd0
[  184.891063][ T8147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.891100][ T8147]  ? aa_sock_msg_perm+0x91/0x160
[  184.891137][ T8147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.891166][ T8147]  __sock_sendmsg+0x221/0x270
[  184.891199][ T8147]  ____sys_sendmsg+0x523/0x860
[  184.891232][ T8147]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.891252][ T8147]  ? __fget_files+0x2a/0x420
[  184.891276][ T8147]  ? __fget_files+0x2a/0x420
[  184.891306][ T8147]  __sys_sendmsg+0x271/0x360
[  184.891336][ T8147]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.891422][ T8147]  ? do_syscall_64+0xb6/0x230
[  184.891495][ T8147]  do_syscall_64+0xf3/0x230
[  184.891589][ T8147]  ? clear_bhb_loop+0x45/0xa0
[  184.891617][ T8147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.891638][ T8147] RIP: 0033:0x7fbf1a98d169
[  184.891659][ T8147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.891679][ T8147] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.891704][ T8147] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  184.891721][ T8147] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  184.891735][ T8147] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  184.891749][ T8147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.891762][ T8147] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  184.891867][ T8147]  </TASK>
[  184.954019][ T8151] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  184.962735][ T8068] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.036508][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  185.039016][ T8151] Cannot find set identified by id 0 to match
[  185.044143][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  185.333330][ T8068] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.468055][ T8068] bridge_slave_1: entered allmulticast mode
[  185.478013][ T8068] bridge_slave_1: entered promiscuous mode
[  185.492861][ T8150] smc: adding net device pim6reg1 with user defined pnetid SYZ2
[  185.529021][ T8150] smc: removing net device pim6reg1 with user defined pnetid SYZ2
[  185.709344][ T8165] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  185.718884][ T8165] macsec1: entered promiscuous mode
[  185.724338][ T8165] macsec1: entered allmulticast mode
[  185.756658][ T8165] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  185.903227][ T8068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.044024][ T8180] vlan0: entered allmulticast mode
[  186.052974][ T8180] bridge_slave_0: entered allmulticast mode
[  186.079983][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.642'.
[  186.133608][ T8068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.185612][ T8186] vlan2: entered promiscuous mode
[  186.190777][ T8186] batadv0: entered promiscuous mode
[  186.311503][ T8068] team0: Port device team_slave_0 added
[  186.343729][ T8068] team0: Port device team_slave_1 added
[  186.428836][ T8068] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.473656][ T8068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.509322][ T8068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.537494][ T5838] Bluetooth: hci2: command tx timeout
[  186.547713][ T8068] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.555073][ T8068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.581454][ T8068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.602300][ T8194] 8021q: VLANs not supported on vxcan1
[  186.792840][ T8206] netlink: 40 bytes leftover after parsing attributes in process `syz.0.648'.
[  186.828734][ T8068] hsr_slave_0: entered promiscuous mode
[  186.835627][ T8068] hsr_slave_1: entered promiscuous mode
[  186.849104][ T8068] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  186.859802][ T8068] Cannot create hsr debugfs directory
[  186.865890][ T8210] netlink: 20 bytes leftover after parsing attributes in process `syz.0.648'.
[  187.312232][ T8225] wg1 speed is unknown, defaulting to 1000
[  187.601132][ T8068] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.751496][ T8068] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.845092][ T8234] netlink: 32 bytes leftover after parsing attributes in process `syz.0.656'.
[  187.985150][ T8068] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.104110][ T8068] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.565455][ T8259] netlink: 356 bytes leftover after parsing attributes in process `syz.1.662'.
[  188.627402][ T5838] Bluetooth: hci2: command tx timeout
[  188.797158][ T8068] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  188.825382][ T8068] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  188.833481][ T8266] netlink: 'syz.3.665': attribute type 39 has an invalid length.
[  188.850309][ T8068] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  188.861026][ T8266] netlink: 36 bytes leftover after parsing attributes in process `syz.3.665'.
[  188.877362][ T8068] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  188.898974][ T8266] netlink: 40 bytes leftover after parsing attributes in process `syz.3.665'.
[  189.106320][ T8270] netlink: 'syz.3.666': attribute type 39 has an invalid length.
[  189.125221][ T8068] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.155100][ T8270] netlink: 36 bytes leftover after parsing attributes in process `syz.3.666'.
[  189.183154][ T8270] netlink: 40 bytes leftover after parsing attributes in process `syz.3.666'.
[  189.187545][ T8068] 8021q: adding VLAN 0 to HW filter on device team0
[  189.222509][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.229754][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.249779][ T2128] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.257005][ T2128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  189.883887][ T8300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.670'.
[  190.073183][ T8068] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.180906][ T8308] netlink: 'syz.0.676': attribute type 39 has an invalid length.
[  190.228682][ T8308] netlink: 36 bytes leftover after parsing attributes in process `syz.0.676'.
[  190.271109][ T8308] netlink: 40 bytes leftover after parsing attributes in process `syz.0.676'.
[  190.644613][ T8325] netlink: 64 bytes leftover after parsing attributes in process `syz.2.683'.
[  190.697143][ T5842] Bluetooth: hci2: command tx timeout
[  190.839838][ T8334] netlink: 28 bytes leftover after parsing attributes in process `syz.2.683'.
[  191.284755][ T8334] team_slave_0: entered promiscuous mode
[  191.316616][ T8334] team_slave_0: left promiscuous mode
[  191.318387][ T8353] netlink: 'syz.0.688': attribute type 11 has an invalid length.
[  191.582338][ T8068] veth0_vlan: entered promiscuous mode
[  191.623008][ T8068] veth1_vlan: entered promiscuous mode
[  191.633923][    C1] vcan0: j1939_tp_rxtimer: 0xffff888064ee5400: rx timeout, send abort
[  191.733036][ T8068] veth0_macvtap: entered promiscuous mode
[  191.754509][ T8364] FAULT_INJECTION: forcing a failure.
[  191.754509][ T8364] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.767209][ T8068] veth1_macvtap: entered promiscuous mode
[  191.773457][ T8364] CPU: 0 UID: 0 PID: 8364 Comm: syz.2.692 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  191.773485][ T8364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  191.773498][ T8364] Call Trace:
[  191.773507][ T8364]  <TASK>
[  191.773516][ T8364]  dump_stack_lvl+0x241/0x360
[  191.773554][ T8364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.773583][ T8364]  ? __pfx__printk+0x10/0x10
[  191.773626][ T8364]  should_fail_ex+0x424/0x570
[  191.773652][ T8364]  _copy_from_iter+0x211/0x1c70
[  191.773686][ T8364]  ? __build_skb_around+0x247/0x3d0
[  191.773723][ T8364]  ? __alloc_skb+0x298/0x480
[  191.773741][ T8364]  ? __pfx__copy_from_iter+0x10/0x10
[  191.773770][ T8364]  ? __pfx___alloc_skb+0x10/0x10
[  191.773792][ T8364]  ? skb_put+0x114/0x1f0
[  191.773816][ T8364]  netlink_sendmsg+0x73c/0xcd0
[  191.773860][ T8364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.773895][ T8364]  ? aa_sock_msg_perm+0x91/0x160
[  191.773930][ T8364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.773957][ T8364]  __sock_sendmsg+0x221/0x270
[  191.773989][ T8364]  ____sys_sendmsg+0x523/0x860
[  191.774020][ T8364]  ? __pfx_____sys_sendmsg+0x10/0x10
[  191.774039][ T8364]  ? __fget_files+0x2a/0x420
[  191.774062][ T8364]  ? __fget_files+0x2a/0x420
[  191.774089][ T8364]  __sys_sendmsg+0x271/0x360
[  191.774117][ T8364]  ? __pfx___sys_sendmsg+0x10/0x10
[  191.774196][ T8364]  ? do_syscall_64+0xb6/0x230
[  191.774233][ T8364]  do_syscall_64+0xf3/0x230
[  191.774259][ T8364]  ? clear_bhb_loop+0x45/0xa0
[  191.774283][ T8364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.774303][ T8364] RIP: 0033:0x7fc878d8d169
[  191.774321][ T8364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.774339][ T8364] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  191.774360][ T8364] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  191.774375][ T8364] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000004
[  191.774388][ T8364] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  191.774400][ T8364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.774412][ T8364] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  191.774448][ T8364]  </TASK>
[  192.030403][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.041013][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.089465][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.129604][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.139965][    C1] vcan0: j1939_tp_rxtimer: 0xffff888064ee6800: rx timeout, send abort
[  192.148389][    C1] vcan0: j1939_tp_rxtimer: 0xffff888064ee5400: abort rx timeout. Force session deactivation
[  192.159366][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.173334][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.185129][ T8068] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.206255][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  192.218825][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.228890][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  192.239605][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.253117][ T8068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  192.263760][ T8068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.279855][ T8068] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.301215][ T8068] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.322931][ T8068] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.355053][ T8068] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.365884][ T8068] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.381905][   T56] Bluetooth: hci0: command 0x0401 tx timeout
[  192.384826][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  192.403779][ T8367] netlink: 'syz.2.693': attribute type 39 has an invalid length.
[  192.523377][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.545280][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.634977][ T6076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.643138][    C1] vcan0: j1939_tp_rxtimer: 0xffff888064ee6800: abort rx timeout. Force session deactivation
[  192.675184][ T6076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.895215][ T8387] syz.0.700 uses old SIOCAX25GETINFO
[  193.011547][ T8391] netlink: 'syz.0.700': attribute type 1 has an invalid length.
