last executing test programs:

53.395357645s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

43.548835873s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

30.998460042s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

22.060269682s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

10.851254072s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

3.106685252s ago: executing program 2 (id=1354):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000001740)={0x38, 0xd, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x38}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
socket(0x2, 0xa, 0x1000)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x4}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
pipe(&(0x7f0000019480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f00000004c0)='wi\n', 0x3}], 0x1, 0x1)
close(r4)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
sendmmsg(r5, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
splice(r3, 0x0, r4, 0x0, 0x10500, 0x0)

2.517895747s ago: executing program 2 (id=1359):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket(0x10, 0x3, 0x0)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000000)={0x1})
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000640)=@newqdisc={0x94, 0x24, 0xf0b, 0x18000020, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}, {0xe, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x64, 0x2, {{0x0, 0x100000, 0x0, 0x1, 0x5, 0xf}, [@TCA_NETEM_REORDER={0xc, 0x3, {0x7, 0x1}}, @TCA_NETEM_CORR={0x10, 0x1, {0x5, 0x823, 0x8}}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x5, 0x5, 0x0, 0x4e71, 0x2b4, 0x5}}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4048005}, 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x700, 0x0, [@sadb_key={0x4, 0x9, 0xa0, 0x0, "e9255bb992464e73a02159d3720df19f7a1dfec3"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x70}, 0x1, 0x7}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

1.937605453s ago: executing program 2 (id=1366):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="2d8e261000000500140012800b0001006970766c616e00000c00028008000500", @ANYBLOB="200cfcf481"], 0x44}}, 0x0)

1.904175974s ago: executing program 2 (id=1368):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000200)='veth0_vlan\x00')
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2a, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000100)={0x1, [<r6=>0x0]}, &(0x7f00000000c0)=0x45)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000005540)={r6, 0x4}, 0x8)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r6, 0x41bc47e0}, &(0x7f00000001c0)=0x8)
sendmsg$NLBL_CALIPSO_C_LISTALL(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x3808004}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="34000000c6086584d35ff426c50b0f388893b8060e08bf80b01728ffb14599400da9d962df6b81d89f743736", @ANYRESOCT=0x0, @ANYBLOB="9366020c28bd7000fbdbdf250400000008000200020000000800e8ff010000000805025eb3e0472300020800000800b30602000200"], 0x34}, 0x1, 0x0, 0x0, 0x4020}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001de7efde4be701161000a000000040000800400", @ANYRES32=r1], 0x1c}}, 0x0)

1.499617757s ago: executing program 4 (id=1372):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r1, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9ab, 0x0)
bind$l2tp6(r1, &(0x7f0000000040)={0xa, 0x0, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1bf, 0x3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000c00)=ANY=[@ANYBLOB="b400000002000000660000000000000073019e000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e2740a7ab7069790da79b7ab45184caffff00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181d2f18d772fb5c58a936620ba1f5fbb48703ab211f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8eff7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c84b0d9d033edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a40948498fa9561213bc20845526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef969187763c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2d9b51d99c89e327b4bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6ed49a5ca8987b0f2a8b14054e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed7de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d02652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b926c36a33eb3bdc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a762e5705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f9a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe257c0c4a26c60bfa77f89bae2bd4c498a10d4e17dddb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a437f8924ee7a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c80781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b9788a63c8f7009f9149fd9c740eddd300000000000000000000e620e3657ac82a5bd27dfa4f2add31a402346571e87b2644edb73d4affdcbbe2b8e2539b44554c10dc0ac8ba67ab9901c8e9564b4c26a87cf59b11978a86d4938ca4db01a9d8426aed32eb0d0d1dd894bbf3197f3b5744b5a4f813fd7330"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x47)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x10}], 0x30, 0x800}, 0x4000010)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmsg$qrtr(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)=""/227, 0xe3}], 0x1}, 0x38, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000040)={0x3, 0x8, '\x00', 0x0, &(0x7f0000000000)=[0x0]})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000000206010800000000000000000000000a11000300686173683a000700000005000500020000000900020073797a300000000005000400000000000c0007800800064000"/88], 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)

1.497879374s ago: executing program 3 (id=1373):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000000)={0x5, 0x6, 0x400}, 0xc)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)

1.403587152s ago: executing program 4 (id=1375):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4008800)

1.368904478s ago: executing program 3 (id=1376):
syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e21, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "6d4dfdeb8cf7bbfe143803bec2ce783e04cd32308cdd8dde", "c71cb8adfce542a4bc5a026c208fd0c45787e4aa384e3d26b21ea41cc128364c"}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$vsock_stream(0x28, 0x1, 0x0)

1.277443266s ago: executing program 4 (id=1378):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r3)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000200), r3)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1d32000000000000000010"], 0x30}}, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)={0x70, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_DEVKEY={0x54, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6a}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0xfffffffffffffdbb}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x10)

1.14458265s ago: executing program 4 (id=1379):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x38, 0x1403, 0xc23, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x20, 0x400c080}, 0x0)

1.135112379s ago: executing program 0 (id=1380):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="5000000010001fff27bd700002dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000008852030028001280090001007665", @ANYRES32=0x0, @ANYBLOB="40c1040004"], 0x50}, 0x1, 0x0, 0x0, 0x2000c014}, 0x4000080)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000a00)=@newqdisc={0x80, 0x24, 0xf0b, 0xfffffffe, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xb, 0x9}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x50, 0x2, {{0x3, 0x0, 0x2, 0x0, 0x0, 0xbfffffff}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x92, 0x0, 0x10, 0x0, 0x3}}, @TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x80}, 0x1, 0x0, 0x0, 0x2004c084}, 0x40000d0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x48, r5, 0x1, 0x26000, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME={0x16, 0x33, @ctrl_frame=@bar={{}, {}, @device_a, @device_b, @multi}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_MAC={0xa}]}, 0x48}}, 0x40000)

1.077492749s ago: executing program 3 (id=1381):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0xfffd, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e22, @local}, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10, 0x0, 0x0, 0x0, 0xb32, &(0x7f0000000000)='veth0_virt_wifi\x00', 0x3, 0x0, 0xc})
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x88}, {0x0, 0x0, 0x9, 0x0, 0xb, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)

1.043912243s ago: executing program 0 (id=1382):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af365", 0x20}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r5=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x44, r3, 0x801, 0x1000, 0x1, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0a}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r9, &(0x7f0000000040), 0xc)
getpeername(r9, 0x0, &(0x7f0000001ac0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid_for_children\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000009cca472bf40947766de812ba5d2d9fe54f477fd046733fe3d3ebae60b8ec14a54a068f5844c32e7537ef517069f43e5d1148e248d25fa7c65993e9e73cb0f62d45afd942da110592bb1e6dcc9312d06eb9a6800f960b8e0806af3f700705e90d35db239c2d739f6f726b2fb165b08e1c1c2464907e85a2cbd5629f7bac83f08d052e9486204cbaf734e6f59f010f2779ce0ab605fabfc490"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180000002c00010000000000000000000400008004001000"], 0x18}], 0x1}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r11)

1.025132829s ago: executing program 4 (id=1383):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
socket$isdn(0x22, 0x2, 0x22)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
socket(0x2, 0x80805, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000900000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r4], 0x90}}, 0x0)

980.184662ms ago: executing program 3 (id=1384):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x2e8, 0xf0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x218, 0xffffffff, 0xffffffff, 0x218, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0, 0x60030000, {0x0, 0xff000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}, {{@uncond, 0x0, 0x108, 0x128, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0x5}}, @common=@inet=@ecn={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348)
unshare(0x20000400)
epoll_create1(0x0)
socket$unix(0x1, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b70200000b000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f7a80d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001e8c76bbe7ff988a28ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4522bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b9fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabfd50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd1389a0963de85dd2b189774450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f326df86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c39b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa525235da0000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc32a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f8293cf83bceaf6c9eda1f83166aa1e2093d626870510e6cd176d501fe01e4a752fc30134073188e3f826f695e4e14fca6596943467c7df154493023f77c107b3db20ea75b493b4b38dc43986d94748cbfab954edae20982b6d212a44f4b40387876bc9eb73900"/3112], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000100)="b9ff0b076859268cb89e14f088a847", 0x0, 0xf00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r4, 0x107, 0x8, &(0x7f0000000500), 0x4)

919.732421ms ago: executing program 2 (id=1385):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a80)=ANY=[@ANYBLOB="a4010000190a05000000000000000000000000000c0003400000000000000001770007402117a3a0ca6bead4b2affca81cb36d623843a09caac7c60cc10db68f9bd1302e297a212d278947f6c5f84380ea54538713c854eca55bc10a4cbb5c3dc9bde47d5b40f3a48f7f76ed821b47bfbf5ce8d41300b68af5acb031c11fbbadd121be33fad0718050f676454bed7aee1101e5e42c19450008000b4000000002e400048024000180090001006d617371000000001400028008000340000000000800034000000001100001800a000100717565756500000024000180090001006d657461000000001400028008000340000000040800014000000015640001800900010068617368000000005400028008000440000000000800024000000002080007400000000108000540000008000800054000000005080001400000000f080001400000000b0800074000000000054000000400100001800a00010072616e6765000000140001800e000100626faaf573374cc0a0d3ac15fa7974656f726465720000000900010073797a310000000008000b400000000400"/420], 0x1a4}}, 0x0)
unshare(0x62040200)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0xfffffffc, 0x0, 0x100, 0x20000, 0xff}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r4, &(0x7f0000000480)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000180)="050000000e80006558", 0x9}, {&(0x7f0000000280)="4cdabfd01f55", 0x6}], 0x3)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x2)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r9, &(0x7f0000000040)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a0677bc45ff8105400100f8000500000b480400945f64009400050028925a01000000000000000800000000000009000000fff5dd0000000400010002081000418e0fff0004fcff", 0x58}], 0x1)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

857.204404ms ago: executing program 4 (id=1386):
r0 = socket$netlink(0x10, 0x3, 0xf)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="99fa3a1c872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(r4, &(0x7f0000000200), 0x806000)
recvmmsg(r2, &(0x7f0000001040)=[{{&(0x7f0000000180)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000680)=""/229, 0xe5}, {&(0x7f0000000080)=""/19, 0x13}, {&(0x7f00000002c0)=""/15, 0xf}], 0x3, &(0x7f0000000480)=""/38, 0x26}, 0x6}, {{&(0x7f00000004c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000580)=""/115, 0x73}, {&(0x7f0000000780)=""/191, 0xbf}, {&(0x7f0000000940)=""/225, 0xe1}, {&(0x7f0000000a40)=""/75, 0x4b}, {&(0x7f0000000600)=""/60, 0x3c}, {&(0x7f0000000ac0)=""/198, 0xc6}, {&(0x7f0000000c00)=""/171, 0xab}], 0x7, &(0x7f0000000840)=""/6, 0x6}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000dc0)=""/57, 0x39}], 0x1, &(0x7f0000000e40)=""/182, 0xb6}}, {{&(0x7f0000000f00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000f80)=""/22, 0x16}], 0x1, &(0x7f0000001000)=""/61, 0x3d}, 0x400}], 0x4, 0x2041, &(0x7f0000001140)={0x0, 0x989680})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r3}, &(0x7f0000000400), 0x0}, 0x20)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000c, 0x11, r3, 0x0)
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000008c0)=ANY=[@ANYBLOB="e000000010000b0500002000000000006f6d8864d32a3f2ffaa46c88bca90000002b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff5f5f"], 0xe0}], 0x1}, 0x0)
writev(r0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000bc0)={0x14, r8, 0x300}, 0x14}}, 0x0)

489.473775ms ago: executing program 0 (id=1387):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0xffffffff}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0xffffffa7}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x60}}, 0x8000)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8a"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0xa, 0x20000000000001, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
socket$unix(0x1, 0x5, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r5}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r7, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r6}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x600}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfe7, @void, @value}, 0x94)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)

381.556012ms ago: executing program 3 (id=1388):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x4008800)

243.823024ms ago: executing program 0 (id=1389):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000040000000000030000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000040900020073797a31000000000900010073797a30000000000800054000000021540000000c0a01030000000000000000070000090900020073797a31000000000900010073797a30000000002800038024000080080003400000000218000b80140001800d00010073796e70726f7879"], 0xd8}}, 0x0)

193.71471ms ago: executing program 0 (id=1390):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001600155800000000000000000a000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\t'], 0x20}}, 0x0)

57.494507ms ago: executing program 0 (id=1391):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fefffffffddbdf251200000008000300", @ANYRES32=r2, @ANYBLOB="0a000600ffffffffffff00090600b5004e010000"], 0x30}}, 0x0)

56.693642ms ago: executing program 2 (id=1392):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x80, 0x0, 0x4, 0x43, @dev={0xfe, 0x80, '\x00', 0x19}, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x40, 0x0, 0x0, 0x6}})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = getpid()
syz_open_procfs$namespace(r2, &(0x7f0000000000)='ns/time_for_children\x00')
r3 = getpid()
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r4=>0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r5=>0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r8 = accept4$alg(r7, 0x0, 0x0, 0x0)
sendmmsg$sock(r8, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000006c0)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20}], 0x3}}], 0xaa, 0x4000010)
r9 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, <r10=>0x0}, &(0x7f0000000200)=0xc)
ioctl$TUNSETGROUP(r6, 0x400454ce, r10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)={0x424, 0x42, 0x300, 0x70bd25, 0x25dfdbff, "", [@nested={0x133, 0x28, 0x0, 0x1, [@typed={0xbf, 0xf5, 0x0, 0x0, @binary="1698d288d85e1a56ded00d044271abaf720bebd0ecc5724e8e3782c2c8cb8aabaa91fb6a0d8584662a4bca938c21325523df2da8e389fe8bd93eca1dff9fcf5fcc834d0328debd00aa43165707ce9133fce32ae7f41a01c80efebca3ef95cc0986e28086f36ed1f1262ffb8bea403550d012bb04d456b295e14cb38d2668a28925afffd230419f7e5d5a39fcf909c317f75139b44d08fbeb52e142261b9c11a0c6c4ab36d1d359a8365ef875ac800354bf09633ce58a7437770930"}, @generic="c960e94eb961729cec35d25f1a40c0435a843b14913168fc91afee4ea5df9cd6d06bde0aa82d1c96b995058d51a5ecff06ae7e016446ba89c149e6984c68f73cca30c53d198519", @typed={0xc, 0x110, 0x0, 0x0, @u64}, @typed={0x4, 0x11e}, @nested={0x4, 0x8f}, @typed={0x14, 0x12, 0x0, 0x0, @ipv6=@remote}]}, @nested={0x2dd, 0xe7, 0x0, 0x1, [@typed={0x9, 0x2c, 0x0, 0x0, @str='\xe7:)]\x00'}, @typed={0x8, 0x60, 0x0, 0x0, @pid=r2}, @generic="4c8f4cfb5d342f823209e2561f0bd29d8929315b2fdf4ef55d3e50181154d543b804efacfc3170a7ea951ced251f3bf8ded0f450df68e19fc230ccfb8a92487fad4e121f4be027f6a2d9d45edada13b6e398d32cffe1d69e8353d6db942abc4efadfe16fd49d674ad6814d9374de08d45d8858240663a7b0b7190e81361ca296e638f42a558a0ae53ae207a374368c99ba90489c5dec98e8a0b63c6f8ac00d1078849ec5528ba6ffa8b60c436e48dd2f538c3d5d80424b65ca01543b6f7af5fc1a28a7fe049ed939f2d5324032e1ee6c61f176490ff2a5d8293309c95b9b811b9d20e1b7f8102e80ed3cff8f4aef2ae81853f5e1889d30de", @generic="6f62d9098b5abfc85af534464754f3fc051f1a98ce112a719a0b9db55668067b4ddba6c37a27ecb7cec16d7688359592da1a3a7d8b26b8b4412403410fb31a25944811db0120b992e6016c41ff7b29ea81e994a2027f2ea14a510bee913d10ac682435065b906943437080866d4f47dc2b", @nested={0x4, 0x111}, @generic="04b53dd86af1b91f781c3842795c79d27a9f081647e6330b93456a88bd10f61065510445b4be30fa91fbfa42174840380776b008c4b1f658cf2f1f7a93e847ab116d7b94cb7a9af9f3dcbf49390aa67e465a94d1", @generic="905f93e0f904772866e0e92ed28a1e2daaeab66c98f20a37ded1e43a43348929f1668b189371a60bb1731363fef3ab2aa1895c47d38bb4ac89d43192201bd9aa0b4482588b973d36d85069b1fb6aa3e50aabf5ed5777ee4a1539a2ef330e7c73d7425a39f4fc0dc2cc20dba412447fb04bbbb839e490df4ab93442c8f4b3570574758b5045dad523df82aff9eb208cee91cc29ff7f818e219b2067cb74f7d38f84c1c47223be75e3aca05fee7fdbd43e8690385d7dbc60036b71f2da5d1462d08914c9fba023191faa9e752a9b5ec693811eb3904ab0b4b3cfe5c42bdf596ba2c9cdbefadb18b6cb930fe20bdac513acd6393e03bce2ddbfc8f9a5e1", @typed={0x8, 0x112, 0x0, 0x0, @pid=r3}]}]}, 0x424}], 0x1, &(0x7f0000000140)=[@cred={{0x1c, 0x1, 0x2, {r4, r5, r10}}}, @rights={{0x24, 0x1, 0x1, [r0, r0, r0, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r0, r0, r0]}}], 0x68, 0x200088d0}, 0x20008001)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan0\x00'})

