last executing test programs:

1m2.902599896s ago: executing program 1 (id=324):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x80800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001300)=@newtfilter={0xc0, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x94, 0x2, [@TCA_U32_SEL={0x54, 0x5, {0xe, 0x9, 0x5, 0x5, 0x7de, 0x74, 0xe, 0xdc, [{0x80000001, 0x2, 0x9, 0x1ff}, {0x9, 0x40f12, 0x7f, 0xa}, {0x7ff, 0x2, 0x1, 0x8000}, {0x3, 0x1, 0x3, 0x3e}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1, 0xffe0}}, @TCA_U32_POLICE={0xc, 0x6, [@TCA_POLICE_RESULT={0x8, 0x5, 0x3ac}]}, @TCA_U32_INDEV={0x14, 0x8, 'ip6_vti0\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'xfrm0\x00'}]}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000880)="ebe3a0e9791f03fffbe254996cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c19e005863f3d5cfe6cb55b5bb9fa4935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048000000000081fee6a3794c4b074f3c2dd099f80f1e1d42ec536fc19eef4884c27a713fd13315f263850feb95e95d0e4b2d35bba8891b84209d93df42f82f887f2127c9d76d9bb93876a47d7374a584054ecdafd67d63551e24e2e3654d160875a9835a", 0xb1}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c", 0xc7}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r7 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000000), 0x4)
connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24, 0x8c95, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000340)=0x12, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x10, 0x803, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd26, 0x8000002, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xff, 0x1, 0xfbfe}, {0x8, 0x6a6, 0xffff, 0x5, 0x2, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)

1m2.7069238s ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073597a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380050001400000000008000240000000002c00038014000100626f6e645f736c6176655f3000000000140001006d6163766c616e3100000000000000005c000000160a0101000b0000000000000100000000000740000800030900010073797a3100020000000005400000000000000005140000001000010000000000000000000000000a"], 0x110}}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d616300a20fe3ecbe014c32"], 0x54}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

49.156833057s ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073597a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380050001400000000008000240000000002c00038014000100626f6e645f736c6176655f3000000000140001006d6163766c616e3100000000000000005c000000160a0101000b0000000000000100000000000740000800030900010073797a3100020000000005400000000000000005140000001000010000000000000000000000000a"], 0x110}}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d616300a20fe3ecbe014c32"], 0x54}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

35.672530737s ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073597a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380050001400000000008000240000000002c00038014000100626f6e645f736c6176655f3000000000140001006d6163766c616e3100000000000000005c000000160a0101000b0000000000000100000000000740000800030900010073797a3100020000000005400000000000000005140000001000010000000000000000000000000a"], 0x110}}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d616300a20fe3ecbe014c32"], 0x54}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

23.03426008s ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073597a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380050001400000000008000240000000002c00038014000100626f6e645f736c6176655f3000000000140001006d6163766c616e3100000000000000005c000000160a0101000b0000000000000100000000000740000800030900010073797a3100020000000005400000000000000005140000001000010000000000000000000000000a"], 0x110}}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d616300a20fe3ecbe014c32"], 0x54}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

17.717224024s ago: executing program 4 (id=683):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r2}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

16.466494656s ago: executing program 4 (id=687):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000611274000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000000000000000000008500000027000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9092dc1b6dbe9ab5becdcc777", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@noop]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

16.292772654s ago: executing program 4 (id=690):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
pipe(&(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r2}, 0x18)
syz_init_net_socket$ax25(0x3, 0x2, 0xc9)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r3, 0x8010671f, &(0x7f00000004c0)={&(0x7f0000000380)=""/80, 0x50})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d6163736563000078ff028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef40900c13832c99c7ef1bf00001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf43951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc0f00d6e4edef3d93452a", 0xd8}], 0x1}, 0x800)

15.952348358s ago: executing program 4 (id=693):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
close(r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2}, 0x10)
r3 = accept4$llc(0xffffffffffffffff, 0x0, &(0x7f00000006c0), 0x80000)
r4 = accept(r3, &(0x7f0000000140)=@ax25={{0x3, @netrom}, [@default, @netrom, @bcast, @null, @netrom, @remote, @bcast, @netrom]}, &(0x7f00000001c0)=0x80)
sendmsg$nl_route(r4, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)=@bridge_delneigh={0x4c, 0x1d, 0x800, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0x10, 0xa0, 0x8}, [@NDA_LINK_NETNSID={0x8, 0xa, 0x6}, @NDA_SRC_VNI={0x8, 0xb, 0xa}, @NDA_CACHEINFO={0x14, 0x3, {0x80, 0x1, 0x1, 0xe}}, @NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r5, r6, 0x2, 0x2}, 0x10)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r7, r0, 0x2, 0x0, 0x4000}, 0x10)

15.777810907s ago: executing program 4 (id=697):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2c020400)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
unshare(0x22020600)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$kcm(0xa, 0x3, 0x87)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r5, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000a00)={0x2dc, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVKEY={0x160, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x2c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_DEVKEY_ATTR_ID={0xc8, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x54, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}]}, @NL802154_DEVKEY_ATTR_ID={0x54, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8001}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x40, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVKEY={0x78, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x60, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6000}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x28, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}]}, @NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x5}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x2}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}, @NL802154_ATTR_SEC_DEVKEY={0x10, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x90, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x4}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xae}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x5c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0x39f907d02c3f1c1a}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}]}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x2dc}, 0x1, 0x0, 0x0, 0x4810}, 0x4000040)
sendmsg$kcm(r4, &(0x7f0000000580)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f00000004c0), 0x3e}, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x20, r7, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

15.429041607s ago: executing program 4 (id=700):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x10000000}, 0x50)

7.564249564s ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073597a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380050001400000000008000240000000002c00038014000100626f6e645f736c6176655f3000000000140001006d6163766c616e3100000000000000005c000000160a0101000b0000000000000100000000000740000800030900010073797a3100020000000005400000000000000005140000001000010000000000000000000000000a"], 0x110}}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0)
unshare(0x62040200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d616300a20fe3ecbe014c32"], 0x54}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)

4.133582545s ago: executing program 3 (id=757):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c08000000000030005f0000df0b00"/41], 0x0, 0x29}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r0, &(0x7f0000000400)=@in4={0x21, 0x1, 0x2, 0x6, {0x2, 0x6e24, @empty}}, 0x24)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x5c, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x44}, [@nested={0x48, 0xe, 0x0, 0x1, [@nested={0x44, 0x151, 0x0, 0x1, [@typed={0xc, 0x120, 0x0, 0x0, @u64}, @typed={0x8, 0xde, 0x0, 0x0, @pid}, @generic="d5938376f408f47c06aa365b797aafe2660b18ee45e48284a3b4ef398bc2fb7185b7604d553c3361c774288f"]}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000d9bb000085000000b500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

3.059503998s ago: executing program 3 (id=758):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r1, 0x952de000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000100)={0x11, 0x17, r2, 0x1, 0x2, 0x6, @multicast}, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a8048000a8014000700ff"], 0x15c}}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x68, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}, @TCA_STAB={0x20, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x68}}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0, @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES32, @ANYRES8=0x0], 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'geneve0\x00'})

2.834844308s ago: executing program 2 (id=762):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x5452, &(0x7f0000000000))
socket(0x10, 0x80002, 0x0) (async)
socket(0x10, 0x80002, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000040)=0x6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x5, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x8) (async)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000180)={0x1a, 0x30c, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10) (async)
bind$llc(r0, &(0x7f0000000180)={0x1a, 0x30c, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000440)={0x1f, 0x3, @none, 0x800, 0x1}, 0xe) (async)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000440)={0x1f, 0x3, @none, 0x800, 0x1}, 0xe)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070040000900010073797a30000000003c0000001c0a010400000000000000000700000008000a40000000000900020073797a31000000000900"], 0x364}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@o_path={0x0, 0x0, 0x4020, r1}, 0x18)

2.79749474s ago: executing program 3 (id=763):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4000000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59d"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee2cf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec301c000000000000007c00004bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353009e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b200100000b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556585295ce05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba93a34efd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc10000000000000000000000000000000000000000000000000000000400000000"], 0x0}, 0x94)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000002d350000000000006507000002000000070700004a0000007d75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b672d42961e1445ce83def332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5bb6f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400"/480], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r9 = socket$l2tp6(0xa, 0x2, 0x73)
writev(r9, &(0x7f0000001400)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c988ca", 0xe}], 0x1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x7c, r4, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x57, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0x0, 0xfd, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2.550559834s ago: executing program 2 (id=765):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000007440000000c0a01020000000000000000010000000900020073797a320000000018000380140000800400018008000340000000019a930b800900010073797a3000"], 0xd0}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x1}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r4, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x6, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
mmap(&(0x7f00002b2000/0xc00000)=nil, 0xc00000, 0x7, 0x12, r7, 0x20000000)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200005400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)
close(0x3)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r9}, &(0x7f0000000080), &(0x7f0000000240)=r10}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r10, 0x18000000000002a0, 0xe, 0x20, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x3f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x21}, 0x50)
ioctl$sock_inet_SIOCGIFBRDADDR(r2, 0x8919, &(0x7f0000000000)={'pim6reg\x00', {0x2, 0x0, @dev}})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32, @ANYBLOB="08000b002100000008000200ac"], 0x54}}, 0x0)

2.468646703s ago: executing program 3 (id=766):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0)

2.442273494s ago: executing program 0 (id=767):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r2}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), r3)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

1.461937091s ago: executing program 2 (id=768):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004480)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="2a8c8c0b33b622f8851af5b48e8b0e0e9eff564d05f53bed6a8895b635c1496fca3016c83b9c6c90598f81f0d1f7eafb9e14fae5b700e29f39754002ef89c46b48d6d9033a98b0da1165853d6b5fdc1b6294207218211e2b8c4b162950be11f9ef1670529e61b33479c42366bbe4255b46c3d3b0193f7ce8d93b49c0e382f93440f5d02bed6daa11e1a2867ccea550cc26ba1bee8b11c8876b", 0x99}, {0x0}], 0x2}}], 0x1, 0x4000040)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x4)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="180000000000000200000000000000007911c800000000009500000000000000452d8e1c3e2667f08f138b5305dee7c7a8f50dbc9c8f52c48f9fe39f75a148bd297fb489c779161667eebe5828d5818a245e0a096bc00187da63dd20754f9552e3fb17634ebd42820095dcb9a6ddde95df68e49aa7777503246bb8df8880904071c263ef79f44c4355f532065fdf8f02ce9eb3c077cf95008fb1d103a761bf382239a7fc63"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x70)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002abd7000fccbdf250900000005000700030000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001340)={'team0\x00', <r10=>0x0})
r11 = syz_genetlink_get_family_id$team(&(0x7f0000001300), r7)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010025bd7000000000000100000008000100814860cfab00b5ffb8a6ef9b5ef3fb45b20dac3a5387e5d97d45cd9af7b8afee90210a1812625a19bba43a218c22b0ecd48b6e825adff293e3bc6b51cb83dae2f522324cb423ac415744cfb83e584c580fee10b3b2c95dcdb2aa6828f544d8d8c1de93ddfb61d4b2106d70af56dff3c857575738795ee2078f21d3c32cbe958ed0dd643f9e4d5129e2e3dfe8a6fd2dd84cf9e0b8e7d7f767d09704af6e32f756df04da9692a688976f182084bd92be6adaffe4cb51f792652e0ce59e7d2a9420ae1aeb9532abfe519107e74aff3262194579c127434f945493b67d8eade39e2789d3912ab80d17771de198d6257eacee38ec5811ca1045147128cef6e6d10db2fc51a70688023073c9c5d157586b03182db30682968b921273b9d76b2b588240b7839f46065ab4ff6cf104edbf7b3b8e87bd1c1187e766ae9dfeb2116b85a79171a7db649a0320003405", @ANYRES32=r10, @ANYBLOB="3c00028038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400ffffff7f"], 0x58}, 0x1, 0xf000, 0x0, 0x3000000}, 0x10)
r12 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r14 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r14, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010108}, {0x2, 0x4a24, @remote}, {0x2, 0x4e25, @multicast2}, 0x84, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(r13, &(0x7f0000001200)=ANY=[@ANYBLOB="080000fa", @ANYRESDEC=r5, @ANYRESDEC=r14, @ANYRES32=r13], 0xdc)
sendmsg$netlink(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="14010000340001000000000000000000010100800c"], 0x114}], 0x1}, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000180)={&(0x7f0000000100)=""/97, 0x4000, 0x400, 0x4, 0x1}, 0x20)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8eb4f04cd3b6973438e0b7a83283176390e905f034a9ba1bac5d21b81eb4bfcec9d2ce91edbd1ef98d2141af73986b8f990607f01c12c8db986d49f302079d9cc3b0425c4a152259d4170baae837833f54f3658631b5fced0060014886a4c984652dc787befc2f875c0ae0d9e3b4342917288547ed41e524b18907ed26e3962853ac027ac24849405a55e3d4ddf976af3d447fa58c3651469ef8f4787bfc4c0585b51f9a2ff9fbce1910000f0139844e37faf0b", @ANYRES16=r6, @ANYRESOCT=r7, @ANYRES8=r12, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x44040)

1.46158521s ago: executing program 3 (id=769):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040), &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000400), 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x6, 0x6, 0x3)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000000)=@req3={0x2, 0x85c, 0x6b, 0x5, 0x5, 0x6}, 0x1c)
sendmsg$nl_generic(r1, 0x0, 0x40000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getpeername$netlink(r4, &(0x7f0000000140), &(0x7f0000000180)=0xc)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)={0x1c, r5, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24044813}, 0x4000054)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_ethernet(0x72, &(0x7f0000000300)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x3c, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], @pkt_toobig={0x3, 0x2, 0x0, 0x0, {0x0, 0x6, "d80002", 0x0, 0x11, 0x0, @local, @mcast2, [@dstopts], "2b58ffff"}}}}}}}, 0x0)
bind$802154_dgram(r7, &(0x7f0000005080)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0x14)
r8 = socket(0x1e, 0x4, 0x0)
sendmsg$tipc(r8, &(0x7f0000000000)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x3, {0x204e22}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20008080}, 0xc1)
r9 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_int(r9, 0x0, 0x0)

1.398640315s ago: executing program 0 (id=770):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
sendmmsg$inet6(r1, &(0x7f0000000440)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="90", 0x1}], 0x1}}], 0x1, 0x20008050)
setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r2, &(0x7f0000000080)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x4, @empty, 0x7}}, 0x24)
connect$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x10001}}, 0x24)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={r4, 0x0, 0x0, 0x4}, 0x20)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)

1.210895767s ago: executing program 0 (id=771):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
listen(r0, 0x1ff)
sendto$inet(r0, &(0x7f00000002c0)="f0", 0x1, 0xe61e2840a554b0d0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) (fail_nth: 4)

769.414918ms ago: executing program 0 (id=772):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
mmap(&(0x7f00004f1000/0x3000)=nil, 0x3000, 0x2000006, 0x12, r1, 0x913e0000)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000780)={{{@in6=@initdev, @in=@empty}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_ext_load_extent\x00', r1, 0x0, 0x101}, 0x18)
setsockopt$inet6_tcp_buf(r4, 0x6, 0x1f, &(0x7f00000000c0)="1c4310776756b8c6b8fc1b0d991a2e857264732f249faf1b75c5e80e3e6645", 0x1f)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000090601020000000000000000050000000900020073797a31000000000500010007000000100007800c00018008000140fffffffe"], 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

456.778211ms ago: executing program 0 (id=773):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r1, 0x952de000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000100)={0x11, 0x17, r2, 0x1, 0x2, 0x6, @multicast}, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a8048000a8014000700ff"], 0x15c}}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x68, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}, @TCA_STAB={0x20, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x68}}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0, @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES32, @ANYRES8=0x0], 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'geneve0\x00'})

324.463535ms ago: executing program 2 (id=774):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

