last executing test programs:

1m3.844447982s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

53.692498804s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

39.228774029s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

30.66236232s ago: executing program 4 (id=670):
r0 = socket$tipc(0x1e, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="1b00000000000000000000009705000000000000", @ANYRES32=0x1, @ANYBLOB="0100000000a62b00000044020000000000000000c08b30caa5c91ceefcf11394d924ca24c75d8ad8819f3dfc9c676cae9753e7f0f28c478e51c17ef8cb3a629102f67d5ec56af55c91b96b10c57b4a19b1ac4b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="030000000400"/28], 0x50)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000001c0)=[{&(0x7f00000003c0)="6e800000007700000001000000000000000000e0f6fb8f63bfd5700ac4be0db7b71749830286cb4074526a2fcc967cb23b637be1098772d0", 0x38}], 0x1, 0x9)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890)
setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
r6 = socket$kcm(0x21, 0x2, 0x2)
ppoll(&(0x7f0000001480)=[{r0, 0x4100}, {r1, 0x2600}, {r2, 0xa200}, {r3, 0x48}, {r4, 0x41}, {r5, 0x80}, {r6}, {}], 0x8, &(0x7f00000014c0)={0x0, 0x989680}, &(0x7f0000001500)={[0xffffffffffffffff]}, 0x8)

29.662829315s ago: executing program 4 (id=681):
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff000000000000080045"], 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x6000000, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff000000003d9cd4ae000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x138)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="00ffdbdf253100"/20], 0x14}}, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448de, &(0x7f0000000100)="e8313f352c9a2f318ff50f1cff2740bfb481dd6146b4ee8d62e2342e958fb045b451ce5ea170441bdb8fce5cf050a2e474198113bb67d7128137f64cdf1c3157c73f0e9f7e1ce042c9d4003b672d3d0a25921cc09ecc6aec5eb1ab068a8ec26160b69725b923e37b39e31ff77d80663e56d26594a4cb8d7db3283907d2df9527bd9cc1090c2daa4c82c71a340ef55bd36b7f2a36dd269e7515e209713ab45ca628fa309d57b64e75ebd12f4eea2fc9b323d9625740c2d335a50570e6c126f61ce6b3992fa4c03c0f43ad25f42980f27692c1a3a072d1bd5158")
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r6, r7, 0x2, 0x2, 0x0, @void, @value}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'team0\x00'}}]}, 0x38}}, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f0000000080)={'wg2\x00'})

29.025348271s ago: executing program 4 (id=683):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010200000000000000000c98f31b00000008", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000340)={'wpan1\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r2, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf251500000008000300", @ANYRES32=r3, @ANYBLOB="08002a0001000000050029000100000008002c008100000008000300", @ANYRES32=r5, @ANYBLOB="08102a00030000000c0014000300000003000000"], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4044810)

28.80908226s ago: executing program 4 (id=685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, 0x0, 0x1, 0x70bd25, 0x25dfdbf9, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c46ef400"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000985}, 0x4e000)

28.799055271s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

17.222350533s ago: executing program 4 (id=685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, 0x0, 0x1, 0x70bd25, 0x25dfdbf9, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c46ef400"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000985}, 0x4e000)

16.563418897s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

6.009985633s ago: executing program 4 (id=685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, 0x0, 0x1, 0x70bd25, 0x25dfdbf9, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c46ef400"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000985}, 0x4e000)

5.409973339s ago: executing program 2 (id=804):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f00000021c0)={0xa, 0x4e23, 0x9, @private0, 0x5}, 0x1c)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, 0x0, [@null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @loopback}], 0x10)
readv(0xffffffffffffffff, &(0x7f0000002180)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/167, 0xa7}, {&(0x7f0000001180)=""/4096, 0x1000}], 0x4)

5.409387948s ago: executing program 3 (id=805):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000dd897b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000008000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

5.223056012s ago: executing program 2 (id=806):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000380)={@val={0x0, 0x800}, @void, @eth={@empty, @random="1f001900", @val, {@mpls_mc={0x8848, {[], @llc={@llc={0x8e, 0xf8, "f0"}}}}}}}, 0x1d)

4.22515988s ago: executing program 3 (id=809):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00('], 0x48}}, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x40000000000029d, 0x832b, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r4)
sendmsg$NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x24, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0xc004)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x80, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @empty}}}})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r6)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r6, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b80)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="fba7000000000000000004000000"], 0x14}}, 0x0)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000120}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYRESOCT], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x20004004)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r8, 0x0, 0x2e, &(0x7f0000000340)={0x0, {{0x2, 0x4e21, @multicast1}}, {{0x2, 0x0, @empty}}}, 0xfffffffffffffcf7)
getsockopt$inet_buf(r8, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
bind$rds(r1, &(0x7f0000000700)={0x2, 0x4e20, @loopback}, 0x10)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000003000000b30000007f00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f00000003c0)="93378e66cf9b48cb59638401fcd1730172853a9fa89527996042ab60ae29f9c1", 0x20)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a, &(0x7f0000000000)=[{0x0, 0xfffffffffffffed7}], 0x1}, 0x24000000)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r10}, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b30, &(0x7f00000001c0)={'wlan0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4044844}, 0x0)

3.897067337s ago: executing program 2 (id=811):
socket$inet6(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="2f80000000655de3008a9b4207164f000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000840)=ANY=[@ANYBLOB="85000000a0000000350000000000000085000000080000009500000000000000e2b07ca73536232cdfe6eeb134ad67bc008ea301efb897b682258ae22b775906d26146089b7e2fc9fb6c290ded9da1c43f06579b6b83549741b4c86c19906f5dc2abc66b81c14c4c0800cbde583a1cff2b6784cd736cc41aef0f85cb94c95a9b971e7d987ffbbff8ac7daa998a2fc8ace3afeeace929fc89f6b4f64d8b67a461287d2f97e65147cc31839276d9930449c4b23ea3f186ad3c84004cf9118f6d6268530c2d677d4f55e6868cc4cfd65a5f09543fed7f25c1876604dbc0162e2ab1a605ee946ce6e7c35045d4d0ac522005d7ac9f48f7525a79d1ff0a292a3e00d1"], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x26, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, 0x0, 0xfcde, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg(r1, &(0x7f0000000380)=[{{&(0x7f0000000580)=@nl=@proc, 0x80, &(0x7f0000001900)=[{&(0x7f0000000600)='B', 0x1}], 0x1}}, {{&(0x7f0000000200)=@nl=@proc, 0x80, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x1}}], 0x2, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="40180000000000001c0012800b009d62839a6964676500000c0002800500160003000000"], 0x3c}}, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a010400000000000000000200000034000580300001800e000100696d6d6564696174650000001c0002800800014000000000100002800c00028008000180ffffffff0900010073797a30000000000800020073797a3200000000140000001100"], 0x88}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$EBT_SO_GET_INFO(r6, 0x0, 0x80, &(0x7f0000000000)={'broute\x00', 0x0, 0x0, 0x0, [0x0, 0x3, 0x3, 0x6, 0x0, 0x207fd]}, &(0x7f0000000080)=0x78)
getsockopt$EBT_SO_GET_ENTRIES(r6, 0x0, 0x81, 0x0, &(0x7f00000002c0))
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r2, 0x0, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xd8, 0xb5, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a9", 0x0, 0x8000}, 0x50)
socket$inet6(0xa, 0x80002, 0x0)

3.831635905s ago: executing program 1 (id=812):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4)
bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r3}, 0x10)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r4, 0x541b, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000001bc0)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000003c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1d, r6})

3.241832957s ago: executing program 3 (id=813):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f0000000000)="ff", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x8}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)

2.936056788s ago: executing program 1 (id=814):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x64}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000040000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r1], 0xf8}, 0x1, 0x0, 0x0, 0x24000805}, 0x20000000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)

2.789063617s ago: executing program 0 (id=70):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001cc0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x1a}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x9, 0x0, 0xe24}}}]}]}]}}]}, 0x50}}, 0x0)

2.784749328s ago: executing program 1 (id=815):
socket$vsock_stream(0x28, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000540))
socket(0x2a, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
socket(0x2, 0x80805, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0)

1.140526286s ago: executing program 1 (id=816):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f00000021c0)={0xa, 0x4e23, 0x9, @private0, 0x5}, 0x1c)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, 0x0, [@null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @loopback}], 0x10)
readv(0xffffffffffffffff, &(0x7f0000002180)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/167, 0xa7}, {&(0x7f0000001180)=""/4096, 0x1000}], 0x4)

1.132515225s ago: executing program 2 (id=817):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="180000003c000701fcffffff0000000002"], 0x18}, 0x1, 0x0, 0x0, 0x88c4}, 0x0)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x24000054}, 0xc001)
recvmmsg(r3, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffc4c, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000740)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x4c, 0x1a, 0x128, 0x75, 0x238, 0x258, 0x258, 0x238, 0x258, 0x3, 0x0, {[{{@uncond, 0x0, 0xf8, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@addrtype1={{0x28}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xffffffffffffffff, 0x4, 0x3}, {0x0, 0x4}, 0x1020, 0x2}}}, {{@ipv6={@mcast2, @local, [], [], 'veth0_virt_wifi\x00', 'ip6tnl0\x00', {}, {}, 0x0, 0xfe}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xf, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
recvmmsg$unix(r3, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/116, 0x74}], 0x1}}], 0x1, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000040)=0x2200, 0x4)
sendmsg$inet(r0, &(0x7f00000015c0)={&(0x7f0000001180)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000001540)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@cipso={0x86, 0xb, 0x3, [{0x2, 0x5, "8de8c2"}]}]}}}], 0x20}, 0x4000800)

1.115479501s ago: executing program 3 (id=818):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f00000004c0)=""/179, 0x1a, 0xb3, 0x1, 0x0, 0x0, @void, @value}, 0x28)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x4c, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x7, 0x2, 0x8}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000600)={'syztnl1\x00', 0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
shutdown(r6, 0x1)
recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0xffe)
socket$inet_tcp(0x2, 0x1, 0x0)
writev(r2, &(0x7f0000000900)=[{&(0x7f0000000340)="af87435ce81b84bef6a256685b23355743202474479b21b4ba549df5d8a527a1bfcddcf49ef5c76ffaa82d6cded27d039a3a73231c79d0cf0ba1d13f6972e8055afb9a9ad6752780317e5a385d9154e3b1e95ba56eac389f6205fd8e6ed7f3fc2c9052beb264ac0871e3ee9f03d733e74e02bf9cd524f5d1d4ece1d9807c713d68b4eb3aefcb64f5b5f8429a620a677985040d982c8c9aea405eec3a75112d2dd15c1e19d4a0bc365e9000d87ea00184f1cdf075452be33b9b4c6ed197b2203039730d4916336e71f59a5e1274dfe708ec3f56a9a75b051df15be6423a0fff4bee03d694cc94d32f86fa630fcfdc2682c6f5fbe4d00dae06573bdbfb5e30", 0xfe}, {&(0x7f0000000440)="e205502fb25d7623f834ac71ffa925065b58a0ceb2b3c9ec39b966c99163cc09cac1f2871433650a702d6c1028b333ba74a0002eb49ced7c994bea978edccb6f7415b1f05c7296a5e4aaa8eccf9b147c69b624aa2609c80b2a5c78e9e3597d17d207a9b06dd7e3677278380412b58af9c8b3c5dacfdfe69b2fd1b3526f0673a3ecb09ae4d6cd02696d185275add9102fec56a431634a984a32", 0x99}, {&(0x7f0000000540)}, {&(0x7f0000000080)="ddae976ee400e767505c3a01daed0c3228c39a1a00903d61d1f3310a60262f2c3aaf1ace2c3c81d56c0ab771e9ee91455963c457d6fae7b629a599838537ac", 0x3f}, {&(0x7f0000000640)="b06a5fdc86b77e1fe4faed4971eedc4727837f0d7f3d89901d5cdb261afafa3e4b17a1900858045c5977081e7e92eec1104a382a2f3591ddf8971d5e5bc9585c95763d0eed2097fac49bd4a6f3609451f3f7d13924c85c4affeb4568602dce6378372c0266717879915f6fe9f8d6ec06578fbb73dbb4333e639be215c3c80028864b4abd4ee4995261722e9dc3ee31542320efa5731c53a71b482aa207370fe3b6316edf57dd1bf42918937dddc398f85f226d345267d97bf40593e6b3cc22eff371fe2e9b08da6f54bd8473e4177140f82fb8166618de7f7a523394f53f4790cd73c28804d9fd6e7dcab55f9d4bbc0344b79413449833", 0xf7}, {&(0x7f0000000740)="e38b3392bd1c4f5a2c613ce6f041c4720b8b258f851927b80f2ccad88a0673ccf98845a7ee0c0758d4a6696141651fe86eee8d2a57910cf7999e7e720ef0547a18d832b5730bfcbec31cbc22ade529bb3625e91f0b51c6d69ee1182d1d8afbceb719dbdf81fadfa590cc88a4e76c37222fab960aa5b67d0fdb7537e5a46dbbbae21d07ac3830e745e4f5a787cb827edff15b3e6e0000419c03bee449fe0f20ac0eee63632e5f39238b51372bb772e2b9e765e9567ce10549", 0xb8}, {0x0}, {&(0x7f0000000800)="f8d54938499a5086c565afbc14c94cb72cb10fdde2c6fe619d954bff7ecb023d1c880bb8f6941a35c5084eb906ba6e6a882707e911083a55736f7f0f9e1bc7da716039331a73eb7cc6613e68aa1d8c183762d2b8abd3e5c74769aff3e2778917bbbb26b32498974d0184e9182808b727a87e5eb20f0a113505c9124949a59049f1ce1ea0e4ce3b41fde4c4d960b0f66e497b206f132a3865c3199b3e4d2496cb95767eaaf0df7b44c2abf452024ff8b422570a5caf1a9376b65d28214793b8b9f519324bcfe5c0214da718", 0xcb}], 0x8)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000001c0)={'wpan0\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg(r8, &(0x7f0000004900)=[{{&(0x7f00000004c0)=@nl=@unspec, 0x80, 0x0}}], 0x1, 0x20004400)

940.305323ms ago: executing program 2 (id=819):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001a0001ffffffffffffffff000a000000000000000000000008001f004015"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'veth1_to_team\x00', @random="37515e80393f"})
socket$kcm(0x10, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x20000400)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$netlink(r1, &(0x7f0000000480), 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
recvmmsg(r3, &(0x7f0000004400)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x20, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r7, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
connect$unix(r6, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000140)=[{r6, 0x6600}, {r2, 0x2191}], 0x2, 0x0, 0x0, 0x0)
readv(r2, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/150, 0x96}], 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0xb0, 0x4, 0x2, 0x20e03, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r8, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)