35.898936ms ago: executing program 3 (id=1393):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700))
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000000c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES64=r0, @ANYRES64=r0], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x40)
getsockopt(r1, 0x200000000114, 0x2713, 0x0, &(0x7f0000000000))

0s ago: executing program 1 (id=905):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xeb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x8807, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x4, [{0x0, 0x2}]}]}, {0x0, [0x61, 0x61]}}, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0xffff0856, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x30, r5, 0x6a9354ab0d020bb7, 0x0, 0x25dfdbfc, {0x45}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
recvmsg(r6, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="04", 0x1}], 0x1}, 0x40001)
recvmsg(r6, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@random='L', 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040010)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x1000000, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

kernel console output (not intermixed with test programs):

ytes leftover after parsing attributes in process `syz.0.774'.
[  144.140609][ T8386] netlink: 24 bytes leftover after parsing attributes in process `syz.3.776'.
[  144.234070][ T8355] lo speed is unknown, defaulting to 1000
[  144.298824][ T8390] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  144.334226][ T8389] netlink: 4 bytes leftover after parsing attributes in process `syz.4.777'.
[  144.490215][ T8393] FAULT_INJECTION: forcing a failure.
[  144.490215][ T8393] name failslab, interval 1, probability 0, space 0, times 0
[  144.542141][ T8393] CPU: 0 UID: 0 PID: 8393 Comm: syz.3.779 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  144.542167][ T8393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  144.542176][ T8393] Call Trace:
[  144.542182][ T8393]  <TASK>
[  144.542189][ T8393]  dump_stack_lvl+0x241/0x360
[  144.542216][ T8393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.542233][ T8393]  ? __pfx__printk+0x10/0x10
[  144.542252][ T8393]  ? __kmalloc_noprof+0xb5/0x4c0
[  144.542274][ T8393]  ? __pfx___might_resched+0x10/0x10
[  144.542292][ T8393]  ? aa_get_newest_label+0xff/0x6f0
[  144.542312][ T8393]  ? genl_get_cmd+0x19e/0xce0
[  144.542332][ T8393]  should_fail_ex+0x40a/0x550
[  144.542359][ T8393]  should_failslab+0xac/0x100
[  144.542381][ T8393]  __kmalloc_noprof+0xdd/0x4c0
[  144.542400][ T8393]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  144.542417][ T8393]  ? apparmor_capable+0x13b/0x1b0
[  144.542437][ T8393]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  144.542462][ T8393]  genl_rcv_msg+0x80b/0xec0
[  144.542487][ T8393]  ? __pfx_genl_rcv_msg+0x10/0x10
[  144.542530][ T8393]  ? __pfx_lock_acquire+0x10/0x10
[  144.542552][ T8393]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  144.542573][ T8393]  ? __pfx_nl802154_add_llsec_seclevel+0x10/0x10
[  144.542590][ T8393]  ? __pfx_nl802154_post_doit+0x10/0x10
[  144.542613][ T8393]  ? __pfx___might_resched+0x10/0x10
[  144.542641][ T8393]  netlink_rcv_skb+0x206/0x480
[  144.542662][ T8393]  ? __pfx_genl_rcv_msg+0x10/0x10
[  144.542681][ T8393]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  144.542735][ T8393]  genl_rcv+0x28/0x40
[  144.542750][ T8393]  netlink_unicast+0x7f6/0x990
[  144.542778][ T8393]  ? __pfx_netlink_unicast+0x10/0x10
[  144.542794][ T8393]  ? __virt_addr_valid+0x45f/0x530
[  144.542811][ T8393]  ? __phys_addr_symbol+0x2f/0x70
[  144.542826][ T8393]  ? __check_object_size+0x47a/0x730
[  144.542851][ T8393]  netlink_sendmsg+0x8de/0xcb0
[  144.542885][ T8393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.542910][ T8393]  ? aa_sock_msg_perm+0x91/0x160
[  144.542938][ T8393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.542963][ T8393]  __sock_sendmsg+0x221/0x270
[  144.542987][ T8393]  ____sys_sendmsg+0x53a/0x860
[  144.543013][ T8393]  ? __pfx_____sys_sendmsg+0x10/0x10
[  144.543028][ T8393]  ? __fget_files+0x2a/0x410
[  144.543052][ T8393]  ? __fget_files+0x2a/0x410
[  144.543082][ T8393]  __sys_sendmsg+0x269/0x350
[  144.543105][ T8393]  ? __pfx___sys_sendmsg+0x10/0x10
[  144.543136][ T8393]  ? do_sys_openat2+0x17a/0x1d0
[  144.543190][ T8393]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  144.543217][ T8393]  ? do_syscall_64+0x100/0x230
[  144.543239][ T8393]  ? do_syscall_64+0xb6/0x230
[  144.543260][ T8393]  do_syscall_64+0xf3/0x230
[  144.543278][ T8393]  ? clear_bhb_loop+0x35/0x90
[  144.543302][ T8393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.543322][ T8393] RIP: 0033:0x7f0f6b78d169
[  144.543336][ T8393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.543349][ T8393] RSP: 002b:00007f0f6c5a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  144.543367][ T8393] RAX: ffffffffffffffda RBX: 00007f0f6b9a5fa0 RCX: 00007f0f6b78d169
[  144.543379][ T8393] RDX: 0000000000040000 RSI: 0000400000000440 RDI: 0000000000000004
[  144.543389][ T8393] RBP: 00007f0f6c5a6090 R08: 0000000000000000 R09: 0000000000000000
[  144.543399][ T8393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.543409][ T8393] R13: 0000000000000000 R14: 00007f0f6b9a5fa0 R15: 00007ffcfb549c78
[  144.543436][ T8393]  </TASK>
[  145.141906][    C1] bridge0: port 3(hsr0) entered forwarding state
[  145.148322][    C1] bridge0: topology change detected, propagating
[  145.283798][ T8398] ip6t_rpfilter: unknown options
[  145.563486][ T8407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.783'.
[  146.699163][ T8442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'.
[  147.257676][ T8469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'.
[  147.266747][ T8469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'.
[  147.429482][ T8478] vlan2: entered allmulticast mode
[  147.451355][ T8478] macsec0: entered allmulticast mode
[  147.472914][ T8478] veth1_macvtap: entered allmulticast mode
[  147.498646][ T8478] bridge0: port 1(vlan2) entered blocking state
[  147.530309][ T8478] bridge0: port 1(vlan2) entered disabled state
[  147.555661][ T8478] vlan2: entered promiscuous mode
[  147.570272][ T8478] macsec0: entered promiscuous mode
[  147.605741][ T8478] bridge0: port 1(vlan2) entered blocking state
[  147.612520][ T8478] bridge0: port 1(vlan2) entered forwarding state
[  147.750489][ T8496] netlink: 'syz.0.816': attribute type 5 has an invalid length.
[  147.787082][ T8496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.816'.
[  147.976649][ T8503] netlink: 104 bytes leftover after parsing attributes in process `syz.4.817'.
[  148.141119][ T8514] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  148.167185][ T8517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.821'.
[  148.861396][ T8542] netlink: 'syz.0.828': attribute type 5 has an invalid length.
[  149.086306][ T8548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.831'.
[  149.120797][ T8548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.831'.
[  149.137481][ T8548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.831'.
[  149.507324][ T8569] bridge: RTM_NEWNEIGH with invalid ether address
[  149.612991][ T8575] Cannot find add_set index 1 as target
[  151.217272][ T8614] can: request_module (can-proto-0) failed.
[  151.563154][ T8626] tipc: Failed to obtain node identity
[  151.568825][ T8626] tipc: Enabling of bearer <ib:wg2> rejected, failed to enable media
[  151.588966][ T8626] __nla_validate_parse: 56 callbacks suppressed
[  151.588980][ T8626] netlink: 20 bytes leftover after parsing attributes in process `syz.0.854'.
[  151.800478][ T8631] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  151.940120][ T8644] netlink: 8 bytes leftover after parsing attributes in process `syz.0.858'.
[  151.959323][ T8646] netlink: 'syz.1.857': attribute type 1 has an invalid length.
[  151.979895][ T8644] netlink: 4 bytes leftover after parsing attributes in process `syz.0.858'.
[  152.055787][ T8649] ip6erspan0: entered promiscuous mode
[  152.111081][ T8653] netlink: 'syz.3.861': attribute type 1 has an invalid length.
[  152.147050][ T8653] 8021q: adding VLAN 0 to HW filter on device bond3
[  152.190280][ T8653] bond3: (slave ip6gretap1): making interface the new active one
[  152.201124][ T8653] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  152.547488][ T8682] netlink: 'syz.3.871': attribute type 10 has an invalid length.
[  152.572699][ T8684] netlink: 48 bytes leftover after parsing attributes in process `syz.1.870'.
[  152.613562][ T8685] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  152.702383][ T8682] 8021q: adding VLAN 0 to HW filter on device team0
[  152.711682][ T8682] bond0: (slave team0): Enslaving as an active interface with an up link
[  152.728527][ T8689] FAULT_INJECTION: forcing a failure.
[  152.728527][ T8689] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.761169][ T8689] CPU: 0 UID: 0 PID: 8689 Comm: syz.4.872 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  152.761189][ T8689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  152.761199][ T8689] Call Trace:
[  152.761205][ T8689]  <TASK>
[  152.761212][ T8689]  dump_stack_lvl+0x241/0x360
[  152.761238][ T8689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.761255][ T8689]  ? __pfx__printk+0x10/0x10
[  152.761274][ T8689]  ? __pfx_lock_release+0x10/0x10
[  152.761304][ T8689]  should_fail_ex+0x40a/0x550
[  152.761330][ T8689]  _copy_from_iter+0x1df/0x1c40
[  152.761349][ T8689]  ? __virt_addr_valid+0x183/0x530
[  152.761373][ T8689]  ? __pfx_lock_release+0x10/0x10
[  152.761401][ T8689]  ? __alloc_skb+0x28f/0x440
[  152.761417][ T8689]  ? __pfx__copy_from_iter+0x10/0x10
[  152.761436][ T8689]  ? __virt_addr_valid+0x183/0x530
[  152.761451][ T8689]  ? __virt_addr_valid+0x183/0x530
[  152.761465][ T8689]  ? __virt_addr_valid+0x45f/0x530
[  152.761481][ T8689]  ? __phys_addr_symbol+0x2f/0x70
[  152.761495][ T8689]  ? __check_object_size+0x47a/0x730
[  152.761520][ T8689]  netlink_sendmsg+0x742/0xcb0
[  152.761553][ T8689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.761577][ T8689]  ? aa_sock_msg_perm+0x91/0x160
[  152.761604][ T8689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.761623][ T8689]  __sock_sendmsg+0x221/0x270
[  152.761645][ T8689]  ____sys_sendmsg+0x53a/0x860
[  152.761668][ T8689]  ? __pfx_____sys_sendmsg+0x10/0x10
[  152.761700][ T8689]  __sys_sendmsg+0x269/0x350
[  152.761722][ T8689]  ? __pfx___sys_sendmsg+0x10/0x10
[  152.761750][ T8689]  ? __pfx_vfs_write+0x10/0x10
[  152.761765][ T8689]  ? do_sys_openat2+0x17a/0x1d0
[  152.761811][ T8689]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  152.761833][ T8689]  ? do_syscall_64+0x100/0x230
[  152.761851][ T8689]  ? do_syscall_64+0xb6/0x230
[  152.761871][ T8689]  do_syscall_64+0xf3/0x230
[  152.761888][ T8689]  ? clear_bhb_loop+0x35/0x90
[  152.761910][ T8689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.761930][ T8689] RIP: 0033:0x7fc37978d169
[  152.761944][ T8689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.761957][ T8689] RSP: 002b:00007fc37a6a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.761975][ T8689] RAX: ffffffffffffffda RBX: 00007fc3799a5fa0 RCX: 00007fc37978d169
[  152.761986][ T8689] RDX: 0000000000000000 RSI: 0000400000000680 RDI: 0000000000000008
[  152.761997][ T8689] RBP: 00007fc37a6a7090 R08: 0000000000000000 R09: 0000000000000000
[  152.762007][ T8689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.762017][ T8689] R13: 0000000000000000 R14: 00007fc3799a5fa0 R15: 00007ffc24fd41e8
[  152.762042][ T8689]  </TASK>
[  153.383336][ T8696] netlink: 4 bytes leftover after parsing attributes in process `syz.2.875'.
[  153.448559][ T8696] ipvlan2: entered promiscuous mode
[  153.479285][ T8696] bridge0: port 3(ipvlan2) entered blocking state
[  153.501925][ T8696] bridge0: port 3(ipvlan2) entered disabled state
[  153.522756][ T8696] ipvlan2: entered allmulticast mode
[  153.572170][ T8696] bridge0: entered allmulticast mode
[  153.593424][ T8696] ipvlan2: left allmulticast mode
[  153.613669][ T8696] bridge0: left allmulticast mode
[  154.000166][ T8719] netlink: 'syz.1.882': attribute type 1 has an invalid length.
[  154.001180][ T8712] netlink: 'syz.2.881': attribute type 39 has an invalid length.
[  154.030672][ T8719] netlink: 'syz.1.882': attribute type 3 has an invalid length.
[  154.058133][ T8719] netlink: 224 bytes leftover after parsing attributes in process `syz.1.882'.
[  154.085108][ T8719] NCSI netlink: No device for ifindex 246
[  154.335109][ T8736] FAULT_INJECTION: forcing a failure.
[  154.335109][ T8736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.350964][ T8736] CPU: 1 UID: 0 PID: 8736 Comm: syz.4.886 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  154.350988][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  154.350998][ T8736] Call Trace:
[  154.351004][ T8736]  <TASK>
[  154.351019][ T8736]  dump_stack_lvl+0x241/0x360
[  154.351045][ T8736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.351062][ T8736]  ? __pfx__printk+0x10/0x10
[  154.351081][ T8736]  ? __pfx_lock_release+0x10/0x10
[  154.351112][ T8736]  should_fail_ex+0x40a/0x550
[  154.351138][ T8736]  _copy_from_iter+0x1df/0x1c40
[  154.351157][ T8736]  ? __virt_addr_valid+0x183/0x530
[  154.351173][ T8736]  ? __pfx_lock_release+0x10/0x10
[  154.351201][ T8736]  ? __alloc_skb+0x28f/0x440
[  154.351217][ T8736]  ? __pfx__copy_from_iter+0x10/0x10
[  154.351237][ T8736]  ? __virt_addr_valid+0x183/0x530
[  154.351251][ T8736]  ? __virt_addr_valid+0x183/0x530
[  154.351265][ T8736]  ? __virt_addr_valid+0x45f/0x530
[  154.351281][ T8736]  ? __phys_addr_symbol+0x2f/0x70
[  154.351296][ T8736]  ? __check_object_size+0x47a/0x730
[  154.351321][ T8736]  netlink_sendmsg+0x742/0xcb0
[  154.351354][ T8736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.351379][ T8736]  ? aa_sock_msg_perm+0x91/0x160
[  154.351407][ T8736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.351426][ T8736]  __sock_sendmsg+0x221/0x270
[  154.351450][ T8736]  ____sys_sendmsg+0x53a/0x860
[  154.351475][ T8736]  ? __pfx_____sys_sendmsg+0x10/0x10
[  154.351491][ T8736]  ? __fget_files+0x2a/0x410
[  154.351515][ T8736]  ? __fget_files+0x2a/0x410
[  154.351544][ T8736]  __sys_sendmsg+0x269/0x350
[  154.351567][ T8736]  ? __pfx___sys_sendmsg+0x10/0x10
[  154.351596][ T8736]  ? do_sys_openat2+0x17a/0x1d0
[  154.351641][ T8736]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  154.351665][ T8736]  ? do_syscall_64+0x100/0x230
[  154.351687][ T8736]  ? do_syscall_64+0xb6/0x230
[  154.351708][ T8736]  do_syscall_64+0xf3/0x230
[  154.351726][ T8736]  ? clear_bhb_loop+0x35/0x90
[  154.351749][ T8736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.351769][ T8736] RIP: 0033:0x7fc37978d169
[  154.351784][ T8736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.351801][ T8736] RSP: 002b:00007fc37a6a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.351819][ T8736] RAX: ffffffffffffffda RBX: 00007fc3799a5fa0 RCX: 00007fc37978d169
[  154.351830][ T8736] RDX: 0000000020000010 RSI: 0000400000001000 RDI: 0000000000000003
[  154.351840][ T8736] RBP: 00007fc37a6a7090 R08: 0000000000000000 R09: 0000000000000000
[  154.351850][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.351859][ T8736] R13: 0000000000000000 R14: 00007fc3799a5fa0 R15: 00007ffc24fd41e8
[  154.351883][ T8736]  </TASK>
[  154.707814][ T8742] netlink: 64 bytes leftover after parsing attributes in process `syz.1.887'.
[  154.740606][ T8740] netlink: 20 bytes leftover after parsing attributes in process `syz.2.884'.
[  154.968868][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.888'.
[  154.991908][ T8745] netlink: 12 bytes leftover after parsing attributes in process `syz.4.888'.
[  155.000811][ T8745] netlink: 'syz.4.888': attribute type 7 has an invalid length.
[  155.170237][ T8753] netlink: 'syz.4.891': attribute type 6 has an invalid length.
[  155.180112][ T8751] netlink: 'syz.2.892': attribute type 9 has an invalid length.
[  155.204261][ T8753] bond0: option use_carrier: invalid value (255)
[  155.215995][ T8755] xt_bpf: check failed: parse error
[  155.459461][ T8763] netlink: 'syz.3.894': attribute type 39 has an invalid length.
[  155.815132][ T8783] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  155.950112][ T8785] siw: device registration error -23
[  156.111705][ T8779] bond0 (unregistering): Released all slaves
[  156.396307][ T2982] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.577172][ T2982] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.702792][ T2982] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.782682][ T2982] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.976807][ T8802] FAULT_INJECTION: forcing a failure.
[  156.976807][ T8802] name failslab, interval 1, probability 0, space 0, times 0
[  156.990595][ T2982] vlan2: left promiscuous mode
[  157.001943][ T2982] macsec0: left promiscuous mode
[  157.005399][ T8802] CPU: 0 UID: 0 PID: 8802 Comm: syz.2.908 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  157.005420][ T8802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  157.005430][ T8802] Call Trace:
[  157.005436][ T8802]  <TASK>
[  157.005443][ T8802]  dump_stack_lvl+0x241/0x360
[  157.005468][ T8802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.005486][ T8802]  ? __pfx__printk+0x10/0x10
[  157.005504][ T8802]  ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0
[  157.005527][ T8802]  ? __pfx___might_resched+0x10/0x10