[  193.164559][ T8391] bond1: entered promiscuous mode
[  193.189808][ T8391] 8021q: adding VLAN 0 to HW filter on device bond1
[  193.213692][ T8394] 8021q: adding VLAN 0 to HW filter on device bond1
[  193.221697][ T8394] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  193.232345][ T8394] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  193.247371][ T8394] bond1: (slave ip6gre1): making interface the new active one
[  193.257814][ T8394] ip6gre1: entered promiscuous mode
[  193.264599][ T8394] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  193.285966][ T8399] xt_hashlimit: overflow, try lower: 0/0
[  193.501308][ T5838] Bluetooth: hci2: command 0x0405 tx timeout
[  194.302199][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  194.313953][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  194.883270][ T8429] FAULT_INJECTION: forcing a failure.
[  194.883270][ T8429] name failslab, interval 1, probability 0, space 0, times 0
[  194.906960][ T8429] CPU: 1 UID: 0 PID: 8429 Comm: syz.2.710 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  194.906992][ T8429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  194.907006][ T8429] Call Trace:
[  194.907014][ T8429]  <TASK>
[  194.907032][ T8429]  dump_stack_lvl+0x241/0x360
[  194.907074][ T8429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.907105][ T8429]  ? __pfx__printk+0x10/0x10
[  194.907140][ T8429]  ? __pfx___might_resched+0x10/0x10
[  194.907173][ T8429]  should_fail_ex+0x424/0x570
[  194.907208][ T8429]  should_failslab+0xac/0x100
[  194.907239][ T8429]  __kmalloc_cache_noprof+0x73/0x370
[  194.907269][ T8429]  ? netlbl_mgmt_add_common+0x57/0x12e0
[  194.907307][ T8429]  netlbl_mgmt_add_common+0x57/0x12e0
[  194.907345][ T8429]  ? apparmor_current_getlsmprop_subj+0xde/0x160
[  194.907374][ T8429]  ? end_current_label_crit_section+0x151/0x180
[  194.907408][ T8429]  netlbl_mgmt_adddef+0x315/0x3a0
[  194.907441][ T8429]  ? __pfx_netlbl_mgmt_adddef+0x10/0x10
[  194.907477][ T8429]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  194.907512][ T8429]  genl_rcv_msg+0xb38/0xf00
[  194.907548][ T8429]  ? __pfx_genl_rcv_msg+0x10/0x10
[  194.907568][ T8429]  ? stack_trace_save+0x11a/0x1d0
[  194.907603][ T8429]  ? __pfx_stack_trace_save+0x10/0x10
[  194.907637][ T8429]  ? stack_depot_save_flags+0x44/0x940
[  194.907657][ T8429]  ? stack_trace_snprint+0x71/0xf0
[  194.907704][ T8429]  ? __lock_acquire+0xad5/0xd80
[  194.907729][ T8429]  ? __pfx_netlbl_mgmt_adddef+0x10/0x10
[  194.907776][ T8429]  netlink_rcv_skb+0x208/0x480
[  194.907809][ T8429]  ? __pfx_genl_rcv_msg+0x10/0x10
[  194.907835][ T8429]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  194.907891][ T8429]  ? netlink_deliver_tap+0x2e/0x1b0
[  194.907931][ T8429]  genl_rcv+0x28/0x40
[  194.907951][ T8429]  netlink_unicast+0x7f8/0x9a0
[  194.907990][ T8429]  ? __pfx_netlink_unicast+0x10/0x10
[  194.908021][ T8429]  ? skb_put+0x114/0x1f0
[  194.908054][ T8429]  netlink_sendmsg+0x8c3/0xcd0
[  194.908101][ T8429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  194.908138][ T8429]  ? aa_sock_msg_perm+0x91/0x160
[  194.908173][ T8429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  194.908202][ T8429]  __sock_sendmsg+0x221/0x270
[  194.908233][ T8429]  ____sys_sendmsg+0x523/0x860
[  194.908265][ T8429]  ? __pfx_____sys_sendmsg+0x10/0x10
[  194.908284][ T8429]  ? __fget_files+0x2a/0x420
[  194.908306][ T8429]  ? __fget_files+0x2a/0x420
[  194.908336][ T8429]  __sys_sendmsg+0x271/0x360
[  194.908365][ T8429]  ? __pfx___sys_sendmsg+0x10/0x10
[  194.908445][ T8429]  ? do_syscall_64+0xb6/0x230
[  194.908476][ T8429]  do_syscall_64+0xf3/0x230
[  194.908503][ T8429]  ? clear_bhb_loop+0x45/0xa0
[  194.908527][ T8429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.908547][ T8429] RIP: 0033:0x7fc878d8d169
[  194.908566][ T8429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.908585][ T8429] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  194.908607][ T8429] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  194.908622][ T8429] RDX: 0000000004040000 RSI: 0000200000000100 RDI: 0000000000000004
[  194.908635][ T8429] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  194.908647][ T8429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.908660][ T8429] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  194.908693][ T8429]  </TASK>
[  194.956907][ T8430] __nla_validate_parse: 5 callbacks suppressed
[  194.956931][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.711'.
[  195.018029][ T8425] netlink: 36 bytes leftover after parsing attributes in process `syz.1.709'.
[  195.286968][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.711'.
[  195.340304][ T8430] vlan3: entered promiscuous mode
[  195.357205][ T8430] gretap0: entered promiscuous mode
[  195.452689][ T8443] wg1 speed is unknown, defaulting to 1000
[  195.827182][   T56] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  195.837316][   T56] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  195.846154][   T56] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  195.859674][   T56] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  195.868008][   T56] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  196.095798][ T8456] FAULT_INJECTION: forcing a failure.
[  196.095798][ T8456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.130396][ T8456] CPU: 1 UID: 0 PID: 8456 Comm: syz.2.718 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  196.130428][ T8456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  196.130441][ T8456] Call Trace:
[  196.130450][ T8456]  <TASK>
[  196.130476][ T8456]  dump_stack_lvl+0x241/0x360
[  196.130516][ T8456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.130549][ T8456]  ? __pfx__printk+0x10/0x10
[  196.130591][ T8456]  should_fail_ex+0x424/0x570
[  196.130629][ T8456]  _copy_from_user+0x2d/0xb0
[  196.130662][ T8456]  copy_msghdr_from_user+0xb3/0x580
[  196.130697][ T8456]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  196.130723][ T8456]  ? __fget_files+0x2a/0x420
[  196.130746][ T8456]  ? __fget_files+0x2a/0x420
[  196.130776][ T8456]  __sys_sendmsg+0x20a/0x360
[  196.130806][ T8456]  ? __pfx___sys_sendmsg+0x10/0x10
[  196.130887][ T8456]  ? do_syscall_64+0xb6/0x230
[  196.130919][ T8456]  do_syscall_64+0xf3/0x230
[  196.130945][ T8456]  ? clear_bhb_loop+0x45/0xa0
[  196.130971][ T8456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.130991][ T8456] RIP: 0033:0x7fc878d8d169
[  196.131009][ T8456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.131027][ T8456] RSP: 002b:00007fc879c6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  196.131050][ T8456] RAX: ffffffffffffffda RBX: 00007fc878fa5fa0 RCX: 00007fc878d8d169
[  196.131066][ T8456] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  196.131079][ T8456] RBP: 00007fc879c6a090 R08: 0000000000000000 R09: 0000000000000000
[  196.131091][ T8456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.131104][ T8456] R13: 0000000000000000 R14: 00007fc878fa5fa0 R15: 00007ffc22224308
[  196.131137][ T8456]  </TASK>
[  196.399454][ T8448] wg1 speed is unknown, defaulting to 1000
[  196.453275][ T8463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.720'.
[  197.212392][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.721'.
[  197.337236][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  197.391447][ T8483] netlink: 'syz.0.724': attribute type 39 has an invalid length.
[  197.451428][ T8488] netlink: 36 bytes leftover after parsing attributes in process `syz.0.724'.
[  197.780324][ T8448] chnl_net:caif_netlink_parms(): no params data found
[  197.984706][ T5838] Bluetooth: hci2: command tx timeout
[  198.438077][ T8448] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.455647][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.667228][ T8448] bridge_slave_0: entered allmulticast mode
[  198.675261][ T8448] bridge_slave_0: entered promiscuous mode
[  198.698636][ T8448] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.705940][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.716861][ T8448] bridge_slave_1: entered allmulticast mode
[  198.738066][ T8448] bridge_slave_1: entered promiscuous mode
[  198.881659][ T8542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.737'.
[  199.367920][ T8549] netlink: 'syz.3.738': attribute type 39 has an invalid length.
[  199.421059][ T8554] netlink: 36 bytes leftover after parsing attributes in process `syz.3.738'.
[  199.549032][ T8560] FAULT_INJECTION: forcing a failure.