939.520261ms ago: executing program 1 (id=820):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f0000000e00)="fd", 0x0}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000030400000000fedbdf2500000300", @ANYRES32=0x0, @ANYBLOB="0000be281f000000200012800b00010067656e65766500001000028004000e0005000a0001"], 0x40}}, 0x0)

737.699639ms ago: executing program 3 (id=821):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000001c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd0b736cf6fa4e1b0d0000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880) (fail_nth: 8)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r3, &(0x7f0000000140)={&(0x7f0000000040), 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x74)
r6 = socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x80087601, 0x0)

597.757324ms ago: executing program 1 (id=822):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00ac82000000001600"/20, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x2f, 0x10, 0x3c, &(0x7f0000000580)="0000ffffffffa000", &(0x7f0000000540)=""/23, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r9=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x7, &(0x7f0000000040)=0x1ff, 0x4)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000000)=0xfffffff9, 0x4)
bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe}}}, 0x24}}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x50}})
socket$inet_udplite(0x2, 0x2, 0x88)

528.254012ms ago: executing program 2 (id=823):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x2)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r2}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000000), &(0x7f0000000180)='%-5lx  \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00'}, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="340000001a00010000000000000000000a000000000000000000000006001b000000000006001c0000000000080019"], 0x34}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x44040)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x11000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)={0x8c, r9, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x38, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x841}, 0x20000800)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$802154_dgram(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x24, @none={0x0, 0x2}}, 0x14, &(0x7f0000000180)={0x0}}, 0x0)

0s ago: executing program 3 (id=824):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x1, 0x70bd25, 0x25dfdbff, {{}, {0x0, 0x4109}}}, 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x20000844)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001040)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x1c, r3, 0x2, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c001}, 0x20008000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x2b, 0x1, 0x1)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0xffffdb4c, @empty}, 0x1c)
r6 = socket(0x1e, 0x1, 0x0)
connect$tipc(r6, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0xffffffff}}}, 0x10)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000180), 0x4)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
listen(r4, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x4)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000a00)="580000001500add427323b470c45b4560a067fffffff81204e22030d00ff0028925aa8002020eaa57b00090080020efffe0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000cb817085ce6601", 0x58}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r8 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800599c6d0eab070004000523"], 0xfe33)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r9=>0x0})
r10 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=ANY=[@ANYBLOB="12000000400000000800000001"], 0x48)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r10, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r11}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r10, &(0x7f0000000200), &(0x7f0000000400)=""/4096}, 0x20)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000140)={0x1, 0x0, 0x1, 0x8, @vifc_lcl_ifindex=r9, @loopback}, 0x10)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r1, 0x100, 0x70bd2d, 0x0, {{}, {@void, @val={0xc, 0x99, {0x2, 0x74}}}}, [@NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x2}, @broadcast}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

kernel console output (not intermixed with test programs):