[  157.005545][ T8802]  ? vsnprintf+0x1181/0x1220
[  157.005570][ T8802]  should_fail_ex+0x40a/0x550
[  157.005596][ T8802]  should_failslab+0xac/0x100
[  157.005619][ T8802]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[  157.005644][ T8802]  ? kasprintf+0xd5/0x120
[  157.005668][ T8802]  kvasprintf+0xdf/0x190
[  157.005687][ T8802]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.005704][ T8802]  ? __pfx_kvasprintf+0x10/0x10
[  157.005725][ T8802]  ? __pfx_ieee80211_dynamic_ps_timer+0x10/0x10
[  157.005753][ T8802]  kasprintf+0xd5/0x120
[  157.005772][ T8802]  ? lockdep_init_map_type+0xa1/0x910
[  157.005793][ T8802]  ? kvasprintf+0x106/0x190
[  157.005813][ T8802]  ? __pfx_kasprintf+0x10/0x10
[  157.005845][ T8802]  ? __pfx_ieee80211_dynamic_ps_timer+0x10/0x10
[  157.005867][ T8802]  ieee80211_alloc_led_names+0x1df/0x2b0
[  157.005890][ T8802]  ieee80211_alloc_hw_nm+0x182d/0x1ea0
[  157.005914][ T8802]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  157.005942][ T8802]  mac80211_hwsim_new_radio+0x203/0x49f0
[  157.005977][ T8802]  ? __pfx_stack_trace_save+0x10/0x10
[  157.006000][ T8802]  ? stack_depot_save_flags+0x37/0x940
[  157.006024][ T8802]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  157.006057][ T8802]  hwsim_new_radio_nl+0xece/0x2290
[  157.006087][ T8802]  ? __pfx___nla_validate_parse+0x10/0x10
[  157.006108][ T8802]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  157.006157][ T8802]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  157.006183][ T8802]  genl_rcv_msg+0xb1f/0xec0
[  157.006208][ T8802]  ? __pfx_genl_rcv_msg+0x10/0x10
[  157.006251][ T8802]  ? __pfx_lock_acquire+0x10/0x10
[  157.006271][ T8802]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  157.006291][ T8802]  ? __pfx___might_resched+0x10/0x10
[  157.006320][ T8802]  netlink_rcv_skb+0x206/0x480
[  157.006342][ T8802]  ? __pfx_genl_rcv_msg+0x10/0x10
[  157.006359][ T8802]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  157.006394][ T8802]  ? __netlink_deliver_tap+0x7b0/0x7f0
[  157.006428][ T8802]  genl_rcv+0x28/0x40
[  157.006442][ T8802]  netlink_unicast+0x7f6/0x990
[  157.006469][ T8802]  ? __pfx_netlink_unicast+0x10/0x10
[  157.006485][ T8802]  ? __virt_addr_valid+0x45f/0x530
[  157.006501][ T8802]  ? __phys_addr_symbol+0x2f/0x70
[  157.006515][ T8802]  ? __check_object_size+0x47a/0x730
[  157.006540][ T8802]  netlink_sendmsg+0x8de/0xcb0
[  157.006575][ T8802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.006600][ T8802]  ? aa_sock_msg_perm+0x91/0x160
[  157.006628][ T8802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.006647][ T8802]  __sock_sendmsg+0x221/0x270
[  157.006670][ T8802]  ____sys_sendmsg+0x53a/0x860
[  157.006695][ T8802]  ? __pfx_____sys_sendmsg+0x10/0x10
[  157.006710][ T8802]  ? __fget_files+0x2a/0x410
[  157.006734][ T8802]  ? __fget_files+0x2a/0x410
[  157.006762][ T8802]  __sys_sendmsg+0x269/0x350
[  157.006784][ T8802]  ? __pfx___sys_sendmsg+0x10/0x10
[  157.006833][ T8802]  ? do_sys_openat2+0x17a/0x1d0
[  157.006880][ T8802]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  157.006902][ T8802]  ? do_syscall_64+0x100/0x230
[  157.006924][ T8802]  ? do_syscall_64+0xb6/0x230
[  157.006945][ T8802]  do_syscall_64+0xf3/0x230
[  157.006963][ T8802]  ? clear_bhb_loop+0x35/0x90
[  157.006986][ T8802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.007005][ T8802] RIP: 0033:0x7efc8918d169
[  157.007019][ T8802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.007032][ T8802] RSP: 002b:00007efc89f73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.007049][ T8802] RAX: ffffffffffffffda RBX: 00007efc893a5fa0 RCX: 00007efc8918d169
[  157.007061][ T8802] RDX: 0000000020000000 RSI: 0000400000000140 RDI: 0000000000000003
[  157.007071][ T8802] RBP: 00007efc89f73090 R08: 0000000000000000 R09: 0000000000000000
[  157.007080][ T8802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  157.007089][ T8802] R13: 0000000000000000 R14: 00007efc893a5fa0 R15: 00007fffe8d24408
[  157.007114][ T8802]  </TASK>
[  157.112423][ T8804] netlink: 'syz.0.907': attribute type 4 has an invalid length.
[  157.211957][ T2982] bridge0: port 4(vlan2) entered disabled state
[  157.291989][ T8804] __nla_validate_parse: 9 callbacks suppressed
[  157.292005][ T8804] netlink: 24 bytes leftover after parsing attributes in process `syz.0.907'.
[  157.473364][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  157.482627][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  157.490860][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  157.499104][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  157.507403][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  157.515107][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  157.523666][ T2982] bond1: left allmulticast mode
[  157.528580][ T2982] bond1: left promiscuous mode
[  157.544610][ T8809] netlink: 'syz.4.909': attribute type 4 has an invalid length.
[  157.547912][ T2982] bridge0: port 3(bond1) entered disabled state
[  157.574749][ T2982] bridge_slave_1: left allmulticast mode
[  157.591998][ T2982] bridge_slave_1: left promiscuous mode
[  157.619967][ T2982] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.646686][ T8811] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  157.669210][ T2982] bridge_slave_0: left allmulticast mode
[  157.681956][ T2982] bridge_slave_0: left promiscuous mode
[  157.692344][ T2982] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.086080][ T2982] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.098073][ T2982] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.108295][ T2982] bond0 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  158.118514][ T2982] bond0 (unregistering): Released all slaves
[  158.210473][ T2982] bond1 (unregistering): Released all slaves
[  158.433054][ T8823] netlink: 'syz.4.913': attribute type 2 has an invalid length.
[  158.542906][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'.
[  158.574664][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'.
[  158.615652][ T8806] lo speed is unknown, defaulting to 1000
[  159.161050][ T8806] chnl_net:caif_netlink_parms(): no params data found
[  159.198772][ T2982] hsr_slave_0: left promiscuous mode
[  159.215704][ T2982] hsr_slave_1: left promiscuous mode
[  159.227901][ T2982] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.235578][ T8854] netlink: 24 bytes leftover after parsing attributes in process `syz.4.924'.
[  159.246095][ T2982] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.274515][ T2982] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.284805][ T2982] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.348604][ T2982] macsec0: left allmulticast mode
[  159.360413][ T2982] veth1_macvtap: left allmulticast mode
[  159.368845][ T8860] netlink: 'syz.4.924': attribute type 1 has an invalid length.
[  159.387451][ T2982] veth1_macvtap: left promiscuous mode
[  159.399659][ T2982] veth0_macvtap: left promiscuous mode
[  159.407063][ T2982] veth1_vlan: left promiscuous mode
[  159.413065][ T2982] veth0_vlan: left promiscuous mode
[  159.542025][   T54] Bluetooth: hci3: command tx timeout
[  160.008292][ T2982] team0 (unregistering): Port device team_slave_1 removed
[  160.059779][ T2982] team0 (unregistering): Port device team_slave_0 removed
[  160.388548][ T2982] vxcan1 (unregistering): left allmulticast mode
[  160.949471][ T8806] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.992377][ T8806] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.004835][ T8806] bridge_slave_0: entered allmulticast mode
[  161.017476][ T8806] bridge_slave_0: entered promiscuous mode
[  161.078734][ T8806] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.093056][ T8806] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.100603][ T8806] bridge_slave_1: entered allmulticast mode
[  161.108584][ T8806] bridge_slave_1: entered promiscuous mode
[  161.242943][ T8806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.278879][ T8806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.343779][ T8806] team0: Port device team_slave_0 added
[  161.357615][ T8806] team0: Port device team_slave_1 added
[  161.455763][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.474375][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.483112][ T8879] netlink: 112 bytes leftover after parsing attributes in process `syz.4.931'.
[  161.546740][ T8806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.580618][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.598142][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.598649][ T8881] netlink: 36 bytes leftover after parsing attributes in process `syz.4.931'.
[  161.637459][   T54] Bluetooth: hci3: command tx timeout
[  161.644381][ T8806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.703416][ T8806] hsr_slave_0: entered promiscuous mode
[  161.709798][ T8806] hsr_slave_1: entered promiscuous mode
[  161.715988][ T8806] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.724338][ T8806] Cannot create hsr debugfs directory
[  161.810233][ T8883] xt_nfacct: accounting object `syz1' does not exists
[  161.855767][ T8883] netlink: 44 bytes leftover after parsing attributes in process `syz.2.932'.
[  162.468449][ T8887] lo speed is unknown, defaulting to 1000
[  162.810105][ T8806] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  162.830204][ T8806] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  162.863459][ T8806] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  162.880357][ T8806] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  163.149235][ T8806] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.209943][ T8806] 8021q: adding VLAN 0 to HW filter on device team0
[  163.258320][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.265495][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.331695][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.338855][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.463438][ T8806] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  163.563526][ T8915] rdma_rxe: rxe_newlink: failed to add vxcan1
[  163.618907][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.939'.
[  163.704178][   T54] Bluetooth: hci3: command tx timeout
[  163.821672][ T8806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.919365][ T8806] veth0_vlan: entered promiscuous mode
[  163.965902][ T8806] veth1_vlan: entered promiscuous mode
[  164.054230][ T8806] veth0_macvtap: entered promiscuous mode
[  164.083758][ T8806] veth1_macvtap: entered promiscuous mode
[  164.154745][ T8936] netlink: 16 bytes leftover after parsing attributes in process `syz.3.943'.
[  164.192704][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.229214][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.253969][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.281910][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.313628][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.339728][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.370692][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.401468][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.424835][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.453938][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_1
[  164.590486][ T8940] bridge0: port 1(vlan2) entered disabled state
[  164.870388][ T8940] veth1_macvtap: left allmulticast mode
[  164.900961][ T8940] macsec0: left allmulticast mode
[  164.909708][ T8940] macsec0: left promiscuous mode
[  164.985179][ T8940] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.032741][ T8940] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.041638][ T8940] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.081940][ T8940] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  165.139393][ T8806] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.171889][ T8806] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.180613][ T8806] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.222051][ T8806] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.527637][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.554757][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.782343][   T54] Bluetooth: hci3: command tx timeout
[  166.060598][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.089552][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.185908][ T8981] lo speed is unknown, defaulting to 1000
[  166.256471][ T9006] x_tables: ip6_tables: mh match: only valid for protocol 135
[  166.440134][ T9010] netlink: 44 bytes leftover after parsing attributes in process `syz.0.959'.
[  166.902850][ T9027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.962'.
[  167.137157][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.287463][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.375939][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.458789][ T9039] netlink: 'syz.4.966': attribute type 10 has an invalid length.
[  167.473570][ T9039] team0: Port device hsr_slave_0 added
[  167.561413][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.643473][ T9046] FAULT_INJECTION: forcing a failure.
[  167.643473][ T9046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.685033][ T9046] CPU: 1 UID: 0 PID: 9046 Comm: syz.0.967 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  167.685058][ T9046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  167.685068][ T9046] Call Trace:
[  167.685073][ T9046]  <TASK>
[  167.685079][ T9046]  dump_stack_lvl+0x241/0x360
[  167.685102][ T9046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.685115][ T9046]  ? __pfx__printk+0x10/0x10
[  167.685132][ T9046]  ? __pfx_lock_release+0x10/0x10
[  167.685162][ T9046]  should_fail_ex+0x40a/0x550
[  167.685188][ T9046]  _copy_from_user+0x2d/0xb0
[  167.685209][ T9046]  copy_msghdr_from_user+0xae/0x680
[  167.685236][ T9046]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  167.685255][ T9046]  ? __fget_files+0x2a/0x410
[  167.685280][ T9046]  ? __fget_files+0x2a/0x410
[  167.685308][ T9046]  __sys_sendmsg+0x209/0x350
[  167.685337][ T9046]  ? __pfx___sys_sendmsg+0x10/0x10
[  167.685366][ T9046]  ? do_sys_openat2+0x17a/0x1d0
[  167.685412][ T9046]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  167.685435][ T9046]  ? do_syscall_64+0x100/0x230
[  167.685457][ T9046]  ? do_syscall_64+0xb6/0x230
[  167.685477][ T9046]  do_syscall_64+0xf3/0x230
[  167.685495][ T9046]  ? clear_bhb_loop+0x35/0x90
[  167.685518][ T9046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.685536][ T9046] RIP: 0033:0x7f393718d169
[  167.685550][ T9046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.685563][ T9046] RSP: 002b:00007f3938034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  167.685581][ T9046] RAX: ffffffffffffffda RBX: 00007f39373a5fa0 RCX: 00007f393718d169
[  167.685593][ T9046] RDX: 0000000000000000 RSI: 0000400000000600 RDI: 0000000000000004
[  167.685602][ T9046] RBP: 00007f3938034090 R08: 0000000000000000 R09: 0000000000000000
[  167.685611][ T9046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.685620][ T9046] R13: 0000000000000000 R14: 00007f39373a5fa0 R15: 00007ffed3929d58
[  167.685650][ T9046]  </TASK>
[  168.044600][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  168.082515][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  168.112171][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  168.132526][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  168.150708][   T12] bridge_slave_1: left allmulticast mode
[  168.158154][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  168.171925][   T12] bridge_slave_1: left promiscuous mode
[  168.177763][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  168.185977][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.213374][   T12] bridge_slave_0: left allmulticast mode
[  168.225046][   T12] bridge_slave_0: left promiscuous mode
[  168.230791][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.895684][ T9066] netlink: 'syz.3.973': attribute type 39 has an invalid length.
[  168.959839][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  168.985918][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.018146][   T12] bond0 (unregistering): Released all slaves
[  169.336919][ T9051] lo speed is unknown, defaulting to 1000
[  169.731220][ T9085] netlink: 32 bytes leftover after parsing attributes in process `syz.0.979'.
[  169.764339][   T12] hsr_slave_0: left promiscuous mode
[  169.775814][   T12] hsr_slave_1: left promiscuous mode
[  169.787459][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.799251][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.818543][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.828157][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  169.852951][   T12] veth1_macvtap: left promiscuous mode
[  169.858493][   T12] veth0_macvtap: left promiscuous mode
[  169.864381][   T12] veth1_vlan: left promiscuous mode
[  169.869686][   T12] veth0_vlan: left promiscuous mode
[  170.203136][   T12] team0 (unregistering): Port device team_slave_1 removed
[  170.237013][   T12] team0 (unregistering): Port device team_slave_0 removed
[  170.267426][   T54] Bluetooth: hci3: command tx timeout
[  170.651549][ T9051] chnl_net:caif_netlink_parms(): no params data found
[  170.808026][ T9100] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.824387][ T9102] netlink: 'syz.0.985': attribute type 39 has an invalid length.