226.685042ms ago: executing program 0 (id=775):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001500)="49d08acc1dc5a7c1342cce721dfa0c7d421171e8aba8e82e0c1c37594d11c752d7d9a623844a894128d6c7f6a6c6a9414c71d9a79aaa7c77c0e5ab1b014922cc6fa5d26c8cdf01a183ca57dbddf165102279679efbc0d91bb29e1c7646e3a0ba10ff589ebf216051d944caec4ec3b43e3037f82359a83dc317ec49d32990c963b8bff51fb2d0e284d66e56dddca1357850f5dfbbaa1e25f1aa95876997e22056e6035360103bf4eafad759478b71afbea237ded10a05c6666c0ee093bc9800af96bb5a1bbf11d1017c9b2516c7f6d87a7c46700b71967c6c9fdac12b47f6eb58d3b8d983c28e9e246509a32df6e4279de7cb0edb13992b800ee5691404e36f505f22e675af54f0f319d5d11cc71884fc680c3a107ab3f40481cecc57f374bd38049d00f9e1a52ed2eaa079cc40e2d2185b84f182f8e7af31003018bf6864ce372a20c27180f4ff39471f5e590cad191c5c4831fcec0f669dc84aaeeee827d20f892b8c83951868dfe7660b6f810ed4b47c400311e7d2c1e156ee655f9af44b0bd3240c8d4281f230c38af0183621a4acf97159e91b893e166a94e5704575d20c2ab94227b10c0a715f9e104f6b09d1b47383f1f295ef8bf7249bff9cea048cc089df8295199e316264394540713c4ef9c7f507cf3d6cb5294dabb0cc69bbefcd09573380a23d3528b2766a30fc167aa4afbe78adf5378e55c85e060d367276f2b0ebdb3778def976e275f111c396e580b16338e52d10eb2f3980947a2d504ebdec27a646c20b8259ebb56824eb133c50f6040ca7841caf743c759b0731312ea3af05521f28ce1bdd4b34779313cdb376f3d676c5360de54dc3cffcce0788b163ede6154fc294d09bc996bdcbe8f4a51521fb13382b7d4774fc1fbf59814860ac8e2363875c7013eab81ee40b254436987dadcba737bef8b3166fa6f26159ee1351ccdde6c91c2bc1e1c26fc261aa85f58692573ee88a28bd0f7c1456320cc3e1b3cb22b114f540653cef884e609f42bcf88103dc3d5662484ead0c6ed13a9f07b8bd14baa01ff08b97a3898c6e9e3340c2e812de9fc82fe0bd39df01131d6d61a8031f89e8e922882d21a5927ee63118298ebce53d3e456585c208aeaac4467c3c0b7ff8f6fe1168cb5f975c7005cacb045c3217dd3e772234ace1b01bd66c1008d088cf362340157ee0a391ec59ce166fbee065b9544e2ac3b4487b77821d1299d94c26192600ff2294ecc4e68b851a7027f79002b699516996eeb03fa62caab321f4f5dd5a50321575eb003c5461bc317fa55c6f0ba2141bd0de4d6ff47b60b9401e4c9c37f73fd275c8b29f7b764a5c83c9caf62fb9f30c8fb057ea34ba0f201216ec57506a0f231beb956407c14022b6dd0983d6d79753a14e2242acab15e0050e455e2f8725d23fc6439075e7997812a63043de365b207d14cf0240ab5ef90410c3ebaa398e7ecd894a0ae5d1e0e599f6b47874e146242cbe90960aa6baf8ab23d5846ea1a99eca0379eaf8bd0e7143dabc64ac275e147b2c001760d2d42238ddd55513672a989eddddc7967b1cce817d7d06c478087385edd904634b7e014af65843b2cb319fb4c60c115d02ce76d2be793705563a80b70e191435497142166eb99b85108407d2bad9c47cf723afbfc979118dce8ca7b07c1d316af711c2839fce2a8ae9ed489264f11a236b6f37300554598284bb0fcf43d03b51df633171d28b5fc6ca828aca5a994c904adb0a344a426a9ec5662ee3746ddec5b44f64853e397996c08fb637ad7466794428c2acac460456e29d947831279c7e89396556f96f4c6e9f171d8f407579883531f15142f94e1367490a9224bc57cec784ac074a0aa9b9d91d36ac7a1e2fd9c79e3cfc88612ce6b7f057aa39d5b4890076cb86fd7adc5437bf029e089a9f4aa195bc34177c9d84f32564779ff1fa35f7231fed0a6667284da52a19176cbf367b740dbe303397881850f3a86270d158d93edaf5cab578486d219917137f1fdf014ece742e4bf813a74431e883d6b0318c00f3388eff9c51a24d6c4a426977008166cfa2e8592379b5aca2910ddb733836054883561f7b5981a74ffb93295cc06c4f8b2801d542f9183418787b993f793afdfdff29289dbad0dbdb1ae3b0c13f82e6cf0ae2ad441cabdb5f95841c68e2d9fd69e1f8497dfc96b5125d2bd1a312c9e5bc2e21ef9f0662aca6cde72aaa33985644073e9a4ab9238b64f62889c3180fe93b8910cee181512dbf84cfbdcadbefa8a34a42e691b30c8a2f1deec94b9c22798971b6405813b0583d166d0bda4aa89b9acdf80226d71371f3edc2aad6cb16ddbd15a182da486f71d2e8a9ae7766f074203194b5a23931b61bf7224c698e664b82b5b22f61a0a7829dc5172ae0f2b32386ab49845e5f3e3fe20fc64a6c2b4d5b8170b595c4155a16d2592347ccc27f82b1c6fb2c0ceeaa5460699e1f387607acd707fd8d24d293015e5e15a75ea631ae65f9e29d5a527e1f07d3524016379ce9bdc6783ab56c47778c5837151bb95144696fd90c382d09f36ec4869f3fd351112d6e3551cb02b7a684552d66228276fb568fba80b66a89ec77016633baf40ea28b8f4aa938101f526fd963064e7868736f79c38a65a21007646cf836360e03b2545091463d7451a10261458a48d4d587d083e103aff82acde77d8ce693107c9aedddc647158e201e0417a919789e50c2e408204b3cb466a51d4d07d9873e042d71a992c09c5929896154ccd6d56a0531d17f308e849960a920a65fb674828770589e27e7085284a2b68201c17f644f6c488bd61dbe11bb852fe9c6e37d48378c40e2f993b5243f9dfdc2da6f7712b5e1a1a2bd76d691f42d1971de34875ff4ff239445dab00296b0088aaa0371a23790214cc6158c58b9b3c2cec1ae169c1f20e652c8fc85eddaac857b9ffad776d99a94848db0ab4da907a2177f8a278fd101235865fc7ace9fa265f29aa6adf5f20ba1b5b7e86409ebfb6c52892546d05e387e512607a7107e709ce9886018100c6d934d990f42d42963fe2e32e89d12b992b6f172810911a5d19acfa7371a2b67c0a12c771100391a85152ca06d3287878b4cf5d601cc8de1252aed0ad1b476e6a778b3902473a8e359a64f1e1773f8e38ea388c088a134f19dc08db13a011d1d213e51a04ebf1cc37790782cd88d96410d82ea0eb1662e828d6ed9973d4a6ebc58bed4979bcce7da5a941f0f43fddd5d379754d11f167d1391f2309cbe263b837bab6d18a33aef4179c0cfd5162ebefeb801d7e18a2ae76e8b0de6158e71951ed1e6e27fd4eb2f423a16239ad871de22b0a29212b2833f4f0866b7bfde30583e37fb06f5bf4ef8eea676b732b1dd49deafd21af06c54ab817853a468a5de9714c8a7585d5e35b103ec342389c8346a213adbc89e6512f97aadb92c95556b140d1022707228eb92fd1cd20103622c28cef34fecd5af211f8b895e7933efe69bfbf6050f803ba3dd954691222341e0b8283bf709f9ce98c549e6bbebd967eb487fb311858b7081cc01d91a4d73444b7db70afe0598b6dce03ac88f3a92a576de582616a2364b66ccd4a0db75b21e7c4e9b2e01519533f4f6703baf61f6e5ad020f2fb7c7e256b87727333852e71040aeabdc19d35421f6bf91f8fcc191557b7e2b4644d8f5a09be66d9e74d3ca93d6a9225fb3e07634f82acd3ffdf09211eb27c0c4535f08e844776c687a44ec463e245861cc40e1a6c2e5a9f63120baa45414da00fb98307dc50d5f434715537e41feb8fb1b7054e34c0f5d8967d41e603e0d05b6bf69794ab3bb011cc539b6bce53c153168876decf78a34620f6da7b0571e3470a806d439b90d1bf7dce89e7ac044d37a482b17274c214d31301a833c52ec25bb8891193ca2c1284714edd3777aa5db36a484069581279d9ca9c2848d70b33d5936761699eff66550f530a7c52cfd69a41beca303d848f1fe8de547679563f613e1927509dcd850168ace7869dd9191b2b77850848aaa14e8c1e98de92e5ecfe92dba21143db937227128991eebbc8cad3153895bce1d74db780c1114019301e0344b7c421bd385625e0c338fef485e5718257e1f6658095f9916021381c1a004cfe4e41b95035f69c60736e96252cddbd7dd225a6433996c295da3c51360d09fde9a4440128e4a73ac01ad903f61bea748d11cfd8902c467d48417e615237411375e47bce5e531aa1a421e85fa36ce078b987328e53a856e9c448d7c11d50d7bd2a58a4dd8500d8255bae2b7a67327018427f72b361d6fe273a9433e8b88b5fda717adf1277e44709dac24b0b63ea68d460c2537b97a80c4c928208e6128f46fb49c2847e06d8f8320b0272720be9eee1ddb600dce25be0b01643664b15d44a33843e8d2508c842f36352ed866e669ceeec670fef47882c75c04ce10fc44e2a24f679ef028a2bd4f512b2b8e629cc10331c97f71398b0e35c354f2e192ff77161efb7b37968e8c41b2812743c12d9eb9d72405dadb27fc5b2a575cb2688e9912b3cc7ebd40d1d20e40f3f07a6e35c0847f54ce3d6be0ce47633e1398b70026110751b96074f66b3eabc1cb550a6d854051180409a18edc63cbd5e77399d536caa0bb153836447dcc84efc2cf7bcad128eb2788d65d36d97556741b21c5ac2ae66bfe71aae7373a341c2965297ba1b91e841403a47c5ce154de455d7ccfebaf4e931a46df44d4725cac67a2e0d335a23c9acbc375692e9fc09da3ec79144679267f371702cff66dd2f9d5dbb0098c93e9273ed869f9ee282df1bac39f8ba440a04404605ff459c877f704c9fb0d66e9fe8ff36a77381aa14b349892c0f158b0a296a7d25b4989a199043cbdcf7324b22f8f6f7f06e1ab764d2a3f6a55a19017cb73f838439413496d84c476486ef43bca653d284ddbb5ad4a1a5207f10d7016f4cffb97e911f0422d5497ce03e016583e37867120b87d560454aed44d17ab72542435349a0c00f7a26a02bf4ac567b00ea8c2157a6cd0b1a72927b4d52f4b69afc230679b65a7aa857603055a82845373b887fbfbacab9f0eb833107a4cf0b2f17ccbd1e989ad07fc96fcca58b29ef33ae707432c19c9430ea03ae4b4b6e0b074e225199cc577b0f57a805b93ed3b48fe4e76624d203ed9e07c3c146738bf893b00d42f00e83e5fc6da166b79dd323186ac6a3c19da751d91a017922b2302d59d9ab83a4be4c89dc1fb5bbfb37e9047ce7ef6b4a0810794a3fe3aa06f2db7c7ea727741d09266daac825918d03c0a5f0692e4f62cbc16daa57152d4728c51968a32042e50f09904fe7546e06a8ece7448bd4f6cd0752026058246796102582d7739b3bd08ae44be09867bf2957ab56549782a0f10c2085c22fac7b427d85e7964db2680564c3edef29a1aa1230befcfe804916ed27b34ef0ec48a9cbc5ba8965bc472e86ff218ea4bcf84891ae8d130030a81d472776610d2d17d70642de86893f5fc407a709796c7fe62095f7f87089c9c6bfc76d29eec076995a1203f1722b3fdbf2149855a72f60ae2659008f2de0e500478ab5dca923d0b38923b658c80c5a1f34980ee4cd1caf942f86560c63f70695e2da47984883a64e8d5d3f9f8b7c70595f98497eeda8d79daebaafcc1a1ee284ae13abebb93cb6745f8a4757caaa40af243eb86848dd1a93b4de2d9754f267e9d7b676a91e438960806d2c33f710aef90aab65a17b92a423f16ec85b487bce6b9b99fb32591e948f0d193269181d941b06ea3230b76e0e67010231c1329dea203735b0bf989f944a20caf9322e49f", 0x1000}, {&(0x7f0000000400)="7fc3be6143a5938d7cd3b3e7cde13692a0ed481c3ef9a4d1a0c65a2655393f1ce1736f087bd490c735cbdef611560b77ac4a223ec0eeb33839abe837cbcc0307621d7c24620b6ef024a5938ada3bf9bacef524692b291a5db280bae35bd921ed025964c62939d69044d959c767cce41f634a315b7105ddf7ae4610", 0x7b}], 0x2, &(0x7f0000000280)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x6}}], 0x18}, 0x44000)
bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x4, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8, 0x3}, 0xe)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001440)={&(0x7f00000013c0)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8050}, 0x4000000)
setsockopt$inet6_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000080)='>', 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x1, 0x0, 0x4}}, 0x2e)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r6, 0x0, 0x5, &(0x7f0000000240)={@local, @dev={0xac, 0x14, 0x14, 0x3f}, 0x1, "66c5aff8a7eb3af1f6cec2e7420000008c84aea31700", 0x23, 0x1000000, 0x7e, 0x6b}, 0x3c)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000080)=0x300, 0x4)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000001c0)={'wpan1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x6, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000010000000000000000000000711214000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x3c}, 0x1, 0x0, 0x0, 0x14814}, 0x10008000)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000740)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYBLOB="cf56ca8d41246a85fca2c3584aca791d826ee1d3bfd6d6a603570e470c1e60a4162de93c6671e4af13eadeb9e8602f0852e09456bb85630a0eef00a4302bbdefbab765e2af44a44c9ef93427894b058dd1144261c10e9e859713bd38dd2abafdb1e733bbe39c74b39e5be3d05463f510f8", @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r7, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r7, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
sendmsg$inet6(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="11", 0x1}], 0x1}, 0x2000c0d1)
writev(r7, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xa, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000730558000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

185.484612ms ago: executing program 3 (id=776):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4000000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59d"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee2cf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec301c000000000000007c00004bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353009e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b200100000b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556585295ce05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba93a34efd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc10000000000000000000000000000000000000000000000000000000400000000"], 0x0}, 0x94)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000002d350000000000006507000002000000070700004a0000007d75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b672d42961e1445ce83def332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5bb6f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400"/480], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r9 = socket$l2tp6(0xa, 0x2, 0x73)
writev(r9, &(0x7f0000001400)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c988ca", 0xe}], 0x1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x7c, r4, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x57, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0x0, 0xfd, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

168.237902ms ago: executing program 2 (id=777):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fcdbdf25210000000800", @ANYRES32=r2, @ANYBLOB="24002d8005000100020000000500040001004000080002"], 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)