95150][ T7623]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  161.395180][ T7623]  ? __alloc_skb+0x1c2/0x480
[  161.395216][ T7623]  __alloc_skb+0x1c2/0x480
[  161.395261][ T7623]  ? __pfx___alloc_skb+0x10/0x10
[  161.395299][ T7623]  ? netlink_ack_tlv_len+0x6e/0x200
[  161.395331][ T7623]  netlink_ack+0x147/0xa70
[  161.395366][ T7623]  ? __kasan_kmalloc+0x9d/0xb0
[  161.395398][ T7623]  ? nfnetlink_rcv+0x1095/0x28f0
[  161.395424][ T7623]  nfnetlink_rcv+0x2366/0x28f0
[  161.395486][ T7623]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  161.395563][ T7623]  ? skb_clone+0x240/0x390
[  161.395598][ T7623]  ? netlink_deliver_tap+0x2e/0x1b0
[  161.395628][ T7623]  ? netlink_deliver_tap+0x2e/0x1b0
[  161.395658][ T7623]  netlink_unicast+0x7f8/0x9a0
[  161.395694][ T7623]  ? __pfx_netlink_unicast+0x10/0x10
[  161.395722][ T7623]  ? skb_put+0x114/0x1f0
[  161.395757][ T7623]  netlink_sendmsg+0x8c3/0xcd0
[  161.395799][ T7623]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.395832][ T7623]  ? aa_sock_msg_perm+0x91/0x160
[  161.395871][ T7623]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.395898][ T7623]  __sock_sendmsg+0x221/0x270
[  161.395928][ T7623]  ____sys_sendmsg+0x523/0x860
[  161.395959][ T7623]  ? __pfx_____sys_sendmsg+0x10/0x10
[  161.395977][ T7623]  ? __fget_files+0x2a/0x420
[  161.396012][ T7623]  ? __fget_files+0x2a/0x420
[  161.396053][ T7623]  __sys_sendmsg+0x271/0x360
[  161.396080][ T7623]  ? __pfx___sys_sendmsg+0x10/0x10
[  161.396160][ T7623]  ? do_syscall_64+0xb6/0x230
[  161.396193][ T7623]  do_syscall_64+0xf3/0x230
[  161.396220][ T7623]  ? clear_bhb_loop+0x45/0xa0
[  161.396253][ T7623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.396274][ T7623] RIP: 0033:0x7f307698d169
[  161.396293][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.396311][ T7623] RSP: 002b:00007f3077882038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  161.396335][ T7623] RAX: ffffffffffffffda RBX: 00007f3076ba5fa0 RCX: 00007f307698d169
[  161.396350][ T7623] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  161.396364][ T7623] RBP: 00007f3077882090 R08: 0000000000000000 R09: 0000000000000000
[  161.396377][ T7623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.396389][ T7623] R13: 0000000000000000 R14: 00007f3076ba5fa0 R15: 00007ffc32de9828
[  161.396422][ T7623]  </TASK>
[  161.900645][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  161.911728][ T7634] netlink: 36 bytes leftover after parsing attributes in process `syz.3.452'.
[  161.914793][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  161.930186][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  161.941183][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  161.961010][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  162.117766][ T7643] FAULT_INJECTION: forcing a failure.
[  162.117766][ T7643] name failslab, interval 1, probability 0, space 0, times 0
[  162.178749][ T7643] CPU: 0 UID: 0 PID: 7643 Comm: syz.2.454 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  162.178781][ T7643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.178795][ T7643] Call Trace:
[  162.178804][ T7643]  <TASK>
[  162.178812][ T7643]  dump_stack_lvl+0x241/0x360
[  162.178850][ T7643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.178880][ T7643]  ? __pfx__printk+0x10/0x10
[  162.178921][ T7643]  should_fail_ex+0x424/0x570
[  162.178974][ T7643]  should_failslab+0xac/0x100
[  162.179005][ T7643]  __kmalloc_cache_noprof+0x73/0x370
[  162.179032][ T7643]  ? sctp_add_bind_addr+0x89/0x3a0
[  162.179067][ T7643]  sctp_add_bind_addr+0x89/0x3a0
[  162.179101][ T7643]  sctp_copy_local_addr_list+0x313/0x500
[  162.179134][ T7643]  ? sctp_copy_local_addr_list+0xad/0x500
[  162.179164][ T7643]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  162.179196][ T7643]  ? sctp_v6_is_any+0x60/0x70
[  162.179229][ T7643]  ? sctp_copy_one_addr+0x94/0x360
[  162.179263][ T7643]  sctp_bind_addr_copy+0xad/0x3b0
[  162.179292][ T7643]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  162.179323][ T7643]  sctp_connect_new_asoc+0x337/0x700
[  162.179349][ T7643]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  162.179369][ T7643]  ? sctp_sendmsg+0xf30/0x3620
[  162.179397][ T7643]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  162.179417][ T7643]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  162.179442][ T7643]  sctp_sendmsg+0x2009/0x3620
[  162.179490][ T7643]  ? __pfx_sctp_sendmsg+0x10/0x10
[  162.179515][ T7643]  ? aa_sk_perm+0x96f/0xac0
[  162.179559][ T7643]  ? inet_sendmsg+0x330/0x390
[  162.179588][ T7643]  __sock_sendmsg+0x1a6/0x270
[  162.179619][ T7643]  __sys_sendto+0x365/0x4c0
[  162.179656][ T7643]  ? __pfx___sys_sendto+0x10/0x10
[  162.179703][ T7643]  ? __fget_files+0x2a/0x420
[  162.179746][ T7643]  ? ksys_write+0x275/0x2d0
[  162.179782][ T7643]  __x64_sys_sendto+0xde/0x100
[  162.179818][ T7643]  do_syscall_64+0xf3/0x230
[  162.179846][ T7643]  ? clear_bhb_loop+0x45/0xa0
[  162.179872][ T7643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.179892][ T7643] RIP: 0033:0x7f307698d169
[  162.179912][ T7643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.179936][ T7643] RSP: 002b:00007f3077882038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  162.179959][ T7643] RAX: ffffffffffffffda RBX: 00007f3076ba5fa0 RCX: 00007f307698d169
[  162.179975][ T7643] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000004
[  162.179988][ T7643] RBP: 00007f3077882090 R08: 0000200000000140 R09: 000000000000001c
[  162.180002][ T7643] R10: 000000000400c0d4 R11: 0000000000000246 R12: 0000000000000002
[  162.180016][ T7643] R13: 0000000000000000 R14: 00007f3076ba5fa0 R15: 00007ffc32de9828
[  162.180051][ T7643]  </TASK>
[  162.479232][ T7640] xt_CT: No such helper "snmp"
[  162.717790][ T7627] chnl_net:caif_netlink_parms(): no params data found
[  162.746423][ T7661] xt_ecn: cannot match TCP bits for non-tcp packets
[  162.774979][ T7661] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  162.875869][ T7667] FAULT_INJECTION: forcing a failure.
[  162.875869][ T7667] name failslab, interval 1, probability 0, space 0, times 0
[  162.890650][ T7667] CPU: 0 UID: 0 PID: 7667 Comm: syz.3.463 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  162.890681][ T7667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.890694][ T7667] Call Trace:
[  162.890703][ T7667]  <TASK>
[  162.890712][ T7667]  dump_stack_lvl+0x241/0x360
[  162.890750][ T7667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.890802][ T7667]  ? __pfx__printk+0x10/0x10
[  162.890836][ T7667]  ? __pfx___might_resched+0x10/0x10
[  162.890867][ T7667]  should_fail_ex+0x424/0x570
[  162.890907][ T7667]  should_failslab+0xac/0x100
[  162.890937][ T7667]  __kmalloc_cache_noprof+0x73/0x370
[  162.890965][ T7667]  ? call_usermodehelper_setup+0x8e/0x270
[  162.890985][ T7667]  ? __kmalloc_node_track_caller_noprof+0x2b2/0x4d0
[  162.891020][ T7667]  call_usermodehelper_setup+0x8e/0x270
[  162.891041][ T7667]  ? __pfx_free_modprobe_argv+0x10/0x10
[  162.891067][ T7667]  __request_module+0x3cf/0x640
[  162.891097][ T7667]  ? __mutex_unlock_slowpath+0x229/0x800
[  162.891124][ T7667]  ? __mutex_unlock_slowpath+0x229/0x800
[  162.891153][ T7667]  ? __pfx___request_module+0x10/0x10
[  162.891179][ T7667]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  162.891220][ T7667]  ? ip_vs_genl_parse_service+0x428/0x1300
[  162.891250][ T7667]  ip_vs_scheduler_get+0x137/0x280
[  162.891277][ T7667]  ip_vs_add_service+0x7c/0x12d0
[  162.891317][ T7667]  ? __nla_validate_parse+0x28e6/0x32e0
[  162.891340][ T7667]  ? genl_rcv+0x28/0x40
[  162.891358][ T7667]  ? netlink_unicast+0x7f8/0x9a0
[  162.891380][ T7667]  ? netlink_sendmsg+0x8c3/0xcd0
[  162.891418][ T7667]  ip_vs_genl_set_cmd+0x9f5/0x1ce0
[  162.891447][ T7667]  ? __pfx_ip_vs_genl_set_cmd+0x10/0x10
[  162.891516][ T7667]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  162.891548][ T7667]  genl_rcv_msg+0xb38/0xf00
[  162.891580][ T7667]  ? __pfx_genl_rcv_msg+0x10/0x10
[  162.891599][ T7667]  ? stack_trace_save+0x11a/0x1d0
[  162.891631][ T7667]  ? __pfx_stack_trace_save+0x10/0x10
[  162.891662][ T7667]  ? stack_depot_save_flags+0x44/0x940
[  162.891680][ T7667]  ? stack_trace_snprint+0x71/0xf0
[  162.891725][ T7667]  ? __lock_acquire+0xad5/0xd80
[  162.891748][ T7667]  ? __pfx_ip_vs_genl_set_cmd+0x10/0x10
[  162.891802][ T7667]  netlink_rcv_skb+0x208/0x480
[  162.891832][ T7667]  ? __pfx_genl_rcv_msg+0x10/0x10
[  162.891856][ T7667]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  162.891910][ T7667]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.891947][ T7667]  genl_rcv+0x28/0x40
[  162.891966][ T7667]  netlink_unicast+0x7f8/0x9a0
[  162.892003][ T7667]  ? __pfx_netlink_unicast+0x10/0x10
[  162.892031][ T7667]  ? skb_put+0x114/0x1f0
[  162.892068][ T7667]  netlink_sendmsg+0x8c3/0xcd0
[  162.892122][ T7667]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.892157][ T7667]  ? aa_sock_msg_perm+0x91/0x160
[  162.892193][ T7667]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.892220][ T7667]  __sock_sendmsg+0x221/0x270
[  162.892251][ T7667]  ____sys_sendmsg+0x523/0x860
[  162.892282][ T7667]  ? __pfx_____sys_sendmsg+0x10/0x10
[  162.892301][ T7667]  ? __fget_files+0x2a/0x420
[  162.892336][ T7667]  ? __fget_files+0x2a/0x420
[  162.892376][ T7667]  __sys_sendmsg+0x271/0x360
[  162.892405][ T7667]  ? __pfx___sys_sendmsg+0x10/0x10
[  162.892496][ T7667]  ? do_syscall_64+0xb6/0x230
[  162.892526][ T7667]  do_syscall_64+0xf3/0x230
[  162.892553][ T7667]  ? clear_bhb_loop+0x45/0xa0
[  162.892578][ T7667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.892599][ T7667] RIP: 0033:0x7fcb8f58d169
[  162.892618][ T7667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.892635][ T7667] RSP: 002b:00007fcb90404038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  162.892658][ T7667] RAX: ffffffffffffffda RBX: 00007fcb8f7a5fa0 RCX: 00007fcb8f58d169
[  162.892673][ T7667] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  162.892686][ T7667] RBP: 00007fcb90404090 R08: 0000000000000000 R09: 0000000000000000
[  162.892700][ T7667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.892712][ T7667] R13: 0000000000000000 R14: 00007fcb8f7a5fa0 R15: 00007ffe8d01e938
[  162.892746][ T7667]  </TASK>
[  162.892877][ T7667] IPVS: Scheduler module ip_vs_sip not found
[  163.162208][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.461'.
[  163.555158][ T7627] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.573718][ T7627] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.590877][ T7627] bridge_slave_0: entered allmulticast mode
[  163.599267][ T7627] bridge_slave_0: entered promiscuous mode
[  163.611334][ T7627] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.624360][ T7689] FAULT_INJECTION: forcing a failure.
[  163.624360][ T7689] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.628946][ T7627] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.659789][ T7627] bridge_slave_1: entered allmulticast mode
[  163.688340][ T7689] CPU: 0 UID: 0 PID: 7689 Comm: syz.1.468 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  163.688374][ T7689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  163.688388][ T7689] Call Trace:
[  163.688396][ T7689]  <TASK>
[  163.688405][ T7689]  dump_stack_lvl+0x241/0x360
[  163.688443][ T7689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.688472][ T7689]  ? __pfx__printk+0x10/0x10
[  163.688515][ T7689]  should_fail_ex+0x424/0x570
[  163.688555][ T7689]  _copy_from_iter+0x211/0x1c70
[  163.688588][ T7689]  ? __build_skb_around+0x247/0x3d0
[  163.688624][ T7689]  ? __alloc_skb+0x298/0x480
[  163.688653][ T7689]  ? __pfx__copy_from_iter+0x10/0x10
[  163.688680][ T7689]  ? __pfx___alloc_skb+0x10/0x10
[  163.688710][ T7689]  ? skb_put+0x114/0x1f0
[  163.688741][ T7689]  netlink_sendmsg+0x73c/0xcd0
[  163.688777][ T7689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.688807][ T7689]  ? aa_sock_msg_perm+0x91/0x160
[  163.688839][ T7689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.688866][ T7689]  __sock_sendmsg+0x221/0x270
[  163.688895][ T7689]  ____sys_sendmsg+0x523/0x860
[  163.688926][ T7689]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.688944][ T7689]  ? __fget_files+0x2a/0x420
[  163.688979][ T7689]  ? __fget_files+0x2a/0x420
[  163.689019][ T7689]  __sys_sendmsg+0x271/0x360
[  163.689057][ T7689]  ? __pfx___sys_sendmsg+0x10/0x10
[  163.689134][ T7689]  ? do_syscall_64+0xb6/0x230
[  163.689165][ T7689]  do_syscall_64+0xf3/0x230
[  163.689190][ T7689]  ? clear_bhb_loop+0x45/0xa0
[  163.689216][ T7689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.689236][ T7689] RIP: 0033:0x7f3d38d8d169
[  163.689254][ T7689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.689271][ T7689] RSP: 002b:00007f3d39c95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.689298][ T7689] RAX: ffffffffffffffda RBX: 00007f3d38fa5fa0 RCX: 00007f3d38d8d169
[  163.689314][ T7689] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000009
[  163.689327][ T7689] RBP: 00007f3d39c95090 R08: 0000000000000000 R09: 0000000000000000
[  163.689339][ T7689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.689350][ T7689] R13: 0000000000000000 R14: 00007f3d38fa5fa0 R15: 00007ffdfdf996d8
[  163.689380][ T7689]  </TASK>
[  163.689389][ T7627] bridge_slave_1: entered promiscuous mode
[  163.990306][ T5849] Bluetooth: hci3: command tx timeout
[  164.004119][ T7692] lo: entered allmulticast mode
[  164.063965][ T7627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.101342][ T7627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.166597][ T7692] syzkaller0: entered allmulticast mode
[  164.191833][ T7696] syzkaller0 (unregistering): left allmulticast mode
[  164.376320][ T7627] team0: Port device team_slave_0 added
[  164.406354][ T7687] lo: left allmulticast mode
[  164.425019][ T7627] team0: Port device team_slave_1 added
[  164.550889][ T7627] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.561816][ T7627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.619168][ T7627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.636525][ T7719] FAULT_INJECTION: forcing a failure.
[  164.636525][ T7719] name failslab, interval 1, probability 0, space 0, times 0
[  164.639086][ T7627] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.656687][ T7627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.683022][ T7719] CPU: 0 UID: 0 PID: 7719 Comm: syz.1.477 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  164.683050][ T7719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.683063][ T7719] Call Trace:
[  164.683071][ T7719]  <TASK>
[  164.683080][ T7719]  dump_stack_lvl+0x241/0x360
[  164.683115][ T7719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.683144][ T7719]  ? __pfx__printk+0x10/0x10
[  164.683177][ T7719]  ? __pfx___might_resched+0x10/0x10
[  164.683206][ T7719]  should_fail_ex+0x424/0x570
[  164.683246][ T7719]  should_failslab+0xac/0x100
[  164.683276][ T7719]  __kmalloc_noprof+0xdf/0x4d0
[  164.683304][ T7719]  ? security_sk_alloc+0x53/0x360
[  164.683330][ T7719]  security_sk_alloc+0x53/0x360
[  164.683354][ T7719]  sk_prot_alloc+0xfa/0x210
[  164.683385][ T7719]  ? sk_alloc+0x27/0x370
[  164.683419][ T7719]  sk_alloc+0x3e/0x370
[  164.683457][ T7719]  pptp_create+0x32/0x2f0
[  164.683485][ T7719]  pppox_create+0x12f/0x1b0
[  164.683513][ T7719]  __sock_create+0x4c0/0xa30
[  164.683551][ T7719]  __sys_socket+0x14d/0x3c0
[  164.683580][ T7719]  ? __pfx___sys_socket+0x10/0x10
[  164.683620][ T7719]  __x64_sys_socket+0x7a/0x90
[  164.683650][ T7719]  do_syscall_64+0xf3/0x230
[  164.683677][ T7719]  ? clear_bhb_loop+0x45/0xa0
[  164.683703][ T7719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.683724][ T7719] RIP: 0033:0x7f3d38d8d169
[  164.683743][ T7719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.683761][ T7719] RSP: 002b:00007f3d39c95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  164.683783][ T7719] RAX: ffffffffffffffda RBX: 00007f3d38fa5fa0 RCX: 00007f3d38d8d169
[  164.683799][ T7719] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000018
[  164.683812][ T7719] RBP: 00007f3d39c95090 R08: 0000000000000000 R09: 0000000000000000
[  164.683824][ T7719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.683836][ T7719] R13: 0000000000000001 R14: 00007f3d38fa5fa0 R15: 00007ffdfdf996d8
[  164.683870][ T7719]  </TASK>
[  164.713156][ T7627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.728428][ T7721] netlink: 4 bytes leftover after parsing attributes in process `syz.4.478'.
[  164.808618][ T7722] netlink: 12 bytes leftover after parsing attributes in process `syz.4.478'.
[  165.134915][ T7732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.481'.
[  165.149138][ T7627] hsr_slave_0: entered promiscuous mode
[  165.155303][ T7732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.481'.
[  165.166614][ T7627] hsr_slave_1: entered promiscuous mode
[  165.173631][ T7627] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.181390][ T7627] Cannot create hsr debugfs directory
[  165.193411][ T7711] syz.2.474 (7711) used greatest stack depth: 18312 bytes left
[  165.625661][ T7627] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.696205][ T7757] veth2: entered promiscuous mode
[  165.703118][ T7757] veth2: entered allmulticast mode
[  165.718449][ T7756] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  165.785692][ T7627] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.873669][ T7627] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.979840][ T7627] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.079887][ T5849] Bluetooth: hci3: command tx timeout
[  166.177221][ T7627] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  166.188819][ T7627] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  166.211590][ T7627] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  166.259203][ T7627] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  166.415654][ T7780] netlink: 24 bytes leftover after parsing attributes in process `syz.2.495'.
[  166.431028][ T7782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.496'.
[  166.446420][ T7627] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.479435][ T7782] sctp: [Deprecated]: syz.1.496 (pid 7782) Use of int in max_burst socket option.
[  166.479435][ T7782] Use struct sctp_assoc_value instead
[  166.527741][ T7627] 8021q: adding VLAN 0 to HW filter on device team0
[  166.573736][ T7786] ipt_ECN: cannot use operation on non-tcp rule
[  166.584706][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.591955][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.643712][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.650986][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.709386][ T7790] netlink: 64 bytes leftover after parsing attributes in process `syz.2.499'.
[  166.763205][ T7790] netlink: 32 bytes leftover after parsing attributes in process `syz.2.499'.
[  167.323478][ T7627] 8021q: adding VLAN 0 to HW filter on device batadv0