[  199.549032][ T8560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.562891][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.0.741 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  199.562919][ T8560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  199.562932][ T8560] Call Trace:
[  199.562940][ T8560]  <TASK>
[  199.562948][ T8560]  dump_stack_lvl+0x241/0x360
[  199.562986][ T8560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.563016][ T8560]  ? __pfx__printk+0x10/0x10
[  199.563057][ T8560]  should_fail_ex+0x424/0x570
[  199.563085][ T8560]  _copy_to_user+0x31/0xb0
[  199.563117][ T8560]  simple_read_from_buffer+0xc4/0x170
[  199.563152][ T8560]  proc_fail_nth_read+0x1ef/0x260
[  199.563177][ T8560]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.563202][ T8560]  ? rw_verify_area+0x246/0x630
[  199.563224][ T8560]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.563247][ T8560]  vfs_read+0x21f/0xb90
[  199.563276][ T8560]  ? __pfx___mutex_lock+0x10/0x10
[  199.563304][ T8560]  ? __pfx_vfs_read+0x10/0x10
[  199.563330][ T8560]  ? __fget_files+0x2a/0x420
[  199.563350][ T8560]  ? __fget_files+0x39d/0x420
[  199.563379][ T8560]  ? __fget_files+0x2a/0x420
[  199.563408][ T8560]  ksys_read+0x19d/0x2d0
[  199.563434][ T8560]  ? __pfx_ksys_read+0x10/0x10
[  199.563464][ T8560]  ? do_syscall_64+0xb6/0x230
[  199.563494][ T8560]  do_syscall_64+0xf3/0x230
[  199.563520][ T8560]  ? clear_bhb_loop+0x45/0xa0
[  199.563544][ T8560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.563563][ T8560] RIP: 0033:0x7fbf1a98bb7c
[  199.563581][ T8560] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  199.563599][ T8560] RSP: 002b:00007fbf187d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.563621][ T8560] RAX: ffffffffffffffda RBX: 00007fbf1aba6080 RCX: 00007fbf1a98bb7c
[  199.563635][ T8560] RDX: 000000000000000f RSI: 00007fbf187d50a0 RDI: 0000000000000006
[  199.563649][ T8560] RBP: 00007fbf187d5090 R08: 0000000000000000 R09: 0000000000000000
[  199.563661][ T8560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.563673][ T8560] R13: 0000000000000000 R14: 00007fbf1aba6080 R15: 00007ffd4784de48
[  199.563705][ T8560]  </TASK>
[  199.791207][ T8448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.925620][ T8564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.743'.
[  199.941136][ T8448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.059517][ T5842] Bluetooth: hci2: command tx timeout
[  200.234179][ T8448] team0: Port device team_slave_0 added
[  200.315914][ T8448] team0: Port device team_slave_1 added
[  200.459199][ T8588] netlink: 72 bytes leftover after parsing attributes in process `syz.3.749'.
[  200.497886][ T8588] netlink: 452 bytes leftover after parsing attributes in process `syz.3.749'.
[  200.507615][ T8590] FAULT_INJECTION: forcing a failure.
[  200.507615][ T8590] name failslab, interval 1, probability 0, space 0, times 0
[  200.509273][ T8588] FAULT_INJECTION: forcing a failure.
[  200.509273][ T8588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.533765][ T8590] CPU: 0 UID: 0 PID: 8590 Comm: syz.0.751 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  200.533795][ T8590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  200.533807][ T8590] Call Trace:
[  200.533815][ T8590]  <TASK>
[  200.533823][ T8590]  dump_stack_lvl+0x241/0x360
[  200.533861][ T8590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.533891][ T8590]  ? __pfx__printk+0x10/0x10
[  200.533925][ T8590]  ? __pfx___might_resched+0x10/0x10
[  200.533957][ T8590]  should_fail_ex+0x424/0x570
[  200.533985][ T8590]  should_failslab+0xac/0x100
[  200.534016][ T8590]  __kmalloc_noprof+0xdf/0x4d0
[  200.534043][ T8590]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  200.534068][ T8590]  ? apparmor_capable+0x13b/0x1b0
[  200.534094][ T8590]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  200.534126][ T8590]  genl_rcv_msg+0x819/0xf00
[  200.534159][ T8590]  ? __pfx_genl_rcv_msg+0x10/0x10
[  200.534180][ T8590]  ? __dev_queue_xmit+0x1780/0x3f60
[  200.534220][ T8590]  ? kasan_save_track+0x3f/0x80
[  200.534242][ T8590]  ? __kasan_slab_alloc+0x66/0x80
[  200.534274][ T8590]  ? do_syscall_64+0xf3/0x230
[  200.534321][ T8590]  ? __lock_acquire+0xad5/0xd80
[  200.534354][ T8590]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  200.534374][ T8590]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  200.534396][ T8590]  ? __pfx_nl80211_post_doit+0x10/0x10
[  200.534431][ T8590]  netlink_rcv_skb+0x208/0x480
[  200.534464][ T8590]  ? __pfx_genl_rcv_msg+0x10/0x10
[  200.534490][ T8590]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  200.534546][ T8590]  ? netlink_deliver_tap+0x2e/0x1b0
[  200.534585][ T8590]  genl_rcv+0x28/0x40
[  200.534606][ T8590]  netlink_unicast+0x7f8/0x9a0
[  200.534639][ T8590]  ? __pfx_netlink_unicast+0x10/0x10
[  200.534669][ T8590]  ? skb_put+0x114/0x1f0
[  200.534694][ T8590]  netlink_sendmsg+0x8c3/0xcd0
[  200.534738][ T8590]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.534775][ T8590]  ? aa_sock_msg_perm+0x91/0x160
[  200.534812][ T8590]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.534841][ T8590]  __sock_sendmsg+0x221/0x270
[  200.534873][ T8590]  ____sys_sendmsg+0x523/0x860
[  200.534906][ T8590]  ? __pfx_____sys_sendmsg+0x10/0x10
[  200.534926][ T8590]  ? __fget_files+0x2a/0x420
[  200.534951][ T8590]  ? __fget_files+0x2a/0x420
[  200.534981][ T8590]  __sys_sendmsg+0x271/0x360
[  200.535010][ T8590]  ? __pfx___sys_sendmsg+0x10/0x10
[  200.535095][ T8590]  ? do_syscall_64+0xb6/0x230
[  200.535125][ T8590]  do_syscall_64+0xf3/0x230
[  200.535153][ T8590]  ? clear_bhb_loop+0x45/0xa0
[  200.535179][ T8590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.535199][ T8590] RIP: 0033:0x7fbf1a98d169
[  200.535217][ T8590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.535232][ T8590] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.535252][ T8590] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  200.535265][ T8590] RDX: 0000000020000880 RSI: 00002000000026c0 RDI: 0000000000000004
[  200.535276][ T8590] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  200.535287][ T8590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.535298][ T8590] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  200.535326][ T8590]  </TASK>
[  200.535337][ T8588] CPU: 1 UID: 0 PID: 8588 Comm: syz.3.749 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  200.535363][ T8588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  200.535377][ T8588] Call Trace:
[  200.535384][ T8588]  <TASK>
[  200.535392][ T8588]  dump_stack_lvl+0x241/0x360
[  200.535426][ T8588]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.535454][ T8588]  ? __pfx__printk+0x10/0x10
[  200.535495][ T8588]  should_fail_ex+0x424/0x570
[  200.535523][ T8588]  _copy_to_user+0x31/0xb0
[  200.535558][ T8588]  simple_read_from_buffer+0xc4/0x170
[  200.535600][ T8588]  proc_fail_nth_read+0x1ef/0x260
[  200.535635][ T8588]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  200.535668][ T8588]  ? rw_verify_area+0x246/0x630
[  200.535692][ T8588]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  200.535728][ T8588]  vfs_read+0x21f/0xb90
[  200.535759][ T8588]  ? __pfx___mutex_lock+0x10/0x10
[  200.535788][ T8588]  ? __pfx_vfs_read+0x10/0x10
[  200.535816][ T8588]  ? __fget_files+0x2a/0x420
[  200.535837][ T8588]  ? __fget_files+0x39d/0x420
[  200.535855][ T8588]  ? __fget_files+0x2a/0x420
[  200.535892][ T8588]  ksys_read+0x19d/0x2d0
[  200.535920][ T8588]  ? __pfx_ksys_read+0x10/0x10
[  200.535951][ T8588]  ? do_syscall_64+0xb6/0x230
[  200.535982][ T8588]  do_syscall_64+0xf3/0x230
[  200.536010][ T8588]  ? clear_bhb_loop+0x45/0xa0
[  200.536035][ T8588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.536054][ T8588] RIP: 0033:0x7fd27ff8bb7c
[  200.536072][ T8588] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  200.536088][ T8588] RSP: 002b:00007fd280d9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  200.536108][ T8588] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8bb7c
[  200.536123][ T8588] RDX: 000000000000000f RSI: 00007fd280d9e0a0 RDI: 0000000000000005
[  200.536145][ T8588] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  200.536158][ T8588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.536169][ T8588] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  200.536200][ T8588]  </TASK>
[  200.541112][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.623959][ T8592] netlink: 24 bytes leftover after parsing attributes in process `syz.2.748'.
[  200.660246][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.160314][ T8448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.419177][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.426605][ T8615] netlink: 'syz.0.755': attribute type 39 has an invalid length.
[  201.446495][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.523994][ T8448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.580067][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  201.656573][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  201.697861][ T8625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'.
[  201.925625][ T8618] wg1 speed is unknown, defaulting to 1000
[  201.957230][ T8448] hsr_slave_0: entered promiscuous mode
[  201.968353][ T8631] netlink: 'syz.2.758': attribute type 1 has an invalid length.