0s ago: executing program 2 (id=778):
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$kcm(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080120000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

kernel console output (not intermixed with test programs):

hsr debugfs directory
[   72.756532][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.763580][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.789622][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.951337][ T5825] hsr_slave_0: entered promiscuous mode
[   72.957673][ T5825] hsr_slave_1: entered promiscuous mode
[   72.964727][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.972344][ T5825] Cannot create hsr debugfs directory
[   73.022078][ T5826] hsr_slave_0: entered promiscuous mode
[   73.028511][ T5826] hsr_slave_1: entered promiscuous mode
[   73.035251][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   73.043071][ T5826] Cannot create hsr debugfs directory
[   73.280546][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   73.316959][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   73.352869][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   73.370976][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   73.495567][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   73.516536][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   73.542388][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   73.569434][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   73.617102][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   73.629056][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   73.651772][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   73.683637][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   73.758604][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.770006][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.797746][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.814097][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.836665][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.916183][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   73.935703][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   73.948868][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   73.960300][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   73.986944][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   74.005645][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.015806][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.023115][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.049162][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.056326][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.102728][ T5842] Bluetooth: hci1: command tx timeout
[   74.104608][ T5829] Bluetooth: hci2: command tx timeout
[   74.108144][ T5838] Bluetooth: hci0: command tx timeout
[   74.130426][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   74.158170][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.165329][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.177365][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.184456][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.191825][ T5838] Bluetooth: hci3: command tx timeout
[   74.262668][ T5838] Bluetooth: hci4: command tx timeout
[   74.289975][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.354401][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   74.438848][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.446049][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.458592][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.465749][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.507227][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.529403][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   74.580028][  T513] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.587214][  T513] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.623229][  T513] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.630379][  T513] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.660628][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.738072][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.752145][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   74.767832][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.774987][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.836912][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.844101][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.959441][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.108004][ T5833] veth0_vlan: entered promiscuous mode
[   75.163812][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.188831][ T5833] veth1_vlan: entered promiscuous mode
[   75.346789][ T5833] veth0_macvtap: entered promiscuous mode
[   75.387099][ T5837] veth0_vlan: entered promiscuous mode
[   75.417655][ T5833] veth1_macvtap: entered promiscuous mode
[   75.440090][ T5837] veth1_vlan: entered promiscuous mode
[   75.501995][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.538476][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.598092][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.609971][ T5837] veth0_macvtap: entered promiscuous mode
[   75.631181][   T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.657992][   T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.667915][   T58] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.679590][ T5837] veth1_macvtap: entered promiscuous mode
[   75.696091][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.706406][   T58] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.774749][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.796460][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.805596][ T5839] veth0_vlan: entered promiscuous mode
[   75.842147][ T5826] veth0_vlan: entered promiscuous mode
[   75.857052][ T5826] veth1_vlan: entered promiscuous mode
[   75.890134][ T5839] veth1_vlan: entered promiscuous mode
[   75.898635][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.908186][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.939260][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.949374][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.988517][ T5825] veth0_vlan: entered promiscuous mode
[   76.007562][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.016617][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.046270][ T5825] veth1_vlan: entered promiscuous mode
[   76.091763][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.099746][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.119614][ T5826] veth0_macvtap: entered promiscuous mode
[   76.144852][ T5826] veth1_macvtap: entered promiscuous mode
[   76.182883][ T5842] Bluetooth: hci1: command tx timeout
[   76.192533][ T5842] Bluetooth: hci2: command tx timeout
[   76.197996][ T5838] Bluetooth: hci0: command tx timeout
[   76.217037][ T5839] veth0_macvtap: entered promiscuous mode
[   76.232187][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.250583][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.268001][ T5838] Bluetooth: hci3: command tx timeout
[   76.269140][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.287462][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.300731][ T5839] veth1_macvtap: entered promiscuous mode
[   76.352851][ T5838] Bluetooth: hci4: command tx timeout
[   76.380624][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.409524][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.413011][ T5944] netlink: 'syz.1.2': attribute type 10 has an invalid length.
[   76.431293][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.437481][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.457368][ T5944] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   76.485750][ T5825] veth0_macvtap: entered promiscuous mode
[   76.501702][   T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.512147][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.536204][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.546647][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.561618][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.632099][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.645183][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.659547][ T5825] veth1_macvtap: entered promiscuous mode
[   76.679019][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.691328][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.773929][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.869128][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.966943][ T5951] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.029338][   T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.054883][   T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.080189][   T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.127472][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.165762][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.195902][ T5951] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.235053][   T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.275412][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.295412][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.319730][ T5951] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.399764][ T5951] bond0: (slave netdevsim0): Releasing backup interface
[   77.410149][ T5951] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.425761][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.436825][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.465058][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.484441][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.577141][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.597762][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.635460][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.666150][   T36] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.801102][   T36] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.829832][ T5963] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1'.
[   77.850841][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.875376][ T5963] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   77.897451][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.232136][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.238411][ T5976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12'.
[   78.264430][ T5838] Bluetooth: hci0: command tx timeout
[   78.270303][ T5842] Bluetooth: hci2: command tx timeout
[   78.270319][ T5829] Bluetooth: hci1: command tx timeout
[   78.344087][ T5842] Bluetooth: hci3: command tx timeout
[   78.424288][ T5842] Bluetooth: hci4: command tx timeout
[   78.710078][ T5989] netlink: 'syz.3.15': attribute type 10 has an invalid length.
[   78.765451][ T5993] netlink: 'syz.1.16': attribute type 10 has an invalid length.
[   78.789286][ T5989] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   79.065405][ T6004] netlink: 'syz.4.17': attribute type 13 has an invalid length.
[   79.073515][ T6004] netlink: 'syz.4.17': attribute type 17 has an invalid length.
[   79.143062][ T6008] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.260726][ T6004] gretap0: refused to change device tx_queue_len
[   79.280550][ T6004] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   79.541357][ T6019] xt_hashlimit: size too large, truncated to 1048576
[   79.551494][ T6019] xt_hashlimit: max too large, truncated to 1048576
[   79.715614][ T6024] xt_hashlimit: size too large, truncated to 1048576
[   79.726291][ T6024] xt_hashlimit: max too large, truncated to 1048576
[   79.748340][ T6025] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   79.778894][ T6025] netlink: 'syz.2.21': attribute type 1 has an invalid length.
[   79.799536][ T6025] netlink: 228 bytes leftover after parsing attributes in process `syz.2.21'.
[   79.926091][ T6029] Zero length message leads to an empty skb
[   79.948288][   T30] audit: type=1800 audit(1751036277.555:2): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.23" name="memory.events" dev="tmpfs" ino=45 res=0 errno=0
[   79.963289][ T6028] netlink: 32 bytes leftover after parsing attributes in process `syz.4.23'.
[   79.975951][   T30] audit: type=1804 audit(1751036277.565:3): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.23" name="/newroot/5/memory.events" dev="tmpfs" ino=45 res=1 errno=0
[   80.013830][ T6029] tipc: Failed to obtain node identity
[   80.038217][ T6029] tipc: Enabling of bearer <ib:ip6gre0> rejected, failed to enable media
[   80.076074][ T6028] netlink: 68 bytes leftover after parsing attributes in process `syz.4.23'.
[   80.483299][ T6051] Bluetooth: MGMT ver 1.23
[   80.885697][ T6057] netlink: 104 bytes leftover after parsing attributes in process `syz.2.32'.
[   81.066623][ T6065] netlink: 4 bytes leftover after parsing attributes in process `syz.2.34'.
[   81.293351][ T6065] veth1_macvtap: left promiscuous mode
[   81.470830][ T6070] netlink: 32 bytes leftover after parsing attributes in process `syz.4.36'.
[   81.582703][ T6078] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[   81.867375][ T6085] warning: `syz.2.37' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   82.003821][ T6091] xt_hashlimit: size too large, truncated to 1048576
[   82.048197][ T6091] xt_hashlimit: max too large, truncated to 1048576
[   82.190173][ T6100] netlink: 'syz.1.41': attribute type 10 has an invalid length.
[   83.122284][ T6126] netlink: 72 bytes leftover after parsing attributes in process `syz.0.44'.
[   83.681079][ T6146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.47'.
[   84.039141][   T30] audit: type=1800 audit(1751036281.655:4): pid=6139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.47" name="cgroup.controllers" dev="tmpfs" ino=63 res=0 errno=0
[   84.363297][ T6170] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   84.457121][ T6171] netlink: 56 bytes leftover after parsing attributes in process `syz.0.50'.
[   84.628816][ T6179] netlink: 72 bytes leftover after parsing attributes in process `syz.4.54'.
[   84.723338][ T6183] netlink: 72 bytes leftover after parsing attributes in process `syz.3.56'.
[   85.011340][ T6197] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   85.601430][ T6213] syz.2.60 uses obsolete (PF_INET,SOCK_PACKET)
[   86.782957][  T978] cfg80211: failed to load regulatory.db
[   87.134697][ T6269] netlink: 32 bytes leftover after parsing attributes in process `syz.2.69'.
[   87.144068][   T30] audit: type=1800 audit(1751036284.755:5): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.69" name="memory.events" dev="tmpfs" ino=122 res=0 errno=0
[   87.204340][   T30] audit: type=1804 audit(1751036284.755:6): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.69" name="/newroot/20/memory.events" dev="tmpfs" ino=122 res=1 errno=0
[   87.245670][ T6269] netlink: 48 bytes leftover after parsing attributes in process `syz.2.69'.
[   87.255443][ T6269] netlink: 48 bytes leftover after parsing attributes in process `syz.2.69'.
[   87.333037][   T30] audit: type=1800 audit(1751036284.945:7): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.70" name="memory.events" dev="tmpfs" ino=100 res=0 errno=0
[   87.355480][ T6280] netlink: 32 bytes leftover after parsing attributes in process `syz.3.70'.
[   87.405576][   T30] audit: type=1804 audit(1751036284.945:8): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.70" name="/newroot/16/memory.events" dev="tmpfs" ino=100 res=1 errno=0
[   87.448653][ T6283] netlink: 72 bytes leftover after parsing attributes in process `syz.4.71'.
[   88.777471][ T6336] FAULT_INJECTION: forcing a failure.
[   88.777471][ T6336] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   88.796090][ T6296] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.804458][ T6296] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.811331][ T6336] CPU: 0 UID: 0 PID: 6336 Comm: syz.0.76 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[   88.811355][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.811371][ T6336] Call Trace:
[   88.811379][ T6336]  <TASK>
[   88.811387][ T6336]  dump_stack_lvl+0x189/0x250
[   88.811424][ T6336]  ? __pfx____ratelimit+0x10/0x10
[   88.811443][ T6336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.811467][ T6336]  ? __pfx__printk+0x10/0x10
[   88.811484][ T6336]  ? __might_fault+0xb0/0x130
[   88.811516][ T6336]  should_fail_ex+0x414/0x560
[   88.811541][ T6336]  _copy_from_user+0x2d/0xb0
[   88.811559][ T6336]  ___sys_sendmsg+0x158/0x2a0
[   88.811584][ T6336]  ? __pfx____sys_sendmsg+0x10/0x10
[   88.811639][ T6336]  ? __fget_files+0x2a/0x420
[   88.811656][ T6336]  ? __fget_files+0x3a0/0x420
[   88.811683][ T6336]  __x64_sys_sendmsg+0x19b/0x260
[   88.811708][ T6336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   88.811739][ T6336]  ? __pfx_ksys_write+0x10/0x10
[   88.811761][ T6336]  ? rcu_is_watching+0x15/0xb0
[   88.811790][ T6336]  ? do_syscall_64+0xbe/0x3b0
[   88.811813][ T6336]  do_syscall_64+0xfa/0x3b0
[   88.811830][ T6336]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.811854][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.811870][ T6336]  ? clear_bhb_loop+0x60/0xb0
[   88.811891][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.811907][ T6336] RIP: 0033:0x7f6c8c78e929
[   88.811927][ T6336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.811940][ T6336] RSP: 002b:00007f6c8d655038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.811958][ T6336] RAX: ffffffffffffffda RBX: 00007f6c8c9b5fa0 RCX: 00007f6c8c78e929
[   88.811971][ T6336] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[   88.811981][ T6336] RBP: 00007f6c8d655090 R08: 0000000000000000 R09: 0000000000000000
[   88.811991][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.812001][ T6336] R13: 0000000000000000 R14: 00007f6c8c9b5fa0 R15: 00007fff5bdd49e8
[   88.812027][ T6336]  </TASK>
[   89.115581][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.130719][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.303929][ T6313] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.316936][ T6313] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.518355][   T13] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.575641][   T13] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.626044][ T6351] tipc: Started in network mode