[  170.870886][ T9051] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.888616][ T9051] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.906525][ T9051] bridge_slave_0: entered allmulticast mode
[  170.913812][ T9051] bridge_slave_0: entered promiscuous mode
[  170.944507][ T9100] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.982299][ T9051] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.991723][ T9051] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.999287][ T9051] bridge_slave_1: entered allmulticast mode
[  171.006600][ T9051] bridge_slave_1: entered promiscuous mode
[  171.020891][ T9100] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.083173][ T9100] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.107268][ T9051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.125442][ T9051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.221333][ T9051] team0: Port device team_slave_0 added
[  171.301402][ T9051] team0: Port device team_slave_1 added
[  171.456839][ T9100] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  171.491517][ T9100] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  171.625166][ T9051] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.642010][ T9051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.699961][ T9051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.724445][ T9100] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  171.755042][ T9100] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  171.781056][ T9051] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.804215][ T9051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.851868][ T9051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.955908][ T9051] hsr_slave_0: entered promiscuous mode
[  171.982997][ T9051] hsr_slave_1: entered promiscuous mode
[  171.989075][ T9051] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.012163][ T9051] Cannot create hsr debugfs directory
[  172.342862][ T5845] Bluetooth: hci3: command tx timeout
[  173.545622][ T9179] netlink: 'syz.4.1009': attribute type 3 has an invalid length.
[  173.559846][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1009'.
[  173.580442][ T9179] bond0: (slave macvlan2): Opening slave failed
[  173.636712][ T9051] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  173.660621][ T9051] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  173.693385][ T9051] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  173.734984][ T9051] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  173.796926][ T9185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1013'.
[  173.833357][ T9185] bond0: (slave macvlan2): Opening slave failed
[  173.958799][ T9051] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.003848][ T9051] 8021q: adding VLAN 0 to HW filter on device team0
[  174.035232][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.042390][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.081002][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.088150][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.180098][ T9051] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  174.212061][ T9051] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  174.422090][ T5845] Bluetooth: hci3: command 0x040f tx timeout
[  174.575938][ T9051] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.656266][ T9212] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1022'.
[  174.672044][ T9051] veth0_vlan: entered promiscuous mode
[  174.706160][ T9051] veth1_vlan: entered promiscuous mode
[  174.810225][ T9051] veth0_macvtap: entered promiscuous mode
[  174.847448][ T9051] veth1_macvtap: entered promiscuous mode
[  174.903402][ T9051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.939516][ T9051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.949715][ T9051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.961084][ T9051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.987097][ T9051] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.008300][ T9051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.010569][ T9224] FAULT_INJECTION: forcing a failure.
[  175.010569][ T9224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.020070][ T9051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.050366][ T9051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.067783][ T9051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.071200][ T9224] CPU: 1 UID: 0 PID: 9224 Comm: syz.4.1024 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  175.071222][ T9224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  175.071232][ T9224] Call Trace:
[  175.071238][ T9224]  <TASK>
[  175.071245][ T9224]  dump_stack_lvl+0x241/0x360
[  175.071271][ T9224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.071288][ T9224]  ? __pfx__printk+0x10/0x10
[  175.071309][ T9224]  ? snprintf+0xda/0x120
[  175.071333][ T9224]  should_fail_ex+0x40a/0x550
[  175.071359][ T9224]  _copy_to_user+0x31/0xb0
[  175.071381][ T9224]  simple_read_from_buffer+0xca/0x150
[  175.071404][ T9224]  proc_fail_nth_read+0x1e9/0x250
[  175.071427][ T9224]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.071449][ T9224]  ? rw_verify_area+0x243/0x630
[  175.071465][ T9224]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.071486][ T9224]  vfs_read+0x1f8/0xb40
[  175.071509][ T9224]  ? __pfx_vfs_read+0x10/0x10
[  175.071529][ T9224]  ? __pfx_timespec64_add_safe+0x10/0x10
[  175.071563][ T9224]  ksys_read+0x18f/0x2b0
[  175.071589][ T9224]  ? __pfx_ksys_read+0x10/0x10
[  175.071606][ T9224]  ? do_syscall_64+0x100/0x230
[  175.071627][ T9224]  ? do_syscall_64+0xb6/0x230
[  175.071647][ T9224]  do_syscall_64+0xf3/0x230
[  175.071665][ T9224]  ? clear_bhb_loop+0x35/0x90
[  175.071687][ T9224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.071706][ T9224] RIP: 0033:0x7fc37978bb7c
[  175.071720][ T9224] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  175.071735][ T9224] RSP: 002b:00007fc37a6a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  175.071753][ T9224] RAX: ffffffffffffffda RBX: 00007fc3799a5fa0 RCX: 00007fc37978bb7c
[  175.071765][ T9224] RDX: 000000000000000f RSI: 00007fc37a6a70a0 RDI: 0000000000000004
[  175.071774][ T9224] RBP: 00007fc37a6a7090 R08: 0000000000000000 R09: 0000000000000000
[  175.071784][ T9224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.071797][ T9224] R13: 0000000000000000 R14: 00007fc3799a5fa0 R15: 00007ffc24fd41e8
[  175.071821][ T9224]  </TASK>
[  175.366847][ T9051] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.398136][ T9051] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.432644][ T9051] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.451609][ T9051] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.463852][ T9051] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.473346][ T9229] netlink: 'syz.3.1026': attribute type 39 has an invalid length.
[  175.682275][ T1033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.691222][ T1033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.746868][ T2945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.763561][ T2945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.033388][ T9235] lo speed is unknown, defaulting to 1000
[  176.303836][ T9241] lo speed is unknown, defaulting to 1000
[  176.398350][ T9235] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1028'.
[  176.410028][ T9235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1028'.
[  177.028370][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.145501][ T9277] FAULT_INJECTION: forcing a failure.
[  177.145501][ T9277] name failslab, interval 1, probability 0, space 0, times 0
[  177.171564][ T9277] CPU: 1 UID: 0 PID: 9277 Comm: syz.2.1038 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  177.171589][ T9277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  177.171600][ T9277] Call Trace:
[  177.171606][ T9277]  <TASK>
[  177.171613][ T9277]  dump_stack_lvl+0x241/0x360
[  177.171639][ T9277]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.171657][ T9277]  ? __pfx__printk+0x10/0x10
[  177.171692][ T9277]  should_fail_ex+0x40a/0x550
[  177.171719][ T9277]  should_failslab+0xac/0x100
[  177.171742][ T9277]  __kmalloc_cache_noprof+0x70/0x390
[  177.171765][ T9277]  ? __hw_addr_add_ex+0x1fb/0x760
[  177.171787][ T9277]  __hw_addr_add_ex+0x1fb/0x760
[  177.171810][ T9277]  dev_addr_init+0x157/0x240
[  177.171830][ T9277]  ? __pfx_dev_addr_init+0x10/0x10
[  177.171848][ T9277]  ? read_word_at_a_time+0xe/0x20
[  177.171875][ T9277]  alloc_netdev_mqs+0x307/0x1210
[  177.171891][ T9277]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  177.171915][ T9277]  rtnl_create_link+0x2f9/0xc90
[  177.171940][ T9277]  rtnl_newlink_create+0x2e1/0xbd0
[  177.171969][ T9277]  ? __pfx_aa_get_newest_label+0x10/0x10
[  177.171995][ T9277]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  177.172022][ T9277]  ? __pfx___mutex_lock+0x10/0x10
[  177.172052][ T9277]  ? ns_capable+0x8a/0xf0
[  177.172074][ T9277]  rtnl_newlink+0x167a/0x1d90
[  177.172097][ T9277]  ? stack_depot_save_flags+0x37/0x940
[  177.172130][ T9277]  ? __pfx_rtnl_newlink+0x10/0x10
[  177.172148][ T9277]  ? __netlink_deliver_tap+0x561/0x7f0
[  177.172169][ T9277]  ? __pfx_validate_chain+0x10/0x10
[  177.172185][ T9277]  ? __sock_sendmsg+0x221/0x270
[  177.172202][ T9277]  ? ____sys_sendmsg+0x53a/0x860
[  177.172217][ T9277]  ? __sys_sendmsg+0x269/0x350
[  177.172231][ T9277]  ? do_syscall_64+0xf3/0x230
[  177.172248][ T9277]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.172289][ T9277]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  177.172314][ T9277]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  177.172342][ T9277]  ? mark_lock+0x9a/0x360
[  177.172361][ T9277]  ? __lock_acquire+0x1397/0x2100
[  177.172408][ T9277]  ? __pfx_lock_release+0x10/0x10
[  177.172444][ T9277]  ? __pfx_rtnl_newlink+0x10/0x10
[  177.172466][ T9277]  rtnetlink_rcv_msg+0x791/0xcf0
[  177.172485][ T9277]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  177.172510][ T9277]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  177.172539][ T9277]  ? ref_tracker_free+0x643/0x7e0
[  177.172561][ T9277]  netlink_rcv_skb+0x206/0x480
[  177.172582][ T9277]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  177.172605][ T9277]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  177.172647][ T9277]  ? netlink_deliver_tap+0x2e/0x1b0
[  177.172669][ T9277]  netlink_unicast+0x7f6/0x990
[  177.172705][ T9277]  ? __pfx_netlink_unicast+0x10/0x10
[  177.172722][ T9277]  ? __virt_addr_valid+0x45f/0x530
[  177.172739][ T9277]  ? __phys_addr_symbol+0x2f/0x70
[  177.172754][ T9277]  ? __check_object_size+0x47a/0x730
[  177.172779][ T9277]  netlink_sendmsg+0x8de/0xcb0
[  177.172811][ T9277]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.172835][ T9277]  ? aa_sock_msg_perm+0x91/0x160
[  177.172862][ T9277]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.172881][ T9277]  __sock_sendmsg+0x221/0x270
[  177.172904][ T9277]  ____sys_sendmsg+0x53a/0x860
[  177.172928][ T9277]  ? __pfx_____sys_sendmsg+0x10/0x10
[  177.172942][ T9277]  ? __fget_files+0x2a/0x410
[  177.172963][ T9277]  ? __fget_files+0x2a/0x410
[  177.172991][ T9277]  __sys_sendmsg+0x269/0x350
[  177.173012][ T9277]  ? __pfx___sys_sendmsg+0x10/0x10
[  177.173041][ T9277]  ? do_sys_openat2+0x17a/0x1d0
[  177.173083][ T9277]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  177.173106][ T9277]  ? do_syscall_64+0x100/0x230
[  177.173126][ T9277]  ? do_syscall_64+0xb6/0x230
[  177.173145][ T9277]  do_syscall_64+0xf3/0x230
[  177.173164][ T9277]  ? clear_bhb_loop+0x35/0x90
[  177.173188][ T9277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.173208][ T9277] RIP: 0033:0x7efc8918d169
[  177.173224][ T9277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.173237][ T9277] RSP: 002b:00007efc89f73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  177.173254][ T9277] RAX: ffffffffffffffda RBX: 00007efc893a5fa0 RCX: 00007efc8918d169
[  177.173267][ T9277] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000003
[  177.173277][ T9277] RBP: 00007efc89f73090 R08: 0000000000000000 R09: 0000000000000000
[  177.173287][ T9277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.173296][ T9277] R13: 0000000000000000 R14: 00007efc893a5fa0 R15: 00007fffe8d24408
[  177.173324][ T9277]  </TASK>
[  177.764074][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  177.772724][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  177.780411][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  177.788692][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  177.797218][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  177.804517][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  177.926706][ T9286] lo speed is unknown, defaulting to 1000
[  178.073645][ T9297] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1044'.
[  178.101979][ T9297] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  178.195289][ T9286] chnl_net:caif_netlink_parms(): no params data found
[  178.340060][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.488561][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.567697][ T9286] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.592035][ T9286] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.629880][ T9286] bridge_slave_0: entered allmulticast mode
[  178.649799][ T9286] bridge_slave_0: entered promiscuous mode
[  178.876578][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.990465][ T9286] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.013059][ T9286] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.020262][ T9286] bridge_slave_1: entered allmulticast mode
[  179.028825][ T9286] bridge_slave_1: entered promiscuous mode
[  179.152839][ T9286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.194491][ T9286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.292824][ T9286] team0: Port device team_slave_0 added
[  179.313226][ T9286] team0: Port device team_slave_1 added
[  179.414272][   T35] bridge_slave_1: left allmulticast mode
[  179.419954][   T35] bridge_slave_1: left promiscuous mode
[  179.469618][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.533641][   T35] bridge_slave_0: left allmulticast mode
[  179.539330][   T35] bridge_slave_0: left promiscuous mode
[  179.590693][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.872474][ T5839] Bluetooth: hci3: command tx timeout
[  180.442267][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.478865][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.493413][   T35] bond0 (unregistering): Released all slaves
[  180.685994][ T9286] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.705734][ T9286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.789649][ T9286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.849864][ T9336] lo speed is unknown, defaulting to 1000
[  180.850625][ T9286] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.881964][ T9286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.950346][ T9286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.142043][ T5839] Bluetooth: hci2: command 0x0406 tx timeout
[  181.148622][ T5840] Bluetooth: hci1: command 0x0406 tx timeout
[  181.165841][ T9366] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20000
[  181.241230][ T9286] hsr_slave_0: entered promiscuous mode
[  181.268587][ T9286] hsr_slave_1: entered promiscuous mode
[  181.295542][ T9286] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  181.312114][ T9286] Cannot create hsr debugfs directory
[  181.777726][   T35] hsr_slave_0: left promiscuous mode
[  181.793446][   T35] hsr_slave_1: left promiscuous mode
[  181.799252][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.824557][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  181.842586][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  181.867786][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  181.912071][   T35] veth1_macvtap: left promiscuous mode
[  181.921933][   T35] veth0_macvtap: left promiscuous mode
[  181.927544][   T35] veth1_vlan: left promiscuous mode
[  181.942071][ T5845] Bluetooth: hci3: command tx timeout
[  181.950030][   T35] veth0_vlan: left promiscuous mode
[  182.673465][   T35] team0 (unregistering): Port device team_slave_1 removed
[  182.756246][   T35] team0 (unregistering): Port device team_slave_0 removed
[  182.847641][ T9384] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1062'.
[  183.596204][ T9413] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1072'.
[  183.800253][ T9421] FAULT_INJECTION: forcing a failure.
[  183.800253][ T9421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.835113][ T9419] netlink: 'syz.3.1077': attribute type 39 has an invalid length.
[  183.850021][ T9421] CPU: 1 UID: 0 PID: 9421 Comm: syz.4.1075 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  183.850050][ T9421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  183.850060][ T9421] Call Trace:
[  183.850067][ T9421]  <TASK>
[  183.850074][ T9421]  dump_stack_lvl+0x241/0x360
[  183.850112][ T9421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.850130][ T9421]  ? __pfx__printk+0x10/0x10
[  183.850149][ T9421]  ? __pfx_lock_release+0x10/0x10
[  183.850179][ T9421]  should_fail_ex+0x40a/0x550
[  183.850211][ T9421]  _copy_from_user+0x2d/0xb0
[  183.850232][ T9421]  do_sys_poll+0x248/0x15d0
[  183.850270][ T9421]  ? _parse_integer_limit+0x1b5/0x200
[  183.850286][ T9421]  ? __pfx_do_sys_poll+0x10/0x10
[  183.850305][ T9421]  ? mark_lock+0x9a/0x360
[  183.850324][ T9421]  ? __lock_acquire+0x1397/0x2100