[  167.504385][ T7627] veth0_vlan: entered promiscuous mode
[  167.548216][ T7627] veth1_vlan: entered promiscuous mode
[  167.633955][ T7627] veth0_macvtap: entered promiscuous mode
[  167.675062][ T7627] veth1_macvtap: entered promiscuous mode
[  167.692408][ T7809] netlink: 20 bytes leftover after parsing attributes in process `syz.2.504'.
[  167.739115][ T7809] vlan3: entered promiscuous mode
[  167.813201][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.854654][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.880533][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.900408][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.929653][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.952167][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.969684][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.999534][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.012065][ T7627] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.035739][ T7810] delete_channel: no stack
[  168.045193][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.097869][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.122413][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.139563][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.150671][ T5849] Bluetooth: hci3: command tx timeout
[  168.167606][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.178282][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.191998][ T7627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.202616][ T7627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.214841][ T7627] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.265241][ T7816] netlink: 56 bytes leftover after parsing attributes in process `syz.2.508'.
[  168.266043][ T7627] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.276120][ T7816] netlink: 36 bytes leftover after parsing attributes in process `syz.2.508'.
[  168.297494][ T7627] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.303732][ T7024] IPVS: starting estimator thread 0...
[  168.311889][ T7627] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.311928][ T7627] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.430169][ T7819] vcan0: tx drop: invalid sa for name 0x0000000000008000
[  168.453031][ T7820] IPVS: using max 23 ests per chain, 55200 per kthread
[  168.863559][  T130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.912059][  T130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.006426][ T7838] FAULT_INJECTION: forcing a failure.
[  169.006426][ T7838] name failslab, interval 1, probability 0, space 0, times 0
[  169.053918][ T7838] CPU: 0 UID: 0 PID: 7838 Comm: syz.4.511 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  169.053955][ T7838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  169.053969][ T7838] Call Trace:
[  169.053977][ T7838]  <TASK>
[  169.053987][ T7838]  dump_stack_lvl+0x241/0x360
[  169.054024][ T7838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.054054][ T7838]  ? __pfx__printk+0x10/0x10
[  169.054087][ T7838]  ? __pfx___might_resched+0x10/0x10
[  169.054119][ T7838]  should_fail_ex+0x424/0x570
[  169.054160][ T7838]  should_failslab+0xac/0x100
[  169.054191][ T7838]  __kmalloc_noprof+0xdf/0x4d0
[  169.054218][ T7838]  ? ethnl_default_notify+0x1e0/0x9f0
[  169.054253][ T7838]  ethnl_default_notify+0x1e0/0x9f0
[  169.054282][ T7838]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  169.054310][ T7838]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  169.054333][ T7838]  ? __pfx_ethnl_default_notify+0x10/0x10
[  169.054383][ T7838]  ? __pfx_ethnl_set_coalesce+0x10/0x10
[  169.054413][ T7838]  ? mutex_is_locked+0x17/0x50
[  169.054442][ T7838]  ethnl_default_set_doit+0x678/0xb10
[  169.054485][ T7838]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  169.054521][ T7838]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  169.054554][ T7838]  genl_rcv_msg+0xb38/0xf00
[  169.054586][ T7838]  ? __pfx_genl_rcv_msg+0x10/0x10
[  169.054605][ T7838]  ? __dev_queue_xmit+0x1780/0x3f60
[  169.054626][ T7838]  ? kasan_save_track+0x3f/0x80
[  169.054645][ T7838]  ? __kasan_slab_alloc+0x66/0x80
[  169.054675][ T7838]  ? do_syscall_64+0xf3/0x230
[  169.054723][ T7838]  ? __lock_acquire+0xad5/0xd80
[  169.054746][ T7838]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  169.054796][ T7838]  netlink_rcv_skb+0x208/0x480
[  169.054827][ T7838]  ? __pfx_genl_rcv_msg+0x10/0x10
[  169.054851][ T7838]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  169.054906][ T7838]  ? netlink_deliver_tap+0x2e/0x1b0
[  169.054944][ T7838]  genl_rcv+0x28/0x40
[  169.054962][ T7838]  netlink_unicast+0x7f8/0x9a0
[  169.054999][ T7838]  ? __pfx_netlink_unicast+0x10/0x10
[  169.055028][ T7838]  ? skb_put+0x114/0x1f0
[  169.055066][ T7838]  netlink_sendmsg+0x8c3/0xcd0
[  169.055112][ T7838]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.055146][ T7838]  ? aa_sock_msg_perm+0x91/0x160
[  169.055182][ T7838]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.055209][ T7838]  __sock_sendmsg+0x221/0x270
[  169.055239][ T7838]  ____sys_sendmsg+0x523/0x860
[  169.055272][ T7838]  ? __pfx_____sys_sendmsg+0x10/0x10
[  169.055289][ T7838]  ? __fget_files+0x2a/0x420
[  169.055319][ T7838]  ? __fget_files+0x2a/0x420
[  169.055352][ T7838]  __sys_sendmsg+0x271/0x360
[  169.055380][ T7838]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.055447][ T7838]  ? do_syscall_64+0xb6/0x230
[  169.055472][ T7838]  do_syscall_64+0xf3/0x230
[  169.055493][ T7838]  ? clear_bhb_loop+0x45/0xa0
[  169.055514][ T7838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.055530][ T7838] RIP: 0033:0x7fb74598d169
[  169.055546][ T7838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.055560][ T7838] RSP: 002b:00007fb7467ea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.055579][ T7838] RAX: ffffffffffffffda RBX: 00007fb745ba5fa0 RCX: 00007fb74598d169
[  169.055592][ T7838] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000013
[  169.055603][ T7838] RBP: 00007fb7467ea090 R08: 0000000000000000 R09: 0000000000000000
[  169.055614][ T7838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.055625][ T7838] R13: 0000000000000000 R14: 00007fb745ba5fa0 R15: 00007ffcd2a01cf8
[  169.055652][ T7838]  </TASK>
[  169.059182][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.107575][ T7842] netlink: 'syz.1.513': attribute type 3 has an invalid length.
[  169.136212][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.240576][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.513'.
[  170.048277][ T7869] IPVS: Scheduler module ip_vs_sip not found
[  171.600520][ T7908] FAULT_INJECTION: forcing a failure.
[  171.600520][ T7908] name failslab, interval 1, probability 0, space 0, times 0
[  171.620416][ T7908] CPU: 0 UID: 0 PID: 7908 Comm: syz.3.537 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  171.620453][ T7908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  171.620465][ T7908] Call Trace:
[  171.620472][ T7908]  <TASK>
[  171.620479][ T7908]  dump_stack_lvl+0x241/0x360
[  171.620510][ T7908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.620534][ T7908]  ? __pfx__printk+0x10/0x10
[  171.620560][ T7908]  ? __pfx___might_resched+0x10/0x10
[  171.620585][ T7908]  should_fail_ex+0x424/0x570
[  171.620618][ T7908]  should_failslab+0xac/0x100
[  171.620643][ T7908]  __kmalloc_cache_noprof+0x73/0x370
[  171.620665][ T7908]  ? allocate_cgrp_cset_links+0xc5/0x320
[  171.620688][ T7908]  allocate_cgrp_cset_links+0xc5/0x320
[  171.620711][ T7908]  find_css_set+0xb2b/0x1730
[  171.620739][ T7908]  ? __pfx_find_css_set+0x10/0x10
[  171.620784][ T7908]  cgroup_migrate_prepare_dst+0x124/0x690
[  171.620813][ T7908]  cgroup_attach_task+0x699/0xaf0
[  171.620836][ T7908]  ? cgroup_attach_task+0x2b7/0xaf0
[  171.620857][ T7908]  ? __pfx_cgroup_attach_task+0x10/0x10
[  171.620891][ T7908]  ? get_task_cred+0x26/0x330
[  171.620917][ T7908]  ? get_task_cred+0x26/0x330
[  171.620937][ T7908]  ? get_task_cred+0x312/0x330
[  171.620957][ T7908]  ? get_task_cred+0x26/0x330
[  171.620982][ T7908]  __cgroup1_procs_write+0x2e5/0x430
[  171.621014][ T7908]  ? __pfx___cgroup1_procs_write+0x10/0x10
[  171.621042][ T7908]  ? kernfs_root+0x1eb/0x230
[  171.621057][ T7908]  ? __pfx_cgroup1_tasks_write+0x10/0x10
[  171.621082][ T7908]  cgroup_file_write+0x363/0x7a0
[  171.621114][ T7908]  ? __pfx_cgroup_file_write+0x10/0x10
[  171.621152][ T7908]  ? __pfx_cgroup_file_write+0x10/0x10
[  171.621177][ T7908]  kernfs_fop_write_iter+0x398/0x510
[  171.621207][ T7908]  vfs_write+0x70f/0xd10
[  171.621232][ T7908]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  171.621256][ T7908]  ? __pfx_vfs_write+0x10/0x10
[  171.621277][ T7908]  ? __fget_files+0x2a/0x420
[  171.621305][ T7908]  ? __fget_files+0x2a/0x420
[  171.621338][ T7908]  ksys_write+0x19d/0x2d0
[  171.621359][ T7908]  ? __pfx_ksys_write+0x10/0x10
[  171.621382][ T7908]  ? do_syscall_64+0xb6/0x230
[  171.621408][ T7908]  do_syscall_64+0xf3/0x230
[  171.621430][ T7908]  ? clear_bhb_loop+0x45/0xa0
[  171.621458][ T7908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.621474][ T7908] RIP: 0033:0x7fcb8f58d169
[  171.621489][ T7908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.621504][ T7908] RSP: 002b:00007fcb90404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  171.621522][ T7908] RAX: ffffffffffffffda RBX: 00007fcb8f7a5fa0 RCX: 00007fcb8f58d169
[  171.621535][ T7908] RDX: 0000000000000012 RSI: 0000200000000180 RDI: 000000000000000a
[  171.621546][ T7908] RBP: 00007fcb90404090 R08: 0000000000000000 R09: 0000000000000000
[  171.621556][ T7908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.621566][ T7908] R13: 0000000000000000 R14: 00007fcb8f7a5fa0 R15: 00007ffe8d01e938
[  171.621594][ T7908]  </TASK>
[  172.192114][ T7902] FAULT_INJECTION: forcing a failure.
[  172.192114][ T7902] name failslab, interval 1, probability 0, space 0, times 0
[  172.204992][ T7902] CPU: 0 UID: 0 PID: 7902 Comm: syz.2.533 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  172.205022][ T7902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  172.205035][ T7902] Call Trace:
[  172.205043][ T7902]  <TASK>
[  172.205052][ T7902]  dump_stack_lvl+0x241/0x360
[  172.205088][ T7902]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.205117][ T7902]  ? __pfx__printk+0x10/0x10
[  172.205150][ T7902]  ? __pfx___might_resched+0x10/0x10
[  172.205180][ T7902]  should_fail_ex+0x424/0x570
[  172.205219][ T7902]  should_failslab+0xac/0x100
[  172.205249][ T7902]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  172.205278][ T7902]  ? __alloc_skb+0x1c2/0x480
[  172.205320][ T7902]  __alloc_skb+0x1c2/0x480
[  172.205356][ T7902]  ? __pfx___alloc_skb+0x10/0x10
[  172.205390][ T7902]  ? netlink_autobind+0xd6/0x2f0
[  172.205419][ T7902]  ? netlink_autobind+0x2b0/0x2f0
[  172.205453][ T7902]  netlink_sendmsg+0x638/0xcd0
[  172.205496][ T7902]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.205530][ T7902]  ? aa_sock_msg_perm+0x91/0x160
[  172.205564][ T7902]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.205591][ T7902]  __sock_sendmsg+0x221/0x270
[  172.205620][ T7902]  ____sys_sendmsg+0x523/0x860
[  172.205650][ T7902]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.205668][ T7902]  ? __fget_files+0x2a/0x420
[  172.205701][ T7902]  ? __fget_files+0x2a/0x420
[  172.205742][ T7902]  __sys_sendmsg+0x271/0x360
[  172.205769][ T7902]  ? __pfx___sys_sendmsg+0x10/0x10
[  172.205849][ T7902]  ? do_syscall_64+0xb6/0x230
[  172.205878][ T7902]  do_syscall_64+0xf3/0x230
[  172.205904][ T7902]  ? clear_bhb_loop+0x45/0xa0
[  172.205930][ T7902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.205950][ T7902] RIP: 0033:0x7f307698d169
[  172.205969][ T7902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.205987][ T7902] RSP: 002b:00007f3077861038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  172.206010][ T7902] RAX: ffffffffffffffda RBX: 00007f3076ba6080 RCX: 00007f307698d169
[  172.206025][ T7902] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  172.206038][ T7902] RBP: 00007f3077861090 R08: 0000000000000000 R09: 0000000000000000
[  172.206051][ T7902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.206064][ T7902] R13: 0000000000000000 R14: 00007f3076ba6080 R15: 00007ffc32de9828
[  172.206097][ T7902]  </TASK>
[  172.620918][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  172.634256][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  172.644034][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  172.653565][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  172.668375][ T7925] xt_ecn: cannot match TCP bits for non-tcp packets
[  172.675917][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  172.728892][ T7931] xt_ecn: cannot match TCP bits for non-tcp packets
[  172.787371][ T7925] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  172.815931][ T7926] __nla_validate_parse: 4 callbacks suppressed
[  172.815951][ T7926] netlink: 32 bytes leftover after parsing attributes in process `syz.1.541'.
[  172.906421][ T7932] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  172.917669][ T7934] Cannot find del_set index 2 as target
[  173.122113][ T7012] hid-generic 0005:0458:0009.0001: unknown main item tag 0x4
[  173.126882][ T7940] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  173.171587][ T7012] hid-generic 0005:0458:0009.0001: unknown main item tag 0x0
[  173.208959][ T7012] hid-generic 0005:0458:0009.0001: hidraw0: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa
[  173.244671][ T7946] netlink: 32 bytes leftover after parsing attributes in process `syz.4.546'.
[  173.403250][ T7945] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.561338][ T7952] gretap0: left allmulticast mode
[  173.566490][ T7952] gretap0: left promiscuous mode
[  173.580031][ T7952] bridge0: port 4(gretap0) entered disabled state
[  173.594026][ T7952] batman_adv: batadv0: Removing interface: dummy0
[  173.615316][ T7952] bridge0: port 3(batadv0) entered disabled state
[  173.629893][ T7952] bridge_slave_0: left allmulticast mode
[  173.636449][ T7952] bridge_slave_0: left promiscuous mode
[  173.643510][ T7952] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.677040][ T7952] bridge_slave_1: left allmulticast mode
[  173.686080][ T7952] bridge_slave_1: left promiscuous mode
[  173.692460][ T7952] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.716182][ T7952] bond0: (slave bond_slave_0): Releasing backup interface
[  173.727915][ T7952] bond_slave_0: left promiscuous mode
[  173.738613][ T7952] bond0: (slave bond_slave_1): Releasing backup interface
[  173.749397][ T7952] bond_slave_1: left promiscuous mode
[  173.772704][ T7952] team0: Port device team_slave_0 removed
[  173.787626][ T7952] team0: Port device team_slave_1 removed
[  173.794785][ T7952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.902396][ T7945] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.123277][ T7945] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.292973][ T7945] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.635595][ T7924] chnl_net:caif_netlink_parms(): no params data found
[  174.710150][ T5849] Bluetooth: hci3: command tx timeout
[  174.855995][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'.
[  174.926293][ T7981] netlink: 168 bytes leftover after parsing attributes in process `syz.4.558'.
[  175.092640][ T7924] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.111218][ T7924] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.118642][ T7924] bridge_slave_0: entered allmulticast mode
[  175.162841][ T7924] bridge_slave_0: entered promiscuous mode
[  175.176073][ T7924] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.196287][ T7924] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.221370][ T7924] bridge_slave_1: entered allmulticast mode
[  175.250615][ T7924] bridge_slave_1: entered promiscuous mode
[  175.473146][ T7992] netlink: 12 bytes leftover after parsing attributes in process `syz.2.559'.
[  175.663460][ T7924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  175.704181][ T7924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.886162][ T7924] team0: Port device team_slave_0 added
[  175.957473][ T7924] team0: Port device team_slave_1 added
[  176.198662][ T7924] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.240564][ T7924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.349280][ T7924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.426677][ T7924] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.457234][ T7924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.545776][ T7924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.789872][ T5849] Bluetooth: hci3: command tx timeout
[  176.874771][ T7924] hsr_slave_0: entered promiscuous mode
[  176.892099][ T7924] hsr_slave_1: entered promiscuous mode
[  176.907174][ T7924] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.924685][ T7924] Cannot create hsr debugfs directory
[  177.021910][ T8016] xt_ecn: cannot match TCP bits for non-tcp packets
[  177.287257][ T8021] netlink: 48 bytes leftover after parsing attributes in process `syz.3.568'.
[  177.320186][ T8021] netlink: 48 bytes leftover after parsing attributes in process `syz.3.568'.
[  177.803620][ T7924] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.956203][ T7924] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.134548][ T7924] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.218586][ T8032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.570'.
[  178.276164][ T7924] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.539209][ T8053] netlink: 128 bytes leftover after parsing attributes in process `syz.2.575'.
[  178.600685][ T8053] netlink: 28 bytes leftover after parsing attributes in process `syz.2.575'.
[  178.618824][ T8053] netlink: 28 bytes leftover after parsing attributes in process `syz.2.575'.
[  178.636767][ T7924] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  178.663978][ T7924] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  178.714822][ T7924] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  178.743793][ T7924] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  178.806972][ T8060] netlink: 40 bytes leftover after parsing attributes in process `syz.2.578'.
[  178.841986][ T8060] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms
[  178.855515][ T8060] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms
[  178.869956][ T5849] Bluetooth: hci3: command tx timeout
[  179.433407][ T7924] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.515232][ T7924] 8021q: adding VLAN 0 to HW filter on device team0
[  179.546637][ T3428] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.553894][ T3428] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.586422][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.588607][ T8075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'.
[  179.593632][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.642924][ T8076] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  179.796192][ T8079] FAULT_INJECTION: forcing a failure.