[   89.630964][ T6351] tipc: Node identity 925576b33be9, cluster identity 4711
[   89.642465][ T6351] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   89.661908][ T6358] IPv6: sit1: Disabled Multicast RS
[   89.672111][ T6350] tipc: Disabling bearer <eth:syzkaller0>
[   89.853763][ T6360] __nla_validate_parse: 5 callbacks suppressed
[   89.853780][ T6360] netlink: 20 bytes leftover after parsing attributes in process `syz.0.82'.
[   89.918787][ T6365] netlink: 72 bytes leftover after parsing attributes in process `syz.2.85'.
[   90.570946][ T6390] dvmrp0: entered allmulticast mode
[   90.616173][ T6392] netlink: 28 bytes leftover after parsing attributes in process `syz.4.92'.
[   90.647037][ T6392] netlink: 'syz.4.92': attribute type 7 has an invalid length.
[   90.698127][ T6392] netlink: 'syz.4.92': attribute type 8 has an invalid length.
[   90.714869][ T6392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.92'.
[   90.766142][ T6392] team0: entered promiscuous mode
[   90.771216][ T6392] team_slave_0: entered promiscuous mode
[   90.804980][ T6392] team_slave_1: entered promiscuous mode
[   90.816882][ T6392] bond0: entered promiscuous mode
[   90.822002][ T6392] bond_slave_0: entered promiscuous mode
[   90.833880][ T6392] bond_slave_1: entered promiscuous mode
[   90.850691][ T6392] gretap0: entered promiscuous mode
[   90.877940][ T6392] hsr1: Interlink (gretap0) is not up; please bring it up to get a fully working HSR network
[   90.913916][ T6392] 8021q: adding VLAN 0 to HW filter on device hsr1
[   90.954519][ T6407] netlink: 72 bytes leftover after parsing attributes in process `syz.2.96'.
[   91.446144][ T6427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.99'.
[   91.796166][ T6434] team0: No ports can be present during mode change
[   92.136478][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.104'.
[   92.229946][ T6453] netlink: 48 bytes leftover after parsing attributes in process `syz.2.107'.
[   92.297852][ T6457] netlink: 388 bytes leftover after parsing attributes in process `syz.4.108'.
[   92.519744][ T6469] netlink: 72 bytes leftover after parsing attributes in process `syz.3.111'.
[   92.635532][ T6464] FAULT_INJECTION: forcing a failure.
[   92.635532][ T6464] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.655019][ T6464] CPU: 0 UID: 0 PID: 6464 Comm: syz.0.110 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[   92.655043][ T6464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   92.655053][ T6464] Call Trace:
[   92.655060][ T6464]  <TASK>
[   92.655067][ T6464]  dump_stack_lvl+0x189/0x250
[   92.655096][ T6464]  ? __pfx____ratelimit+0x10/0x10
[   92.655119][ T6464]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.655143][ T6464]  ? __pfx__printk+0x10/0x10
[   92.655174][ T6464]  should_fail_ex+0x414/0x560
[   92.655199][ T6464]  _copy_to_user+0x31/0xb0
[   92.655218][ T6464]  put_timespec64+0xc0/0x120
[   92.655241][ T6464]  ? __pfx_put_timespec64+0x10/0x10
[   92.655273][ T6464]  __x64_sys_recvmmsg+0x1d5/0x240
[   92.655301][ T6464]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   92.655328][ T6464]  ? do_syscall_64+0xbe/0x3b0
[   92.655350][ T6464]  do_syscall_64+0xfa/0x3b0
[   92.655367][ T6464]  ? lockdep_hardirqs_on+0x9c/0x150
[   92.655386][ T6464]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.655404][ T6464]  ? clear_bhb_loop+0x60/0xb0
[   92.655425][ T6464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.655441][ T6464] RIP: 0033:0x7f6c8c78e929
[   92.655463][ T6464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.655477][ T6464] RSP: 002b:00007f6c8d634038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   92.655495][ T6464] RAX: ffffffffffffffda RBX: 00007f6c8c9b6080 RCX: 00007f6c8c78e929
[   92.655508][ T6464] RDX: 0000000000000001 RSI: 0000200000001780 RDI: 0000000000000004
[   92.655519][ T6464] RBP: 00007f6c8d634090 R08: 0000200000004980 R09: 0000000000000000
[   92.655530][ T6464] R10: 0000000000000042 R11: 0000000000000246 R12: 0000000000000001
[   92.655540][ T6464] R13: 0000000000000001 R14: 00007f6c8c9b6080 R15: 00007fff5bdd49e8
[   92.655568][ T6464]  </TASK>
[   92.993247][ T6480] netlink: 'syz.2.115': attribute type 16 has an invalid length.
[   93.001032][ T6480] netlink: 'syz.2.115': attribute type 17 has an invalid length.
[   93.139712][ T6480] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   93.880133][ T6506] netlink: 'syz.2.122': attribute type 10 has an invalid length.
[   93.930405][ T6495] syzkaller1: entered promiscuous mode
[   93.941453][ T6495] syzkaller1: entered allmulticast mode
[   93.974088][ T6506] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.982596][ T6506] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.002300][ T6506] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.009760][ T6506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.018103][ T6506] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.025335][ T6506] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.041090][ T6506] team0: Port device bridge0 added
[   94.059467][ T6506] syz.2.122 (6506) used greatest stack depth: 20152 bytes left
[   94.533166][ T6529] syzkaller0: entered promiscuous mode
[   94.538670][ T6529] syzkaller0: entered allmulticast mode
[   94.711006][ T6535] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.718222][ T6535] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.846648][ T6542] FAULT_INJECTION: forcing a failure.
[   94.846648][ T6542] name failslab, interval 1, probability 0, space 0, times 0
[   94.867206][ T6542] CPU: 0 UID: 0 PID: 6542 Comm: syz.2.134 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[   94.867238][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.867248][ T6542] Call Trace:
[   94.867256][ T6542]  <TASK>
[   94.867263][ T6542]  dump_stack_lvl+0x189/0x250
[   94.867294][ T6542]  ? __pfx____ratelimit+0x10/0x10
[   94.867313][ T6542]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.867337][ T6542]  ? __pfx__printk+0x10/0x10
[   94.867362][ T6542]  ? __ip_dev_find+0x444/0x4e0
[   94.867388][ T6542]  should_fail_ex+0x414/0x560
[   94.867414][ T6542]  should_failslab+0xa8/0x100
[   94.867433][ T6542]  kmem_cache_alloc_noprof+0x73/0x3c0
[   94.867457][ T6542]  ? dst_alloc+0x105/0x170
[   94.867484][ T6542]  dst_alloc+0x105/0x170
[   94.867510][ T6542]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[   94.867545][ T6542]  ? ip_route_output_key_hash+0xde/0x2e0
[   94.867571][ T6542]  ip_route_output_key_hash+0x1b9/0x2e0
[   94.867599][ T6542]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[   94.867626][ T6542]  ? percpu_counter_add_batch+0xea/0x1e0
[   94.867649][ T6542]  ? sk_dst_check+0x25/0x480
[   94.867666][ T6542]  ? dst_release+0x126/0x1b0
[   94.867692][ T6542]  ip_route_output_flow+0x2a/0x150
[   94.867711][ T6542]  ? security_sk_classify_flow+0x70/0x180
[   94.867739][ T6542]  udp_sendmsg+0x140c/0x2300
[   94.867759][ T6542]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   94.867788][ T6542]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   94.867812][ T6542]  ? __pfx_udp_sendmsg+0x10/0x10
[   94.867836][ T6542]  ? do_wp_page+0x161d/0x5800
[   94.867878][ T6542]  ? __pfx_aa_sk_perm+0x10/0x10
[   94.867894][ T6542]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[   94.867921][ T6542]  ? sock_rps_record_flow+0x19/0x410
[   94.867941][ T6542]  ? inet_sendmsg+0x29c/0x370
[   94.867957][ T6542]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.867981][ T6542]  __sock_sendmsg+0x19c/0x270
[   94.868003][ T6542]  ____sys_sendmsg+0x52d/0x830
[   94.868032][ T6542]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.868062][ T6542]  ? import_iovec+0x74/0xa0
[   94.868082][ T6542]  ___sys_sendmsg+0x21f/0x2a0
[   94.868106][ T6542]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.868172][ T6542]  ? __might_fault+0xb0/0x130
[   94.868199][ T6542]  __sys_sendmmsg+0x227/0x430
[   94.868228][ T6542]  ? __pfx___sys_sendmmsg+0x10/0x10
[   94.868258][ T6542]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   94.868303][ T6542]  ? ksys_write+0x22a/0x250
[   94.868328][ T6542]  ? __pfx_ksys_write+0x10/0x10
[   94.868349][ T6542]  ? rcu_is_watching+0x15/0xb0
[   94.868380][ T6542]  __x64_sys_sendmmsg+0xa0/0xc0
[   94.868405][ T6542]  do_syscall_64+0xfa/0x3b0
[   94.868423][ T6542]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.868441][ T6542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.868457][ T6542]  ? clear_bhb_loop+0x60/0xb0
[   94.868478][ T6542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.868493][ T6542] RIP: 0033:0x7f2f24f8e929
[   94.868509][ T6542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.868522][ T6542] RSP: 002b:00007f2f25d26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.868540][ T6542] RAX: ffffffffffffffda RBX: 00007f2f251b5fa0 RCX: 00007f2f24f8e929
[   94.868553][ T6542] RDX: 07fffffffffffd33 RSI: 0000200000004d00 RDI: 0000000000000003
[   94.868564][ T6542] RBP: 00007f2f25d26090 R08: 0000000000000000 R09: 0000000000000000
[   94.868574][ T6542] R10: 0000000020000890 R11: 0000000000000246 R12: 0000000000000002
[   94.868585][ T6542] R13: 0000000000000000 R14: 00007f2f251b5fa0 R15: 00007ffc3eef26c8
[   94.868613][ T6542]  </TASK>
[   95.325364][ T6547] __nla_validate_parse: 3 callbacks suppressed
[   95.325380][ T6547] netlink: 72 bytes leftover after parsing attributes in process `syz.2.136'.
[   95.645852][   T30] audit: type=1800 audit(1751036293.265:9): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.139" name="memory.events" dev="tmpfs" ino=134 res=0 errno=0
[   95.678342][   T30] audit: type=1804 audit(1751036293.295:10): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.139" name="/newroot/23/memory.events" dev="tmpfs" ino=134 res=1 errno=0
[   95.715450][ T6558] netlink: 292 bytes leftover after parsing attributes in process `syz.1.139'.
[   96.012502][ T6572] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   96.473280][ T6583] syzkaller0: entered promiscuous mode
[   96.479539][ T6583] syzkaller0: entered allmulticast mode
[   96.523323][   T30] audit: type=1800 audit(1751036294.145:11): pid=6593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.152" name="memory.events" dev="tmpfs" ino=114 res=0 errno=0
[   96.524156][ T6593] netlink: 292 bytes leftover after parsing attributes in process `syz.0.152'.
[   96.562646][ T6590] IPv6: Can't replace route, no match found
[   96.581868][ T6595] xt_connbytes: Forcing CT accounting to be enabled
[   96.595361][   T30] audit: type=1804 audit(1751036294.145:12): pid=6593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.152" name="/newroot/19/memory.events" dev="tmpfs" ino=114 res=1 errno=0
[   96.599062][ T6595] set match dimension is over the limit!
[   96.848491][ T6605] netlink: 72 bytes leftover after parsing attributes in process `syz.1.155'.
[   97.004540][ T6611] netlink: 36 bytes leftover after parsing attributes in process `syz.4.154'.
[   97.013810][ T6611] netlink: 16 bytes leftover after parsing attributes in process `syz.4.154'.
[   97.034913][ T6611] netlink: 36 bytes leftover after parsing attributes in process `syz.4.154'.
[   97.052546][ T6611] netlink: 36 bytes leftover after parsing attributes in process `syz.4.154'.
[   97.099600][ T6613] pim6reg1: entered allmulticast mode
[   97.863893][   T30] audit: type=1800 audit(1751036295.485:13): pid=6638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.163" name="memory.events" dev="tmpfs" ino=200 res=0 errno=0
[   97.888958][ T6638] netlink: 292 bytes leftover after parsing attributes in process `syz.4.163'.
[   97.900395][   T30] audit: type=1804 audit(1751036295.505:14): pid=6638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.163" name="/newroot/35/memory.events" dev="tmpfs" ino=200 res=1 errno=0
[   98.175493][ T6648] netlink: 92 bytes leftover after parsing attributes in process `syz.4.165'.
[   98.227121][ T6652] syzkaller0: entered promiscuous mode
[   98.246394][ T6652] syzkaller0: entered allmulticast mode
[   98.798174][   T30] audit: type=1800 audit(1751036296.405:15): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.175" name="memory.events" dev="tmpfs" ino=243 res=0 errno=0
[   98.821328][   T30] audit: type=1804 audit(1751036296.405:16): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.175" name="/newroot/44/memory.events" dev="tmpfs" ino=243 res=1 errno=0
[   99.047502][ T6679] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[   99.118931][ T6680] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.582008][ T6696] trusted_key: syz.3.180 sent an empty control message without MSG_MORE.
[   99.762477][ T6705] netlink: 'syz.4.184': attribute type 10 has an invalid length.
[   99.857470][   T30] audit: type=1800 audit(1751036297.465:17): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.186" name="memory.events" dev="tmpfs" ino=150 res=0 errno=0
[   99.897930][ T6705] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[   99.907697][ T6705] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   99.919406][   T30] audit: type=1804 audit(1751036297.475:18): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.186" name="/newroot/26/memory.events" dev="tmpfs" ino=150 res=1 errno=0
[  100.316685][ T6722] syzkaller0: entered promiscuous mode
[  100.322461][ T6722] syzkaller0: entered allmulticast mode
[  100.978510][ T6743] netlink: 'syz.0.194': attribute type 4 has an invalid length.
[  101.124850][ T6747] netlink: 'syz.3.198': attribute type 10 has an invalid length.
[  101.167250][   T30] audit: type=1800 audit(1751036298.785:19): pid=6749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.199" name="memory.events" dev="tmpfs" ino=206 res=0 errno=0
[  101.169576][ T6749] __nla_validate_parse: 6 callbacks suppressed
[  101.169590][ T6749] netlink: 292 bytes leftover after parsing attributes in process `syz.1.199'.
[  101.218488][   T30] audit: type=1804 audit(1751036298.785:20): pid=6749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.199" name="/newroot/37/memory.events" dev="tmpfs" ino=206 res=1 errno=0
[  101.278579][    C1] Unknown status report in ack skb
[  101.518776][ T6760] FAULT_INJECTION: forcing a failure.
[  101.518776][ T6760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.572500][ T6760] CPU: 0 UID: 0 PID: 6760 Comm: syz.1.202 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  101.572525][ T6760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  101.572535][ T6760] Call Trace:
[  101.572542][ T6760]  <TASK>
[  101.572549][ T6760]  dump_stack_lvl+0x189/0x250
[  101.572588][ T6760]  ? __pfx____ratelimit+0x10/0x10
[  101.572608][ T6760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.572632][ T6760]  ? __pfx__printk+0x10/0x10
[  101.572663][ T6760]  should_fail_ex+0x414/0x560
[  101.572689][ T6760]  _copy_to_user+0x31/0xb0
[  101.572708][ T6760]  simple_read_from_buffer+0xe1/0x170
[  101.572733][ T6760]  proc_fail_nth_read+0x1df/0x250
[  101.572756][ T6760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.572778][ T6760]  ? rw_verify_area+0x258/0x650
[  101.572801][ T6760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.572821][ T6760]  vfs_read+0x1fd/0x980
[  101.572849][ T6760]  ? __pfx___mutex_lock+0x10/0x10
[  101.572870][ T6760]  ? __pfx_vfs_read+0x10/0x10
[  101.572895][ T6760]  ? __fget_files+0x2a/0x420
[  101.572918][ T6760]  ? __fget_files+0x3a0/0x420
[  101.572934][ T6760]  ? __fget_files+0x2a/0x420
[  101.572960][ T6760]  ksys_read+0x145/0x250
[  101.572987][ T6760]  ? __pfx_ksys_read+0x10/0x10
[  101.573007][ T6760]  ? fput+0xa0/0xd0
[  101.573032][ T6760]  ? do_syscall_64+0xbe/0x3b0
[  101.573055][ T6760]  do_syscall_64+0xfa/0x3b0
[  101.573074][ T6760]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.573092][ T6760]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.573109][ T6760]  ? clear_bhb_loop+0x60/0xb0
[  101.573130][ T6760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.573147][ T6760] RIP: 0033:0x7f3919d8d33c
[  101.573163][ T6760] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  101.573176][ T6760] RSP: 002b:00007f391ac09030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  101.573195][ T6760] RAX: ffffffffffffffda RBX: 00007f3919fb5fa0 RCX: 00007f3919d8d33c
[  101.573208][ T6760] RDX: 000000000000000f RSI: 00007f391ac090a0 RDI: 0000000000000003
[  101.573219][ T6760] RBP: 00007f391ac09090 R08: 0000000000000000 R09: 0000000000000000
[  101.573229][ T6760] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000001
[  101.573240][ T6760] R13: 0000000000000000 R14: 00007f3919fb5fa0 R15: 00007ffcf535dcd8
[  101.573269][ T6760]  </TASK>
[  102.003784][ T6773] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  102.393745][   T30] audit: type=1800 audit(1751036300.015:21): pid=6787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.212" name="memory.events" dev="tmpfs" ino=227 res=0 errno=0
[  102.427911][   T30] audit: type=1804 audit(1751036300.015:22): pid=6787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.212" name="/newroot/41/memory.events" dev="tmpfs" ino=227 res=1 errno=0
[  102.429894][ T6783] syzkaller0: entered promiscuous mode
[  102.537446][ T6783] syzkaller0: entered allmulticast mode
[  102.580546][ T6794] netlink: 'syz.1.215': attribute type 10 has an invalid length.
[  103.014362][ T6812] netlink: 'syz.4.223': attribute type 1 has an invalid length.
[  103.045183][ T6810] vlan3: entered promiscuous mode
[  103.050255][ T6810] vlan2: entered promiscuous mode
[  103.055564][ T6810] gretap0: entered promiscuous mode
[  103.128816][   T30] audit: type=1800 audit(1751036300.745:23): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.225" name="memory.events" dev="tmpfs" ino=262 res=0 errno=0
[  103.155833][   T30] audit: type=1804 audit(1751036300.775:24): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.225" name="/newroot/47/memory.events" dev="tmpfs" ino=262 res=1 errno=0
[  103.398257][ T6826] netlink: 'syz.2.229': attribute type 10 has an invalid length.
[  103.458806][ T6826] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  103.775456][ T6837] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  104.176284][   T30] audit: type=1800 audit(1751036301.795:25): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.238" name="memory.events" dev="tmpfs" ino=254 res=0 errno=0
[  104.253068][   T30] audit: type=1804 audit(1751036301.825:26): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.238" name="/newroot/46/memory.events" dev="tmpfs" ino=254 res=1 errno=0