[  183.850400][ T9421]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  183.850426][ T9421]  ? ktime_get_ts64+0x9f/0x440
[  183.850444][ T9421]  ? seqcount_lockdep_reader_access+0x157/0x220
[  183.850488][ T9421]  ? __pfx_timespec64_add_safe+0x10/0x10
[  183.850513][ T9421]  ? __fget_files+0x2a/0x410
[  183.850539][ T9421]  __se_sys_poll+0x1c5/0x400
[  183.850564][ T9421]  ? __pfx___se_sys_poll+0x10/0x10
[  183.850584][ T9421]  ? do_syscall_64+0x100/0x230
[  183.850606][ T9421]  ? do_syscall_64+0xb6/0x230
[  183.850627][ T9421]  do_syscall_64+0xf3/0x230
[  183.850646][ T9421]  ? clear_bhb_loop+0x35/0x90
[  183.850670][ T9421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.850689][ T9421] RIP: 0033:0x7fc37978d169
[  183.850709][ T9421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.850723][ T9421] RSP: 002b:00007fc37a6a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  183.850748][ T9421] RAX: ffffffffffffffda RBX: 00007fc3799a5fa0 RCX: 00007fc37978d169
[  183.850760][ T9421] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000400000000000
[  183.850772][ T9421] RBP: 00007fc37a6a7090 R08: 0000000000000000 R09: 0000000000000000
[  183.850782][ T9421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.850791][ T9421] R13: 0000000000000000 R14: 00007fc3799a5fa0 R15: 00007ffc24fd41e8
[  183.850817][ T9421]  </TASK>
[  184.076446][ T5845] Bluetooth: hci3: command tx timeout
[  184.267979][ T9286] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  184.297327][ T9286] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  184.308282][ T9286] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  184.339588][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1078'.
[  184.339925][ T9286] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  184.439361][ T9434] tun0: tun_chr_ioctl cmd 1074025673
[  184.449882][ T9434] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1080'.
[  184.581401][ T9286] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.651534][ T9286] 8021q: adding VLAN 0 to HW filter on device team0
[  184.679486][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.686647][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.728875][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.736044][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.200043][ T9286] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.328750][ T9286] veth0_vlan: entered promiscuous mode
[  185.373991][ T9286] veth1_vlan: entered promiscuous mode
[  185.430032][ T9286] veth0_macvtap: entered promiscuous mode
[  185.447607][ T9286] veth1_macvtap: entered promiscuous mode
[  185.470884][ T9286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  185.493554][ T9286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.509095][ T9286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  185.521749][ T9286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.524889][ T9468] netlink: 'syz.0.1089': attribute type 39 has an invalid length.
[  185.537981][ T9286] batman_adv: batadv0: Interface activated: batadv_slave_0
[  185.558053][ T9286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.568973][ T9286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.601919][ T9286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.612874][ T9286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.625377][ T9286] batman_adv: batadv0: Interface activated: batadv_slave_1
[  185.664674][ T9286] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.682039][ T9286] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.693110][ T9286] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.711921][ T9286] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.818097][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.827375][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.902678][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.919555][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.987810][ T9490] FAULT_INJECTION: forcing a failure.
[  185.987810][ T9490] name failslab, interval 1, probability 0, space 0, times 0
[  186.008184][ T9490] CPU: 1 UID: 0 PID: 9490 Comm: syz.2.1097 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  186.008210][ T9490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  186.008220][ T9490] Call Trace:
[  186.008225][ T9490]  <TASK>
[  186.008232][ T9490]  dump_stack_lvl+0x241/0x360
[  186.008258][ T9490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.008276][ T9490]  ? __pfx__printk+0x10/0x10
[  186.008294][ T9490]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  186.008317][ T9490]  ? __pfx___might_resched+0x10/0x10
[  186.008341][ T9490]  should_fail_ex+0x40a/0x550
[  186.008368][ T9490]  should_failslab+0xac/0x100
[  186.008389][ T9490]  kmem_cache_alloc_node_noprof+0x77/0x380
[  186.008408][ T9490]  ? __alloc_skb+0x1c3/0x440
[  186.008428][ T9490]  __alloc_skb+0x1c3/0x440
[  186.008448][ T9490]  ? __pfx___alloc_skb+0x10/0x10
[  186.008469][ T9490]  ? netlink_ack_tlv_len+0x6e/0x200
[  186.008493][ T9490]  netlink_ack+0x145/0xa60
[  186.008511][ T9490]  ? __pfx_lock_acquire+0x10/0x10
[  186.008533][ T9490]  ? __pfx_nl802154_add_llsec_seclevel+0x10/0x10
[  186.008554][ T9490]  ? __pfx___might_resched+0x10/0x10
[  186.008584][ T9490]  netlink_rcv_skb+0x294/0x480
[  186.008605][ T9490]  ? __pfx_genl_rcv_msg+0x10/0x10
[  186.008624][ T9490]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  186.008674][ T9490]  genl_rcv+0x28/0x40
[  186.008689][ T9490]  netlink_unicast+0x7f6/0x990
[  186.008716][ T9490]  ? __pfx_netlink_unicast+0x10/0x10
[  186.008734][ T9490]  ? __virt_addr_valid+0x45f/0x530
[  186.008750][ T9490]  ? __phys_addr_symbol+0x2f/0x70
[  186.008772][ T9490]  ? __check_object_size+0x47a/0x730
[  186.008798][ T9490]  netlink_sendmsg+0x8de/0xcb0
[  186.008830][ T9490]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.008856][ T9490]  ? aa_sock_msg_perm+0x91/0x160
[  186.008884][ T9490]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.008903][ T9490]  __sock_sendmsg+0x221/0x270
[  186.008928][ T9490]  ____sys_sendmsg+0x53a/0x860
[  186.008955][ T9490]  ? __pfx_____sys_sendmsg+0x10/0x10
[  186.008970][ T9490]  ? __fget_files+0x2a/0x410
[  186.008994][ T9490]  ? __fget_files+0x2a/0x410
[  186.009023][ T9490]  __sys_sendmsg+0x269/0x350
[  186.009045][ T9490]  ? __pfx___sys_sendmsg+0x10/0x10
[  186.009075][ T9490]  ? do_sys_openat2+0x17a/0x1d0
[  186.009122][ T9490]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  186.009146][ T9490]  ? do_syscall_64+0x100/0x230
[  186.009168][ T9490]  ? do_syscall_64+0xb6/0x230
[  186.009189][ T9490]  do_syscall_64+0xf3/0x230
[  186.009208][ T9490]  ? clear_bhb_loop+0x35/0x90
[  186.009231][ T9490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.009251][ T9490] RIP: 0033:0x7efc8918d169
[  186.009266][ T9490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.009280][ T9490] RSP: 002b:00007efc89f73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.009298][ T9490] RAX: ffffffffffffffda RBX: 00007efc893a5fa0 RCX: 00007efc8918d169
[  186.009309][ T9490] RDX: 0000000000040000 RSI: 0000400000000440 RDI: 0000000000000004
[  186.009320][ T9490] RBP: 00007efc89f73090 R08: 0000000000000000 R09: 0000000000000000
[  186.009331][ T9490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.009340][ T9490] R13: 0000000000000000 R14: 00007efc893a5fa0 R15: 00007fffe8d24408
[  186.009365][ T9490]  </TASK>
[  186.362206][ T5845] Bluetooth: hci3: command tx timeout
[  186.658067][ T9503] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1101'.
[  186.855113][ T9510] netlink: 'syz.2.1103': attribute type 39 has an invalid length.
[  187.011129][ T9519] netlink: 'syz.3.1106': attribute type 2 has an invalid length.
[  187.025674][ T9519] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1106'.
[  187.248286][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1112'.
[  187.509579][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1116'.
[  188.183122][ T9557] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1122'.
[  188.615640][ T9575] FAULT_INJECTION: forcing a failure.
[  188.615640][ T9575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.630668][ T9575] CPU: 1 UID: 0 PID: 9575 Comm: syz.0.1130 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  188.630693][ T9575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  188.630704][ T9575] Call Trace:
[  188.630710][ T9575]  <TASK>
[  188.630717][ T9575]  dump_stack_lvl+0x241/0x360
[  188.630743][ T9575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.630761][ T9575]  ? __pfx__printk+0x10/0x10
[  188.630780][ T9575]  ? __pfx_lock_release+0x10/0x10
[  188.630811][ T9575]  should_fail_ex+0x40a/0x550
[  188.630837][ T9575]  _copy_from_iter+0x1df/0x1c40
[  188.630855][ T9575]  ? __virt_addr_valid+0x183/0x530
[  188.630873][ T9575]  ? __pfx_lock_release+0x10/0x10
[  188.630900][ T9575]  ? __alloc_skb+0x28f/0x440
[  188.630916][ T9575]  ? __pfx__copy_from_iter+0x10/0x10
[  188.630936][ T9575]  ? __virt_addr_valid+0x183/0x530
[  188.630951][ T9575]  ? __virt_addr_valid+0x183/0x530
[  188.630964][ T9575]  ? __virt_addr_valid+0x45f/0x530
[  188.630980][ T9575]  ? __phys_addr_symbol+0x2f/0x70
[  188.630996][ T9575]  ? __check_object_size+0x47a/0x730
[  188.631021][ T9575]  netlink_sendmsg+0x742/0xcb0
[  188.631054][ T9575]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.631079][ T9575]  ? aa_sock_msg_perm+0x91/0x160
[  188.631107][ T9575]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.631127][ T9575]  __sock_sendmsg+0x221/0x270
[  188.631151][ T9575]  ____sys_sendmsg+0x53a/0x860
[  188.631174][ T9575]  ? __pfx_____sys_sendmsg+0x10/0x10
[  188.631190][ T9575]  ? __fget_files+0x2a/0x410
[  188.631213][ T9575]  ? __fget_files+0x2a/0x410
[  188.631243][ T9575]  __sys_sendmsg+0x269/0x350
[  188.631266][ T9575]  ? __pfx___sys_sendmsg+0x10/0x10
[  188.631295][ T9575]  ? do_sys_openat2+0x17a/0x1d0
[  188.631341][ T9575]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  188.631366][ T9575]  ? do_syscall_64+0x100/0x230
[  188.631388][ T9575]  ? do_syscall_64+0xb6/0x230
[  188.631408][ T9575]  do_syscall_64+0xf3/0x230
[  188.631427][ T9575]  ? clear_bhb_loop+0x35/0x90
[  188.631450][ T9575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.631473][ T9575] RIP: 0033:0x7f393718d169
[  188.631488][ T9575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.631502][ T9575] RSP: 002b:00007f3938034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  188.631520][ T9575] RAX: ffffffffffffffda RBX: 00007f39373a5fa0 RCX: 00007f393718d169
[  188.631532][ T9575] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003
[  188.631543][ T9575] RBP: 00007f3938034090 R08: 0000000000000000 R09: 0000000000000000
[  188.631553][ T9575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.631563][ T9575] R13: 0000000000000000 R14: 00007f39373a5fa0 R15: 00007ffed3929d58
[  188.631601][ T9575]  </TASK>
[  189.128008][ T9580] netlink: 37 bytes leftover after parsing attributes in process `syz.0.1131'.
[  189.308358][ T9583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1132'.
[  189.518877][ T1033] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.682514][ T1033] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.748816][ T1033] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.784475][ T1033] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.886824][ T1033] bridge_slave_1: left allmulticast mode
[  189.892670][ T1033] bridge_slave_1: left promiscuous mode
[  189.898308][ T1033] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.910833][ T1033] bridge_slave_0: left allmulticast mode
[  189.916864][ T1033] bridge_slave_0: left promiscuous mode
[  189.922636][ T1033] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.194900][ T9588] delete_channel: no stack
[  190.627024][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  190.636741][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  190.646090][ T1033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.655015][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  190.664154][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  190.671560][ T1033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.686837][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  190.695249][ T1033] bond0 (unregistering): Released all slaves
[  190.695340][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  190.945172][ T9631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1142'.
[  191.118636][ T9637] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1145'.
[  191.241987][ T9600] lo speed is unknown, defaulting to 1000
[  191.338305][ T9644] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1148'.
[  191.557061][ T9616] lo speed is unknown, defaulting to 1000
[  191.592332][ T9650] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  191.689966][ T9651] ipvlan1: entered allmulticast mode
[  191.700276][ T9651] veth0_vlan: entered allmulticast mode
[  191.768525][ T9643] ipvlan1: entered promiscuous mode
[  191.866314][ T9641] ipvlan1: left promiscuous mode
[  191.873973][ T9641] ipvlan1: left allmulticast mode
[  191.879025][ T9641] veth0_vlan: left allmulticast mode
[  191.891575][ T1033] hsr_slave_0: left promiscuous mode
[  191.907745][ T1033] hsr_slave_1: left promiscuous mode
[  191.913993][ T1033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.921553][ T1033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  191.938027][ T1033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.940311][ T9657] netlink: 'syz.0.1152': attribute type 39 has an invalid length.
[  191.946713][ T1033] batman_adv: batadv0: Removing interface: batadv_slave_1
[  191.987171][ T1033] veth1_macvtap: left promiscuous mode
[  191.994723][ T1033] veth0_macvtap: left promiscuous mode
[  192.000259][ T1033] veth1_vlan: left promiscuous mode
[  192.006244][ T1033] veth0_vlan: left promiscuous mode
[  192.358717][ T1033] team0 (unregistering): Port device team_slave_1 removed
[  192.394736][ T1033] team0 (unregistering): Port device team_slave_0 removed
[  192.742444][ T5845] Bluetooth: hci3: command tx timeout
[  192.956393][ T9616] chnl_net:caif_netlink_parms(): no params data found
[  193.118052][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1160'.
[  193.185446][ T9616] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.204528][ T9616] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.213785][ T9616] bridge_slave_0: entered allmulticast mode
[  193.220791][ T9616] bridge_slave_0: entered promiscuous mode
[  193.232609][ T9616] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.249937][ T9616] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.260096][ T9616] bridge_slave_1: entered allmulticast mode
[  193.272952][ T9616] bridge_slave_1: entered promiscuous mode
[  193.295275][ T9684] netlink: 'syz.0.1159': attribute type 3 has an invalid length.
[  193.308339][ T9698] FAULT_INJECTION: forcing a failure.
[  193.308339][ T9698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.316648][ T9684] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1159'.
[  193.321613][ T9698] CPU: 0 UID: 0 PID: 9698 Comm: syz.3.1162 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  193.321635][ T9698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  193.321644][ T9698] Call Trace:
[  193.321650][ T9698]  <TASK>
[  193.321657][ T9698]  dump_stack_lvl+0x241/0x360
[  193.321682][ T9698]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.321699][ T9698]  ? __pfx__printk+0x10/0x10
[  193.321717][ T9698]  ? __pfx_lock_release+0x10/0x10
[  193.321754][ T9698]  should_fail_ex+0x40a/0x550
[  193.321784][ T9698]  _copy_from_user+0x2d/0xb0
[  193.321804][ T9698]  do_sock_getsockopt+0x1d1/0x740
[  193.321827][ T9698]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  193.321842][ T9698]  ? __fget_files+0x2a/0x410
[  193.321864][ T9698]  ? __fget_files+0x395/0x410
[  193.321882][ T9698]  ? __fget_files+0x2a/0x410
[  193.321908][ T9698]  __x64_sys_getsockopt+0x2a1/0x370
[  193.321930][ T9698]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  193.321948][ T9698]  ? do_syscall_64+0x100/0x230
[  193.321969][ T9698]  ? do_syscall_64+0xb6/0x230
[  193.321989][ T9698]  do_syscall_64+0xf3/0x230
[  193.322006][ T9698]  ? clear_bhb_loop+0x35/0x90
[  193.322029][ T9698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.322048][ T9698] RIP: 0033:0x7f0f6b78d169
[  193.322062][ T9698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.322076][ T9698] RSP: 002b:00007f0f6c5a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  193.322094][ T9698] RAX: ffffffffffffffda RBX: 00007f0f6b9a5fa0 RCX: 00007f0f6b78d169
[  193.322105][ T9698] RDX: 000000000000004e RSI: 0000000000000029 RDI: 0000000000000003
[  193.322115][ T9698] RBP: 00007f0f6c5a6090 R08: 0000400000003180 R09: 0000000000000000
[  193.322125][ T9698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.322135][ T9698] R13: 0000000000000000 R14: 00007f0f6b9a5fa0 R15: 00007ffcfb549c78
[  193.322159][ T9698]  </TASK>
[  193.603267][ T9616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.626767][ T9616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.687548][ T9616] team0: Port device team_slave_0 added
[  193.696436][ T9616] team0: Port device team_slave_1 added
[  193.745577][ T9616] batman_adv: batadv0: Adding interface: batadv_slave_0
[  193.756735][ T9616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.783978][ T9616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  193.798081][ T9616] batman_adv: batadv0: Adding interface: batadv_slave_1