[  201.991631][ T8448] hsr_slave_1: entered promiscuous mode
[  202.003018][ T8631] netlink: 224 bytes leftover after parsing attributes in process `syz.2.758'.
[  202.023189][ T8448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.049709][ T8448] Cannot create hsr debugfs directory
[  202.139819][ T5838] Bluetooth: hci2: command tx timeout
[  202.330845][ T8623] syzkaller0: entered promiscuous mode
[  202.336798][ T8623] syzkaller0: entered allmulticast mode
[  202.627237][ T8656] net_ratelimit: 10 callbacks suppressed
[  202.627257][ T8656] netlink: del zone limit has 4 unknown bytes
[  204.217835][ T5842] Bluetooth: hci2: command tx timeout
[  204.298768][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  204.304816][ T5842] Bluetooth: hci0: command 0x0401 tx timeout
[  204.553916][ T8679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.765'.
[  204.820305][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.767'.
[  205.018082][ T8448] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.254114][ T8700] netlink: 'syz.0.769': attribute type 39 has an invalid length.
[  205.255638][ T8448] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.308089][ T8702] netlink: 36 bytes leftover after parsing attributes in process `syz.0.769'.
[  205.439158][ T8448] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.528247][ T8448] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.547715][ T8704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.852083][ T8448] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  205.884087][ T8448] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  205.914725][ T8448] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  205.968985][ T8448] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  206.254264][ T8718] FAULT_INJECTION: forcing a failure.
[  206.254264][ T8718] name failslab, interval 1, probability 0, space 0, times 0
[  206.319083][ T8718] CPU: 1 UID: 0 PID: 8718 Comm: syz.0.774 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  206.319115][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  206.319129][ T8718] Call Trace:
[  206.319137][ T8718]  <TASK>
[  206.319146][ T8718]  dump_stack_lvl+0x241/0x360
[  206.319185][ T8718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.319216][ T8718]  ? __pfx__printk+0x10/0x10
[  206.319250][ T8718]  ? __pfx___might_resched+0x10/0x10
[  206.319283][ T8718]  should_fail_ex+0x424/0x570
[  206.319311][ T8718]  should_failslab+0xac/0x100
[  206.319341][ T8718]  __kmalloc_cache_noprof+0x73/0x370
[  206.319370][ T8718]  ? __xdp_reg_mem_model+0x1e4/0x660
[  206.319396][ T8718]  __xdp_reg_mem_model+0x1e4/0x660
[  206.319424][ T8718]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  206.319447][ T8718]  ? page_pool_create_percpu+0x799/0xbd0
[  206.319476][ T8718]  xdp_reg_mem_model+0x22/0x40
[  206.319496][ T8718]  bpf_test_run_xdp_live+0x331/0x2220
[  206.319528][ T8718]  ? arch_stack_walk+0xff/0x150
[  206.319576][ T8718]  ? __pfx_stack_trace_save+0x10/0x10
[  206.319609][ T8718]  ? stack_depot_save_flags+0x44/0x940
[  206.319633][ T8718]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  206.319661][ T8718]  ? is_bpf_text_address+0x26/0x2a0
[  206.319727][ T8718]  ? __lock_acquire+0xad5/0xd80
[  206.319761][ T8718]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  206.319812][ T8718]  ? _copy_from_user+0x95/0xb0
[  206.319852][ T8718]  ? bpf_test_init+0x130/0x170
[  206.319879][ T8718]  ? xdp_convert_md_to_buff+0x5b/0x330
[  206.319912][ T8718]  bpf_prog_test_run_xdp+0x809/0x1200
[  206.319964][ T8718]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  206.319996][ T8718]  ? __fget_files+0x2a/0x420
[  206.320018][ T8718]  ? __fget_files+0x2a/0x420
[  206.320045][ T8718]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  206.320078][ T8718]  bpf_prog_test_run+0x2e4/0x360
[  206.320106][ T8718]  __sys_bpf+0x4ee/0x8b0
[  206.320131][ T8718]  ? __pfx___sys_bpf+0x10/0x10
[  206.320169][ T8718]  ? ksys_write+0x275/0x2d0
[  206.320208][ T8718]  __x64_sys_bpf+0x7c/0x90
[  206.320241][ T8718]  do_syscall_64+0xf3/0x230
[  206.320269][ T8718]  ? clear_bhb_loop+0x45/0xa0
[  206.320293][ T8718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.320314][ T8718] RIP: 0033:0x7fbf1a98d169
[  206.320332][ T8718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.320349][ T8718] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  206.320372][ T8718] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  206.320387][ T8718] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 000000000000000a
[  206.320400][ T8718] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  206.320413][ T8718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.320425][ T8718] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  206.320457][ T8718]  </TASK>
[  206.626771][ T8720] netlink: 28 bytes leftover after parsing attributes in process `syz.2.775'.
[  206.635775][ T8720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.775'.
[  206.769303][ T8448] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.779631][ T8722] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  207.448962][ T8448] 8021q: adding VLAN 0 to HW filter on device team0
[  207.502171][ T2128] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.509414][ T2128] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.616196][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.623470][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.715905][ T8735] netlink: 'syz.0.780': attribute type 39 has an invalid length.
[  207.804098][ T8735] netlink: 36 bytes leftover after parsing attributes in process `syz.0.780'.
[  207.818198][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  207.824302][ T5842] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  208.513886][ T8448] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.831182][ T8766] netlink: 28 bytes leftover after parsing attributes in process `syz.2.787'.
[  208.840835][ T8766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.787'.
[  209.266969][ T8784] FAULT_INJECTION: forcing a failure.
[  209.266969][ T8784] name failslab, interval 1, probability 0, space 0, times 0
[  209.292118][ T8784] CPU: 1 UID: 0 PID: 8784 Comm: syz.3.792 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  209.292149][ T8784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  209.292162][ T8784] Call Trace:
[  209.292170][ T8784]  <TASK>
[  209.292179][ T8784]  dump_stack_lvl+0x241/0x360
[  209.292218][ T8784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.292249][ T8784]  ? __pfx__printk+0x10/0x10
[  209.292284][ T8784]  ? __pfx___might_resched+0x10/0x10
[  209.292316][ T8784]  should_fail_ex+0x424/0x570
[  209.292344][ T8784]  should_failslab+0xac/0x100
[  209.292375][ T8784]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  209.292407][ T8784]  ? __alloc_skb+0x1c2/0x480
[  209.292423][ T8784]  ? __dev_queue_xmit+0x1780/0x3f60
[  209.292454][ T8784]  __alloc_skb+0x1c2/0x480
[  209.292474][ T8784]  ? do_syscall_64+0xf3/0x230
[  209.292505][ T8784]  ? __pfx___alloc_skb+0x10/0x10
[  209.292533][ T8784]  ? netlink_ack_tlv_len+0x6e/0x200
[  209.292567][ T8784]  netlink_ack+0x147/0xa70
[  209.292596][ T8784]  ? __pfx_nl80211_new_key+0x10/0x10
[  209.292644][ T8784]  netlink_rcv_skb+0x296/0x480
[  209.292674][ T8784]  ? __pfx_genl_rcv_msg+0x10/0x10
[  209.292699][ T8784]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  209.292755][ T8784]  ? netlink_deliver_tap+0x2e/0x1b0
[  209.292794][ T8784]  genl_rcv+0x28/0x40
[  209.292815][ T8784]  netlink_unicast+0x7f8/0x9a0
[  209.292853][ T8784]  ? __pfx_netlink_unicast+0x10/0x10
[  209.292892][ T8784]  ? skb_put+0x114/0x1f0
[  209.292918][ T8784]  netlink_sendmsg+0x8c3/0xcd0
[  209.292965][ T8784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.293000][ T8784]  ? aa_sock_msg_perm+0x91/0x160
[  209.293037][ T8784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.293066][ T8784]  __sock_sendmsg+0x221/0x270
[  209.293098][ T8784]  ____sys_sendmsg+0x523/0x860
[  209.293131][ T8784]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.293151][ T8784]  ? __fget_files+0x2a/0x420
[  209.293175][ T8784]  ? __fget_files+0x2a/0x420
[  209.293204][ T8784]  __sys_sendmsg+0x271/0x360
[  209.293233][ T8784]  ? __pfx___sys_sendmsg+0x10/0x10
[  209.293318][ T8784]  ? do_syscall_64+0xb6/0x230
[  209.293349][ T8784]  do_syscall_64+0xf3/0x230
[  209.293376][ T8784]  ? clear_bhb_loop+0x45/0xa0
[  209.293401][ T8784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.293422][ T8784] RIP: 0033:0x7fd27ff8d169
[  209.293441][ T8784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.293459][ T8784] RSP: 002b:00007fd280d9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.293482][ T8784] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8d169
[  209.293498][ T8784] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000004
[  209.293510][ T8784] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  209.293522][ T8784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.293534][ T8784] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  209.293568][ T8784]  </TASK>
[  209.731298][ T8765] dccp_close: ABORT with 224 bytes unread
[  209.992943][ T8797] netlink: 'syz.3.794': attribute type 39 has an invalid length.
[  210.045144][ T8793] netlink: 36 bytes leftover after parsing attributes in process `syz.3.794'.
[  210.239372][ T8448] veth0_vlan: entered promiscuous mode
[  210.265695][ T8448] veth1_vlan: entered promiscuous mode
[  210.329569][ T8801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.795'.