[  104.560896][ T6865] netlink: 'syz.1.244': attribute type 10 has an invalid length.
[  104.883080][ T6882] IPv6: NLM_F_REPLACE set, but no existing node found!
[  104.968860][ T6888] netlink: 272 bytes leftover after parsing attributes in process `syz.3.251'.
[  104.980073][   T30] audit: type=1800 audit(1751036302.585:27): pid=6888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.251" name="memory.events" dev="tmpfs" ino=273 res=0 errno=0
[  105.052328][   T30] audit: type=1804 audit(1751036302.585:28): pid=6888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.251" name="/newroot/50/memory.events" dev="tmpfs" ino=273 res=1 errno=0
[  105.399700][ T6904] Bluetooth: MGMT ver 1.23
[  105.405009][ T6902] netlink: 'syz.0.257': attribute type 10 has an invalid length.
[  105.439986][ T6902] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  105.543566][ T6902] syz.0.257 (6902) used greatest stack depth: 19992 bytes left
[  106.071905][ T6922] netlink: 272 bytes leftover after parsing attributes in process `syz.3.264'.
[  106.085484][ T6924] netlink: 164 bytes leftover after parsing attributes in process `syz.2.265'.
[  106.109818][ T6924] netlink: 164 bytes leftover after parsing attributes in process `syz.2.265'.
[  106.129259][ T6924] netlink: 60 bytes leftover after parsing attributes in process `syz.2.265'.
[  106.288204][ T6933] netlink: 'syz.3.268': attribute type 3 has an invalid length.
[  106.524488][ T6941] netlink: 'syz.3.272': attribute type 10 has an invalid length.
[  107.312671][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  107.312687][   T30] audit: type=1800 audit(1751036304.925:31): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.278" name="memory.events" dev="tmpfs" ino=315 res=0 errno=0
[  107.356881][ T6961] netlink: 272 bytes leftover after parsing attributes in process `syz.3.278'.
[  107.397910][   T30] audit: type=1804 audit(1751036304.935:32): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.278" name="/newroot/58/memory.events" dev="tmpfs" ino=315 res=1 errno=0
[  107.730618][ T6977] netlink: 'syz.3.285': attribute type 10 has an invalid length.
[  108.066549][   T30] audit: type=1800 audit(1751036305.685:33): pid=6993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.292" name="memory.events" dev="tmpfs" ino=273 res=0 errno=0
[  108.068455][ T6993] netlink: 264 bytes leftover after parsing attributes in process `syz.0.292'.
[  108.108618][   T30] audit: type=1804 audit(1751036305.685:34): pid=6993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.292" name="/newroot/50/memory.events" dev="tmpfs" ino=273 res=1 errno=0
[  108.215898][ T6999] netlink: 24 bytes leftover after parsing attributes in process `syz.1.294'.
[  108.256710][ T6995] syzkaller0: entered promiscuous mode
[  108.262636][ T6995] syzkaller0: entered allmulticast mode
[  108.444524][ T7008] netlink: 16 bytes leftover after parsing attributes in process `syz.0.297'.
[  108.625956][ T7015] netlink: 'syz.0.300': attribute type 10 has an invalid length.
[  108.959447][ T7032] netlink: 'syz.1.306': attribute type 1 has an invalid length.
[  109.496421][ T7063] netlink: 'syz.3.318': attribute type 1 has an invalid length.
[  109.546169][ T7060] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  109.681359][ T7071] netlink: 'syz.4.319': attribute type 10 has an invalid length.
[  109.846258][ T7077] syzkaller0: entered promiscuous mode
[  109.851805][ T7077] syzkaller0: entered allmulticast mode
[  109.965100][ T7083] netlink: 'syz.2.325': attribute type 1 has an invalid length.
[  110.384352][ T7097] netlink: 72 bytes leftover after parsing attributes in process `syz.2.330'.
[  110.608918][  T513] bridge_slave_1: left allmulticast mode
[  110.622844][  T513] bridge_slave_1: left promiscuous mode
[  110.629549][  T513] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.677345][  T513] bridge_slave_0: left allmulticast mode
[  110.691039][  T513] bridge_slave_0: left promiscuous mode
[  110.708298][  T513] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.917674][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  110.927327][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  110.935855][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  110.950767][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  110.963698][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  111.452446][  T513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.470846][  T513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.487609][  T513] bond0 (unregistering): Released all slaves
[  111.863046][ T7136] syzkaller0: entered promiscuous mode
[  111.897185][ T7136] syzkaller0: entered allmulticast mode
[  112.405113][   T30] audit: type=1800 audit(1751036310.015:35): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.348" name="memory.events" dev="tmpfs" ino=351 res=0 errno=0
[  112.437651][ T7159] netlink: 264 bytes leftover after parsing attributes in process `syz.0.348'.
[  112.446752][   T30] audit: type=1804 audit(1751036310.015:36): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.348" name="/newroot/65/memory.events" dev="tmpfs" ino=351 res=1 errno=0
[  112.521227][  T513] hsr_slave_0: left promiscuous mode
[  112.547656][  T513] hsr_slave_1: left promiscuous mode
[  112.558629][  T513] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.583615][  T513] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.984728][ T5838] Bluetooth: hci2: command tx timeout
[  113.035922][  T513] team0 (unregistering): Port device team_slave_1 removed
[  113.069120][  T513] team0 (unregistering): Port device team_slave_0 removed
[  113.599609][ T7192] netlink: 36 bytes leftover after parsing attributes in process `syz.2.356'.
[  113.810576][ T7111] chnl_net:caif_netlink_parms(): no params data found
[  114.071053][ T7213] syzkaller1: entered promiscuous mode
[  114.088298][ T7213] syzkaller1: entered allmulticast mode
[  114.218825][ T7224] netlink: 264 bytes leftover after parsing attributes in process `syz.2.363'.
[  114.221026][   T30] audit: type=1800 audit(1751036311.835:37): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.363" name="memory.events" dev="tmpfs" ino=451 res=0 errno=0
[  114.332141][   T30] audit: type=1804 audit(1751036311.835:38): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.363" name="/newroot/84/memory.events" dev="tmpfs" ino=451 res=1 errno=0
[  114.395898][ T7111] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.403745][ T7111] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.410933][ T7111] bridge_slave_0: entered allmulticast mode
[  114.436770][ T7111] bridge_slave_0: entered promiscuous mode
[  114.456444][ T7111] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.463889][ T7111] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.471448][ T7111] bridge_slave_1: entered allmulticast mode
[  114.479940][ T7111] bridge_slave_1: entered promiscuous mode
[  114.590039][ T7238] netlink: 24 bytes leftover after parsing attributes in process `syz.2.366'.
[  114.615743][ T7111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.636370][ T7231] syzkaller0: entered promiscuous mode
[  114.645416][ T7231] syzkaller0: entered allmulticast mode
[  114.691095][ T7111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.768900][ T7244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.367'.
[  114.945861][ T7111] team0: Port device team_slave_0 added
[  115.007255][ T7111] team0: Port device team_slave_1 added
[  115.063296][ T5838] Bluetooth: hci2: command tx timeout
[  115.217062][ T7111] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.227891][ T7111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.259961][ T7111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.376536][ T7111] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.384844][ T7111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.411532][ T7111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.425087][ T7259] netlink: 44 bytes leftover after parsing attributes in process `syz.0.372'.
[  115.587226][ T7111] hsr_slave_0: entered promiscuous mode
[  115.608837][ T7111] hsr_slave_1: entered promiscuous mode
[  115.985949][ T7273] vlan3: entered promiscuous mode
[  115.993062][ T7273] vlan2: entered promiscuous mode
[  116.679867][ T7294] netlink: 36 bytes leftover after parsing attributes in process `syz.4.379'.
[  117.128838][ T7307] netlink: 72 bytes leftover after parsing attributes in process `syz.3.384'.
[  117.144260][ T5838] Bluetooth: hci2: command tx timeout
[  117.228662][ T7308] syzkaller0: entered promiscuous mode
[  117.234756][ T7308] syzkaller0: entered allmulticast mode
[  117.306238][ T7316] x_tables: unsorted entry at hook 2
[  118.199281][ T7339] netlink: 36 bytes leftover after parsing attributes in process `syz.0.391'.
[  118.276605][ T7111] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  118.345957][ T7111] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  118.361823][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.395'.
[  118.376207][ T7111] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  118.393195][ T7111] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  118.589063][ T7356] sctp: [Deprecated]: syz.2.397 (pid 7356) Use of int in max_burst socket option.
[  118.589063][ T7356] Use struct sctp_assoc_value instead
[  118.655061][ T7356] sctp: [Deprecated]: syz.2.397 (pid 7356) Use of int in max_burst socket option deprecated.
[  118.655061][ T7356] Use struct sctp_assoc_value instead
[  118.860269][ T7111] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.873650][ T7362] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8
[  119.011941][ T7111] 8021q: adding VLAN 0 to HW filter on device team0
[  119.048407][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.055615][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.238834][ T5838] Bluetooth: hci2: command tx timeout
[  119.407759][ T7393] netlink: 36 bytes leftover after parsing attributes in process `syz.3.405'.
[  119.431712][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.439631][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.467481][ T7394] syzkaller0: entered promiscuous mode
[  119.473744][ T7394] syzkaller0: entered allmulticast mode
[  120.431311][ T7428] netlink: 'syz.4.412': attribute type 10 has an invalid length.
[  120.654968][ T7111] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.739221][ T7437] No such timeout policy "syz0"
[  121.048549][ T7111] veth0_vlan: entered promiscuous mode
[  121.095370][ T7111] veth1_vlan: entered promiscuous mode
[  121.215920][ T7450] netlink: 'syz.4.418': attribute type 10 has an invalid length.
[  121.319112][ T7111] veth0_macvtap: entered promiscuous mode
[  121.421252][ T7111] veth1_macvtap: entered promiscuous mode
[  121.445720][ T7459] netlink: 24 bytes leftover after parsing attributes in process `syz.3.420'.
[  121.598876][ T7111] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.613791][ T7111] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.631850][  T513] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.652082][ T7468] netlink: 'syz.3.432': attribute type 10 has an invalid length.
[  121.689867][ T7464] syzkaller0: entered promiscuous mode
[  121.752943][ T7464] syzkaller0: entered allmulticast mode
[  121.880743][  T513] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.900082][  T513] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.916249][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.423'.
[  122.289292][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.780114][  T513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.815191][  T513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.946964][ T7515] netlink: 'syz.0.427': attribute type 10 has an invalid length.
[  123.158823][  T513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.182298][  T513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.280592][ T7520] netlink: 24 bytes leftover after parsing attributes in process `syz.3.433'.
[  123.407557][ T7526] netlink: 'syz.4.435': attribute type 10 has an invalid length.
[  123.419115][ T7526] openvswitch: netlink: Flow key attr not present in new flow.
[  123.486256][ T7531] xt_hashlimit: size too large, truncated to 1048576
[  123.506409][ T7531] xt_hashlimit: max too large, truncated to 1048576
[  123.850830][ T7539] syzkaller0: entered promiscuous mode
[  123.877153][ T7539] syzkaller0: entered allmulticast mode
[  124.115286][   T48] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.138149][ T7549] netlink: 'syz.0.438': attribute type 10 has an invalid length.
[  124.239699][   T48] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.417268][   T48] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.448541][ T7558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.439'.
[  124.568400][   T48] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.584471][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  124.595976][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  124.605007][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  124.631286][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  124.631769][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.442'.
[  124.651615][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  125.237143][ T7573] netlink: 24 bytes leftover after parsing attributes in process `syz.2.445'.
[  125.369859][   T48] bridge_slave_1: left allmulticast mode
[  125.378111][   T48] bridge_slave_1: left promiscuous mode
[  125.387402][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.460216][   T48] bridge_slave_0: left allmulticast mode
[  125.469265][ T7588] netlink: 'syz.2.450': attribute type 10 has an invalid length.
[  125.490967][   T48] bridge_slave_0: left promiscuous mode
[  125.500178][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.231299][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.250749][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.263135][   T48] bond0 (unregistering): Released all slaves
[  126.334402][ T7622] syzkaller0: entered promiscuous mode
[  126.339876][ T7622] syzkaller0: entered allmulticast mode
[  126.604742][ T7635] netlink: 20 bytes leftover after parsing attributes in process `syz.3.455'.
[  126.721341][ T7643] netlink: 28 bytes leftover after parsing attributes in process `syz.2.458'.
[  126.734818][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.458'.
[  126.743783][ T5842] Bluetooth: hci2: command tx timeout
[  126.758401][ T7645] netlink: 'syz.0.457': attribute type 1 has an invalid length.
[  126.949163][   T48] hsr_slave_0: left promiscuous mode
[  126.971431][   T48] hsr_slave_1: left promiscuous mode
[  126.993260][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.013754][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  127.032159][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  127.042968][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  127.099533][   T48] veth1_macvtap: left promiscuous mode
[  127.136749][   T48] veth0_macvtap: left promiscuous mode
[  127.146885][   T48] veth1_vlan: left promiscuous mode
[  127.154887][   T48] veth0_vlan: left promiscuous mode
[  127.716147][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.465'.
[  127.988627][   T48] team0 (unregistering): Port device team_slave_1 removed
[  128.024997][   T48] team0 (unregistering): Port device team_slave_0 removed
[  128.318817][ T7656] netlink: 16 bytes leftover after parsing attributes in process `syz.2.461'.
[  128.520749][ T7561] chnl_net:caif_netlink_parms(): no params data found
[  128.611023][ T7697] FAULT_INJECTION: forcing a failure.
[  128.611023][ T7697] name failslab, interval 1, probability 0, space 0, times 0
[  128.642537][ T7697] CPU: 1 UID: 0 PID: 7697 Comm: syz.0.469 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  128.642562][ T7697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.642572][ T7697] Call Trace:
[  128.642580][ T7697]  <TASK>
[  128.642588][ T7697]  dump_stack_lvl+0x189/0x250
[  128.642617][ T7697]  ? __pfx____ratelimit+0x10/0x10
[  128.642636][ T7697]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.642661][ T7697]  ? __pfx__printk+0x10/0x10
[  128.642682][ T7697]  ? __pfx___might_resched+0x10/0x10
[  128.642706][ T7697]  ? fs_reclaim_acquire+0x7d/0x100
[  128.642730][ T7697]  should_fail_ex+0x414/0x560
[  128.642755][ T7697]  should_failslab+0xa8/0x100
[  128.642775][ T7697]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  128.642800][ T7697]  ? __alloc_skb+0x112/0x2d0
[  128.642826][ T7697]  __alloc_skb+0x112/0x2d0
[  128.642850][ T7697]  alloc_skb_with_frags+0xca/0x890
[  128.642872][ T7697]  ? aa_label_sk_perm+0x413/0x560
[  128.642897][ T7697]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  128.642920][ T7697]  sock_alloc_send_pskb+0x857/0x990
[  128.642962][ T7697]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  128.642997][ T7697]  ? aa_sk_perm+0x81e/0x950
[  128.643016][ T7697]  hci_sock_sendmsg+0x207/0xef0
[  128.643045][ T7697]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  128.643067][ T7697]  ? aa_sock_msg_perm+0x94/0x160
[  128.643089][ T7697]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  128.643109][ T7697]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  128.643132][ T7697]  __sock_sendmsg+0x219/0x270
[  128.643154][ T7697]  sock_write_iter+0x258/0x330
[  128.643174][ T7697]  ? __pfx_sock_write_iter+0x10/0x10
[  128.643207][ T7697]  ? bpf_lsm_file_permission+0x9/0x20
[  128.643228][ T7697]  ? security_file_permission+0x75/0x290
[  128.643253][ T7697]  vfs_write+0x548/0xa90
[  128.643283][ T7697]  ? __pfx_sock_write_iter+0x10/0x10
[  128.643300][ T7697]  ? __pfx_vfs_write+0x10/0x10
[  128.643334][ T7697]  ? __fget_files+0x2a/0x420
[  128.643362][ T7697]  ksys_write+0x145/0x250
[  128.643388][ T7697]  ? __pfx_ksys_write+0x10/0x10
[  128.643409][ T7697]  ? rcu_is_watching+0x15/0xb0
[  128.643438][ T7697]  ? do_syscall_64+0xbe/0x3b0
[  128.643461][ T7697]  do_syscall_64+0xfa/0x3b0
[  128.643478][ T7697]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.643496][ T7697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.643514][ T7697]  ? clear_bhb_loop+0x60/0xb0
[  128.643534][ T7697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.643551][ T7697] RIP: 0033:0x7f6c8c78e929