[  193.805531][ T9616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.831616][ T9616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  193.896567][ T9616] hsr_slave_0: entered promiscuous mode
[  193.897207][ T9718] sctp: [Deprecated]: syz.4.1167 (pid 9718) Use of struct sctp_assoc_value in delayed_ack socket option.
[  193.897207][ T9718] Use struct sctp_sack_info instead
[  193.911397][ T9616] hsr_slave_1: entered promiscuous mode
[  193.928565][ T9715] netlink: 'syz.2.1166': attribute type 39 has an invalid length.
[  193.940250][ T9616] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  193.948184][ T9616] Cannot create hsr debugfs directory
[  194.218278][ T9727] can: request_module (can-proto-0) failed.
[  194.427683][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  194.503470][ T9739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1172'.
[  194.566840][ T9725] lo speed is unknown, defaulting to 1000
[  194.694096][ T9747] FAULT_INJECTION: forcing a failure.
[  194.694096][ T9747] name failslab, interval 1, probability 0, space 0, times 0
[  194.722253][ T9616] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  194.730585][ T9747] CPU: 1 UID: 0 PID: 9747 Comm: syz.3.1176 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  194.730608][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  194.730618][ T9747] Call Trace:
[  194.730624][ T9747]  <TASK>
[  194.730631][ T9747]  dump_stack_lvl+0x241/0x360
[  194.730656][ T9747]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.730674][ T9747]  ? __pfx__printk+0x10/0x10
[  194.730690][ T9747]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  194.730711][ T9747]  ? __pfx___might_resched+0x10/0x10
[  194.730733][ T9747]  should_fail_ex+0x40a/0x550
[  194.730758][ T9747]  should_failslab+0xac/0x100
[  194.730779][ T9747]  kmem_cache_alloc_node_noprof+0x77/0x380
[  194.730799][ T9747]  ? __alloc_skb+0x1c3/0x440
[  194.730816][ T9747]  __alloc_skb+0x1c3/0x440
[  194.730836][ T9747]  ? __pfx___alloc_skb+0x10/0x10
[  194.730854][ T9747]  ? __pfx_validate_chain+0x10/0x10
[  194.730877][ T9747]  alloc_skb_with_frags+0xc3/0x820
[  194.730905][ T9747]  sock_alloc_send_pskb+0x91a/0xa60
[  194.730940][ T9747]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  194.730958][ T9747]  ? mark_lock+0x9a/0x360
[  194.730975][ T9747]  ? __lock_acquire+0x1397/0x2100
[  194.731003][ T9747]  __ip_append_data+0x3013/0x46b0
[  194.731037][ T9747]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  194.731053][ T9747]  ? __pfx_lock_release+0x10/0x10
[  194.731089][ T9747]  ? __pfx___ip_append_data+0x10/0x10
[  194.731104][ T9747]  ? __pfx_ipv4_mtu+0x10/0x10
[  194.731127][ T9747]  ? ip_setup_cork+0x580/0x9a0
[  194.731147][ T9747]  ip_make_skb+0x198/0x420
[  194.731168][ T9747]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  194.731183][ T9747]  ? __pfx_ip_make_skb+0x10/0x10
[  194.731196][ T9747]  ? validate_chain+0x11e/0x5920
[  194.731231][ T9747]  udp_sendmsg+0x1c77/0x2c90
[  194.731267][ T9747]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  194.731283][ T9747]  ? __pfx_udp_sendmsg+0x10/0x10
[  194.731333][ T9747]  ? inet_sendmsg+0x2ba/0x390
[  194.731354][ T9747]  __sock_sendmsg+0x1a6/0x270
[  194.731377][ T9747]  ____sys_sendmsg+0x53a/0x860
[  194.731401][ T9747]  ? __pfx_____sys_sendmsg+0x10/0x10
[  194.731424][ T9747]  ? __fget_files+0x2a/0x410
[  194.731449][ T9747]  ? __sys_sendmmsg+0x392/0x720
[  194.731466][ T9747]  ? __might_fault+0xaa/0x120
[  194.731487][ T9747]  __sys_sendmmsg+0x36a/0x720
[  194.731515][ T9747]  ? __pfx___sys_sendmmsg+0x10/0x10
[  194.731543][ T9747]  ? __pfx_lock_release+0x10/0x10
[  194.731562][ T9747]  ? kstrtouint_from_user+0x128/0x190
[  194.731600][ T9747]  ? ksys_write+0x22a/0x2b0
[  194.731617][ T9747]  ? __pfx_lock_release+0x10/0x10
[  194.731645][ T9747]  ? sb_end_write+0xe9/0x1c0
[  194.731666][ T9747]  ? vfs_write+0x7fa/0xd10
[  194.731684][ T9747]  ? __mutex_unlock_slowpath+0x227/0x800
[  194.731729][ T9747]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  194.731754][ T9747]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  194.731781][ T9747]  ? do_syscall_64+0x100/0x230
[  194.731802][ T9747]  __x64_sys_sendmmsg+0xa0/0xb0
[  194.731820][ T9747]  do_syscall_64+0xf3/0x230
[  194.731837][ T9747]  ? clear_bhb_loop+0x35/0x90
[  194.731859][ T9747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.731878][ T9747] RIP: 0033:0x7f0f6b78d169
[  194.731893][ T9747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.731906][ T9747] RSP: 002b:00007f0f6c5a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  194.731925][ T9747] RAX: ffffffffffffffda RBX: 00007f0f6b9a5fa0 RCX: 00007f0f6b78d169
[  194.731936][ T9747] RDX: 0400000000000077 RSI: 0000400000000180 RDI: 0000000000000003
[  194.731945][ T9747] RBP: 00007f0f6c5a6090 R08: 0000000000000000 R09: 0000000000000000
[  194.731955][ T9747] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000002
[  194.731965][ T9747] R13: 0000000000000000 R14: 00007f0f6b9a5fa0 R15: 00007ffcfb549c78
[  194.731991][ T9747]  </TASK>
[  195.016223][ T9757] netlink: 'syz.2.1179': attribute type 39 has an invalid length.
[  195.065674][ T5845] Bluetooth: hci3: command tx timeout
[  195.194716][ T9616] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  195.219935][ T9766] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1180'.
[  195.237784][ T9616] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  195.267207][ T9616] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  195.294028][ T9766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1180'.
[  195.423900][ T9616] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.440089][ T9616] 8021q: adding VLAN 0 to HW filter on device team0
[  195.471895][ T9616] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  195.482608][ T9616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  195.537794][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.544970][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.587656][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.594813][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.640744][ T9749] lo speed is unknown, defaulting to 1000
[  195.796240][ T8952] IPVS: starting estimator thread 0...
[  195.902986][ T9786] IPVS: using max 24 ests per chain, 57600 per kthread
[  195.967474][ T9616] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.123111][ T9616] veth0_vlan: entered promiscuous mode
[  196.158580][ T9616] veth1_vlan: entered promiscuous mode
[  196.253526][ T9616] veth0_macvtap: entered promiscuous mode
[  196.265427][ T9616] veth1_macvtap: entered promiscuous mode
[  196.291286][ T9802] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1190'.
[  196.309374][ T9616] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.325647][ T9616] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.344794][ T9616] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.360687][ T9616] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.373374][ T9616] batman_adv: batadv0: Interface activated: batadv_slave_0
[  196.397572][ T9616] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.408350][ T9616] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.418580][ T9616] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.429982][ T9616] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.441169][ T9616] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.476073][ T9616] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.486862][ T9616] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.497721][ T9616] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.510143][ T9616] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.529088][ T9806] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  196.662224][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.690427][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.753149][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.772722][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.186862][ T9832] FAULT_INJECTION: forcing a failure.
[  197.186862][ T9832] name failslab, interval 1, probability 0, space 0, times 0
[  197.200020][ T9832] CPU: 0 UID: 0 PID: 9832 Comm: syz.0.1200 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  197.200044][ T9832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  197.200053][ T9832] Call Trace:
[  197.200059][ T9832]  <TASK>
[  197.200065][ T9832]  dump_stack_lvl+0x241/0x360
[  197.200090][ T9832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.200108][ T9832]  ? __pfx__printk+0x10/0x10
[  197.200137][ T9832]  should_fail_ex+0x40a/0x550
[  197.200164][ T9832]  should_failslab+0xac/0x100
[  197.200185][ T9832]  ? skb_clone+0x20c/0x390
[  197.200201][ T9832]  kmem_cache_alloc_noprof+0x70/0x380
[  197.200226][ T9832]  skb_clone+0x20c/0x390
[  197.200247][ T9832]  __netlink_deliver_tap+0x3c4/0x7f0
[  197.200288][ T9832]  ? netlink_deliver_tap+0x2e/0x1b0
[  197.200307][ T9832]  netlink_deliver_tap+0x19d/0x1b0
[  197.200329][ T9832]  netlink_unicast+0x7c4/0x990
[  197.200357][ T9832]  ? __pfx_netlink_unicast+0x10/0x10
[  197.200374][ T9832]  ? __virt_addr_valid+0x45f/0x530
[  197.200391][ T9832]  ? __phys_addr_symbol+0x2f/0x70
[  197.200406][ T9832]  ? __check_object_size+0x47a/0x730
[  197.200430][ T9832]  netlink_sendmsg+0x8de/0xcb0
[  197.200462][ T9832]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.200485][ T9832]  ? aa_sock_msg_perm+0x91/0x160
[  197.200510][ T9832]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.200529][ T9832]  __sock_sendmsg+0x221/0x270
[  197.200551][ T9832]  ____sys_sendmsg+0x53a/0x860
[  197.200576][ T9832]  ? __pfx_____sys_sendmsg+0x10/0x10
[  197.200609][ T9832]  __sys_sendmsg+0x269/0x350
[  197.200631][ T9832]  ? __pfx___sys_sendmsg+0x10/0x10
[  197.200660][ T9832]  ? __pfx_vfs_write+0x10/0x10
[  197.200674][ T9832]  ? do_sys_openat2+0x17a/0x1d0
[  197.200718][ T9832]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  197.200742][ T9832]  ? do_syscall_64+0x100/0x230
[  197.200764][ T9832]  ? do_syscall_64+0xb6/0x230
[  197.200785][ T9832]  do_syscall_64+0xf3/0x230
[  197.200802][ T9832]  ? clear_bhb_loop+0x35/0x90
[  197.200825][ T9832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.200845][ T9832] RIP: 0033:0x7f393718d169
[  197.200860][ T9832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.200873][ T9832] RSP: 002b:00007f3938013038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  197.200891][ T9832] RAX: ffffffffffffffda RBX: 00007f39373a6080 RCX: 00007f393718d169
[  197.200902][ T9832] RDX: 0000000000000000 RSI: 0000400000000680 RDI: 0000000000000008
[  197.200912][ T9832] RBP: 00007f3938013090 R08: 0000000000000000 R09: 0000000000000000
[  197.200922][ T9832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.200931][ T9832] R13: 0000000000000000 R14: 00007f39373a6080 R15: 00007ffed3929d58
[  197.200957][ T9832]  </TASK>
[  197.680383][ T9824] lo speed is unknown, defaulting to 1000
[  197.821262][ T9838] netlink: 'syz.3.1204': attribute type 39 has an invalid length.
[  197.919610][ T9843] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'.
[  197.934617][ T9843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1205'.
[  197.978818][ T9843] netlink: 'syz.3.1205': attribute type 7 has an invalid length.
[  198.248746][ T9861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1206'.
[  198.252707][ T9856] 8021q: adding VLAN 0 to HW filter on device bond3
[  198.269098][ T9861] netlink: 'syz.0.1206': attribute type 8 has an invalid length.
[  198.489768][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1210'.
[  198.511484][ T9867] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1210'.
[  198.530590][ T2982] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.583293][ T9865] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1209'.
[  198.632114][ T9865] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  199.394997][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.436532][ T9882] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  199.452304][ T9880] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.489002][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.503371][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.542033][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  199.589932][ T2982] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.647021][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.682672][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  199.747184][ T2982] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.837125][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  199.849345][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  199.857801][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  199.867540][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  199.875657][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  199.893306][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  199.940205][ T2982] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.996708][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  200.210386][ T2982] bridge_slave_1: left allmulticast mode
[  200.222217][ T2982] bridge_slave_1: left promiscuous mode
[  200.238654][ T2982] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.263848][ T2982] bridge_slave_0: left allmulticast mode
[  200.279683][ T2982] bridge_slave_0: left promiscuous mode
[  200.286646][ T2982] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.999152][ T2982] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.010893][ T2982] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.022700][ T2982] bond0 (unregistering): Released all slaves
[  201.035152][ T9899] lo speed is unknown, defaulting to 1000
[  201.341734][ T9934] xt_CT: No such helper "syz1"
[  201.490633][ T9907] lo speed is unknown, defaulting to 1000
[  201.612679][ T9946] ip6erspan0: entered promiscuous mode
[  201.713508][ T9899] chnl_net:caif_netlink_parms(): no params data found
[  201.919544][ T2982] hsr_slave_0: left promiscuous mode
[  201.931046][ T2982] hsr_slave_1: left promiscuous mode
[  201.942125][ T5845] Bluetooth: hci3: command tx timeout
[  201.965514][ T2982] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  201.977477][ T2982] batman_adv: batadv0: Removing interface: batadv_slave_0
[  201.986073][ T2982] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  201.993811][ T2982] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.015992][ T2982] veth1_macvtap: left promiscuous mode
[  202.021581][ T2982] veth0_macvtap: left promiscuous mode
[  202.027589][ T2982] veth1_vlan: left promiscuous mode
[  202.033210][ T2982] veth0_vlan: left promiscuous mode
[  202.415302][ T2982] team0 (unregistering): Port device team_slave_1 removed
[  202.512083][ T2982] team0 (unregistering): Port device team_slave_0 removed
[  203.053237][ T9899] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.060419][ T9899] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.083520][ T9899] bridge_slave_0: entered allmulticast mode
[  203.090507][ T9899] bridge_slave_0: entered promiscuous mode
[  203.116738][ T9899] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.138900][ T9899] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.158295][ T9899] bridge_slave_1: entered allmulticast mode
[  203.171456][ T9899] bridge_slave_1: entered promiscuous mode
[  203.247570][ T9899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.278773][ T9899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.444443][ T9899] team0: Port device team_slave_0 added
[  203.464014][ T9899] team0: Port device team_slave_1 added
[  203.471077][ T9973] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  203.619727][ T9899] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.642445][ T9899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.689961][ T9899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.811432][ T9899] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.818512][ T9899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.868567][ T9899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.004162][ T9987] __nla_validate_parse: 2 callbacks suppressed
[  204.004180][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1243'.
[  204.037644][ T5845] Bluetooth: hci3: command tx timeout
[  204.086416][ T9899] hsr_slave_0: entered promiscuous mode
[  204.105439][ T9899] hsr_slave_1: entered promiscuous mode
[  204.111526][ T9899] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.127830][ T9899] Cannot create hsr debugfs directory
[  204.435273][T10003] FAULT_INJECTION: forcing a failure.
[  204.435273][T10003] name failslab, interval 1, probability 0, space 0, times 0
[  204.470753][T10003] CPU: 1 UID: 0 PID: 10003 Comm: syz.0.1249 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  204.470778][T10003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.470788][T10003] Call Trace:
[  204.470793][T10003]  <TASK>
[  204.470800][T10003]  dump_stack_lvl+0x241/0x360
[  204.470825][T10003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.470843][T10003]  ? __pfx__printk+0x10/0x10
[  204.470860][T10003]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  204.470880][T10003]  ? __pfx___might_resched+0x10/0x10
[  204.470905][T10003]  should_fail_ex+0x40a/0x550
[  204.470930][T10003]  should_failslab+0xac/0x100
[  204.470951][T10003]  kmem_cache_alloc_node_noprof+0x77/0x380
[  204.470972][T10003]  ? __alloc_skb+0x1c3/0x440
[  204.470992][T10003]  __alloc_skb+0x1c3/0x440