[  179.796192][ T8079] name failslab, interval 1, probability 0, space 0, times 0
[  179.847801][ T8079] CPU: 0 UID: 0 PID: 8079 Comm: syz.1.583 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  179.847834][ T8079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.847848][ T8079] Call Trace:
[  179.847857][ T8079]  <TASK>
[  179.847866][ T8079]  dump_stack_lvl+0x241/0x360
[  179.847904][ T8079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.847933][ T8079]  ? __pfx__printk+0x10/0x10
[  179.847967][ T8079]  ? __pfx___might_resched+0x10/0x10
[  179.847997][ T8079]  should_fail_ex+0x424/0x570
[  179.848037][ T8079]  should_failslab+0xac/0x100
[  179.848067][ T8079]  __kmalloc_noprof+0xdf/0x4d0
[  179.848095][ T8079]  ? bpf_test_init+0xc2/0x170
[  179.848127][ T8079]  bpf_test_init+0xc2/0x170
[  179.848159][ T8079]  bpf_prog_test_run_skb+0x2bf/0x1850
[  179.848212][ T8079]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  179.848238][ T8079]  ? __fget_files+0x2a/0x420
[  179.848274][ T8079]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  179.848303][ T8079]  bpf_prog_test_run+0x2e4/0x360
[  179.848330][ T8079]  __sys_bpf+0x4ee/0x8b0
[  179.848353][ T8079]  ? __pfx___sys_bpf+0x10/0x10
[  179.848388][ T8079]  ? ksys_write+0x275/0x2d0
[  179.848425][ T8079]  __x64_sys_bpf+0x7c/0x90
[  179.848457][ T8079]  do_syscall_64+0xf3/0x230
[  179.848486][ T8079]  ? clear_bhb_loop+0x45/0xa0
[  179.848512][ T8079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.848532][ T8079] RIP: 0033:0x7f3d38d8d169
[  179.848550][ T8079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.848568][ T8079] RSP: 002b:00007f3d39c95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  179.848591][ T8079] RAX: ffffffffffffffda RBX: 00007f3d38fa5fa0 RCX: 00007f3d38d8d169
[  179.848607][ T8079] RDX: 0000000000000050 RSI: 0000200000001240 RDI: 000000000000000a
[  179.848620][ T8079] RBP: 00007f3d39c95090 R08: 0000000000000000 R09: 0000000000000000
[  179.848634][ T8079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.848646][ T8079] R13: 0000000000000000 R14: 00007f3d38fa5fa0 R15: 00007ffdfdf996d8
[  179.848680][ T8079]  </TASK>
[  180.252311][ T8083] netlink: 'syz.1.584': attribute type 8 has an invalid length.
[  180.718247][ T7924] 8021q: adding VLAN 0 to HW filter on device batadv0
[  180.793460][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.585'.
[  180.824567][ T8102] netlink: 96 bytes leftover after parsing attributes in process `syz.1.589'.
[  180.834419][ T8102] netlink: 120 bytes leftover after parsing attributes in process `syz.1.589'.
[  180.858558][ T8102] 8021q: VLANs not supported on ip6tnl0
[  180.939265][ T7924] veth0_vlan: entered promiscuous mode
[  180.979193][ T5849] Bluetooth: hci3: command tx timeout
[  181.012931][ T7924] veth1_vlan: entered promiscuous mode
[  181.063707][ T7924] veth0_macvtap: entered promiscuous mode
[  181.095063][ T7924] veth1_macvtap: entered promiscuous mode
[  181.132990][ T8099] Cannot find add_set index 0 as target
[  181.162057][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  181.183360][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.202557][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  181.213727][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.223772][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  181.249671][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.276836][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  181.309731][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.331859][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  181.345382][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.357685][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.1.592'.
[  181.369446][ T7924] batman_adv: batadv0: Interface activated: batadv_slave_0
[  181.406415][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  181.429207][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.454498][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  181.476857][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.499001][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  181.527397][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.548444][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  181.562127][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.578722][ T7924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  181.590169][ T7924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.604944][ T7924] batman_adv: batadv0: Interface activated: batadv_slave_1
[  181.622564][ T8118] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  181.707417][ T8115] syzkaller0: entered promiscuous mode
[  181.713110][ T8115] syzkaller0: entered allmulticast mode
[  181.723787][ T8115] tipc: Resetting bearer <eth:syzkaller0>
[  181.737161][ T7924] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  181.752300][ T7924] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  181.755427][ T8120] netlink: 'syz.4.594': attribute type 10 has an invalid length.
[  181.770176][ T7924] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  181.780474][ T7924] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  181.815908][ T8120] wlan1: mtu less than device minimum
[  181.822091][ T8120] bond0: (slave wlan1): Error -22 calling dev_set_mtu
[  181.832335][ T8114] tipc: Resetting bearer <eth:syzkaller0>
[  181.978317][ T8125] FAULT_INJECTION: forcing a failure.
[  181.978317][ T8125] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.002229][ T8125] CPU: 1 UID: 0 PID: 8125 Comm: syz.3.596 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  182.002262][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  182.002280][ T8125] Call Trace:
[  182.002289][ T8125]  <TASK>
[  182.002298][ T8125]  dump_stack_lvl+0x241/0x360
[  182.002355][ T8125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.002383][ T8125]  ? __pfx__printk+0x10/0x10
[  182.002425][ T8125]  should_fail_ex+0x424/0x570
[  182.002464][ T8125]  _copy_to_user+0x31/0xb0
[  182.002496][ T8125]  bpf_test_finish+0x5ec/0x930
[  182.002535][ T8125]  ? __pfx_bpf_test_finish+0x10/0x10
[  182.002569][ T8125]  ? bpf_test_init+0x130/0x170
[  182.002599][ T8125]  bpf_prog_test_run_xdp+0x8f8/0x1200
[  182.002650][ T8125]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  182.002680][ T8125]  ? __fget_files+0x2a/0x420
[  182.002713][ T8125]  ? __fget_files+0x2a/0x420
[  182.002748][ T8125]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  182.002778][ T8125]  bpf_prog_test_run+0x2e4/0x360
[  182.002804][ T8125]  __sys_bpf+0x4ee/0x8b0
[  182.002826][ T8125]  ? __pfx___sys_bpf+0x10/0x10
[  182.002861][ T8125]  ? ksys_write+0x275/0x2d0
[  182.002898][ T8125]  __x64_sys_bpf+0x7c/0x90
[  182.002929][ T8125]  do_syscall_64+0xf3/0x230
[  182.002956][ T8125]  ? clear_bhb_loop+0x45/0xa0
[  182.002982][ T8125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.003001][ T8125] RIP: 0033:0x7fcb8f58d169
[  182.003025][ T8125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.003042][ T8125] RSP: 002b:00007fcb90404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  182.003072][ T8125] RAX: ffffffffffffffda RBX: 00007fcb8f7a5fa0 RCX: 00007fcb8f58d169
[  182.003088][ T8125] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  182.003101][ T8125] RBP: 00007fcb90404090 R08: 0000000000000000 R09: 0000000000000000
[  182.003114][ T8125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.003127][ T8125] R13: 0000000000000000 R14: 00007fcb8f7a5fa0 R15: 00007ffe8d01e938
[  182.003160][ T8125]  </TASK>
[  182.554803][ T8132] FAULT_INJECTION: forcing a failure.
[  182.554803][ T8132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.573787][ T8132] CPU: 0 UID: 0 PID: 8132 Comm: syz.3.599 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  182.573818][ T8132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  182.573832][ T8132] Call Trace:
[  182.573840][ T8132]  <TASK>
[  182.573849][ T8132]  dump_stack_lvl+0x241/0x360
[  182.573887][ T8132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.573912][ T8132]  ? __pfx__printk+0x10/0x10
[  182.573954][ T8132]  should_fail_ex+0x424/0x570
[  182.573993][ T8132]  _copy_from_iter+0x211/0x1c70
[  182.574026][ T8132]  ? __build_skb_around+0x247/0x3d0
[  182.574061][ T8132]  ? __alloc_skb+0x298/0x480
[  182.574089][ T8132]  ? __pfx__copy_from_iter+0x10/0x10
[  182.574118][ T8132]  ? __pfx___alloc_skb+0x10/0x10
[  182.574151][ T8132]  ? skb_put+0x114/0x1f0
[  182.574187][ T8132]  netlink_sendmsg+0x73c/0xcd0
[  182.574231][ T8132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.574265][ T8132]  ? aa_sock_msg_perm+0x91/0x160
[  182.574299][ T8132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.574326][ T8132]  __sock_sendmsg+0x221/0x270
[  182.574356][ T8132]  ____sys_sendmsg+0x523/0x860
[  182.574387][ T8132]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.574404][ T8132]  ? __fget_files+0x2a/0x420
[  182.574434][ T8132]  ? __fget_files+0x2a/0x420
[  182.574477][ T8132]  __sys_sendmsg+0x271/0x360
[  182.574504][ T8132]  ? __pfx___sys_sendmsg+0x10/0x10
[  182.574600][ T8132]  ? do_syscall_64+0xb6/0x230
[  182.574632][ T8132]  do_syscall_64+0xf3/0x230
[  182.574659][ T8132]  ? clear_bhb_loop+0x45/0xa0
[  182.574685][ T8132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.574707][ T8132] RIP: 0033:0x7fcb8f58d169
[  182.574726][ T8132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.574745][ T8132] RSP: 002b:00007fcb903e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.574768][ T8132] RAX: ffffffffffffffda RBX: 00007fcb8f7a6080 RCX: 00007fcb8f58d169
[  182.574784][ T8132] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000006
[  182.574798][ T8132] RBP: 00007fcb903e3090 R08: 0000000000000000 R09: 0000000000000000
[  182.574810][ T8132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.574823][ T8132] R13: 0000000000000000 R14: 00007fcb8f7a6080 R15: 00007ffe8d01e938
[  182.574858][ T8132]  </TASK>
[  183.855539][ T8114] tipc: Disabling bearer <eth:syzkaller0>
[  183.893557][ T8120] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  184.246885][ T3465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.272965][ T3465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.332937][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.342312][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.044122][ T8157] xt_ecn: cannot match TCP bits for non-tcp packets
[  186.071989][ T8162] FAULT_INJECTION: forcing a failure.
[  186.071989][ T8162] name failslab, interval 1, probability 0, space 0, times 0
[  186.109554][ T8162] CPU: 0 UID: 0 PID: 8162 Comm: syz.2.606 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  186.109588][ T8162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  186.109601][ T8162] Call Trace:
[  186.109610][ T8162]  <TASK>
[  186.109619][ T8162]  dump_stack_lvl+0x241/0x360
[  186.109657][ T8162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.109686][ T8162]  ? __pfx__printk+0x10/0x10
[  186.109716][ T8162]  ? __lock_acquire+0xad5/0xd80
[  186.109745][ T8162]  should_fail_ex+0x424/0x570
[  186.109784][ T8162]  should_failslab+0xac/0x100
[  186.109813][ T8162]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  186.109842][ T8162]  ? __alloc_skb+0x1c2/0x480
[  186.109870][ T8162]  ? trace_contention_end+0x3c/0x120
[  186.109900][ T8162]  __alloc_skb+0x1c2/0x480
[  186.109929][ T8162]  ? __lock_acquire+0xad5/0xd80
[  186.109954][ T8162]  ? __pfx___alloc_skb+0x10/0x10
[  186.109984][ T8162]  ? hci_sock_sendmsg+0x540/0x11f0
[  186.110010][ T8162]  ? __pfx___mutex_lock+0x10/0x10
[  186.110041][ T8162]  hci_mgmt_cmd+0x1c5/0xf20
[  186.110085][ T8162]  hci_sock_sendmsg+0x7b8/0x11f0
[  186.110118][ T8162]  ? __pfx_aa_sk_perm+0x10/0x10
[  186.110144][ T8162]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  186.110171][ T8162]  ? __pfx_aa_file_perm+0x10/0x10
[  186.110197][ T8162]  ? aa_sock_msg_perm+0x91/0x160
[  186.110230][ T8162]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  186.110253][ T8162]  __sock_sendmsg+0x221/0x270
[  186.110283][ T8162]  sock_write_iter+0x2d9/0x3f0
[  186.110320][ T8162]  ? __pfx_sock_write_iter+0x10/0x10
[  186.110357][ T8162]  ? bpf_lsm_file_permission+0x9/0x10
[  186.110387][ T8162]  vfs_write+0x70f/0xd10
[  186.110415][ T8162]  ? __pfx_sock_write_iter+0x10/0x10
[  186.110440][ T8162]  ? __pfx_vfs_write+0x10/0x10
[  186.110465][ T8162]  ? __fget_files+0x2a/0x420
[  186.110500][ T8162]  ? __fget_files+0x2a/0x420
[  186.110540][ T8162]  ksys_write+0x19d/0x2d0
[  186.110565][ T8162]  ? __pfx_ksys_write+0x10/0x10
[  186.110594][ T8162]  ? do_syscall_64+0xb6/0x230
[  186.110625][ T8162]  do_syscall_64+0xf3/0x230
[  186.110652][ T8162]  ? clear_bhb_loop+0x45/0xa0
[  186.110677][ T8162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.110697][ T8162] RIP: 0033:0x7f307698d169
[  186.110717][ T8162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.110734][ T8162] RSP: 002b:00007f3077882038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  186.110756][ T8162] RAX: ffffffffffffffda RBX: 00007f3076ba5fa0 RCX: 00007f307698d169
[  186.110771][ T8162] RDX: 0000000000000006 RSI: 00002000000000c0 RDI: 0000000000000005
[  186.110784][ T8162] RBP: 00007f3077882090 R08: 0000000000000000 R09: 0000000000000000
[  186.110796][ T8162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.110808][ T8162] R13: 0000000000000000 R14: 00007f3076ba5fa0 R15: 00007ffc32de9828
[  186.110842][ T8162]  </TASK>
[  186.517423][ T8163] __nla_validate_parse: 1 callbacks suppressed
[  186.517444][ T8163] netlink: 36 bytes leftover after parsing attributes in process `syz.3.607'.
[  186.610623][ T8157] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  186.643479][ T7021] IPVS: starting estimator thread 0...
[  186.681982][ T8163] netlink: 16 bytes leftover after parsing attributes in process `syz.3.607'.
[  186.690686][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  186.690977][ T8163] netlink: 36 bytes leftover after parsing attributes in process `syz.3.607'.
[  186.699369][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  186.707193][ T8163] netlink: 36 bytes leftover after parsing attributes in process `syz.3.607'.
[  186.728726][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  186.741173][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  186.748999][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  186.756769][ T8169] IPVS: using max 26 ests per chain, 62400 per kthread
[  186.904436][ T8181] xt_TCPMSS: Only works on TCP SYN packets
[  187.246661][ T8189] xt_ecn: cannot match TCP bits for non-tcp packets
[  187.409749][ T8193] syzkaller1: entered promiscuous mode
[  187.415627][ T8193] syzkaller1: entered allmulticast mode
[  187.442118][ T8203] netlink: 28 bytes leftover after parsing attributes in process `syz.3.617'.
[  187.557412][ T8208] netlink: 'syz.1.618': attribute type 3 has an invalid length.
[  187.677935][ T8171] chnl_net:caif_netlink_parms(): no params data found
[  188.079266][ T8171] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.090769][ T8171] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.098228][ T8171] bridge_slave_0: entered allmulticast mode
[  188.108918][ T8171] bridge_slave_0: entered promiscuous mode
[  188.127133][ T8171] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.163016][ T8171] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.175725][ T8171] bridge_slave_1: entered allmulticast mode
[  188.200578][ T8171] bridge_slave_1: entered promiscuous mode
[  188.312490][ T8171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.381606][ T8171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.483378][ T8237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.625'.
[  188.514698][ T8171] team0: Port device team_slave_0 added
[  188.532600][ T8237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.625'.
[  188.555814][ T8171] team0: Port device team_slave_1 added
[  188.682668][ T8171] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.698821][ T8171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.726986][ T8171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.742220][ T8171] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.749326][ T8171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.784146][ T8171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.791989][ T5846] Bluetooth: hci3: command tx timeout
[  189.061576][ T8171] hsr_slave_0: entered promiscuous mode
[  189.086375][ T8171] hsr_slave_1: entered promiscuous mode
[  189.120428][ T8171] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  189.128328][ T8171] Cannot create hsr debugfs directory
[  189.130581][ T8252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.629'.
[  189.248968][ T8259] xt_ecn: cannot match TCP bits for non-tcp packets
[  189.334050][ T8259] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  189.742525][ T8271] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  189.827846][ T8171] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.121482][ T8171] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.176595][ T8279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'.
[  190.201955][ T8279] netlink: 20 bytes leftover after parsing attributes in process `syz.1.638'.
[  190.252999][ T8281] FAULT_INJECTION: forcing a failure.
[  190.252999][ T8281] name failslab, interval 1, probability 0, space 0, times 0
[  190.283090][ T8281] CPU: 1 UID: 0 PID: 8281 Comm: syz.2.639 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  190.283123][ T8281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  190.283136][ T8281] Call Trace:
[  190.283145][ T8281]  <TASK>
[  190.283154][ T8281]  dump_stack_lvl+0x241/0x360
[  190.283191][ T8281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.283220][ T8281]  ? __pfx__printk+0x10/0x10
[  190.283242][ T8281]  ? kasan_save_track+0x51/0x80
[  190.283263][ T8281]  ? __pfx___might_resched+0x10/0x10
[  190.283286][ T8281]  should_fail_ex+0x424/0x570
[  190.283318][ T8281]  should_failslab+0xac/0x100
[  190.283341][ T8281]  __kvmalloc_node_noprof+0x170/0x5a0
[  190.283365][ T8281]  ? rhashtable_init_noprof+0x534/0xa60
[  190.283393][ T8281]  rhashtable_init_noprof+0x534/0xa60
[  190.283421][ T8281]  nft_rhash_init+0x13a/0x430
[  190.283446][ T8281]  ? __pfx_nft_rhash_init+0x10/0x10
[  190.283465][ T8281]  ? lockdep_hardirqs_on+0x9d/0x150
[  190.283486][ T8281]  ? __pfx_nft_rhash_key+0x10/0x10
[  190.283505][ T8281]  ? __pfx_nft_rhash_obj+0x10/0x10
[  190.283525][ T8281]  ? __pfx_nft_rhash_cmp+0x10/0x10
[  190.283551][ T8281]  ? nf_tables_newset+0x18f4/0x30e0
[  190.283580][ T8281]  nf_tables_newset+0x241b/0x30e0
[  190.283625][ T8281]  ? __pfx_nf_tables_newset+0x10/0x10
[  190.283673][ T8281]  ? __nla_parse+0x40/0x60
[  190.283704][ T8281]  nfnetlink_rcv+0x12eb/0x28f0
[  190.283753][ T8281]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  190.283815][ T8281]  ? skb_clone+0x240/0x390