[  128.643567][ T7697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.643580][ T7697] RSP: 002b:00007f6c8d655038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  128.643599][ T7697] RAX: ffffffffffffffda RBX: 00007f6c8c9b5fa0 RCX: 00007f6c8c78e929
[  128.643612][ T7697] RDX: 0000000000000007 RSI: 0000200000000100 RDI: 0000000000000004
[  128.643623][ T7697] RBP: 00007f6c8d655090 R08: 0000000000000000 R09: 0000000000000000
[  128.643633][ T7697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.643643][ T7697] R13: 0000000000000000 R14: 00007f6c8c9b5fa0 R15: 00007fff5bdd49e8
[  128.643670][ T7697]  </TASK>
[  129.004393][ T5842] Bluetooth: hci2: command tx timeout
[  129.191259][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.248204][ T7561] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.255484][ T7561] bridge_slave_0: entered allmulticast mode
[  129.263190][ T7561] bridge_slave_0: entered promiscuous mode
[  129.271945][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.279294][ T7561] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.288542][ T7561] bridge_slave_1: entered allmulticast mode
[  129.315811][ T7561] bridge_slave_1: entered promiscuous mode
[  129.560131][ T7724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.476'.
[  129.574969][ T7719] syzkaller0: entered promiscuous mode
[  129.584307][ T7719] syzkaller0: entered allmulticast mode
[  129.644308][ T7561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.671302][ T7561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.835596][ T7561] team0: Port device team_slave_0 added
[  129.911301][ T7561] team0: Port device team_slave_1 added
[  130.133398][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.152249][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.225449][ T7561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.291026][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.303812][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.388924][ T7561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.765364][ T7767] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  130.784585][ T7767] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  130.815949][ T7767] bridge_slave_0: default FDB implementation only supports local addresses
[  130.956613][ T7770] netlink: 16 bytes leftover after parsing attributes in process `syz.3.489'.
[  130.994102][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.490'.
[  131.012886][ T7561] hsr_slave_0: entered promiscuous mode
[  131.020433][ T7561] hsr_slave_1: entered promiscuous mode
[  131.067364][ T5842] Bluetooth: hci2: command tx timeout
[  131.340813][ T7791] Driver unsupported XDP return value 0 on prog  (id 126) dev N/A, expect packet loss!
[  131.579665][ T7796] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.698997][ T7796] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.727171][ T7798] syzkaller0: entered promiscuous mode
[  131.734046][ T7798] syzkaller0: entered allmulticast mode
[  131.801820][ T7796] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.906275][ T7796] bond0: (slave netdevsim0): Releasing backup interface
[  131.932654][ T7796] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[  131.947689][ T7796] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.248783][ T7815] netlink: 'syz.3.498': attribute type 10 has an invalid length.
[  132.329758][ T2990] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  132.364987][ T7819] x_tables: duplicate underflow at hook 2
[  132.628010][   T48] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  132.659195][   T48] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  132.669109][   T48] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.677770][ T7827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.502'.
[  132.702903][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.503'.
[  132.711829][ T7829] netlink: 24 bytes leftover after parsing attributes in process `syz.2.503'.
[  132.751958][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.761643][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  132.953852][ T7841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.505'.
[  133.038362][ T7843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.507'.
[  133.050315][ T7843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.507'.
[  133.101214][ T7561] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  133.135773][ T7561] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  133.144259][ T5842] Bluetooth: hci2: command tx timeout
[  133.191556][ T7561] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  133.254384][ T7561] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  133.370713][ T7853] syzkaller0: entered promiscuous mode
[  133.393673][ T7853] syzkaller0: entered allmulticast mode
[  133.757512][ T7561] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.791823][ T7561] 8021q: adding VLAN 0 to HW filter on device team0
[  133.811914][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.515'.
[  133.861126][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.868375][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.911255][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.918482][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.173638][ T7886] netlink: 'syz.2.516': attribute type 1 has an invalid length.
[  134.397343][ T7886] bond1: entered promiscuous mode
[  134.404893][ T7886] 8021q: adding VLAN 0 to HW filter on device bond1
[  134.479413][ T7891] 8021q: adding VLAN 0 to HW filter on device bond2
[  134.529197][ T7891] bond1: (slave bond2): making interface the new active one
[  134.537704][ T7891] bond2: entered promiscuous mode
[  134.547829][ T7891] bond1: (slave bond2): Enslaving as an active interface with an up link
[  134.586983][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.521'.
[  134.713075][   T30] audit: type=1800 audit(1751036332.325:39): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.523" name="memory.events" dev="tmpfs" ino=550 res=0 errno=0
[  134.713335][ T7911] netlink: 308 bytes leftover after parsing attributes in process `syz.3.523'.
[  134.822871][   T30] audit: type=1804 audit(1751036332.325:40): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.523" name="/newroot/104/memory.events" dev="tmpfs" ino=550 res=1 errno=0
[  135.393548][ T7561] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.545664][ T7561] veth0_vlan: entered promiscuous mode
[  135.589220][ T7561] veth1_vlan: entered promiscuous mode
[  135.727600][ T7561] veth0_macvtap: entered promiscuous mode
[  135.774355][ T7967] netlink: 'syz.3.535': attribute type 2 has an invalid length.
[  135.787986][ T7972] netlink: 36 bytes leftover after parsing attributes in process `syz.3.535'.
[  135.840284][ T7561] veth1_macvtap: entered promiscuous mode
[  135.847839][ T7974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.536'.
[  135.968782][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.003353][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.057632][  T513] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.074377][   T30] audit: type=1800 audit(1751036333.685:41): pid=7983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.539" name="memory.events" dev="tmpfs" ino=576 res=0 errno=0
[  136.084714][ T7983] netlink: 308 bytes leftover after parsing attributes in process `syz.3.539'.
[  136.106946][  T513] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.145552][ T7985] netlink: 4 bytes leftover after parsing attributes in process `syz.4.540'.
[  136.156879][  T513] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.168455][   T30] audit: type=1804 audit(1751036333.695:42): pid=7983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.539" name="/newroot/109/memory.events" dev="tmpfs" ino=576 res=1 errno=0
[  136.193335][  T513] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.297771][ T7988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.541'.
[  136.334705][ T7988] ip6gre0: Master is either lo or non-ether device
[  136.421105][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.462273][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.519334][ T8002] netlink: 'syz.2.545': attribute type 10 has an invalid length.
[  136.595533][ T6316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.624542][ T6316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.238793][ T6316] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.467944][ T6316] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.640647][ T6316] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.980275][ T6316] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.408889][ T6316] bridge_slave_1: left allmulticast mode
[  138.422143][ T6316] bridge_slave_1: left promiscuous mode
[  138.438102][ T6316] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.442485][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.553'.
[  138.503363][ T8052] netlink: 32 bytes leftover after parsing attributes in process `syz.4.553'.
[  138.527824][ T6316] bridge_slave_0: left allmulticast mode
[  138.542510][   T30] audit: type=1800 audit(1751036336.155:43): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.554" name="memory.events" dev="tmpfs" ino=606 res=0 errno=0
[  138.566606][ T6316] bridge_slave_0: left promiscuous mode
[  138.591964][ T6316] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.612279][   T30] audit: type=1804 audit(1751036336.165:44): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.554" name="/newroot/115/memory.events" dev="tmpfs" ino=606 res=1 errno=0
[  138.618990][ T8059] netlink: 'syz.2.556': attribute type 10 has an invalid length.
[  138.774526][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  138.790148][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  138.802067][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  138.812552][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  138.821180][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  138.902000][ T8077] __nla_validate_parse: 2 callbacks suppressed
[  138.902021][ T8077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.559'.
[  139.121605][ T6316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  139.136255][ T6316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  139.149383][ T6316] bond0 (unregistering): Released all slaves
[  139.169429][ T8073] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  139.879022][ T8109] netlink: 'syz.2.567': attribute type 1 has an invalid length.
[  140.048352][ T8120] netlink: 308 bytes leftover after parsing attributes in process `syz.3.570'.
[  140.052653][   T30] audit: type=1800 audit(1751036337.665:45): pid=8120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.570" name="memory.events" dev="tmpfs" ino=617 res=0 errno=0
[  140.182888][   T30] audit: type=1804 audit(1751036337.665:46): pid=8120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.570" name="/newroot/117/memory.events" dev="tmpfs" ino=617 res=1 errno=0
[  140.370835][ T6316] hsr_slave_0: left promiscuous mode
[  140.381957][ T6316] hsr_slave_1: left promiscuous mode
[  140.400348][ T6316] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.408131][ T6316] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.427348][ T6316] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.435002][ T6316] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.477787][ T6316] veth1_macvtap: left promiscuous mode
[  140.492403][ T6316] veth0_macvtap: left promiscuous mode
[  140.506815][ T6316] veth1_vlan: left promiscuous mode
[  140.516959][ T6316] veth0_vlan: left promiscuous mode
[  140.908337][ T5838] Bluetooth: hci2: command tx timeout
[  141.086155][ T6316] team0 (unregistering): Port device team_slave_1 removed
[  141.133901][ T6316] team0 (unregistering): Port device team_slave_0 removed
[  142.056749][ T8069] chnl_net:caif_netlink_parms(): no params data found
[  142.638320][ T8069] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.651293][ T8069] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.668155][ T8069] bridge_slave_0: entered allmulticast mode
[  142.679962][ T8069] bridge_slave_0: entered promiscuous mode
[  142.744917][ T8069] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.762495][ T8069] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.775485][ T8069] bridge_slave_1: entered allmulticast mode
[  142.795265][ T8069] bridge_slave_1: entered promiscuous mode
[  142.983839][ T5838] Bluetooth: hci2: command tx timeout
[  143.239620][   T30] audit: type=1800 audit(1751036340.855:47): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.581" name="memory.events" dev="tmpfs" ino=632 res=0 errno=0
[  143.244957][ T8191] netlink: 308 bytes leftover after parsing attributes in process `syz.0.581'.
[  143.337966][   T30] audit: type=1804 audit(1751036340.855:48): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.581" name="/newroot/120/memory.events" dev="tmpfs" ino=632 res=1 errno=0
[  143.437157][ T8069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  143.534461][ T8069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  143.620950][ T8196] syzkaller0: entered promiscuous mode
[  143.628286][ T8196] syzkaller0: entered allmulticast mode
[  143.659848][ T8202] netlink: 'syz.0.585': attribute type 10 has an invalid length.
[  143.717081][ T8069] team0: Port device team_slave_0 added
[  143.746690][ T8069] team0: Port device team_slave_1 added
[  143.901733][ T8069] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.925763][ T8069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.967851][ T8069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.985621][ T8069] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.995571][ T8069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.029833][ T8069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.148670][ T8210] netlink: 'syz.0.588': attribute type 23 has an invalid length.
[  144.284915][ T8069] hsr_slave_0: entered promiscuous mode
[  144.291170][ T8069] hsr_slave_1: entered promiscuous mode
[  144.530832][ T8219] can: request_module (can-proto-5) failed.
[  144.663747][ T8232] netlink: 300 bytes leftover after parsing attributes in process `syz.3.595'.
[  144.668188][   T30] audit: type=1800 audit(1751036342.275:49): pid=8232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.595" name="memory.events" dev="tmpfs" ino=648 res=0 errno=0
[  144.708453][   T30] audit: type=1804 audit(1751036342.275:50): pid=8232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.595" name="/newroot/123/memory.events" dev="tmpfs" ino=648 res=1 errno=0
[  144.710106][ T8236] netlink: 12 bytes leftover after parsing attributes in process `syz.0.597'.
[  144.819133][ T8242] netlink: 'syz.2.598': attribute type 10 has an invalid length.
[  144.906359][ T8240] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  144.918702][ T8240] bond1: (slave vcan1): Error -95 calling set_mac_address
[  145.072554][ T5838] Bluetooth: hci2: command tx timeout
[  145.270639][ T8262] FAULT_INJECTION: forcing a failure.
[  145.270639][ T8262] name failslab, interval 1, probability 0, space 0, times 0
[  145.287456][ T8262] CPU: 0 UID: 0 PID: 8262 Comm: syz.3.606 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  145.287482][ T8262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.287493][ T8262] Call Trace:
[  145.287500][ T8262]  <TASK>
[  145.287508][ T8262]  dump_stack_lvl+0x189/0x250
[  145.287539][ T8262]  ? __pfx____ratelimit+0x10/0x10
[  145.287558][ T8262]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.287582][ T8262]  ? __pfx__printk+0x10/0x10
[  145.287608][ T8262]  ? ref_tracker_alloc+0x318/0x460
[  145.287633][ T8262]  should_fail_ex+0x414/0x560
[  145.287659][ T8262]  should_failslab+0xa8/0x100
[  145.287679][ T8262]  kmem_cache_alloc_noprof+0x73/0x3c0
[  145.287704][ T8262]  ? skb_clone+0x212/0x3a0
[  145.287732][ T8262]  skb_clone+0x212/0x3a0
[  145.287759][ T8262]  __netlink_deliver_tap+0x404/0x850
[  145.287793][ T8262]  ? netlink_deliver_tap+0x2e/0x1b0
[  145.287815][ T8262]  netlink_deliver_tap+0x19c/0x1b0
[  145.287836][ T8262]  netlink_unicast+0x72f/0x8d0
[  145.287867][ T8262]  netlink_sendmsg+0x805/0xb30
[  145.287897][ T8262]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.287921][ T8262]  ? aa_sock_msg_perm+0x94/0x160
[  145.287944][ T8262]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  145.287965][ T8262]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.287985][ T8262]  __sock_sendmsg+0x219/0x270
[  145.288006][ T8262]  ____sys_sendmsg+0x505/0x830
[  145.288036][ T8262]  ? __pfx_____sys_sendmsg+0x10/0x10
[  145.288068][ T8262]  ? import_iovec+0x74/0xa0
[  145.288088][ T8262]  ___sys_sendmsg+0x21f/0x2a0
[  145.288114][ T8262]  ? __pfx____sys_sendmsg+0x10/0x10
[  145.288174][ T8262]  ? __fget_files+0x2a/0x420
[  145.288191][ T8262]  ? __fget_files+0x3a0/0x420
[  145.288217][ T8262]  __x64_sys_sendmsg+0x19b/0x260
[  145.288243][ T8262]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  145.288275][ T8262]  ? __pfx_ksys_write+0x10/0x10
[  145.288297][ T8262]  ? rcu_is_watching+0x15/0xb0
[  145.288333][ T8262]  ? do_syscall_64+0xbe/0x3b0
[  145.288357][ T8262]  do_syscall_64+0xfa/0x3b0
[  145.288375][ T8262]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.288393][ T8262]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.288410][ T8262]  ? clear_bhb_loop+0x60/0xb0
[  145.288431][ T8262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.288448][ T8262] RIP: 0033:0x7fd63c58e929
[  145.288464][ T8262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.288478][ T8262] RSP: 002b:00007fd63d459038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  145.288496][ T8262] RAX: ffffffffffffffda RBX: 00007fd63c7b5fa0 RCX: 00007fd63c58e929
[  145.288509][ T8262] RDX: 0000000000000084 RSI: 0000200000000000 RDI: 0000000000000007
[  145.288520][ T8262] RBP: 00007fd63d459090 R08: 0000000000000000 R09: 0000000000000000
[  145.288530][ T8262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.288539][ T8262] R13: 0000000000000000 R14: 00007fd63c7b5fa0 R15: 00007ffeb203a368
[  145.288566][ T8262]  </TASK>
[  145.288615][ T8262] netlink: 'syz.3.606': attribute type 23 has an invalid length.
[  145.365512][ T8261] syzkaller0: entered promiscuous mode
[  145.596459][ T8261] syzkaller0: entered allmulticast mode
[  145.822269][   T30] audit: type=1800 audit(1751036343.435:51): pid=8274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.610" name="memory.events" dev="tmpfs" ino=673 res=0 errno=0