[  204.471013][T10003]  ? __pfx___alloc_skb+0x10/0x10
[  204.471031][T10003]  ? netlink_autobind+0xd6/0x2f0
[  204.471051][T10003]  ? netlink_autobind+0x2b0/0x2f0
[  204.471076][T10003]  netlink_sendmsg+0x634/0xcb0
[  204.471107][T10003]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.471133][T10003]  ? aa_sock_msg_perm+0x91/0x160
[  204.471160][T10003]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.471179][T10003]  __sock_sendmsg+0x221/0x270
[  204.471202][T10003]  ____sys_sendmsg+0x53a/0x860
[  204.471227][T10003]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.471242][T10003]  ? __fget_files+0x2a/0x410
[  204.471266][T10003]  ? __fget_files+0x2a/0x410
[  204.471296][T10003]  __sys_sendmsg+0x269/0x350
[  204.471318][T10003]  ? __pfx___sys_sendmsg+0x10/0x10
[  204.471348][T10003]  ? do_sys_openat2+0x17a/0x1d0
[  204.471393][T10003]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  204.471418][T10003]  ? do_syscall_64+0x100/0x230
[  204.471440][T10003]  ? do_syscall_64+0xb6/0x230
[  204.471469][T10003]  do_syscall_64+0xf3/0x230
[  204.471488][T10003]  ? clear_bhb_loop+0x35/0x90
[  204.471511][T10003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.471530][T10003] RIP: 0033:0x7f393718d169
[  204.471545][T10003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.471558][T10003] RSP: 002b:00007f3938034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.471577][T10003] RAX: ffffffffffffffda RBX: 00007f39373a5fa0 RCX: 00007f393718d169
[  204.471589][T10003] RDX: 0000000000000000 RSI: 0000400000000600 RDI: 0000000000000004
[  204.471600][T10003] RBP: 00007f3938034090 R08: 0000000000000000 R09: 0000000000000000
[  204.471610][T10003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.471619][T10003] R13: 0000000000000000 R14: 00007f39373a5fa0 R15: 00007ffed3929d58
[  204.471646][T10003]  </TASK>
[  204.935184][T10010] lo speed is unknown, defaulting to 1000
[  205.192005][T10025] netlink: 'syz.3.1257': attribute type 41 has an invalid length.
[  205.202444][T10021] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  205.222515][T10025] gre0: left allmulticast mode
[  205.250967][T10025] netlink: 'syz.3.1257': attribute type 41 has an invalid length.
[  205.460838][ T9899] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  205.512689][ T9899] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  205.536109][ T9899] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  205.546902][T10036] netlink: 'syz.3.1261': attribute type 39 has an invalid length.
[  205.577873][ T9899] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  206.041347][ T9899] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.070682][T10050] netlink: 'syz.0.1264': attribute type 1 has an invalid length.
[  206.103186][T10050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'.
[  206.107004][ T5845] Bluetooth: hci3: command tx timeout
[  206.126119][ T9899] 8021q: adding VLAN 0 to HW filter on device team0
[  206.127075][T10050] netlink: 'syz.0.1264': attribute type 1 has an invalid length.
[  206.153455][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.160538][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.197011][T10054] netlink: 'syz.4.1266': attribute type 9 has an invalid length.
[  206.202853][T10050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'.
[  206.227974][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.235135][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.347033][ T9899] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  206.594097][T10069] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  206.662912][ T9899] 8021q: adding VLAN 0 to HW filter on device batadv0
[  206.734651][ T9899] veth0_vlan: entered promiscuous mode
[  206.765885][ T9899] veth1_vlan: entered promiscuous mode
[  206.787074][T10082] netlink: 'syz.0.1271': attribute type 39 has an invalid length.
[  206.817287][ T9899] veth0_macvtap: entered promiscuous mode
[  206.848039][ T9899] veth1_macvtap: entered promiscuous mode
[  206.910289][ T9899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.911619][T10084] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1273'.
[  206.948465][T10088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1275'.
[  206.960021][ T9899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.983922][ T9899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.004809][T10084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1273'.
[  207.016732][ T9899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.038394][ T9899] batman_adv: batadv0: Interface activated: batadv_slave_0
[  207.070035][T10088] bond0: (slave macvlan4): Error -98 calling set_mac_address
[  207.081969][T10084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1273'.
[  207.188227][ T9899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  207.222025][ T9899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.251830][ T9899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  207.267560][ T9899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.283277][ T9899] batman_adv: batadv0: Interface activated: batadv_slave_1
[  207.310927][ T9899] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  207.353670][ T9899] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  207.384087][ T9899] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  207.414931][ T9899] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  207.469598][T10099] pim6reg: entered allmulticast mode
[  207.477500][T10083] lo speed is unknown, defaulting to 1000
[  207.515143][T10101] netlink: 'syz.2.1279': attribute type 10 has an invalid length.
[  207.722038][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  207.742257][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  207.815502][ T1033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  207.873472][ T1033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.184377][ T5845] Bluetooth: hci3: command tx timeout
[  208.543068][T10126] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1285'.
[  208.585012][T10126] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  208.689591][T10131] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1286'.
[  209.021188][T10141] FAULT_INJECTION: forcing a failure.
[  209.021188][T10141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.075674][T10141] CPU: 1 UID: 0 PID: 10141 Comm: syz.0.1288 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  209.075702][T10141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  209.075713][T10141] Call Trace:
[  209.075719][T10141]  <TASK>
[  209.075726][T10141]  dump_stack_lvl+0x241/0x360
[  209.075753][T10141]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.075772][T10141]  ? __pfx__printk+0x10/0x10
[  209.075795][T10141]  ? snprintf+0xda/0x120
[  209.075820][T10141]  should_fail_ex+0x40a/0x550
[  209.075848][T10141]  _copy_to_user+0x31/0xb0
[  209.075871][T10141]  simple_read_from_buffer+0xca/0x150
[  209.075896][T10141]  proc_fail_nth_read+0x1e9/0x250
[  209.075920][T10141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  209.075944][T10141]  ? rw_verify_area+0x243/0x630
[  209.075961][T10141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  209.075983][T10141]  vfs_read+0x1f8/0xb40
[  209.076001][T10141]  ? fdget_pos+0x254/0x320
[  209.076023][T10141]  ? __pfx___mutex_lock+0x10/0x10
[  209.076042][T10141]  ? __pfx_vfs_read+0x10/0x10
[  209.076062][T10141]  ? __fget_files+0x2a/0x410
[  209.076084][T10141]  ? __fget_files+0x395/0x410
[  209.076110][T10141]  ? __fget_files+0x2a/0x410
[  209.076145][T10141]  ksys_read+0x18f/0x2b0
[  209.076164][T10141]  ? __pfx_ksys_read+0x10/0x10
[  209.076182][T10141]  ? do_syscall_64+0x100/0x230
[  209.076204][T10141]  ? do_syscall_64+0xb6/0x230
[  209.076224][T10141]  do_syscall_64+0xf3/0x230
[  209.076243][T10141]  ? clear_bhb_loop+0x35/0x90
[  209.076265][T10141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.076284][T10141] RIP: 0033:0x7f393718bb7c
[  209.076299][T10141] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  209.076312][T10141] RSP: 002b:00007f3938034030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  209.076330][T10141] RAX: ffffffffffffffda RBX: 00007f39373a5fa0 RCX: 00007f393718bb7c
[  209.076341][T10141] RDX: 000000000000000f RSI: 00007f39380340a0 RDI: 000000000000000d
[  209.076351][T10141] RBP: 00007f3938034090 R08: 0000000000000000 R09: 0000000000000000
[  209.076361][T10141] R10: 0000400000002940 R11: 0000000000000246 R12: 0000000000000001
[  209.076371][T10141] R13: 0000000000000000 R14: 00007f39373a5fa0 R15: 00007ffed3929d58
[  209.076396][T10141]  </TASK>
[  209.466962][T10151] FAULT_INJECTION: forcing a failure.
[  209.466962][T10151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.545017][T10151] CPU: 0 UID: 0 PID: 10151 Comm: syz.2.1290 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  209.545043][T10151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  209.545053][T10151] Call Trace:
[  209.545059][T10151]  <TASK>
[  209.545066][T10151]  dump_stack_lvl+0x241/0x360
[  209.545102][T10151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.545121][T10151]  ? __pfx__printk+0x10/0x10
[  209.545143][T10151]  ? snprintf+0xda/0x120
[  209.545168][T10151]  should_fail_ex+0x40a/0x550
[  209.545194][T10151]  _copy_to_user+0x31/0xb0
[  209.545218][T10151]  simple_read_from_buffer+0xca/0x150
[  209.545242][T10151]  proc_fail_nth_read+0x1e9/0x250
[  209.545266][T10151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  209.545291][T10151]  ? rw_verify_area+0x243/0x630
[  209.545312][T10151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  209.545333][T10151]  vfs_read+0x1f8/0xb40
[  209.545350][T10151]  ? fdget_pos+0x254/0x320
[  209.545372][T10151]  ? __pfx___mutex_lock+0x10/0x10
[  209.545392][T10151]  ? __pfx_vfs_read+0x10/0x10
[  209.545412][T10151]  ? __fget_files+0x2a/0x410
[  209.545435][T10151]  ? __fget_files+0x395/0x410
[  209.545453][T10151]  ? __fget_files+0x2a/0x410
[  209.545483][T10151]  ksys_read+0x18f/0x2b0
[  209.545503][T10151]  ? __pfx_ksys_read+0x10/0x10
[  209.545520][T10151]  ? do_syscall_64+0x100/0x230
[  209.545542][T10151]  ? do_syscall_64+0xb6/0x230
[  209.545564][T10151]  do_syscall_64+0xf3/0x230
[  209.545582][T10151]  ? clear_bhb_loop+0x35/0x90
[  209.545606][T10151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.545625][T10151] RIP: 0033:0x7efc8918bb7c
[  209.545641][T10151] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  209.545656][T10151] RSP: 002b:00007efc89f73030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  209.545673][T10151] RAX: ffffffffffffffda RBX: 00007efc893a5fa0 RCX: 00007efc8918bb7c
[  209.545685][T10151] RDX: 000000000000000f RSI: 00007efc89f730a0 RDI: 0000000000000005
[  209.545696][T10151] RBP: 00007efc89f73090 R08: 0000000000000000 R09: 0000000000000000
[  209.545705][T10151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.545715][T10151] R13: 0000000000000000 R14: 00007efc893a5fa0 R15: 00007fffe8d24408
[  209.545743][T10151]  </TASK>
[  209.998453][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.624436][T10172] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1294'.
[  210.648220][T10176] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1296'.
[  210.674206][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.757212][T10176] ax25_connect(): syz.0.1296 uses autobind, please contact jreuter@yaina.de
[  210.835429][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.881948][T10185] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1300'.
[  210.923506][T10185] netlink: 'syz.4.1300': attribute type 1 has an invalid length.
[  211.011659][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  211.034420][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  211.045841][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  211.071225][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  211.081256][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  211.089939][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.111898][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  211.141297][T10197] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1300'.
[  211.256238][T10193] bond1: (slave gretap1): making interface the new active one
[  211.353230][T10193] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  211.440477][T10172] lo speed is unknown, defaulting to 1000
[  211.539271][   T35] bridge_slave_1: left allmulticast mode
[  211.548863][   T35] bridge_slave_1: left promiscuous mode
[  211.565169][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.588559][T10206] netlink: 'syz.3.1303': attribute type 4 has an invalid length.
[  211.607475][   T35] bridge_slave_0: left allmulticast mode
[  211.629239][   T35] bridge_slave_0: left promiscuous mode
[  211.637373][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.653453][T10208] raw_sendmsg: syz.3.1303 forgot to set AF_INET. Fix it!
[  212.121220][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.140523][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.152513][   T35] bond0 (unregistering): Released all slaves
[  212.177638][T10191] lo speed is unknown, defaulting to 1000
[  212.298849][T10222] FAULT_INJECTION: forcing a failure.
[  212.298849][T10222] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.321292][T10222] CPU: 0 UID: 0 PID: 10222 Comm: syz.3.1307 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  212.321318][T10222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  212.321328][T10222] Call Trace:
[  212.321334][T10222]  <TASK>
[  212.321341][T10222]  dump_stack_lvl+0x241/0x360
[  212.321366][T10222]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.321384][T10222]  ? __pfx__printk+0x10/0x10
[  212.321402][T10222]  ? __pfx_lock_release+0x10/0x10
[  212.321433][T10222]  should_fail_ex+0x40a/0x550
[  212.321460][T10222]  _copy_from_user+0x2d/0xb0
[  212.321481][T10222]  __sys_bpf+0x1be/0x820
[  212.321504][T10222]  ? __pfx___sys_bpf+0x10/0x10
[  212.321538][T10222]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  212.321562][T10222]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  212.321585][T10222]  ? do_syscall_64+0x100/0x230
[  212.321606][T10222]  __x64_sys_bpf+0x7c/0x90
[  212.321625][T10222]  do_syscall_64+0xf3/0x230
[  212.321642][T10222]  ? clear_bhb_loop+0x35/0x90
[  212.321665][T10222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.321684][T10222] RIP: 0033:0x7f0f6b78d169
[  212.321698][T10222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.321711][T10222] RSP: 002b:00007f0f6c5a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  212.321728][T10222] RAX: ffffffffffffffda RBX: 00007f0f6b9a5fa0 RCX: 00007f0f6b78d169
[  212.321739][T10222] RDX: 0000000000000094 RSI: 0000400000002c40 RDI: 0000000000000005
[  212.321749][T10222] RBP: 00007f0f6c5a6090 R08: 0000000000000000 R09: 0000000000000000
[  212.321759][T10222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.321772][T10222] R13: 0000000000000000 R14: 00007f0f6b9a5fa0 R15: 00007ffcfb549c78
[  212.321796][T10222]  </TASK>
[  212.837875][T10191] chnl_net:caif_netlink_parms(): no params data found
[  212.870282][T10242] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1310'.
[  212.961397][T10247] netlink: 'syz.4.1312': attribute type 39 has an invalid length.
[  213.151998][ T5845] Bluetooth: hci3: command tx timeout
[  213.166540][   T35] hsr_slave_0: left promiscuous mode
[  213.186190][   T35] hsr_slave_1: left promiscuous mode
[  213.192306][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  213.199741][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  213.207738][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  213.215298][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  213.234909][   T35] veth1_macvtap: left promiscuous mode
[  213.237751][T10259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1314'.
[  213.240429][   T35] veth0_macvtap: left promiscuous mode
[  213.256344][   T35] veth1_vlan: left promiscuous mode
[  213.261654][   T35] veth0_vlan: left promiscuous mode
[  213.607667][   T35] team0 (unregistering): Port device team_slave_1 removed
[  213.646417][   T35] team0 (unregistering): Port device team_slave_0 removed
[  214.031057][T10191] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.066575][T10191] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.092154][T10191] bridge_slave_0: entered allmulticast mode
[  214.099100][T10191] bridge_slave_0: entered promiscuous mode
[  214.128441][T10191] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.144308][T10191] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.152136][T10191] bridge_slave_1: entered allmulticast mode
[  214.159052][T10191] bridge_slave_1: entered promiscuous mode
[  214.294230][T10191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.334744][T10191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.498998][T10191] team0: Port device team_slave_0 added
[  214.532427][T10191] team0: Port device team_slave_1 added
[  214.637908][T10266] lo speed is unknown, defaulting to 1000
[  214.645421][T10191] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.657609][T10191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.685668][T10191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.698672][T10191] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.726704][T10191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.754989][T10191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.984914][T10191] hsr_slave_0: entered promiscuous mode