[  190.283844][ T8281]  ? netlink_deliver_tap+0x2e/0x1b0
[  190.283871][ T8281]  ? netlink_deliver_tap+0x2e/0x1b0
[  190.283896][ T8281]  netlink_unicast+0x7f8/0x9a0
[  190.283925][ T8281]  ? __pfx_netlink_unicast+0x10/0x10
[  190.283949][ T8281]  ? skb_put+0x114/0x1f0
[  190.283979][ T8281]  netlink_sendmsg+0x8c3/0xcd0
[  190.284013][ T8281]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.284041][ T8281]  ? aa_sock_msg_perm+0x91/0x160
[  190.284069][ T8281]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.284090][ T8281]  __sock_sendmsg+0x221/0x270
[  190.284120][ T8281]  ____sys_sendmsg+0x523/0x860
[  190.284145][ T8281]  ? __pfx_____sys_sendmsg+0x10/0x10
[  190.284160][ T8281]  ? __fget_files+0x2a/0x420
[  190.284187][ T8281]  ? __fget_files+0x2a/0x420
[  190.284221][ T8281]  __sys_sendmsg+0x271/0x360
[  190.284242][ T8281]  ? __pfx___sys_sendmsg+0x10/0x10
[  190.284308][ T8281]  ? do_syscall_64+0xb6/0x230
[  190.284333][ T8281]  do_syscall_64+0xf3/0x230
[  190.284354][ T8281]  ? clear_bhb_loop+0x45/0xa0
[  190.284375][ T8281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.284391][ T8281] RIP: 0033:0x7f307698d169
[  190.284407][ T8281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.284421][ T8281] RSP: 002b:00007f3077882038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.284440][ T8281] RAX: ffffffffffffffda RBX: 00007f3076ba5fa0 RCX: 00007f307698d169
[  190.284453][ T8281] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  190.284464][ T8281] RBP: 00007f3077882090 R08: 0000000000000000 R09: 0000000000000000
[  190.284474][ T8281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  190.284484][ T8281] R13: 0000000000000000 R14: 00007f3076ba5fa0 R15: 00007ffc32de9828
[  190.284511][ T8281]  </TASK>
[  190.752105][ T8171] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.869849][ T5846] Bluetooth: hci3: command tx timeout
[  190.893725][ T8171] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.012884][ T8295] tipc: Started in network mode
[  191.019138][ T8295] tipc: Node identity , cluster identity 4711
[  191.048616][ T8295] tipc: Failed to set node id, please configure manually
[  191.061655][ T8295] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  191.389070][ T8171] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  191.403951][ T8171] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  191.423790][ T8171] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  191.455312][ T8171] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  191.781638][ T8171] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.851249][ T8331] __nla_validate_parse: 3 callbacks suppressed
[  191.851270][ T8331] netlink: 16 bytes leftover after parsing attributes in process `syz.3.656'.
[  191.890678][ T8171] 8021q: adding VLAN 0 to HW filter on device team0
[  191.926259][  T130] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.933463][  T130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.948162][ T8333] xt_ecn: cannot match TCP bits for non-tcp packets
[  191.993637][ T8336] netlink: 184 bytes leftover after parsing attributes in process `syz.2.657'.
[  192.045803][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.053048][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.077991][ T8339] netlink: 4 bytes leftover after parsing attributes in process `syz.1.660'.
[  192.103269][ T8337] netlink: 'syz.3.659': attribute type 10 has an invalid length.
[  192.134492][ T8337] batman_adv: batadv0: Adding interface: team0
[  192.166877][ T8337] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.208058][ T8337] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  192.233875][ T8340] netlink: 'syz.3.659': attribute type 10 has an invalid length.
[  192.255855][ T8340] netlink: 2 bytes leftover after parsing attributes in process `syz.3.659'.
[  192.290743][ T8340] team0: entered promiscuous mode
[  192.297048][ T8340] 8021q: adding VLAN 0 to HW filter on device team0
[  192.305172][ T8340] batman_adv: batadv0: Interface activated: team0
[  192.314352][ T8340] batman_adv: batadv0: Interface deactivated: team0
[  192.356988][ T8340] batman_adv: batadv0: Removing interface: team0
[  192.382738][ T8340] bridge0: port 1(team0) entered blocking state
[  192.399408][ T8340] bridge0: port 1(team0) entered disabled state
[  192.411186][ T8340] team0: entered allmulticast mode
[  192.951246][ T5846] Bluetooth: hci3: command tx timeout
[  193.035095][ T8171] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.091709][ T8366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'.
[  193.147925][ T8171] veth0_vlan: entered promiscuous mode
[  193.206183][ T8171] veth1_vlan: entered promiscuous mode
[  193.229389][ T8372] netlink: 56 bytes leftover after parsing attributes in process `syz.4.667'.
[  193.309652][ T8372] netlink: 24 bytes leftover after parsing attributes in process `syz.4.667'.
[  193.451279][ T8171] veth0_macvtap: entered promiscuous mode
[  193.485372][ T8171] veth1_macvtap: entered promiscuous mode
[  193.539640][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.555759][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.565816][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.584984][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.595396][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.607346][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.617529][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.628143][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.638296][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.649244][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.659352][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.672163][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.687528][ T8171] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.735480][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.755078][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.767823][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.779222][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.795999][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.818089][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.828666][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.841206][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.855053][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.865631][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.876690][ T8171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.891722][ T8171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.902795][ T8395] netlink: 'syz.2.675': attribute type 1 has an invalid length.
[  193.904795][ T8171] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.924310][ T8171] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.933199][ T8171] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.942076][ T8171] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.952059][ T8171] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.959368][ T8395] netlink: 228 bytes leftover after parsing attributes in process `syz.2.675'.
[  194.267285][ T3465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.294212][ T3465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.316394][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.323867][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.405901][  T130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.428276][  T130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.580676][ T8411] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -1
[  194.637121][ T8420] tipc: Started in network mode
[  194.658630][ T8420] tipc: Node identity ce5bbaec9cb, cluster identity 4711
[  194.692547][ T8420] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  194.770510][ T8415] netlink: 148 bytes leftover after parsing attributes in process `syz.2.679'.
[  194.909117][ T8410] tipc: Disabling bearer <eth:syzkaller0>
[  194.933971][ T8409] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  195.998472][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  196.006725][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  196.017920][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  196.027647][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  196.040848][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  196.257549][ T8429] chnl_net:caif_netlink_parms(): no params data found
[  196.357676][ T8429] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.365265][ T8429] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.373421][ T8429] bridge_slave_0: entered allmulticast mode
[  196.382204][ T8429] bridge_slave_0: entered promiscuous mode
[  196.391675][ T8429] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.398891][ T8429] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.406819][ T8429] bridge_slave_1: entered allmulticast mode
[  196.415397][ T8429] bridge_slave_1: entered promiscuous mode
[  196.462234][ T8429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.476376][ T8429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.523339][ T8429] team0: Port device team_slave_0 added
[  196.533066][ T8429] team0: Port device team_slave_1 added
[  196.685767][ T8429] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.705819][ T8429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.783385][ T8429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.881927][ T8429] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.897096][ T8429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.992314][ T8429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  197.003218][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'.
[  197.265921][ T8459] netlink: 'syz.3.689': attribute type 11 has an invalid length.
[  197.333449][ T8429] hsr_slave_0: entered promiscuous mode
[  197.343358][ T8429] hsr_slave_1: entered promiscuous mode
[  197.350566][ T8429] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  197.358759][ T8429] Cannot create hsr debugfs directory
[  197.382758][ T8465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.692'.
[  197.413431][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  197.423389][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  197.432602][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  197.450333][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  197.451005][ T8466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.692'.
[  197.471131][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  198.070204][ T5846] Bluetooth: hci2: command tx timeout
[  198.336097][ T8467] chnl_net:caif_netlink_parms(): no params data found
[  198.361280][ T8429] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  198.394501][ T8429] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  198.447388][ T8429] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  198.485245][ T8429] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  198.743205][ T8467] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.751779][ T8467] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.759108][ T8467] bridge_slave_0: entered allmulticast mode
[  198.768001][ T8467] bridge_slave_0: entered promiscuous mode
[  198.795045][ T8467] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.806183][ T8467] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.813821][ T8467] bridge_slave_1: entered allmulticast mode
[  198.822081][ T8467] bridge_slave_1: entered promiscuous mode
[  198.967725][ T8467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.003193][ T8467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.049120][ T8429] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.173281][ T8467] team0: Port device team_slave_0 added
[  199.206734][ T8429] 8021q: adding VLAN 0 to HW filter on device team0
[  199.247059][ T8467] team0: Port device team_slave_1 added
[  199.471107][  T130] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.478331][  T130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.489053][ T8467] batman_adv: batadv0: Adding interface: batadv_slave_0
[  199.489417][ T8508] netlink: 24 bytes leftover after parsing attributes in process `syz.3.704'.
[  199.508270][ T8467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.538651][ T8467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.541164][ T5846] Bluetooth: hci3: command tx timeout
[  199.611944][ T8467] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.621890][ T8467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.651813][ T8467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.685070][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.692310][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.796206][ T8467] hsr_slave_0: entered promiscuous mode
[  199.812081][ T8467] hsr_slave_1: entered promiscuous mode
[  199.818686][ T8467] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  199.832119][ T8467] Cannot create hsr debugfs directory
[  199.997845][ T8521] netlink: 104 bytes leftover after parsing attributes in process `syz.3.708'.
[  200.007930][ T8525] netlink: 'syz.1.710': attribute type 4 has an invalid length.
[  200.149901][ T5846] Bluetooth: hci2: command tx timeout
[  200.293100][ T8467] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.481704][ T8467] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.612685][ T8543] FAULT_INJECTION: forcing a failure.
[  200.612685][ T8543] name failslab, interval 1, probability 0, space 0, times 0
[  200.663916][ T8543] CPU: 0 UID: 0 PID: 8543 Comm: syz.2.717 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  200.663948][ T8543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  200.663969][ T8543] Call Trace:
[  200.663977][ T8543]  <TASK>
[  200.663986][ T8543]  dump_stack_lvl+0x241/0x360
[  200.664027][ T8543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.664056][ T8543]  ? __pfx__printk+0x10/0x10
[  200.664091][ T8543]  ? ref_tracker_alloc+0x316/0x4c0
[  200.664118][ T8543]  should_fail_ex+0x424/0x570
[  200.664157][ T8543]  should_failslab+0xac/0x100
[  200.664187][ T8543]  kmem_cache_alloc_noprof+0x78/0x390
[  200.664216][ T8543]  ? skb_clone+0x20c/0x390
[  200.664242][ T8543]  skb_clone+0x20c/0x390
[  200.664268][ T8543]  __netlink_deliver_tap+0x3c4/0x7f0
[  200.664310][ T8543]  ? netlink_deliver_tap+0x2e/0x1b0
[  200.664338][ T8543]  netlink_deliver_tap+0x19d/0x1b0
[  200.664368][ T8543]  netlink_sendskb+0x68/0x140
[  200.664395][ T8543]  netlink_unicast+0x39f/0x9a0
[  200.664418][ T8543]  ? __asan_memcpy+0x40/0x70
[  200.664446][ T8543]  ? __pfx_netlink_unicast+0x10/0x10
[  200.664484][ T8543]  netlink_rcv_skb+0x296/0x480
[  200.664514][ T8543]  ? __pfx_genl_rcv_msg+0x10/0x10
[  200.664538][ T8543]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  200.664593][ T8543]  ? netlink_deliver_tap+0x2e/0x1b0
[  200.664630][ T8543]  genl_rcv+0x28/0x40
[  200.664648][ T8543]  netlink_unicast+0x7f8/0x9a0
[  200.664685][ T8543]  ? __pfx_netlink_unicast+0x10/0x10
[  200.664714][ T8543]  ? skb_put+0x114/0x1f0
[  200.664750][ T8543]  netlink_sendmsg+0x8c3/0xcd0
[  200.664795][ T8543]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.664829][ T8543]  ? aa_sock_msg_perm+0x91/0x160
[  200.664865][ T8543]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.664891][ T8543]  __sock_sendmsg+0x221/0x270
[  200.664926][ T8543]  ____sys_sendmsg+0x523/0x860
[  200.664967][ T8543]  ? __pfx_____sys_sendmsg+0x10/0x10
[  200.664985][ T8543]  ? __fget_files+0x2a/0x420
[  200.665019][ T8543]  ? __fget_files+0x2a/0x420
[  200.665060][ T8543]  __sys_sendmsg+0x271/0x360
[  200.665088][ T8543]  ? __pfx___sys_sendmsg+0x10/0x10
[  200.665174][ T8543]  ? do_syscall_64+0xb6/0x230
[  200.665205][ T8543]  do_syscall_64+0xf3/0x230
[  200.665232][ T8543]  ? clear_bhb_loop+0x45/0xa0
[  200.665257][ T8543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.665277][ T8543] RIP: 0033:0x7f307698d169
[  200.665296][ T8543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.665313][ T8543] RSP: 002b:00007f3077882038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.665336][ T8543] RAX: ffffffffffffffda RBX: 00007f3076ba5fa0 RCX: 00007f307698d169
[  200.665351][ T8543] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  200.665364][ T8543] RBP: 00007f3077882090 R08: 0000000000000000 R09: 0000000000000000
[  200.665377][ T8543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  200.665389][ T8543] R13: 0000000000000000 R14: 00007f3076ba5fa0 R15: 00007ffc32de9828
[  200.665423][ T8543]  </TASK>
[  201.047547][ T8467] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.168942][ T8467] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.202494][ T8554] xt_CT: You must specify a L4 protocol and not use inversions on it
[  201.276767][ T8553] xt_bpf: check failed: parse error
[  201.349041][ T8429] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.590531][ T5846] Bluetooth: hci3: command tx timeout
[  202.230688][ T5846] Bluetooth: hci2: command tx timeout
[  203.367380][ T8467] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  203.372309][ T8575] xt_ecn: cannot match TCP bits for non-tcp packets
[  203.376512][ T8573] netlink: 36 bytes leftover after parsing attributes in process `syz.1.726'.
[  203.410550][ T8573] netlink: 'syz.1.726': attribute type 3 has an invalid length.
[  203.440396][ T8467] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  203.450805][ T8575] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  203.472544][ T8467] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  203.526095][ T8467] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  203.564737][ T8579] netlink: 28 bytes leftover after parsing attributes in process `syz.2.728'.
[  203.584532][ T8581] netlink: 25 bytes leftover after parsing attributes in process `syz.1.729'.
[  203.589082][ T8579] netlink: 28 bytes leftover after parsing attributes in process `syz.2.728'.
[  203.594894][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.729'.
[  203.616848][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.729'.
[  203.619770][ T8583] netlink: 4 bytes leftover after parsing attributes in process `syz.3.730'.
[  203.626650][ T8581] netlink: 12 bytes leftover after parsing attributes in process `syz.1.729'.
[  203.645269][ T8579] netlink: 'syz.2.728': attribute type 4 has an invalid length.
[  203.672170][ T5846] Bluetooth: hci3: command tx timeout
[  203.867695][ T8467] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.880378][ T8429] veth0_vlan: entered promiscuous mode
[  203.937095][ T8467] 8021q: adding VLAN 0 to HW filter on device team0
[  203.963204][ T8429] veth1_vlan: entered promiscuous mode
[  204.004589][ T3428] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.011856][ T3428] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.065096][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.072317][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.220468][ T8429] veth0_macvtap: entered promiscuous mode
[  204.229025][ T8597] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  204.275070][ T8429] veth1_macvtap: entered promiscuous mode