[  210.382602][ T8448] veth0_macvtap: entered promiscuous mode
[  210.412593][ T8448] veth1_macvtap: entered promiscuous mode
[  210.437402][ T8806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.798'.
[  210.479883][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.529459][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.556553][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.572589][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.596722][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.634108][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.653282][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.676857][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.709828][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.740652][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.801'.
[  210.812108][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.843458][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.874742][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.901091][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.959662][ T8831] FAULT_INJECTION: forcing a failure.
[  210.959662][ T8831] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.972913][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  211.035195][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.045480][ T8831] CPU: 0 UID: 0 PID: 8831 Comm: syz.3.804 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  211.045536][ T8831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  211.045549][ T8831] Call Trace:
[  211.045557][ T8831]  <TASK>
[  211.045566][ T8831]  dump_stack_lvl+0x241/0x360
[  211.045604][ T8831]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.045635][ T8831]  ? __pfx__printk+0x10/0x10
[  211.045678][ T8831]  should_fail_ex+0x424/0x570
[  211.045706][ T8831]  _copy_from_user+0x2d/0xb0
[  211.045738][ T8831]  copy_msghdr_from_user+0xb3/0x580
[  211.045774][ T8831]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  211.045799][ T8831]  ? __fget_files+0x2a/0x420
[  211.045822][ T8831]  ? __fget_files+0x2a/0x420
[  211.045851][ T8831]  __sys_sendmsg+0x20a/0x360
[  211.045878][ T8831]  ? __pfx___sys_sendmsg+0x10/0x10
[  211.045961][ T8831]  ? do_syscall_64+0xb6/0x230
[  211.045991][ T8831]  do_syscall_64+0xf3/0x230
[  211.046018][ T8831]  ? clear_bhb_loop+0x45/0xa0
[  211.046042][ T8831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.046062][ T8831] RIP: 0033:0x7fd27ff8d169
[  211.046080][ T8831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.046098][ T8831] RSP: 002b:00007fd280d9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.046120][ T8831] RAX: ffffffffffffffda RBX: 00007fd2801a5fa0 RCX: 00007fd27ff8d169
[  211.046135][ T8831] RDX: 00000000000000c0 RSI: 0000200000000040 RDI: 0000000000000003
[  211.046148][ T8831] RBP: 00007fd280d9e090 R08: 0000000000000000 R09: 0000000000000000
[  211.046161][ T8831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.046174][ T8831] R13: 0000000000000000 R14: 00007fd2801a5fa0 R15: 00007ffd1fe4f3c8
[  211.046207][ T8831]  </TASK>
[  211.227954][ T8448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  211.238579][ T8448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.250242][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.430887][ T8448] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.455407][ T8448] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.492726][ T8448] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.516494][ T8448] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.875877][ T8844] netlink: 'syz.3.808': attribute type 39 has an invalid length.
[  211.937228][ T8848] netlink: 36 bytes leftover after parsing attributes in process `syz.3.808'.
[  211.977208][ T5845] Bluetooth: hci0: command 0x0401 tx timeout
[  211.983295][ T5845] Bluetooth: hci3: command 0x0406 tx timeout
[  211.989849][ T5150] Bluetooth: hci1: command 0x0406 tx timeout
[  212.480995][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.810'.
[  212.672737][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.708406][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.829857][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.858474][ T8880] FAULT_INJECTION: forcing a failure.
[  212.858474][ T8880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.871931][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.907585][ T8880] CPU: 0 UID: 0 PID: 8880 Comm: syz.1.815 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  212.907615][ T8880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  212.907628][ T8880] Call Trace:
[  212.907636][ T8880]  <TASK>
[  212.907645][ T8880]  dump_stack_lvl+0x241/0x360
[  212.907684][ T8880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.907715][ T8880]  ? __pfx__printk+0x10/0x10
[  212.907758][ T8880]  should_fail_ex+0x424/0x570
[  212.907787][ T8880]  _copy_from_user+0x2d/0xb0
[  212.907819][ T8880]  copy_from_bpfptr+0x53/0xa0
[  212.907843][ T8880]  bpf_prog_load+0xbdc/0x2250
[  212.907879][ T8880]  ? __pfx_bpf_prog_load+0x10/0x10
[  212.907929][ T8880]  ? bpf_lsm_bpf+0x9/0x10
[  212.907957][ T8880]  __sys_bpf+0x5dd/0x8b0
[  212.907981][ T8880]  ? __pfx___sys_bpf+0x10/0x10
[  212.908017][ T8880]  ? ksys_write+0x275/0x2d0
[  212.908057][ T8880]  __x64_sys_bpf+0x7c/0x90
[  212.908091][ T8880]  do_syscall_64+0xf3/0x230
[  212.908118][ T8880]  ? clear_bhb_loop+0x45/0xa0
[  212.908143][ T8880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.908164][ T8880] RIP: 0033:0x7fa24fd8d169
[  212.908182][ T8880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.908200][ T8880] RSP: 002b:00007fa250b9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  212.908223][ T8880] RAX: ffffffffffffffda RBX: 00007fa24ffa5fa0 RCX: 00007fa24fd8d169
[  212.908238][ T8880] RDX: 0000000000000094 RSI: 0000200000000dc0 RDI: 0000000000000005
[  212.908252][ T8880] RBP: 00007fa250b9e090 R08: 0000000000000000 R09: 0000000000000000
[  212.908265][ T8880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.908288][ T8880] R13: 0000000000000000 R14: 00007fa24ffa5fa0 R15: 00007ffedf050998
[  212.908332][ T8880]  </TASK>
[  213.139315][ T8883] FAULT_INJECTION: forcing a failure.
[  213.139315][ T8883] name failslab, interval 1, probability 0, space 0, times 0
[  213.175255][ T8883] CPU: 1 UID: 0 PID: 8883 Comm: syz.0.816 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  213.175287][ T8883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  213.175301][ T8883] Call Trace:
[  213.175309][ T8883]  <TASK>
[  213.175318][ T8883]  dump_stack_lvl+0x241/0x360
[  213.175357][ T8883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.175386][ T8883]  ? __pfx__printk+0x10/0x10
[  213.175420][ T8883]  ? __pfx___might_resched+0x10/0x10
[  213.175451][ T8883]  should_fail_ex+0x424/0x570
[  213.175479][ T8883]  should_failslab+0xac/0x100
[  213.175510][ T8883]  kmem_cache_alloc_noprof+0x78/0x390
[  213.175539][ T8883]  ? skb_clone+0x20c/0x390
[  213.175568][ T8883]  skb_clone+0x20c/0x390
[  213.175595][ T8883]  pfkey_broadcast_one+0x99/0x330
[  213.175631][ T8883]  ? pfkey_broadcast+0x45/0x400
[  213.175651][ T8883]  pfkey_broadcast+0x3ca/0x400
[  213.175674][ T8883]  ? pfkey_broadcast+0x45/0x400
[  213.175702][ T8883]  pfkey_sendmsg+0xee1/0x1140
[  213.175740][ T8883]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  213.175788][ T8883]  ? __pfx_aa_sk_perm+0x10/0x10
[  213.175814][ T8883]  ? __import_iovec+0x585/0x830
[  213.175846][ T8883]  ? aa_sock_msg_perm+0x91/0x160
[  213.175882][ T8883]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  213.175905][ T8883]  __sock_sendmsg+0x221/0x270
[  213.175937][ T8883]  ____sys_sendmsg+0x523/0x860
[  213.175969][ T8883]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.175989][ T8883]  ? __fget_files+0x2a/0x420
[  213.176012][ T8883]  ? __fget_files+0x2a/0x420
[  213.176041][ T8883]  __sys_sendmmsg+0x3a0/0x7b0
[  213.176077][ T8883]  ? __pfx___sys_sendmmsg+0x10/0x10
[  213.176156][ T8883]  ? rcu_read_lock_any_held+0xbb/0x160
[  213.176185][ T8883]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  213.176217][ T8883]  ? vfs_write+0xb29/0xd10
[  213.176252][ T8883]  ? ksys_write+0x24e/0x2d0
[  213.176280][ T8883]  ? __mutex_unlock_slowpath+0x229/0x800
[  213.176340][ T8883]  ? ksys_write+0x275/0x2d0
[  213.176387][ T8883]  __x64_sys_sendmmsg+0xa0/0xb0
[  213.176412][ T8883]  do_syscall_64+0xf3/0x230
[  213.176440][ T8883]  ? clear_bhb_loop+0x45/0xa0
[  213.176465][ T8883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.176485][ T8883] RIP: 0033:0x7fbf1a98d169
[  213.176503][ T8883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.176521][ T8883] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  213.176543][ T8883] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  213.176558][ T8883] RDX: 040000000000007b RSI: 0000200000000180 RDI: 0000000000000003
[  213.176572][ T8883] RBP: 00007fbf187f6090 R08: 0000000000000000 R09: 0000000000000000
[  213.176586][ T8883] R10: 0000000000004004 R11: 0000000000000246 R12: 0000000000000001
[  213.176598][ T8883] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  213.176637][ T8883]  </TASK>
[  214.166849][ T8928] netlink: 'syz.0.822': attribute type 39 has an invalid length.
[  214.227386][ T8933] netlink: 36 bytes leftover after parsing attributes in process `syz.0.822'.