[  145.844288][ T8274] netlink: 300 bytes leftover after parsing attributes in process `syz.0.610'.
[  145.856324][   T30] audit: type=1804 audit(1751036343.435:52): pid=8274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.610" name="/newroot/128/memory.events" dev="tmpfs" ino=673 res=1 errno=0
[  146.086461][ T8284] netlink: 20 bytes leftover after parsing attributes in process `syz.3.614'.
[  146.136199][ T8284] 8021q: VLANs not supported on gre0
[  146.409269][ T8294] netlink: 'syz.4.616': attribute type 10 has an invalid length.
[  146.485372][ T8297] gretap0: entered promiscuous mode
[  146.493900][ T8297] vlan2: entered promiscuous mode
[  146.588686][ T8069] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  146.628334][ T8069] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  146.673152][ T8069] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  146.690035][ T8069] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  146.801375][ T8069] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.842020][ T8069] 8021q: adding VLAN 0 to HW filter on device team0
[  146.900548][ T6316] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.907760][ T6316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.107914][ T6313] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.115100][ T6313] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.142594][ T5838] Bluetooth: hci2: command tx timeout
[  147.242871][ T8322] netlink: 300 bytes leftover after parsing attributes in process `syz.0.623'.
[  147.258850][   T30] audit: type=1800 audit(1751036344.855:53): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.623" name="memory.events" dev="tmpfs" ino=689 res=0 errno=0
[  147.320630][   T30] audit: type=1804 audit(1751036344.855:54): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.623" name="/newroot/131/memory.events" dev="tmpfs" ino=689 res=1 errno=0
[  147.347536][ T8320] netlink: 8 bytes leftover after parsing attributes in process `syz.2.624'.
[  147.475059][ T8328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.625'.
[  147.615270][ T8331] syzkaller0: entered promiscuous mode
[  147.620846][ T8331] syzkaller0: entered allmulticast mode
[  147.957559][ T8069] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.001875][ T8318] lo speed is unknown, defaulting to 1000
[  148.014618][ T8318] lo speed is unknown, defaulting to 1000
[  148.031368][ T8069] veth0_vlan: entered promiscuous mode
[  148.039019][ T8318] lo speed is unknown, defaulting to 1000
[  148.049000][ T8069] veth1_vlan: entered promiscuous mode
[  148.066069][ T8318] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  148.084863][ T8318] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  148.099220][ T8069] veth0_macvtap: entered promiscuous mode
[  148.119461][ T8318] lo speed is unknown, defaulting to 1000
[  148.119969][ T8069] veth1_macvtap: entered promiscuous mode
[  148.136852][ T8318] lo speed is unknown, defaulting to 1000
[  148.151913][ T8069] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.163069][ T8318] lo speed is unknown, defaulting to 1000
[  148.171091][ T8318] lo speed is unknown, defaulting to 1000
[  148.176801][ T8069] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.207698][ T8318] lo speed is unknown, defaulting to 1000
[  148.223131][ T8318] lo speed is unknown, defaulting to 1000
[  148.230533][ T6313] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.248928][ T6313] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.279074][ T6313] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.300045][ T6313] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.385957][ T8347] netlink: 'syz.2.629': attribute type 10 has an invalid length.
[  148.675617][ T8355] netlink: 12 bytes leftover after parsing attributes in process `syz.4.632'.
[  148.699933][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.718523][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.733798][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.634'.
[  148.751931][ T8362] netlink: 12 bytes leftover after parsing attributes in process `syz.3.635'.
[  148.841316][   T30] audit: type=1800 audit(1751036346.455:55): pid=8365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.636" name="memory.events" dev="tmpfs" ino=782 res=0 errno=0
[  148.869388][   T30] audit: type=1804 audit(1751036346.485:56): pid=8365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.636" name="/newroot/149/memory.events" dev="tmpfs" ino=782 res=1 errno=0
[  148.967110][ T8373] netlink: 'syz.3.635': attribute type 2 has an invalid length.
[  149.014737][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.033879][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.079340][ T8373] : entered promiscuous mode
[  149.748485][ T8397] x_tables: ip_tables: udp match: only valid for protocol 17
[  150.088020][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.175395][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.426920][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.580199][ T8408] netlink: 'syz.4.646': attribute type 10 has an invalid length.
[  150.584783][ T8406] __nla_validate_parse: 1 callbacks suppressed
[  150.584799][ T8406] netlink: 28 bytes leftover after parsing attributes in process `syz.0.643'.
[  150.614105][ T8409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.644'.
[  150.627032][ T8409] netlink: 4 bytes leftover after parsing attributes in process `syz.2.644'.
[  150.636041][ T8406] netlink: 28 bytes leftover after parsing attributes in process `syz.0.643'.
[  150.678806][ T2990] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  150.713284][ T2990] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  150.741161][ T2990] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  150.815723][ T2990] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  150.848667][ T8412] syzkaller0: entered promiscuous mode
[  150.857941][ T8412] syzkaller0: entered allmulticast mode
[  150.973725][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.087189][   T30] audit: type=1800 audit(1751036348.705:57): pid=8418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.648" name="memory.events" dev="tmpfs" ino=803 res=0 errno=0
[  151.087354][ T8418] netlink: 292 bytes leftover after parsing attributes in process `syz.2.648'.
[  151.140015][   T30] audit: type=1804 audit(1751036348.705:58): pid=8418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.648" name="/newroot/153/memory.events" dev="tmpfs" ino=803 res=1 errno=0
[  151.227834][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  151.238093][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  151.248916][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  151.264537][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  151.274431][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  151.375816][   T13] bridge_slave_1: left allmulticast mode
[  151.392107][   T13] bridge_slave_1: left promiscuous mode
[  151.406163][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.415642][ T8423] x_tables: duplicate underflow at hook 2
[  151.427792][   T13] bridge_slave_0: left allmulticast mode
[  151.433734][   T13] bridge_slave_0: left promiscuous mode
[  151.441732][ T8423] netlink: 28 bytes leftover after parsing attributes in process `syz.2.649'.
[  151.451313][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.778126][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.789334][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.799541][   T13] bond0 (unregistering): Released all slaves
[  151.960946][ T8426] bond3 (unregistering): Released all slaves
[  151.989164][ T8433] netlink: 44 bytes leftover after parsing attributes in process `syz.3.652'.
[  152.206295][ T8439] netlink: 'syz.2.655': attribute type 2 has an invalid length.
[  152.287467][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.656'.
[  152.518966][ T8446] netlink: 'syz.4.657': attribute type 10 has an invalid length.
[  152.550143][   T30] audit: type=1800 audit(1751036350.165:59): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.659" name="memory.events" dev="tmpfs" ino=736 res=0 errno=0
[  152.551557][ T8448] netlink: 292 bytes leftover after parsing attributes in process `syz.3.659'.
[  152.576113][   T30] audit: type=1804 audit(1751036350.165:60): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.659" name="/newroot/140/memory.events" dev="tmpfs" ino=736 res=1 errno=0
[  152.699736][   T13] hsr_slave_0: left promiscuous mode
[  152.708091][   T13] hsr_slave_1: left promiscuous mode
[  152.715881][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.723571][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.731346][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.739432][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.760479][   T13] veth1_macvtap: left promiscuous mode
[  152.767149][   T13] veth0_macvtap: left promiscuous mode
[  152.772825][   T13] veth1_vlan: left promiscuous mode
[  152.778171][   T13] veth0_vlan: left promiscuous mode
[  153.141793][   T13] team0 (unregistering): Port device team_slave_1 removed
[  153.177613][   T13] team0 (unregistering): Port device team_slave_0 removed
[  153.303352][ T5838] Bluetooth: hci2: command tx timeout
[  153.739807][ T8463] netlink: 'syz.2.665': attribute type 8 has an invalid length.
[  153.745915][ T8464] syzkaller0: entered promiscuous mode
[  153.753178][ T8464] syzkaller0: entered allmulticast mode
[  153.831402][ T8469] netlink: 44 bytes leftover after parsing attributes in process `syz.0.666'.
[  153.893333][ T8419] chnl_net:caif_netlink_parms(): no params data found
[  154.051330][   T30] audit: type=1800 audit(1751036351.665:61): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.670" name="memory.events" dev="tmpfs" ino=731 res=0 errno=0
[  154.075267][   T30] audit: type=1804 audit(1751036351.695:62): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.670" name="/newroot/139/memory.events" dev="tmpfs" ino=731 res=1 errno=0
[  154.189144][ T8419] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.199564][ T8419] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.207984][ T8419] bridge_slave_0: entered allmulticast mode
[  154.235599][ T8419] bridge_slave_0: entered promiscuous mode
[  154.255205][ T8419] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.282513][ T8419] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.289748][ T8419] bridge_slave_1: entered allmulticast mode
[  154.298213][ T8419] bridge_slave_1: entered promiscuous mode
[  154.421533][ T8492] netlink: 'syz.0.674': attribute type 10 has an invalid length.
[  154.500196][ T8419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.532869][ T8419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.706947][ T8419] team0: Port device team_slave_0 added
[  154.731066][ T8419] team0: Port device team_slave_1 added
[  154.833345][ T8419] batman_adv: batadv0: Adding interface: batadv_slave_0
[  154.872298][ T8419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.928338][ T8419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.966427][ T8419] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.992737][ T8419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.038268][ T8419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.148664][   T30] audit: type=1800 audit(1751036352.755:63): pid=8514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.682" name="memory.events" dev="tmpfs" ino=757 res=0 errno=0
[  155.204963][   T30] audit: type=1804 audit(1751036352.755:64): pid=8514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.682" name="/newroot/144/memory.events" dev="tmpfs" ino=757 res=1 errno=0
[  155.295018][ T8419] hsr_slave_0: entered promiscuous mode
[  155.315858][ T8419] hsr_slave_1: entered promiscuous mode
[  155.382456][ T5838] Bluetooth: hci2: command tx timeout
[  156.293807][ T8523] __nla_validate_parse: 3 callbacks suppressed
[  156.293824][ T8523] netlink: 44 bytes leftover after parsing attributes in process `syz.2.684'.
[  156.396492][ T8526] syzkaller0: entered promiscuous mode
[  156.415119][ T8526] syzkaller0: entered allmulticast mode
[  156.478313][ T8530] netlink: 'syz.2.688': attribute type 10 has an invalid length.
[  156.547178][ T8534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.690'.
[  156.569977][ T8534] batadv0: entered promiscuous mode
[  156.575989][ T8534] macsec1: entered allmulticast mode
[  156.581395][ T8534] batadv0: entered allmulticast mode
[  156.590393][ T8534] batadv0: left allmulticast mode
[  156.599154][ T8534] batadv0: left promiscuous mode
[  156.613105][ T8538] netlink: 'syz.4.690': attribute type 33 has an invalid length.
[  156.620864][ T8538] netlink: 152 bytes leftover after parsing attributes in process `syz.4.690'.
[  156.774758][ T8541] netlink: 'syz.3.692': attribute type 1 has an invalid length.
[  156.782863][ T8541] netlink: 232 bytes leftover after parsing attributes in process `syz.3.692'.
[  157.022768][ T8549] netlink: 'syz.3.694': attribute type 11 has an invalid length.
[  157.038252][ T8549] netlink: 224 bytes leftover after parsing attributes in process `syz.3.694'.
[  157.044904][ T8551] netlink: 292 bytes leftover after parsing attributes in process `syz.2.696'.
[  157.049007][   T30] audit: type=1800 audit(1751036354.655:65): pid=8551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.696" name="memory.events" dev="tmpfs" ino=864 res=0 errno=0
[  157.091714][ T8419] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  157.107417][   T30] audit: type=1804 audit(1751036354.655:66): pid=8551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.696" name="/newroot/165/memory.events" dev="tmpfs" ino=864 res=1 errno=0
[  157.134719][ T8419] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  157.228564][ T8419] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  157.247830][ T8419] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  157.261109][ T8558] netlink: 60 bytes leftover after parsing attributes in process `syz.3.699'.
[  157.290274][ T8557] netlink: 60 bytes leftover after parsing attributes in process `syz.3.699'.
[  157.421131][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.698'.
[  157.462302][ T5838] Bluetooth: hci2: command tx timeout
[  157.476631][   T58] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.677578][   T58] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.777120][   T58] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.880182][ T8419] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.925126][   T58] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.033910][ T8419] 8021q: adding VLAN 0 to HW filter on device team0
[  158.059928][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.067149][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.102262][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.109480][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.437724][   T58] bridge_slave_1: left allmulticast mode
[  158.459700][   T58] bridge_slave_1: left promiscuous mode
[  158.479372][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.591148][   T58] bridge_slave_0: left allmulticast mode
[  158.618372][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  158.627157][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  158.629745][   T30] audit: type=1800 audit(1751036356.245:67): pid=8593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.708" name="memory.events" dev="tmpfs" ino=881 res=0 errno=0
[  158.634850][   T58] bridge_slave_0: left promiscuous mode
[  158.661817][ T8593] netlink: 308 bytes leftover after parsing attributes in process `syz.2.708'.
[  158.662600][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  158.671140][   T30] audit: type=1804 audit(1751036356.275:68): pid=8593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.708" name="/newroot/168/memory.events" dev="tmpfs" ino=881 res=1 errno=0
[  158.699826][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.714442][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  158.727408][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  159.048390][   T58] bond0 (unregistering): left promiscuous mode
[  159.054642][   T58] bond_slave_0: left promiscuous mode
[  159.060150][   T58] bond_slave_1: left promiscuous mode
[  159.067312][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.077851][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.088504][   T58] bond0 (unregistering): Released all slaves
[  159.299956][ T8598] geneve2: entered allmulticast mode
[  159.336347][ T8601] netlink: 'syz.2.709': attribute type 1 has an invalid length.
[  159.542435][ T5838] Bluetooth: hci2: command tx timeout
[  160.191103][ T8419] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.232028][ T8590] chnl_net:caif_netlink_parms(): no params data found
[  160.269474][ T8632] netlink: 'syz.3.718': attribute type 11 has an invalid length.
[  160.433224][ T8632] FAULT_INJECTION: forcing a failure.
[  160.433224][ T8632] name failslab, interval 1, probability 0, space 0, times 0
[  160.454948][ T8632] CPU: 1 UID: 0 PID: 8632 Comm: syz.3.718 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  160.454984][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.454994][ T8632] Call Trace:
[  160.455001][ T8632]  <TASK>
[  160.455009][ T8632]  dump_stack_lvl+0x189/0x250
[  160.455040][ T8632]  ? __pfx____ratelimit+0x10/0x10
[  160.455060][ T8632]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.455084][ T8632]  ? __pfx__printk+0x10/0x10
[  160.455109][ T8632]  ? __pfx___might_resched+0x10/0x10
[  160.455133][ T8632]  ? fs_reclaim_acquire+0x7d/0x100
[  160.455158][ T8632]  should_fail_ex+0x414/0x560
[  160.455185][ T8632]  should_failslab+0xa8/0x100
[  160.455205][ T8632]  __kmalloc_node_noprof+0xd1/0x4e0
[  160.455222][ T8632]  ? alloc_slab_obj_exts+0x39/0xa0
[  160.455251][ T8632]  alloc_slab_obj_exts+0x39/0xa0
[  160.455275][ T8632]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  160.455320][ T8632]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[  160.455343][ T8632]  ? fib_table_insert+0x4a7/0x1b50
[  160.455371][ T8632]  fib_table_insert+0x4a7/0x1b50
[  160.455411][ T8632]  ? l3mdev_fib_table+0x18/0x160
[  160.455444][ T8632]  fib_magic+0x2c4/0x390
[  160.455467][ T8632]  ? __pfx_fib_magic+0x10/0x10
[  160.455481][ T8632]  ? queue_work_on+0x1ed/0x270
[  160.455516][ T8632]  ? addr_event+0x34f/0x470