[  204.310270][ T5846] Bluetooth: hci2: command tx timeout
[  204.368683][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.393938][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.420115][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.443632][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.473654][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.478260][ T8597] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  204.486630][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.503379][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.514620][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.525183][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.540530][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.553039][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.564746][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.575262][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.587693][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.601246][ T8429] batman_adv: batadv0: Interface activated: batadv_slave_0
[  204.638337][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.675359][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.695147][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.740090][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.760417][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.782060][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.796212][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.817581][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.846092][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.867049][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.880261][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.901636][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.930211][ T8429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.951849][ T8429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.969131][ T8429] batman_adv: batadv0: Interface activated: batadv_slave_1
[  205.071330][ T8429] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  205.088594][ T8429] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  205.102740][ T8429] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  205.112625][ T8429] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.248204][ T8467] 8021q: adding VLAN 0 to HW filter on device batadv0
[  205.288098][ T8623] netlink: 24 bytes leftover after parsing attributes in process `syz.3.742'.
[  205.390713][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.407665][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.514874][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.521968][ T8467] veth0_vlan: entered promiscuous mode
[  205.533662][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.586002][ T8467] veth1_vlan: entered promiscuous mode
[  205.723687][ T8467] veth0_macvtap: entered promiscuous mode
[  205.760393][ T5846] Bluetooth: hci3: command tx timeout
[  205.765333][ T8467] veth1_macvtap: entered promiscuous mode
[  205.838568][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.890355][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.922661][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.936271][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.946949][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.958781][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.985680][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.013502][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.033094][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.048464][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.060805][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.074640][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.085161][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.096244][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.106687][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  206.117972][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.136045][ T8467] batman_adv: batadv0: Interface activated: batadv_slave_0
[  206.177016][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.211159][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.229423][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.243190][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.253667][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.264984][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.276856][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.303821][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.326311][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.350475][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.361521][ T8648] netlink: 'syz.2.751': attribute type 4 has an invalid length.
[  206.399622][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.458945][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.490230][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.505826][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.516424][ T8467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  206.527606][ T8467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  206.548396][ T8467] batman_adv: batadv0: Interface activated: batadv_slave_1
[  206.573036][ T8467] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.587053][ T8467] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.597377][ T8467] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.606255][ T8467] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  206.748861][ T8658] netlink: 248 bytes leftover after parsing attributes in process `syz.1.753'.
[  206.949259][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.966984][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  207.049030][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  207.080281][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  207.971330][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  207.980376][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  207.988212][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  208.008853][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  208.038295][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  208.500141][ T8676] chnl_net:caif_netlink_parms(): no params data found
[  208.662688][ T8676] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.679785][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.687134][ T8676] bridge_slave_0: entered allmulticast mode
[  208.696228][ T8676] bridge_slave_0: entered promiscuous mode
[  208.706235][ T8676] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.729081][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.744056][ T8676] bridge_slave_1: entered allmulticast mode
[  208.752801][ T8676] bridge_slave_1: entered promiscuous mode
[  208.811798][ T8676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.825075][ T8676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.882404][ T8676] team0: Port device team_slave_0 added
[  208.892482][ T8676] team0: Port device team_slave_1 added
[  208.993113][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.013862][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.079802][ T8676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.110878][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.117885][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.199896][ T8676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.513555][ T8676] hsr_slave_0: entered promiscuous mode
[  209.531397][ T8676] hsr_slave_1: entered promiscuous mode
[  209.546083][ T8676] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  209.570644][ T8676] Cannot create hsr debugfs directory
[  210.038077][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  210.047541][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  210.060165][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  210.070806][ T5842] Bluetooth: hci2: command tx timeout
[  210.086667][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  210.100338][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  210.272831][ T8707] __nla_validate_parse: 1 callbacks suppressed
[  210.272853][ T8707] netlink: 32 bytes leftover after parsing attributes in process `syz.1.763'.
[  210.493278][ T8711] netlink: 28 bytes leftover after parsing attributes in process `syz.2.764'.
[  210.503026][ T8711] netlink: 20 bytes leftover after parsing attributes in process `syz.2.764'.
[  210.614065][ T8676] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.723161][ T8676] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.840008][ T8676] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.983864][ T8676] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.212706][ T8722] xt_ecn: cannot match TCP bits for non-tcp packets
[  211.262362][ T8722] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  211.332470][ T8700] chnl_net:caif_netlink_parms(): no params data found
[  211.427904][ T8676] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  211.497951][ T8676] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  211.567559][ T8676] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  211.742047][ T8700] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.752473][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  211.752489][ T5842] Bluetooth: hci1: command 0x0406 tx timeout
[  211.785506][ T8700] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.801259][ T8700] bridge_slave_0: entered allmulticast mode
[  211.824778][ T8700] bridge_slave_0: entered promiscuous mode
[  211.843480][ T8676] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  211.861058][ T8700] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.868219][ T8700] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.891917][ T8700] bridge_slave_1: entered allmulticast mode
[  211.918582][ T8700] bridge_slave_1: entered promiscuous mode
[  212.055656][ T8700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  212.093797][ T8700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  212.149582][ T5846] Bluetooth: hci2: command tx timeout
[  212.165872][ T5846] Bluetooth: hci3: command tx timeout
[  212.218326][ T8700] team0: Port device team_slave_0 added
[  212.243131][ T8700] team0: Port device team_slave_1 added
[  212.383207][ T8700] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.409645][ T8700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.449004][ T8700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.472634][ T8745] netlink: 'syz.1.772': attribute type 2 has an invalid length.
[  212.517723][ T8700] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.542010][ T8700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.592522][ T8700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.657594][ T8747] netlink: 28 bytes leftover after parsing attributes in process `syz.1.773'.
[  212.667531][ T8747] netlink: 28 bytes leftover after parsing attributes in process `syz.1.773'.
[  212.788111][ T8700] hsr_slave_0: entered promiscuous mode
[  212.802535][ T8700] hsr_slave_1: entered promiscuous mode
[  212.809292][ T8700] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.830978][ T8700] Cannot create hsr debugfs directory
[  213.163726][ T8676] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.291950][ T8676] 8021q: adding VLAN 0 to HW filter on device team0
[  213.392758][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.400003][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.473913][ T3428] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.481252][ T3428] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.560761][ T8700] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.627138][ T8759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.777'.
[  213.711692][ T8700] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.915624][ T8700] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.944879][ T8767] xt_ecn: cannot match TCP bits for non-tcp packets
[  214.002091][ T8767] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  214.144745][ T8700] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.236032][ T8777] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  214.239948][ T5846] Bluetooth: hci3: command tx timeout
[  214.247507][ T5849] Bluetooth: hci2: command tx timeout
[  214.462730][ T8676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.750105][ T8700] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  214.812223][ T8700] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  214.884968][ T8700] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  214.901354][ T8791] netlink: 148 bytes leftover after parsing attributes in process `syz.3.783'.
[  214.933738][ T8700] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  215.117539][ T8801] netlink: 128 bytes leftover after parsing attributes in process `syz.2.786'.
[  215.128424][ T8676] veth0_vlan: entered promiscuous mode
[  215.135458][ T8803] FAULT_INJECTION: forcing a failure.
[  215.135458][ T8803] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.148912][ T8803] CPU: 1 UID: 0 PID: 8803 Comm: syz.1.787 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  215.148941][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  215.148953][ T8803] Call Trace:
[  215.148961][ T8803]  <TASK>
[  215.148970][ T8803]  dump_stack_lvl+0x241/0x360
[  215.149007][ T8803]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.149035][ T8803]  ? __pfx__printk+0x10/0x10
[  215.149060][ T8803]  ? __bpf_ringbuf_reserve+0x4c5/0x650
[  215.149099][ T8803]  should_fail_ex+0x424/0x570
[  215.149138][ T8803]  strncpy_from_user+0x36/0x280
[  215.149167][ T8803]  ? bpf_test_run+0x36f/0xa90
[  215.149198][ T8803]  strncpy_from_user_nofault+0x71/0x140
[  215.149231][ T8803]  bpf_probe_read_user_str+0x2a/0x70
[  215.149258][ T8803]  bpf_prog_0c70681b89b9d13a+0x69/0x6d
[  215.149280][ T8803]  bpf_test_run+0x4aa/0xa90
[  215.149307][ T8803]  ? bpf_dispatcher_change_prog+0xd7b/0xf00
[  215.149332][ T8803]  ? bpf_test_run+0x36f/0xa90
[  215.149373][ T8803]  ? __pfx_bpf_test_run+0x10/0x10
[  215.149442][ T8803]  ? bpf_test_init+0x130/0x170
[  215.149467][ T8803]  ? xdp_convert_md_to_buff+0x5b/0x330
[  215.149497][ T8803]  bpf_prog_test_run_xdp+0x7de/0x1200
[  215.149548][ T8803]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  215.149578][ T8803]  ? __fget_files+0x2a/0x420
[  215.149611][ T8803]  ? __fget_files+0x2a/0x420
[  215.149644][ T8803]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  215.149674][ T8803]  bpf_prog_test_run+0x2e4/0x360
[  215.149700][ T8803]  __sys_bpf+0x4ee/0x8b0
[  215.149722][ T8803]  ? __pfx___sys_bpf+0x10/0x10
[  215.149777][ T8803]  __x64_sys_bpf+0x7c/0x90
[  215.149808][ T8803]  do_syscall_64+0xf3/0x230
[  215.149843][ T8803]  ? clear_bhb_loop+0x45/0xa0
[  215.149868][ T8803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.149889][ T8803] RIP: 0033:0x7f3d38d8d169
[  215.149906][ T8803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.149923][ T8803] RSP: 002b:00007f3d39c95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  215.149945][ T8803] RAX: ffffffffffffffda RBX: 00007f3d38fa5fa0 RCX: 00007f3d38d8d169
[  215.149960][ T8803] RDX: 000000000000004c RSI: 0000200000000240 RDI: 000000000000000a
[  215.149973][ T8803] RBP: 00007f3d39c95090 R08: 0000000000000000 R09: 0000000000000000
[  215.149985][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.149997][ T8803] R13: 0000000000000000 R14: 00007f3d38fa5fa0 R15: 00007ffdfdf996d8
[  215.150028][ T8803]  </TASK>
[  215.411421][ T8676] veth1_vlan: entered promiscuous mode
[  215.450592][ T8676] veth0_macvtap: entered promiscuous mode
[  215.461374][ T8676] veth1_macvtap: entered promiscuous mode
[  215.568143][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.590006][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.607580][ T8804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.786'.
[  215.616216][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.616627][ T8804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.786'.
[  215.630998][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.646700][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.657751][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.672838][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.684092][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.696621][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.708183][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.718853][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.730210][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.740704][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.765457][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.787374][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.804135][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.814336][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.826051][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.839014][ T8676] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.894461][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.930583][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.950206][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.970177][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.991281][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.016477][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.040186][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.060113][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.100401][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.127646][ T8816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.790'.
[  216.131396][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.149079][ T8816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.790'.
[  216.166098][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.177304][ T8813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.789'.
[  216.195142][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.205798][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.219376][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.244498][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.260196][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.283569][ T8676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  216.314609][ T5849] Bluetooth: hci2: command tx timeout
[  216.320821][ T5846] Bluetooth: hci3: command tx timeout
[  216.326536][ T8676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  216.344962][ T8676] batman_adv: batadv0: Interface activated: batadv_slave_1
[  216.433150][ T8676] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.456836][ T8676] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.471592][ T8676] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.490159][ T8676] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.591319][ T8822] xt_ecn: cannot match TCP bits for non-tcp packets