[  214.718177][ T8905] syzkaller1: entered promiscuous mode
[  214.735474][ T8905] syzkaller1: entered allmulticast mode
[  214.817318][ T8937] syz.0.822 (8937) used greatest stack depth: 18056 bytes left
[  216.366804][ T8993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.825'.
[  216.501897][ T8999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.827'.
[  217.212961][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  217.222077][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  217.232314][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  217.268981][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  217.277726][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  217.404407][ T9034] netlink: 'syz.2.835': attribute type 39 has an invalid length.
[  217.465986][ T9031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.835'.
[  217.494848][ T9039] netlink: 'syz.1.836': attribute type 10 has an invalid length.
[  217.504148][ T9029] wg1 speed is unknown, defaulting to 1000
[  217.542029][ T9039] FAULT_INJECTION: forcing a failure.
[  217.542029][ T9039] name failslab, interval 1, probability 0, space 0, times 0
[  217.609472][ T9039] CPU: 0 UID: 0 PID: 9039 Comm: syz.1.836 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  217.609503][ T9039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  217.609516][ T9039] Call Trace:
[  217.609523][ T9039]  <TASK>
[  217.609532][ T9039]  dump_stack_lvl+0x241/0x360
[  217.609571][ T9039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.609601][ T9039]  ? __pfx__printk+0x10/0x10
[  217.609643][ T9039]  should_fail_ex+0x424/0x570
[  217.609671][ T9039]  should_failslab+0xac/0x100
[  217.609702][ T9039]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  217.609733][ T9039]  ? __alloc_skb+0x1c2/0x480
[  217.609757][ T9039]  __alloc_skb+0x1c2/0x480
[  217.609773][ T9039]  ? rtnl_prop_list_size+0x1e/0x1e0
[  217.609805][ T9039]  ? __pfx___alloc_skb+0x10/0x10
[  217.609821][ T9039]  ? devlink_nl_port_handle_size+0xe5/0x110
[  217.609854][ T9039]  ? if_nlmsg_size+0x5b9/0x820
[  217.609882][ T9039]  rtmsg_ifinfo_build_skb+0x84/0x260
[  217.609911][ T9039]  ? netpoll_poll_enable+0xce/0xe0
[  217.609960][ T9039]  rtmsg_ifinfo+0x91/0x1b0
[  217.609992][ T9039]  __dev_notify_flags+0xf9/0x410
[  217.610017][ T9039]  ? __pfx___dev_notify_flags+0x10/0x10
[  217.610035][ T9039]  ? __dev_change_flags+0x517/0x700
[  217.610057][ T9039]  ? do_setlink+0x3c1/0x4390
[  217.610077][ T9039]  ? __pfx___dev_change_flags+0x10/0x10
[  217.610105][ T9039]  ? validate_linkmsg+0x82a/0xa40
[  217.610128][ T9039]  ? __lock_acquire+0xad5/0xd80
[  217.610150][ T9039]  ? __pfx_validate_linkmsg+0x10/0x10
[  217.610194][ T9039]  netif_change_flags+0xf0/0x1a0
[  217.610220][ T9039]  do_setlink+0xee3/0x4390
[  217.610239][ T9039]  ? bpf_trace_run2+0x1fe/0x550
[  217.610278][ T9039]  ? _printk+0xd5/0x120
[  217.610307][ T9039]  ? __pfx_bpf_trace_run2+0x10/0x10
[  217.610344][ T9039]  ? __pfx_do_setlink+0x10/0x10
[  217.610368][ T9039]  ? __bpf_trace_contention_end+0x172/0x230
[  217.610416][ T9039]  ? rcu_is_watching+0x15/0xb0
[  217.610442][ T9039]  ? trace_contention_end+0x3c/0x120
[  217.610469][ T9039]  ? __mutex_lock+0x380/0x10c0
[  217.610503][ T9039]  ? __pfx_aa_get_newest_label+0x10/0x10
[  217.610539][ T9039]  ? rcu_is_watching+0x15/0xb0
[  217.610562][ T9039]  ? rtnl_newlink+0xd68/0x1fe0
[  217.610591][ T9039]  ? __pfx___mutex_lock+0x10/0x10
[  217.610628][ T9039]  ? ns_capable+0x8a/0xf0
[  217.610651][ T9039]  ? rtnl_link_get_net_capable+0x168/0x340
[  217.610686][ T9039]  rtnl_newlink+0x17e2/0x1fe0
[  217.610733][ T9039]  ? __pfx_rtnl_newlink+0x10/0x10
[  217.610759][ T9039]  ? dev_hard_start_xmit+0x2d9/0x830
[  217.610779][ T9039]  ? __dev_queue_xmit+0x1b80/0x3f60
[  217.610799][ T9039]  ? __netlink_deliver_tap+0x561/0x7f0
[  217.610827][ T9039]  ? netlink_deliver_tap+0x19d/0x1b0
[  217.610854][ T9039]  ? netlink_unicast+0x7c6/0x9a0
[  217.610877][ T9039]  ? netlink_sendmsg+0x8c3/0xcd0
[  217.610904][ T9039]  ? __sock_sendmsg+0x221/0x270
[  217.610936][ T9039]  ? ____sys_sendmsg+0x523/0x860
[  217.610954][ T9039]  ? __sys_sendmsg+0x271/0x360
[  217.610972][ T9039]  ? do_syscall_64+0xf3/0x230
[  217.610996][ T9039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.611056][ T9039]  ? kasan_quarantine_put+0xdc/0x230
[  217.611077][ T9039]  ? lockdep_hardirqs_on+0x9d/0x150
[  217.611105][ T9039]  ? nlmon_xmit+0xaf/0x100
[  217.611143][ T9039]  ? __local_bh_enable_ip+0x168/0x200
[  217.611162][ T9039]  ? lockdep_hardirqs_on+0x9d/0x150
[  217.611196][ T9039]  ? aa_get_newest_label+0x101/0x6f0
[  217.611232][ T9039]  ? __lock_acquire+0xad5/0xd80
[  217.611276][ T9039]  ? __pfx_rtnl_newlink+0x10/0x10
[  217.611308][ T9039]  rtnetlink_rcv_msg+0x80f/0xd70
[  217.611336][ T9039]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  217.611371][ T9039]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  217.611407][ T9039]  ? ref_tracker_free+0x63e/0x7e0
[  217.611439][ T9039]  netlink_rcv_skb+0x208/0x480
[  217.611469][ T9039]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  217.611500][ T9039]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  217.611550][ T9039]  ? netlink_deliver_tap+0x2e/0x1b0
[  217.611581][ T9039]  ? netlink_deliver_tap+0x2e/0x1b0
[  217.611613][ T9039]  netlink_unicast+0x7f8/0x9a0
[  217.611650][ T9039]  ? __pfx_netlink_unicast+0x10/0x10
[  217.611679][ T9039]  ? skb_put+0x114/0x1f0
[  217.611704][ T9039]  netlink_sendmsg+0x8c3/0xcd0
[  217.611748][ T9039]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.611794][ T9039]  ? aa_sock_msg_perm+0x91/0x160
[  217.611826][ T9039]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.611852][ T9039]  __sock_sendmsg+0x221/0x270
[  217.611880][ T9039]  ____sys_sendmsg+0x523/0x860
[  217.611909][ T9039]  ? __pfx_____sys_sendmsg+0x10/0x10
[  217.611933][ T9039]  ? __fget_files+0x2a/0x420
[  217.611954][ T9039]  ? __fget_files+0x2a/0x420
[  217.611982][ T9039]  __sys_sendmsg+0x271/0x360
[  217.612008][ T9039]  ? __pfx___sys_sendmsg+0x10/0x10
[  217.612082][ T9039]  ? do_syscall_64+0xb6/0x230
[  217.612110][ T9039]  do_syscall_64+0xf3/0x230
[  217.612134][ T9039]  ? clear_bhb_loop+0x45/0xa0
[  217.612157][ T9039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.612176][ T9039] RIP: 0033:0x7fa24fd8d169
[  217.612193][ T9039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.612210][ T9039] RSP: 002b:00007fa250b9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.612230][ T9039] RAX: ffffffffffffffda RBX: 00007fa24ffa5fa0 RCX: 00007fa24fd8d169
[  217.612245][ T9039] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000003
[  217.612256][ T9039] RBP: 00007fa250b9e090 R08: 0000000000000000 R09: 0000000000000000
[  217.612268][ T9039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.612278][ T9039] R13: 0000000000000000 R14: 00007fa24ffa5fa0 R15: 00007ffedf050998
[  217.612309][ T9039]  </TASK>
[  218.174488][ T9039] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  218.733448][ T9029] chnl_net:caif_netlink_parms(): no params data found
[  218.809982][ T9059] netlink: 32 bytes leftover after parsing attributes in process `syz.2.840'.
[  219.174798][ T9083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.841'.
[  219.277478][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.310093][ T9029] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.337866][ T5838] Bluetooth: hci2: command tx timeout
[  219.350373][ T9029] bridge_slave_0: entered allmulticast mode
[  219.385665][ T9029] bridge_slave_0: entered promiscuous mode
[  219.459749][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.512954][ T9029] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.548814][ T9029] bridge_slave_1: entered allmulticast mode
[  219.590576][ T9029] bridge_slave_1: entered promiscuous mode
[  219.757695][ T9099] netlink: 356 bytes leftover after parsing attributes in process `syz.1.847'.