[  215.002824][T10191] hsr_slave_1: entered promiscuous mode
[  215.018837][T10191] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  215.030454][T10191] Cannot create hsr debugfs directory
[  215.222010][ T5845] Bluetooth: hci3: command tx timeout
[  215.283933][T10305] FAULT_INJECTION: forcing a failure.
[  215.283933][T10305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.337671][T10305] CPU: 0 UID: 0 PID: 10305 Comm: syz.2.1332 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  215.337696][T10305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  215.337707][T10305] Call Trace:
[  215.337712][T10305]  <TASK>
[  215.337726][T10305]  dump_stack_lvl+0x241/0x360
[  215.337752][T10305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.337770][T10305]  ? __pfx__printk+0x10/0x10
[  215.337789][T10305]  ? __pfx_lock_release+0x10/0x10
[  215.337819][T10305]  should_fail_ex+0x40a/0x550
[  215.337844][T10305]  _copy_from_user+0x2d/0xb0
[  215.337866][T10305]  kvmemdup_bpfptr_noprof+0x7d/0xf0
[  215.337884][T10305]  map_update_elem+0x251/0x6f0
[  215.337912][T10305]  __sys_bpf+0x773/0x820
[  215.337935][T10305]  ? __pfx___sys_bpf+0x10/0x10
[  215.337968][T10305]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  215.337993][T10305]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  215.338017][T10305]  ? do_syscall_64+0x100/0x230
[  215.338040][T10305]  __x64_sys_bpf+0x7c/0x90
[  215.338060][T10305]  do_syscall_64+0xf3/0x230
[  215.338077][T10305]  ? clear_bhb_loop+0x35/0x90
[  215.338101][T10305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.338120][T10305] RIP: 0033:0x7efc8918d169
[  215.338134][T10305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.338147][T10305] RSP: 002b:00007efc89f73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  215.338171][T10305] RAX: ffffffffffffffda RBX: 00007efc893a5fa0 RCX: 00007efc8918d169
[  215.338183][T10305] RDX: 0000000000000020 RSI: 0000400000000080 RDI: 0000000000000002
[  215.338193][T10305] RBP: 00007efc89f73090 R08: 0000000000000000 R09: 0000000000000000
[  215.338203][T10305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.338212][T10305] R13: 0000000000000000 R14: 00007efc893a5fa0 R15: 00007fffe8d24408
[  215.338237][T10305]  </TASK>
[  215.659836][T10313] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1335'.
[  215.785691][T10320] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1335'.
[  215.979668][T10327] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1340'.
[  216.165853][T10315] lo speed is unknown, defaulting to 1000
[  216.287371][T10191] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  216.304828][T10191] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  216.330301][T10191] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  216.347352][T10191] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  216.529365][T10191] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.539696][T10346] netlink: 'syz.4.1346': attribute type 39 has an invalid length.
[  216.570082][T10191] 8021q: adding VLAN 0 to HW filter on device team0
[  216.581413][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.588564][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.640800][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.647966][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.925613][T10191] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.949478][T10360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1350'.
[  216.985713][T10191] veth0_vlan: entered promiscuous mode
[  216.997837][T10191] veth1_vlan: entered promiscuous mode
[  217.039429][T10191] veth0_macvtap: entered promiscuous mode
[  217.054647][T10191] veth1_macvtap: entered promiscuous mode
[  217.089380][T10191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.106052][T10191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.118105][T10191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.146593][T10191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.166305][T10191] batman_adv: batadv0: Interface activated: batadv_slave_0
[  217.183545][T10191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  217.206107][T10191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.220862][T10191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  217.232745][T10191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.253485][T10191] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.277042][T10191] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.302107][   T54] Bluetooth: hci3: command tx timeout
[  217.307734][T10191] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.326150][T10191] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  217.334996][T10191] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.374360][T10375] FAULT_INJECTION: forcing a failure.
[  217.374360][T10375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.391234][T10375] CPU: 1 UID: 0 PID: 10375 Comm: syz.0.1355 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  217.391257][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  217.391268][T10375] Call Trace:
[  217.391274][T10375]  <TASK>
[  217.391281][T10375]  dump_stack_lvl+0x241/0x360
[  217.391307][T10375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.391325][T10375]  ? __pfx__printk+0x10/0x10
[  217.391343][T10375]  ? __pfx_lock_release+0x10/0x10
[  217.391373][T10375]  should_fail_ex+0x40a/0x550
[  217.391400][T10375]  _copy_from_user+0x2d/0xb0
[  217.391421][T10375]  do_ipv6_getsockopt+0x2ac/0x3670
[  217.391451][T10375]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[  217.391476][T10375]  ? aa_label_sk_perm+0x4f3/0x6c0
[  217.391501][T10375]  ? mark_lock+0x9a/0x360
[  217.391520][T10375]  ? __lock_acquire+0x1397/0x2100
[  217.391571][T10375]  ? __pfx___might_resched+0x10/0x10
[  217.391594][T10375]  ipv6_getsockopt+0x108/0x360
[  217.391620][T10375]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  217.391643][T10375]  ? __might_fault+0xaa/0x120
[  217.391661][T10375]  ? sctp_getsockopt+0x9c/0xbb0
[  217.391680][T10375]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  217.391704][T10375]  do_sock_getsockopt+0x38e/0x740
[  217.391726][T10375]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  217.391741][T10375]  ? __fget_files+0x2a/0x410
[  217.391763][T10375]  ? __fget_files+0x395/0x410
[  217.391790][T10375]  ? __fget_files+0x2a/0x410
[  217.391814][T10375]  __x64_sys_getsockopt+0x2a1/0x370
[  217.391836][T10375]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  217.391854][T10375]  ? do_syscall_64+0x100/0x230
[  217.391875][T10375]  ? do_syscall_64+0xb6/0x230
[  217.391894][T10375]  do_syscall_64+0xf3/0x230
[  217.391911][T10375]  ? clear_bhb_loop+0x35/0x90
[  217.391933][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.391953][T10375] RIP: 0033:0x7f393718d169
[  217.391968][T10375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.391981][T10375] RSP: 002b:00007f3938034038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  217.391998][T10375] RAX: ffffffffffffffda RBX: 00007f39373a5fa0 RCX: 00007f393718d169
[  217.392010][T10375] RDX: 000000000000004e RSI: 0000000000000029 RDI: 0000000000000003
[  217.392019][T10375] RBP: 00007f3938034090 R08: 0000400000003180 R09: 0000000000000000
[  217.392030][T10375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.392038][T10375] R13: 0000000000000000 R14: 00007f39373a5fa0 R15: 00007ffed3929d58
[  217.392063][T10375]  </TASK>
[  217.693963][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.702015][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.874198][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.903989][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.914690][T10388] netlink: 'syz.4.1360': attribute type 1 has an invalid length.
[  217.923068][T10388] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1360'.
[  218.100001][T10398] can: request_module (can-proto-0) failed.
[  218.424282][T10420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1366'.
[  218.434844][T10420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1366'.
[  218.501699][T10423] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1367'.
[  218.896491][T10438] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1372'.
[  218.955873][T10442] netlink: 'syz.0.1374': attribute type 4 has an invalid length.
[  219.074995][T10448] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1377'.
[  219.382415][   T54] Bluetooth: hci3: command 0x0419 tx timeout
[  219.931985][T10467] lo speed is unknown, defaulting to 1000
[  219.988310][T10473] netlink: 'syz.0.1387': attribute type 4 has an invalid length.
[  220.039693][T10473] tipc: Started in network mode
[  220.044803][T10473] tipc: Node identity ac1414aa, cluster identity 4711
[  220.057350][T10473] tipc: Enabled bearer <udp:s >, priority 10
[  220.253434][   T52] vlan2: left allmulticast mode
[  220.258345][   T52] vlan2: left promiscuous mode
[  220.277915][   T52] bridge0: port 1(vlan2) entered disabled state
[  220.393535][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  220.408877][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  220.417390][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  220.425683][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  220.433472][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  220.440806][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  220.616243][   T52] bond1 (unregistering): (slave gretap1): Releasing active interface
[  220.778947][   T52] bond0 (unregistering): Released all slaves
[  220.788868][   T52] bond1 (unregistering): Released all slaves
[  220.982320][T10488] lo speed is unknown, defaulting to 1000
[  221.011164][   T52] ------------[ cut here ]------------
[  221.022394][   T52] Have pending ack frames!
[  221.033205][   T52] WARNING: CPU: 1 PID: 52 at net/mac80211/main.c:1713 ieee80211_free_ack_frame+0x4c/0x60
[  221.043460][   T52] Modules linked in:
[  221.047372][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  221.058273][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  221.068786][   T52] Workqueue: netns cleanup_net
[  221.073772][   T52] RIP: 0010:ieee80211_free_ack_frame+0x4c/0x60
[  221.079954][   T52] Code: 00 00 00 e8 76 0d 53 fe 31 c0 5b c3 cc cc cc cc e8 89 9b 51 f6 c6 05 5c f1 b6 04 01 90 48 c7 c7 00 69 4a 8d e8 f5 57 11 f6 90 <0f> 0b 90 90 eb c9 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90
[  221.099789][   T52] RSP: 0018:ffffc90000bd7730 EFLAGS: 00010246
[  221.106050][   T52] RAX: 0e86439bdbe48400 RBX: ffff88802a98fb40 RCX: ffff8880212f5a00
[  221.114255][   T52] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  221.122437][   T52] RBP: ffffc90000bd7838 R08: ffffffff81819e32 R09: fffffbfff1d3a67c
[  221.130429][   T52] R10: dffffc0000000000 R11: fffffbfff1d3a67c R12: ffffc90000bd77a0
[  221.136717][T10488] chnl_net:caif_netlink_parms(): no params data found
[  221.138924][   T52] R13: dffffc0000000000 R14: ffff8880590e9530 R15: ffff8880772b2ef0
[  221.153790][   T52] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  221.162924][   T52] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  221.169524][   T52] CR2: 00007f393737b338 CR3: 000000000e938000 CR4: 00000000003526f0
[  221.178488][   T52] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  221.186582][   T52] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  221.194633][   T52] Call Trace:
[  221.197919][   T52]  <TASK>
[  221.200864][   T52]  ? __warn+0x165/0x4d0
[  221.205055][   T52]  ? ieee80211_free_ack_frame+0x4c/0x60
[  221.210594][   T52]  ? report_bug+0x2b3/0x500
[  221.215113][   T52]  ? ieee80211_free_ack_frame+0x4c/0x60
[  221.220652][   T52]  ? handle_bug+0x60/0x90
[  221.225096][   T52]  ? exc_invalid_op+0x1a/0x50
[  221.229783][   T52]  ? asm_exc_invalid_op+0x1a/0x20
[  221.234831][   T52]  ? __warn_printk+0x292/0x360
[  221.239806][   T52]  ? ieee80211_free_ack_frame+0x4c/0x60
[  221.245804][   T52]  idr_for_each+0x1e2/0x2d0
[  221.250321][   T52]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  221.256404][   T52]  ? __pfx_idr_for_each+0x10/0x10
[  221.261418][   T52]  ? kfree+0x196/0x430
[  221.265505][   T52]  ? kobject_put+0x272/0x480
[  221.270096][   T52]  ieee80211_free_hw+0xd0/0x480
[  221.274982][   T52]  mac80211_hwsim_del_radio+0x32b/0x4c0
[  221.280542][   T52]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  221.286662][   T52]  hwsim_exit_net+0x5c1/0x670
[  221.291345][   T52]  ? __pfx_hwsim_exit_net+0x10/0x10
[  221.296574][   T52]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  221.302427][   T52]  cleanup_net+0x812/0xd60
[  221.306867][   T52]  ? __pfx_cleanup_net+0x10/0x10
[  221.311892][   T52]  ? process_scheduled_works+0x9c6/0x18e0
[  221.317628][   T52]  process_scheduled_works+0xabe/0x18e0
[  221.323260][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  221.329267][   T52]  ? assign_work+0x364/0x3d0
[  221.333940][   T52]  worker_thread+0x870/0xd30
[  221.338922][   T52]  ? __kthread_parkme+0x169/0x1d0
[  221.344330][   T52]  ? __pfx_worker_thread+0x10/0x10
[  221.349468][   T52]  kthread+0x7a9/0x920
[  221.353623][   T52]  ? __pfx_kthread+0x10/0x10
[  221.358233][   T52]  ? __pfx_worker_thread+0x10/0x10
[  221.363397][   T52]  ? __pfx_kthread+0x10/0x10
[  221.368000][   T52]  ? __pfx_kthread+0x10/0x10
[  221.372649][   T52]  ? __pfx_kthread+0x10/0x10
[  221.377252][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.382841][   T52]  ? lockdep_hardirqs_on+0x99/0x150
[  221.388059][   T52]  ? __pfx_kthread+0x10/0x10
[  221.392716][   T52]  ret_from_fork+0x4b/0x80
[  221.397147][   T52]  ? __pfx_kthread+0x10/0x10
[  221.401748][   T52]  ret_from_fork_asm+0x1a/0x30
[  221.406577][   T52]  </TASK>
[  221.409621][   T52] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  221.416903][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.14.0-rc5-syzkaller-01215-g89d75c4c67ac #0
[  221.427563][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  221.437608][   T52] Workqueue: netns cleanup_net
[  221.442379][   T52] Call Trace:
[  221.445648][   T52]  <TASK>
[  221.448567][   T52]  dump_stack_lvl+0x241/0x360
[  221.453238][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.458426][   T52]  ? __pfx__printk+0x10/0x10
[  221.463012][   T52]  ? vscnprintf+0x5d/0x90
[  221.467353][   T52]  panic+0x349/0x880
[  221.471247][   T52]  ? __warn+0x174/0x4d0
[  221.475393][   T52]  ? __pfx_panic+0x10/0x10
[  221.479805][   T52]  ? ret_from_fork_asm+0x1a/0x30
[  221.484738][   T52]  __warn+0x344/0x4d0
[  221.488709][   T52]  ? ieee80211_free_ack_frame+0x4c/0x60
[  221.494254][   T52]  report_bug+0x2b3/0x500
[  221.498577][   T52]  ? ieee80211_free_ack_frame+0x4c/0x60
[  221.504123][   T52]  handle_bug+0x60/0x90
[  221.508276][   T52]  exc_invalid_op+0x1a/0x50
[  221.512773][   T52]  asm_exc_invalid_op+0x1a/0x20
[  221.517619][   T52] RIP: 0010:ieee80211_free_ack_frame+0x4c/0x60
[  221.523770][   T52] Code: 00 00 00 e8 76 0d 53 fe 31 c0 5b c3 cc cc cc cc e8 89 9b 51 f6 c6 05 5c f1 b6 04 01 90 48 c7 c7 00 69 4a 8d e8 f5 57 11 f6 90 <0f> 0b 90 90 eb c9 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90
[  221.543371][   T52] RSP: 0018:ffffc90000bd7730 EFLAGS: 00010246
[  221.549430][   T52] RAX: 0e86439bdbe48400 RBX: ffff88802a98fb40 RCX: ffff8880212f5a00
[  221.557395][   T52] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  221.565359][   T52] RBP: ffffc90000bd7838 R08: ffffffff81819e32 R09: fffffbfff1d3a67c
[  221.573320][   T52] R10: dffffc0000000000 R11: fffffbfff1d3a67c R12: ffffc90000bd77a0
[  221.581297][   T52] R13: dffffc0000000000 R14: ffff8880590e9530 R15: ffff8880772b2ef0
[  221.589277][   T52]  ? __warn_printk+0x292/0x360
[  221.594048][   T52]  idr_for_each+0x1e2/0x2d0
[  221.598553][   T52]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  221.604619][   T52]  ? __pfx_idr_for_each+0x10/0x10
[  221.609640][   T52]  ? kfree+0x196/0x430
[  221.613702][   T52]  ? kobject_put+0x272/0x480
[  221.618291][   T52]  ieee80211_free_hw+0xd0/0x480
[  221.623142][   T52]  mac80211_hwsim_del_radio+0x32b/0x4c0
[  221.628688][   T52]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  221.634756][   T52]  hwsim_exit_net+0x5c1/0x670
[  221.639427][   T52]  ? __pfx_hwsim_exit_net+0x10/0x10
[  221.644624][   T52]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  221.650436][   T52]  cleanup_net+0x812/0xd60
[  221.654872][   T52]  ? __pfx_cleanup_net+0x10/0x10
[  221.659820][   T52]  ? process_scheduled_works+0x9c6/0x18e0
[  221.665537][   T52]  process_scheduled_works+0xabe/0x18e0
[  221.671098][   T52]  ? __pfx_process_scheduled_works+0x10/0x10
[  221.677081][   T52]  ? assign_work+0x364/0x3d0
[  221.681673][   T52]  worker_thread+0x870/0xd30
[  221.686276][   T52]  ? __kthread_parkme+0x169/0x1d0
[  221.691297][   T52]  ? __pfx_worker_thread+0x10/0x10
[  221.696412][   T52]  kthread+0x7a9/0x920
[  221.700469][   T52]  ? __pfx_kthread+0x10/0x10
[  221.705055][   T52]  ? __pfx_worker_thread+0x10/0x10
[  221.710161][   T52]  ? __pfx_kthread+0x10/0x10
[  221.714741][   T52]  ? __pfx_kthread+0x10/0x10
[  221.719325][   T52]  ? __pfx_kthread+0x10/0x10
[  221.723904][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  221.729094][   T52]  ? lockdep_hardirqs_on+0x99/0x150
[  221.734282][   T52]  ? __pfx_kthread+0x10/0x10
[  221.738862][   T52]  ret_from_fork+0x4b/0x80
[  221.743270][   T52]  ? __pfx_kthread+0x10/0x10
[  221.747858][   T52]  ret_from_fork_asm+0x1a/0x30
[  221.752627][   T52]  </TASK>
[  221.755868][   T52] Kernel Offset: disabled
[  221.760218][   T52] Rebooting in 86400 seconds..