[  216.638220][ T8700] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.708648][ T8822] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  216.829376][ T8700] 8021q: adding VLAN 0 to HW filter on device team0
[  216.883739][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.890996][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.909561][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.917430][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.020236][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.027494][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.051354][ T8835] xt_CT: You must specify a L4 protocol and not use inversions on it
[  217.114186][ T3428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.141652][ T3428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.370940][ T8842] netlink: 'syz.3.798': attribute type 27 has an invalid length.
[  217.380482][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.798'.
[  217.532414][ T8853] ieee802154 phy0 wpan0: encryption failed: -126
[  217.720490][ T8855] netlink: 28 bytes leftover after parsing attributes in process `syz.2.800'.
[  217.737154][ T8855] netlink: 28 bytes leftover after parsing attributes in process `syz.2.800'.
[  218.346570][ T8700] 8021q: adding VLAN 0 to HW filter on device batadv0
[  218.390446][ T5849] Bluetooth: hci3: command tx timeout
[  218.393766][ T8859] netlink: 128 bytes leftover after parsing attributes in process `syz.2.801'.
[  218.465912][ T8700] veth0_vlan: entered promiscuous mode
[  218.496877][ T8700] veth1_vlan: entered promiscuous mode
[  218.504750][ T8859] netlink: 28 bytes leftover after parsing attributes in process `syz.2.801'.
[  218.543003][ T8700] veth0_macvtap: entered promiscuous mode
[  218.604154][ T8700] veth1_macvtap: entered promiscuous mode
[  218.683658][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.715043][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.760285][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.800184][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.830198][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.867317][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.890214][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.913818][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.938702][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.960155][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.989133][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  219.014399][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.041341][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  219.072762][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.115450][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  219.151438][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.181586][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  219.212408][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.232654][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  219.255377][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.316859][ T8700] batman_adv: batadv0: Interface activated: batadv_slave_0
[  219.387183][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.409776][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.431016][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.449882][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.489728][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.504007][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  219.513396][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  219.521645][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  219.530551][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.543806][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  219.558509][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.572180][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  219.622676][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.649529][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.660465][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.674768][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.686112][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.698745][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.710148][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.720443][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.731125][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.741045][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.753088][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.763111][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.773906][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.848995][ T8700] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.931549][ T8890] xt_ecn: cannot match TCP bits for non-tcp packets
[  219.970934][ T8700] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.980439][ T8700] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.989230][ T8700] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.016091][ T8700] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.079098][ T8890] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  220.255367][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.276397][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.417015][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.444796][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.201549][ T8915] __nla_validate_parse: 4 callbacks suppressed
[  221.201570][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.814'.
[  221.350749][ T8917] netlink: 28 bytes leftover after parsing attributes in process `syz.1.815'.
[  221.373782][ T8878] chnl_net:caif_netlink_parms(): no params data found
[  221.381078][ T8917] netlink: 28 bytes leftover after parsing attributes in process `syz.1.815'.
[  221.657282][ T8878] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.681404][ T5846] Bluetooth: hci2: command tx timeout
[  221.688299][ T8878] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.704603][ T8878] bridge_slave_0: entered allmulticast mode
[  221.721862][ T8878] bridge_slave_0: entered promiscuous mode
[  221.741285][ T8878] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.748661][ T8878] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.759042][ T8878] bridge_slave_1: entered allmulticast mode
[  221.772683][ T8878] bridge_slave_1: entered promiscuous mode
[  221.938658][ T8878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.957434][ T8878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.016662][ T8878] team0: Port device team_slave_0 added
[  222.025698][ T8878] team0: Port device team_slave_1 added
[  222.081082][ T8878] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.088074][ T8878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.115197][ T8878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.129709][ T8878] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.136697][ T8878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.166514][ T8878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  222.238729][ T8878] hsr_slave_0: entered promiscuous mode
[  222.247273][ T8878] hsr_slave_1: entered promiscuous mode
[  222.257183][ T8878] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  222.265409][ T8878] Cannot create hsr debugfs directory
[  222.460670][ T8878] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.539430][ T8878] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.606733][ T8878] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.689359][ T8878] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.833790][ T8878] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  222.844323][ T8878] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  222.855776][ T8878] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  222.874045][ T8878] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  223.233859][ T8878] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.302764][ T8878] 8021q: adding VLAN 0 to HW filter on device team0
[  223.399161][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.406542][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.418666][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.426096][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.430971][ T8939] ieee802154 phy0 wpan0: encryption failed: -126
[  223.458387][ T8938] FAULT_INJECTION: forcing a failure.
[  223.458387][ T8938] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.520433][ T8938] CPU: 1 UID: 0 PID: 8938 Comm: syz.3.821 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  223.520466][ T8938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  223.520479][ T8938] Call Trace:
[  223.520487][ T8938]  <TASK>
[  223.520496][ T8938]  dump_stack_lvl+0x241/0x360
[  223.520534][ T8938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.520563][ T8938]  ? __pfx__printk+0x10/0x10
[  223.520604][ T8938]  should_fail_ex+0x424/0x570
[  223.520645][ T8938]  _copy_to_user+0x31/0xb0
[  223.520678][ T8938]  simple_read_from_buffer+0xc4/0x170
[  223.520712][ T8938]  proc_fail_nth_read+0x1ef/0x260
[  223.520750][ T8938]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.520788][ T8938]  ? rw_verify_area+0x246/0x630
[  223.520809][ T8938]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.520843][ T8938]  vfs_read+0x21f/0xb90
[  223.520871][ T8938]  ? __pfx___mutex_lock+0x10/0x10
[  223.520900][ T8938]  ? __pfx_vfs_read+0x10/0x10
[  223.520925][ T8938]  ? __fget_files+0x2a/0x420
[  223.520958][ T8938]  ? __fget_files+0x39d/0x420
[  223.520986][ T8938]  ? __fget_files+0x2a/0x420
[  223.521028][ T8938]  ksys_read+0x19d/0x2d0
[  223.521053][ T8938]  ? __pfx_ksys_read+0x10/0x10
[  223.521083][ T8938]  ? do_syscall_64+0xb6/0x230
[  223.521114][ T8938]  do_syscall_64+0xf3/0x230
[  223.521140][ T8938]  ? clear_bhb_loop+0x45/0xa0
[  223.521166][ T8938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.521186][ T8938] RIP: 0033:0x7fcb8f58bb7c
[  223.521204][ T8938] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  223.521222][ T8938] RSP: 002b:00007fcb90404030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  223.521245][ T8938] RAX: ffffffffffffffda RBX: 00007fcb8f7a5fa0 RCX: 00007fcb8f58bb7c
[  223.521261][ T8938] RDX: 000000000000000f RSI: 00007fcb904040a0 RDI: 0000000000000004
[  223.521274][ T8938] RBP: 00007fcb90404090 R08: 0000000000000000 R09: 0000000000000000
[  223.521287][ T8938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.521299][ T8938] R13: 0000000000000000 R14: 00007fcb8f7a5fa0 R15: 00007ffe8d01e938
[  223.521334][ T8938]  </TASK>
[  223.765914][ T8878] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  223.776385][ T8878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.797905][ T5846] Bluetooth: hci2: command tx timeout
[  223.923324][ T8942] netlink: 'syz.2.823': attribute type 27 has an invalid length.
[  223.939015][ T8942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.823'.
[  224.002116][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  224.012165][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  224.021407][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  224.038911][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  224.050380][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  224.103612][ T8950] ieee802154 phy0 wpan0: encryption failed: -126
[  224.238861][ T8955] 
[  224.241246][ T8955] ======================================================
[  224.248262][ T8955] WARNING: possible circular locking dependency detected
[  224.255283][ T8955] 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 Not tainted
[  224.262387][ T8955] ------------------------------------------------------
[  224.269417][ T8955] syz.3.824/8955 is trying to acquire lock:
[  224.275308][ T8955] ffffffff900fd448 (rtnl_mutex){+.+.}-{4:4}, at: ip_mroute_setsockopt+0x161/0x11f0
[  224.284636][ T8955] 
[  224.284636][ T8955] but task is already holding lock:
[  224.292008][ T8955] ffff88805c1a21a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50
[  224.302144][ T8955] 
[  224.302144][ T8955] which lock already depends on the new lock.
[  224.302144][ T8955] 
[  224.312595][ T8955] 
[  224.312595][ T8955] the existing dependency chain (in reverse order) is:
[  224.321621][ T8955] 
[  224.321621][ T8955] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}:
[  224.330241][ T8955]        lock_acquire+0x116/0x2f0
[  224.335276][ T8955]        __mutex_lock+0x1a5/0x10c0
[  224.340405][ T8955]        smc_switch_to_fallback+0x35/0xda0
[  224.346224][ T8955]        smc_sendmsg+0x11f/0x530
[  224.351167][ T8955]        __sock_sendmsg+0x221/0x270
[  224.356387][ T8955]        __sys_sendto+0x365/0x4c0
[  224.361432][ T8955]        __x64_sys_sendto+0xde/0x100
[  224.366734][ T8955]        do_syscall_64+0xf3/0x230
[  224.371781][ T8955]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.378209][ T8955] 
[  224.378209][ T8955] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[  224.385877][ T8955]        lock_acquire+0x116/0x2f0
[  224.390921][ T8955]        lock_sock_nested+0x48/0x100
[  224.396228][ T8955]        do_ip_setsockopt+0x17e9/0x39c0
[  224.401787][ T8955]        ip_setsockopt+0x63/0x100
[  224.406821][ T8955]        do_sock_setsockopt+0x3b1/0x710
[  224.412382][ T8955]        __x64_sys_setsockopt+0x1ee/0x280
[  224.418131][ T8955]        do_syscall_64+0xf3/0x230
[  224.423709][ T8955]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.430146][ T8955] 
[  224.430146][ T8955] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[  224.437446][ T8955]        validate_chain+0xa69/0x24e0
[  224.442747][ T8955]        __lock_acquire+0xad5/0xd80
[  224.447958][ T8955]        lock_acquire+0x116/0x2f0
[  224.452989][ T8955]        __mutex_lock+0x1a5/0x10c0
[  224.458109][ T8955]        ip_mroute_setsockopt+0x161/0x11f0
[  224.463929][ T8955]        do_ip_setsockopt+0x1114/0x39c0
[  224.469479][ T8955]        ip_setsockopt+0x63/0x100
[  224.474506][ T8955]        smc_setsockopt+0x25c/0xd50
[  224.479708][ T8955]        do_sock_setsockopt+0x3b1/0x710
[  224.485263][ T8955]        __x64_sys_setsockopt+0x1ee/0x280
[  224.490997][ T8955]        do_syscall_64+0xf3/0x230
[  224.496026][ T8955]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.502497][ T8955] 
[  224.502497][ T8955] other info that might help us debug this:
[  224.502497][ T8955] 
[  224.512817][ T8955] Chain exists of:
[  224.512817][ T8955]   rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock
[  224.512817][ T8955] 
[  224.527268][ T8955]  Possible unsafe locking scenario:
[  224.527268][ T8955] 
[  224.534716][ T8955]        CPU0                    CPU1
[  224.540081][ T8955]        ----                    ----
[  224.545455][ T8955]   lock(&smc->clcsock_release_lock);
[  224.551021][ T8955]                                lock(sk_lock-AF_INET);
[  224.557973][ T8955]                                lock(&smc->clcsock_release_lock);
[  224.565872][ T8955]   lock(rtnl_mutex);
[  224.569861][ T8955] 
[  224.569861][ T8955]  *** DEADLOCK ***
[  224.569861][ T8955] 
[  224.578001][ T8955] 1 lock held by syz.3.824/8955:
[  224.582934][ T8955]  #0: ffff88805c1a21a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50
[  224.593578][ T8955] 
[  224.593578][ T8955] stack backtrace:
[  224.599474][ T8955] CPU: 1 UID: 0 PID: 8955 Comm: syz.3.824 Not tainted 6.15.0-rc1-syzkaller-00220-g6a325aed130b #0 PREEMPT(full) 
[  224.599499][ T8955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  224.599510][ T8955] Call Trace:
[  224.599518][ T8955]  <TASK>
[  224.599526][ T8955]  dump_stack_lvl+0x241/0x360
[  224.599555][ T8955]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.599578][ T8955]  ? __pfx__printk+0x10/0x10
[  224.599601][ T8955]  ? print_lock+0x171/0x1a0
[  224.599622][ T8955]  print_circular_bug+0x2e1/0x300
[  224.599645][ T8955]  check_noncircular+0x142/0x160
[  224.599669][ T8955]  validate_chain+0xa69/0x24e0
[  224.599692][ T8955]  ? sched_clock_cpu+0x77/0x4d0
[  224.599716][ T8955]  __lock_acquire+0xad5/0xd80
[  224.599736][ T8955]  lock_acquire+0x116/0x2f0
[  224.599750][ T8955]  ? ip_mroute_setsockopt+0x161/0x11f0
[  224.599775][ T8955]  ? finish_task_switch+0x1e5/0x870
[  224.599801][ T8955]  __mutex_lock+0x1a5/0x10c0
[  224.599823][ T8955]  ? ip_mroute_setsockopt+0x161/0x11f0
[  224.599844][ T8955]  ? trace_sched_exit_tp+0x3c/0x120
[  224.599869][ T8955]  ? __schedule+0x1ba6/0x5240
[  224.599889][ T8955]  ? ip_mroute_setsockopt+0x161/0x11f0
[  224.599911][ T8955]  ? __pfx___mutex_lock+0x10/0x10
[  224.599936][ T8955]  ? schedule+0x163/0x360
[  224.599956][ T8955]  ip_mroute_setsockopt+0x161/0x11f0
[  224.599983][ T8955]  ? register_lock_class+0x54/0x330
[  224.600009][ T8955]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[  224.600039][ T8955]  ? __pfx___mutex_trylock_common+0x10/0x10
[  224.600061][ T8955]  do_ip_setsockopt+0x1114/0x39c0
[  224.600085][ T8955]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  224.600106][ T8955]  ? smc_setsockopt+0x1b2/0xd50
[  224.600125][ T8955]  ? __pfx___mutex_lock+0x10/0x10
[  224.600158][ T8955]  ip_setsockopt+0x63/0x100
[  224.600177][ T8955]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  224.600203][ T8955]  smc_setsockopt+0x25c/0xd50
[  224.600224][ T8955]  ? __pfx_aa_sk_perm+0x10/0x10
[  224.600245][ T8955]  ? __pfx_smc_setsockopt+0x10/0x10
[  224.600265][ T8955]  ? aa_sock_opt_perm+0x79/0x120
[  224.600290][ T8955]  ? __pfx_smc_setsockopt+0x10/0x10
[  224.600309][ T8955]  do_sock_setsockopt+0x3b1/0x710
[  224.600339][ T8955]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  224.600364][ T8955]  ? __fget_files+0x2a/0x420
[  224.600391][ T8955]  ? __fget_files+0x39d/0x420
[  224.600416][ T8955]  ? __fget_files+0x2a/0x420
[  224.600444][ T8955]  __x64_sys_setsockopt+0x1ee/0x280
[  224.600474][ T8955]  do_syscall_64+0xf3/0x230
[  224.600496][ T8955]  ? clear_bhb_loop+0x45/0xa0
[  224.600515][ T8955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.600532][ T8955] RIP: 0033:0x7fcb8f58d169
[  224.600548][ T8955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.600563][ T8955] RSP: 002b:00007fcb903e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  224.600582][ T8955] RAX: ffffffffffffffda RBX: 00007fcb8f7a6080 RCX: 00007fcb8f58d169
[  224.600595][ T8955] RDX: 00000000000000ca RSI: 0000000000000000 RDI: 0000000000000006
[  224.600605][ T8955] RBP: 00007fcb8f60e990 R08: 0000000000000010 R09: 0000000000000000
[  224.600615][ T8955] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000
[  224.600626][ T8955] R13: 0000000000000000 R14: 00007fcb8f7a6080 R15: 00007ffe8d01e938
[  224.600646][ T8955]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  224.939844][ T8940] caif:caif_disconnect_client(): nothing to disconnect
[  225.139677][ T8953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.822'.
[  225.829804][ T5849] Bluetooth: hci2: command tx timeout