[  219.874048][ T9029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.940710][ T9029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.262874][ T9029] team0: Port device team_slave_0 added
[  220.306978][ T9029] team0: Port device team_slave_1 added
[  220.661006][ T9116] netlink: 'syz.2.850': attribute type 39 has an invalid length.
[  220.708899][ T9126] netlink: 36 bytes leftover after parsing attributes in process `syz.2.850'.
[  221.318772][ T9029] batman_adv: batadv0: Adding interface: batadv_slave_0
[  221.324477][ T9149] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.857'.
[  221.348337][ T9029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.380269][ T9029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  221.412016][ T9029] batman_adv: batadv0: Adding interface: batadv_slave_1
[  221.416551][ T5838] Bluetooth: hci2: command tx timeout
[  221.420867][ T9029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.486310][ T9029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.497688][ T9149] netlink: 'syz.2.857': attribute type 3 has an invalid length.
[  221.716181][ T9029] hsr_slave_0: entered promiscuous mode
[  221.747424][ T9029] hsr_slave_1: entered promiscuous mode
[  221.779028][ T9029] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  221.796436][ T9029] Cannot create hsr debugfs directory
[  221.892987][ T9170] netlink: 'syz.0.862': attribute type 11 has an invalid length.
[  222.429504][ T9195] netlink: 'syz.1.867': attribute type 39 has an invalid length.
[  222.465726][ T9195] netlink: 36 bytes leftover after parsing attributes in process `syz.1.867'.
[  222.659313][ T9029] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.917294][ T9214] netlink: 71 bytes leftover after parsing attributes in process `syz.1.871'.
[  222.963608][ T9029] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.087832][ T9196] dccp_close: ABORT with 224 bytes unread
[  223.168934][ T9029] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.282028][ T9193] dccp_close: ABORT with 224 bytes unread
[  223.362796][ T9029] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.496562][ T5838] Bluetooth: hci2: command tx timeout
[  223.562011][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.874'.
[  223.877416][ T9245] netlink: 32 bytes leftover after parsing attributes in process `syz.3.880'.
[  223.918471][ T9246] netlink: 'syz.2.879': attribute type 39 has an invalid length.
[  223.929353][ T9029] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  223.962686][ T9246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.879'.
[  223.991553][ T9029] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  224.149016][ T9029] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  224.204260][ T9261] netlink: 52 bytes leftover after parsing attributes in process `syz.1.882'.
[  224.452082][ T9029] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  224.958495][ T9252] dccp_close: ABORT with 224 bytes unread
[  225.002377][ T9029] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.112871][ T9289] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  225.120173][ T9029] 8021q: adding VLAN 0 to HW filter on device team0
[  225.203091][ T6076] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.210671][ T6076] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.266761][ T6032] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.273980][ T6032] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.576675][ T5838] Bluetooth: hci2: command tx timeout
[  225.592177][ T9302] FAULT_INJECTION: forcing a failure.
[  225.592177][ T9302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.636493][ T9302] CPU: 0 UID: 0 PID: 9302 Comm: syz.0.888 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  225.636524][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  225.636538][ T9302] Call Trace:
[  225.636547][ T9302]  <TASK>
[  225.636555][ T9302]  dump_stack_lvl+0x241/0x360
[  225.636594][ T9302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.636625][ T9302]  ? __pfx__printk+0x10/0x10
[  225.636684][ T9302]  should_fail_ex+0x424/0x570
[  225.636712][ T9302]  _copy_from_user+0x2d/0xb0
[  225.636743][ T9302]  do_ipv6_setsockopt+0x2f9/0x3680
[  225.636787][ T9302]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  225.636820][ T9302]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  225.636872][ T9302]  ? __pfx___might_resched+0x10/0x10
[  225.636904][ T9302]  ? rcu_read_lock_any_held+0xbb/0x160
[  225.636932][ T9302]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  225.636970][ T9302]  ? aa_sk_perm+0x96f/0xac0
[  225.637002][ T9302]  ? ksys_write+0x24e/0x2d0
[  225.637027][ T9302]  ? __pfx_aa_sk_perm+0x10/0x10
[  225.637062][ T9302]  ipv6_setsockopt+0x5d/0x170
[  225.637084][ T9302]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  225.637113][ T9302]  do_sock_setsockopt+0x3b1/0x710
[  225.637142][ T9302]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  225.637161][ T9302]  ? __fget_files+0x2a/0x420
[  225.637185][ T9302]  ? __fget_files+0x39d/0x420
[  225.637201][ T9302]  ? __fget_files+0x2a/0x420
[  225.637230][ T9302]  __x64_sys_setsockopt+0x1ee/0x280
[  225.637259][ T9302]  do_syscall_64+0xf3/0x230
[  225.637287][ T9302]  ? clear_bhb_loop+0x45/0xa0
[  225.637312][ T9302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.637332][ T9302] RIP: 0033:0x7fbf1a98d169
[  225.637351][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.637377][ T9302] RSP: 002b:00007fbf187f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  225.637401][ T9302] RAX: ffffffffffffffda RBX: 00007fbf1aba5fa0 RCX: 00007fbf1a98d169
[  225.637417][ T9302] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007
[  225.637429][ T9302] RBP: 00007fbf187f6090 R08: 0000000000000060 R09: 0000000000000000
[  225.637442][ T9302] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[  225.637455][ T9302] R13: 0000000000000000 R14: 00007fbf1aba5fa0 R15: 00007ffd4784de48
[  225.637488][ T9302]  </TASK>
[  226.008801][ T9312] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0
[  226.009663][ T9309] IPVS: stopping backup sync thread 9312 ...
[  226.077716][ T9314] netlink: 12 bytes leftover after parsing attributes in process `syz.3.890'.
[  226.099783][ T9314] : entered promiscuous mode
[  226.372935][ T9333] netlink: 216 bytes leftover after parsing attributes in process `syz.2.894'.
[  226.406359][ T9333] netlink: 24 bytes leftover after parsing attributes in process `syz.2.894'.
[  226.441580][ T9331] netlink: 'syz.1.893': attribute type 39 has an invalid length.
[  226.461317][ T9333] netlink: 16 bytes leftover after parsing attributes in process `syz.2.894'.
[  226.530364][ T9331] netlink: 36 bytes leftover after parsing attributes in process `syz.1.893'.
[  226.688966][ T9029] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.878797][ T9349] netlink: 'syz.0.898': attribute type 8 has an invalid length.
[  226.972236][ T9358] FAULT_INJECTION: forcing a failure.
[  226.972236][ T9358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.029284][ T9358] CPU: 0 UID: 0 PID: 9358 Comm: syz.3.899 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  227.029315][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  227.029329][ T9358] Call Trace:
[  227.029338][ T9358]  <TASK>
[  227.029347][ T9358]  dump_stack_lvl+0x241/0x360
[  227.029386][ T9358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.029425][ T9358]  ? __pfx__printk+0x10/0x10
[  227.029471][ T9358]  should_fail_ex+0x424/0x570
[  227.029499][ T9358]  _copy_from_user+0x2d/0xb0
[  227.029531][ T9358]  copy_msghdr_from_user+0xb3/0x580
[  227.029566][ T9358]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  227.029592][ T9358]  ? __fget_files+0x2a/0x420
[  227.029616][ T9358]  ? __fget_files+0x2a/0x420
[  227.029646][ T9358]  __sys_sendmsg+0x20a/0x360
[  227.029676][ T9358]  ? __pfx___sys_sendmsg+0x10/0x10
[  227.029758][ T9358]  ? do_syscall_64+0xb6/0x230
[  227.029789][ T9358]  do_syscall_64+0xf3/0x230
[  227.029816][ T9358]  ? clear_bhb_loop+0x45/0xa0
[  227.029841][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.029862][ T9358] RIP: 0033:0x7fd27ff8d169
[  227.029879][ T9358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.029897][ T9358] RSP: 002b:00007fd280d7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  227.029919][ T9358] RAX: ffffffffffffffda RBX: 00007fd2801a6080 RCX: 00007fd27ff8d169
[  227.029935][ T9358] RDX: 0000000020000000 RSI: 0000200000000280 RDI: 000000000000000c
[  227.029949][ T9358] RBP: 00007fd280d7d090 R08: 0000000000000000 R09: 0000000000000000
[  227.029961][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.029973][ T9358] R13: 0000000000000000 R14: 00007fd2801a6080 R15: 00007ffd1fe4f3c8
[  227.030006][ T9358]  </TASK>
[  228.184040][ T9029] veth0_vlan: entered promiscuous mode
[  228.281820][ T9394] bond0: (slave netdevsim0): Releasing backup interface
[  228.320666][ T9402] netlink: 'syz.2.907': attribute type 39 has an invalid length.
[  228.375707][ T9406] __nla_validate_parse: 2 callbacks suppressed
[  228.375729][ T9406] netlink: 52 bytes leftover after parsing attributes in process `syz.3.908'.
[  228.379683][ T9029] veth1_vlan: entered promiscuous mode
[  228.385225][ T9402] netlink: 36 bytes leftover after parsing attributes in process `syz.2.907'.
[  228.566150][ T9029] veth0_macvtap: entered promiscuous mode
[  228.623903][ T9029] veth1_macvtap: entered promiscuous mode
[  228.758231][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.777499][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.800676][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.834719][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.856037][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.883166][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.904799][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.927524][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.946544][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.957290][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.969974][ T9029] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.987438][ T9417] batadv0: entered promiscuous mode
[  228.993212][ T9417] vlan2: entered promiscuous mode
[  229.156237][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.173816][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.184663][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.195732][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.205673][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.223646][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.913'.
[  229.240918][ T9428] netlink: 12 bytes leftover after parsing attributes in process `syz.3.913'.
[  229.261327][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.291134][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.318900][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.335357][ T9029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.356480][ T9029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.391235][ T9029] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.493018][ T9029] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.552566][ T9029] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.571384][ T9029] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.589833][ T9029] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.698153][ T9442] netlink: 4 bytes leftover after parsing attributes in process `syz.2.915'.
[  229.996364][ T8863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.045219][ T8863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.117137][ T9456] ------------[ cut here ]------------
[  230.122868][ T9456] refcount_t: addition on 0; use-after-free.
[  230.178453][ T8863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.190923][ T8863] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.210090][ T9456] WARNING: CPU: 0 PID: 9456 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0
[  230.219859][ T9456] Modules linked in:
[  230.224066][ T9456] CPU: 0 UID: 0 PID: 9456 Comm: syz.2.919 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  230.236292][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  230.246823][ T9456] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[  230.253053][ T9456] Code: 00 6b a1 8c e8 17 87 7d fc 90 0f 0b 90 90 eb b9 e8 0b 65 be fc c6 05 94 dc 44 0b 01 90 48 c7 c7 60 6b a1 8c e8 f7 86 7d fc 90 <0f> 0b 90 90 eb 99 e8 eb 64 be fc c6 05 75 dc 44 0b 01 90 48 c7 c7
[  230.275227][ T9456] RSP: 0018:ffffc9000afe7c68 EFLAGS: 00010246
[  230.283176][ T9456] RAX: fba988da59282e00 RBX: ffff8880790be0c8 RCX: 0000000000080000
[  230.291338][ T9456] RDX: ffffc9000d870000 RSI: 00000000000034d7 RDI: 00000000000034d8
[  230.300681][ T9456] RBP: 0000000000000002 R08: ffffffff81828a12 R09: fffffbfff1d7a978
[  230.308788][ T9456] R10: dffffc0000000000 R11: fffffbfff1d7a978 R12: 1ffff1100c9ae605
[  230.316820][ T9456] R13: ffff8880790be000 R14: ffff88807b098000 R15: ffff888064d73028
[  230.324845][ T9456] FS:  00007fc879c496c0(0000) GS:ffff888124f93000(0000) knlGS:0000000000000000
[  230.333864][ T9456] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  230.340555][ T9456] CR2: 0000001b30b0bff8 CR3: 00000000560f2000 CR4: 00000000003526f0
[  230.348646][ T9456] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  230.356753][ T9456] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  230.367390][ T9456] Call Trace:
[  230.370711][ T9456]  <TASK>
[  230.373070][ T9462] netlink: 'syz.0.920': attribute type 39 has an invalid length.
[  230.373656][ T9456]  ax25_setsockopt+0xbb7/0xf00
[  230.388136][ T9456]  ? __pfx_ax25_setsockopt+0x10/0x10
[  230.393472][ T9456]  ? aa_sock_opt_perm+0x79/0x120
[  230.398540][ T9456]  ? __pfx_ax25_setsockopt+0x10/0x10
[  230.403868][ T9456]  do_sock_setsockopt+0x3b1/0x710
[  230.409004][ T9456]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  230.414588][ T9456]  ? __fget_files+0x2a/0x420
[  230.419293][ T9456]  ? __fget_files+0x39d/0x420
[  230.424007][ T9456]  ? __fget_files+0x2a/0x420
[  230.429041][ T9456]  __x64_sys_setsockopt+0x1ee/0x280
[  230.434295][ T9456]  do_syscall_64+0xf3/0x230
[  230.438918][ T9456]  ? clear_bhb_loop+0x45/0xa0
[  230.443641][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.449642][ T9456] RIP: 0033:0x7fc878d8d169
[  230.454110][ T9456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.476204][ T9456] RSP: 002b:00007fc879c49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  230.481057][ T9457] netlink: 36 bytes leftover after parsing attributes in process `syz.0.920'.
[  230.486594][ T9456] RAX: ffffffffffffffda RBX: 00007fc878fa6080 RCX: 00007fc878d8d169
[  230.503560][ T9456] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000008
[  230.511622][ T9456] RBP: 00007fc878e0e990 R08: 0000000000000010 R09: 0000000000000000
[  230.519688][ T9456] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.527835][ T9456] R13: 0000000000000000 R14: 00007fc878fa6080 R15: 00007ffc22224308
[  230.535865][ T9456]  </TASK>
[  230.539769][ T9456] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  230.547089][ T9456] CPU: 0 UID: 0 PID: 9456 Comm: syz.2.919 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  230.559006][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  230.569087][ T9456] Call Trace:
[  230.572397][ T9456]  <TASK>
[  230.575359][ T9456]  dump_stack_lvl+0x241/0x360
[  230.580078][ T9456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.585318][ T9456]  ? __pfx__printk+0x10/0x10
[  230.589953][ T9456]  ? vscnprintf+0x5d/0x90
[  230.594298][ T9456]  panic+0x349/0x880
[  230.598216][ T9456]  ? __warn+0x174/0x4d0
[  230.602382][ T9456]  ? __pfx_panic+0x10/0x10
[  230.606826][ T9456]  __warn+0x344/0x4d0
[  230.610836][ T9456]  ? refcount_warn_saturate+0x13a/0x1d0
[  230.616399][ T9456]  report_bug+0x2b3/0x500
[  230.620751][ T9456]  ? refcount_warn_saturate+0x13a/0x1d0
[  230.626314][ T9456]  ? refcount_warn_saturate+0x13a/0x1d0
[  230.631874][ T9456]  ? refcount_warn_saturate+0x13c/0x1d0
[  230.637435][ T9456]  handle_bug+0x89/0x170
[  230.641693][ T9456]  exc_invalid_op+0x1a/0x50
[  230.646211][ T9456]  asm_exc_invalid_op+0x1a/0x20
[  230.651073][ T9456] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[  230.657240][ T9456] Code: 00 6b a1 8c e8 17 87 7d fc 90 0f 0b 90 90 eb b9 e8 0b 65 be fc c6 05 94 dc 44 0b 01 90 48 c7 c7 60 6b a1 8c e8 f7 86 7d fc 90 <0f> 0b 90 90 eb 99 e8 eb 64 be fc c6 05 75 dc 44 0b 01 90 48 c7 c7
[  230.676877][ T9456] RSP: 0018:ffffc9000afe7c68 EFLAGS: 00010246
[  230.682970][ T9456] RAX: fba988da59282e00 RBX: ffff8880790be0c8 RCX: 0000000000080000
[  230.690949][ T9456] RDX: ffffc9000d870000 RSI: 00000000000034d7 RDI: 00000000000034d8
[  230.698929][ T9456] RBP: 0000000000000002 R08: ffffffff81828a12 R09: fffffbfff1d7a978
[  230.706906][ T9456] R10: dffffc0000000000 R11: fffffbfff1d7a978 R12: 1ffff1100c9ae605
[  230.714883][ T9456] R13: ffff8880790be000 R14: ffff88807b098000 R15: ffff888064d73028
[  230.722864][ T9456]  ? __warn_printk+0x2a2/0x360
[  230.727645][ T9456]  ? refcount_warn_saturate+0x139/0x1d0
[  230.733206][ T9456]  ax25_setsockopt+0xbb7/0xf00
[  230.738000][ T9456]  ? __pfx_ax25_setsockopt+0x10/0x10
[  230.743302][ T9456]  ? aa_sock_opt_perm+0x79/0x120
[  230.748258][ T9456]  ? __pfx_ax25_setsockopt+0x10/0x10
[  230.753560][ T9456]  do_sock_setsockopt+0x3b1/0x710
[  230.758601][ T9456]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  230.764145][ T9456]  ? __fget_files+0x2a/0x420
[  230.768742][ T9456]  ? __fget_files+0x39d/0x420
[  230.773418][ T9456]  ? __fget_files+0x2a/0x420
[  230.778030][ T9456]  __x64_sys_setsockopt+0x1ee/0x280
[  230.783254][ T9456]  do_syscall_64+0xf3/0x230
[  230.787774][ T9456]  ? clear_bhb_loop+0x45/0xa0
[  230.792462][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.798363][ T9456] RIP: 0033:0x7fc878d8d169
[  230.802782][ T9456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.822389][ T9456] RSP: 002b:00007fc879c49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  230.830810][ T9456] RAX: ffffffffffffffda RBX: 00007fc878fa6080 RCX: 00007fc878d8d169
[  230.838782][ T9456] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000008
[  230.846882][ T9456] RBP: 00007fc878e0e990 R08: 0000000000000010 R09: 0000000000000000
[  230.854869][ T9456] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.862966][ T9456] R13: 0000000000000000 R14: 00007fc878fa6080 R15: 00007ffc22224308
[  230.870964][ T9456]  </TASK>
[  230.874340][ T9456] Kernel Offset: disabled
[  230.878664][ T9456] Rebooting in 86400 seconds..