[  160.455542][ T8632]  fib_add_ifaddr+0x144/0x5f0
[  160.455569][ T8632]  fib_inetaddr_event+0x12e/0x190
[  160.455590][ T8632]  notifier_call_chain+0x1b3/0x3e0
[  160.455624][ T8632]  blocking_notifier_call_chain+0x6a/0x90
[  160.455645][ T8632]  __inet_insert_ifa+0xa13/0xbf0
[  160.455686][ T8632]  ? __pfx___inet_insert_ifa+0x10/0x10
[  160.455736][ T8632]  inet_rtm_newaddr+0xf3a/0x18b0
[  160.455770][ T8632]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  160.455811][ T8632]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  160.455835][ T8632]  rtnetlink_rcv_msg+0x7cc/0xb70
[  160.455861][ T8632]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  160.455879][ T8632]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.455897][ T8632]  ? ref_tracker_free+0x63a/0x7d0
[  160.455916][ T8632]  ? __copy_skb_header+0xa7/0x550
[  160.455942][ T8632]  ? __pfx_ref_tracker_free+0x10/0x10
[  160.455963][ T8632]  ? __skb_clone+0x63/0x7a0
[  160.456002][ T8632]  netlink_rcv_skb+0x208/0x470
[  160.456024][ T8632]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.456046][ T8632]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  160.456081][ T8632]  ? netlink_deliver_tap+0x2e/0x1b0
[  160.456100][ T8632]  ? netlink_deliver_tap+0x2e/0x1b0
[  160.456127][ T8632]  netlink_unicast+0x75b/0x8d0
[  160.456158][ T8632]  netlink_sendmsg+0x805/0xb30
[  160.456189][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.456214][ T8632]  ? aa_sock_msg_perm+0x94/0x160
[  160.456236][ T8632]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  160.456257][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.456278][ T8632]  __sock_sendmsg+0x219/0x270
[  160.456300][ T8632]  ____sys_sendmsg+0x505/0x830
[  160.456330][ T8632]  ? __pfx_____sys_sendmsg+0x10/0x10
[  160.456364][ T8632]  ? import_iovec+0x74/0xa0
[  160.456385][ T8632]  ___sys_sendmsg+0x21f/0x2a0
[  160.456411][ T8632]  ? __pfx____sys_sendmsg+0x10/0x10
[  160.456475][ T8632]  ? __fget_files+0x2a/0x420
[  160.456492][ T8632]  ? __fget_files+0x3a0/0x420
[  160.456522][ T8632]  __x64_sys_sendmsg+0x19b/0x260
[  160.456548][ T8632]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  160.456582][ T8632]  ? __pfx_ksys_write+0x10/0x10
[  160.456604][ T8632]  ? rcu_is_watching+0x15/0xb0
[  160.456634][ T8632]  ? do_syscall_64+0xbe/0x3b0
[  160.456658][ T8632]  do_syscall_64+0xfa/0x3b0
[  160.456676][ T8632]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.456695][ T8632]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.456712][ T8632]  ? clear_bhb_loop+0x60/0xb0
[  160.456734][ T8632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.456750][ T8632] RIP: 0033:0x7fd63c58e929
[  160.456766][ T8632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.456780][ T8632] RSP: 002b:00007fd63d459038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  160.456798][ T8632] RAX: ffffffffffffffda RBX: 00007fd63c7b5fa0 RCX: 00007fd63c58e929
[  160.456811][ T8632] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  160.456822][ T8632] RBP: 00007fd63d459090 R08: 0000000000000000 R09: 0000000000000000
[  160.456832][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  160.456843][ T8632] R13: 0000000000000000 R14: 00007fd63c7b5fa0 R15: 00007ffeb203a368
[  160.456873][ T8632]  </TASK>
[  160.895551][ T5838] Bluetooth: hci4: command tx timeout
[  161.024340][   T30] audit: type=1800 audit(1751036358.645:69): pid=8639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.719" name="memory.events" dev="tmpfs" ino=829 res=0 errno=0
[  161.045926][   T30] audit: type=1804 audit(1751036358.645:70): pid=8639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.719" name="/newroot/158/memory.events" dev="tmpfs" ino=829 res=1 errno=0
[  161.071502][   T58] team0: left promiscuous mode
[  161.081891][   T58] team_slave_0: left promiscuous mode
[  161.088164][   T58] team_slave_1: left promiscuous mode
[  161.108263][   T58] hsr_slave_0: left promiscuous mode
[  161.118290][   T58] hsr_slave_1: left promiscuous mode
[  161.124373][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.132156][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.145261][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.153289][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.175906][   T58] veth1_macvtap: left promiscuous mode
[  161.181465][   T58] veth0_macvtap: left promiscuous mode
[  161.187364][   T58] veth1_vlan: left promiscuous mode
[  161.192716][   T58] veth0_vlan: left promiscuous mode
[  161.797245][ T8653] netlink: 'syz.0.722': attribute type 2 has an invalid length.
[  161.954379][   T58] team0 (unregistering): Port device team_slave_1 removed
[  161.988115][   T58] team0 (unregistering): Port device team_slave_0 removed
[  162.370484][ T8590] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.380821][ T8590] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.395383][ T8590] bridge_slave_0: entered allmulticast mode
[  162.404935][ T8590] bridge_slave_0: entered promiscuous mode
[  162.455778][ T8590] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.465589][ T8590] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.480138][ T8590] bridge_slave_1: entered allmulticast mode
[  162.498648][ T8590] bridge_slave_1: entered promiscuous mode
[  162.635256][ T8590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.865324][ T8590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.889163][ T8419] veth0_vlan: entered promiscuous mode
[  162.981378][ T8590] team0: Port device team_slave_0 added
[  162.982489][ T5838] Bluetooth: hci4: command tx timeout
[  163.008970][ T8419] veth1_vlan: entered promiscuous mode
[  163.017752][ T8590] team0: Port device team_slave_1 added
[  163.077986][ T8590] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.092433][ T8590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.133625][ T8679] netlink: 'syz.2.729': attribute type 10 has an invalid length.
[  163.147011][ T8590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.194154][ T8590] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.201220][ T8590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.228435][ T8590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.256179][ T8419] veth0_macvtap: entered promiscuous mode
[  163.319767][ T8590] hsr_slave_0: entered promiscuous mode
[  163.326841][ T8590] hsr_slave_1: entered promiscuous mode
[  163.334279][ T8590] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  163.342046][ T8590] Cannot create hsr debugfs directory
[  163.358025][ T8419] veth1_macvtap: entered promiscuous mode
[  163.466757][ T8419] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.500034][ T8682] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.565274][ T8419] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.606225][ T8685] __nla_validate_parse: 5 callbacks suppressed
[  163.606244][ T8685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.730'.
[  163.607141][ T8682] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.734441][ T8682] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.793193][ T6316] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.811508][ T6316] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.915519][ T8682] bond0: (slave netdevsim0): Releasing backup interface
[  163.928367][ T8682] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.946372][ T6316] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.956389][ T6316] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.409776][ T6313] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.429486][ T6313] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.456895][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.473570][   T30] audit: type=1800 audit(1751036362.095:71): pid=8697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.734" name="memory.events" dev="tmpfs" ino=938 res=0 errno=0
[  164.475418][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.503208][ T8697] netlink: 308 bytes leftover after parsing attributes in process `syz.2.734'.
[  164.511903][   T30] audit: type=1804 audit(1751036362.095:72): pid=8697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.734" name="/newroot/179/memory.events" dev="tmpfs" ino=938 res=1 errno=0
[  164.567525][   T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.615581][   T36] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.654201][ T6313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.672591][ T6313] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.894738][ T8708] pim6reg1: entered promiscuous mode
[  164.900195][ T8708] pim6reg1: entered allmulticast mode
[  164.982105][ T8590] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  165.072455][ T5838] Bluetooth: hci4: command tx timeout
[  165.141624][ T8590] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  165.215714][ T8590] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  165.278161][ T8590] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  165.492929][ T8721] netlink: 32 bytes leftover after parsing attributes in process `syz.2.740'.
[  165.547429][   T48] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.578596][ T8590] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.597441][ T8590] 8021q: adding VLAN 0 to HW filter on device team0
[  165.624031][   T48] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.641473][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.648610][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.662126][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.669315][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.737278][   T48] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.804992][   T48] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.940846][   T48] bridge_slave_1: left allmulticast mode
[  165.947650][   T48] bridge_slave_1: left promiscuous mode
[  165.954479][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.965043][   T48] bridge_slave_0: left allmulticast mode
[  165.970685][   T48] bridge_slave_0: left promiscuous mode
[  165.976959][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.236972][ T8734] netlink: 96 bytes leftover after parsing attributes in process `syz.2.742'.
[  166.535427][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  166.556426][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  166.573148][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  166.593917][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  166.609912][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  166.637024][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.651966][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.662545][   T48] bond0 (unregistering): Released all slaves
[  166.740475][ T8590] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.894454][   T30] audit: type=1800 audit(1751036364.505:73): pid=8748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.746" name="memory.events" dev="tmpfs" ino=961 res=0 errno=0
[  166.916488][ T8748] netlink: 316 bytes leftover after parsing attributes in process `syz.2.746'.
[  166.920569][   T30] audit: type=1804 audit(1751036364.515:74): pid=8748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.746" name="/newroot/183/memory.events" dev="tmpfs" ino=961 res=1 errno=0
[  167.147938][ T5842] Bluetooth: hci4: command tx timeout
[  167.298267][   T48] hsr_slave_0: left promiscuous mode
[  167.301783][ T8766] IPv6: Can't replace route, no match found
[  167.310334][   T48] hsr_slave_1: left promiscuous mode
[  167.321946][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.330256][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.343845][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.351365][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.365199][ T8769] netlink: 32 bytes leftover after parsing attributes in process `syz.2.752'.
[  167.380858][   T48] veth1_macvtap: left promiscuous mode
[  167.387175][   T48] veth0_macvtap: left promiscuous mode
[  167.393228][   T48] veth1_vlan: left promiscuous mode
[  167.398618][   T48] veth0_vlan: left promiscuous mode
[  167.746557][   T48] team0 (unregistering): Port device team_slave_1 removed
[  167.777749][   T48] team0 (unregistering): Port device team_slave_0 removed
[  168.296212][ T8590] veth0_vlan: entered promiscuous mode
[  168.452482][ T8774] syzkaller0: entered promiscuous mode
[  168.458419][ T8774] syzkaller0: entered allmulticast mode
[  168.675571][ T5842] Bluetooth: hci2: command tx timeout
[  169.685679][ T8739] chnl_net:caif_netlink_parms(): no params data found
[  169.743456][ T8590] veth1_vlan: entered promiscuous mode
[  169.776542][   T30] audit: type=1800 audit(1751036367.395:75): pid=8787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.758" name="memory.events" dev="tmpfs" ino=885 res=0 errno=0
[  169.809832][ T8787] netlink: 316 bytes leftover after parsing attributes in process `syz.3.758'.
[  169.819816][   T30] audit: type=1804 audit(1751036367.425:76): pid=8787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.758" name="/newroot/169/memory.events" dev="tmpfs" ino=885 res=1 errno=0
[  170.030819][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.762'.
[  170.066542][ T8802] netlink: 'syz.3.763': attribute type 10 has an invalid length.
[  170.104317][ T8739] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.112523][ T8739] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.119721][ T8739] bridge_slave_0: entered allmulticast mode
[  170.127520][ T8739] bridge_slave_0: entered promiscuous mode
[  170.138929][ T8739] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.146830][ T8739] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.154191][ T8739] bridge_slave_1: entered allmulticast mode
[  170.164312][ T8739] bridge_slave_1: entered promiscuous mode
[  170.181876][ T8807] netlink: 32 bytes leftover after parsing attributes in process `syz.0.764'.
[  170.207428][ T8590] veth0_macvtap: entered promiscuous mode
[  170.234319][ T8809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.244702][ T8809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.271508][ T8809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.294238][ T8590] veth1_macvtap: entered promiscuous mode
[  170.302118][ T8809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.346312][ T8739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.358634][ T8809] netlink: 'syz.2.765': attribute type 21 has an invalid length.
[  170.367732][ T8809] netlink: 128 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.382113][ T8739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.393061][ T8809] netlink: 'syz.2.765': attribute type 4 has an invalid length.
[  170.400713][ T8809] netlink: 'syz.2.765': attribute type 5 has an invalid length.
[  170.410571][ T8809] netlink: 3 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.461574][ T8590] batman_adv: batadv0: Interface activated: batadv_slave_0
[  170.476459][ T8809] netlink: 'syz.2.765': attribute type 11 has an invalid length.
[  170.509134][ T8809] netlink: 44 bytes leftover after parsing attributes in process `syz.2.765'.
[  170.531715][ T8590] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.547857][ T8739] team0: Port device team_slave_0 added
[  170.573630][ T8739] team0: Port device team_slave_1 added
[  170.699841][ T8739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  170.737339][ T8739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.772243][ T5842] Bluetooth: hci2: command tx timeout
[  170.842235][ T8739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  170.855563][ T8739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  170.863215][ T8739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.889494][ T8739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.114581][ T8739] hsr_slave_0: entered promiscuous mode
[  171.159252][ T8739] hsr_slave_1: entered promiscuous mode
[  171.290520][   T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  171.348132][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  171.397892][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  171.448977][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  171.592927][ T8827] FAULT_INJECTION: forcing a failure.
[  171.592927][ T8827] name failslab, interval 1, probability 0, space 0, times 0
[  171.623198][ T8827] CPU: 1 UID: 0 PID: 8827 Comm: syz.0.771 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  171.623224][ T8827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.623236][ T8827] Call Trace:
[  171.623244][ T8827]  <TASK>
[  171.623252][ T8827]  dump_stack_lvl+0x189/0x250
[  171.623282][ T8827]  ? __pfx____ratelimit+0x10/0x10
[  171.623302][ T8827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.623327][ T8827]  ? __pfx__printk+0x10/0x10
[  171.623352][ T8827]  ? __pfx___might_resched+0x10/0x10
[  171.623375][ T8827]  ? fs_reclaim_acquire+0x7d/0x100
[  171.623401][ T8827]  should_fail_ex+0x414/0x560
[  171.623428][ T8827]  should_failslab+0xa8/0x100
[  171.623448][ T8827]  __kmalloc_cache_noprof+0x70/0x3d0
[  171.623465][ T8827]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  171.623490][ T8827]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  171.623521][ T8827]  sctp_association_new+0x15d3/0x25f0
[  171.623561][ T8827]  sctp_connect_new_asoc+0x2c5/0x690
[  171.623588][ T8827]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  171.623610][ T8827]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  171.623633][ T8827]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  171.623653][ T8827]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  171.623676][ T8827]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  171.623697][ T8827]  ? security_sctp_bind_connect+0x7e/0x2e0
[  171.623719][ T8827]  sctp_sendmsg+0x155c/0x2810
[  171.623754][ T8827]  ? __pfx_sctp_sendmsg+0x10/0x10
[  171.623780][ T8827]  ? aa_sk_perm+0x81e/0x950
[  171.623804][ T8827]  ? __pfx_aa_sk_perm+0x10/0x10
[  171.623827][ T8827]  ? sock_rps_record_flow+0x19/0x410
[  171.623856][ T8827]  ? inet_sendmsg+0x2f4/0x370
[  171.623870][ T8827]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  171.623891][ T8827]  __sock_sendmsg+0x19c/0x270
[  171.623913][ T8827]  __sys_sendto+0x3bd/0x520
[  171.623937][ T8827]  ? __pfx___sys_sendto+0x10/0x10
[  171.623956][ T8827]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  171.623991][ T8827]  ? __fget_files+0x3a0/0x420
[  171.624021][ T8827]  ? ksys_write+0x22a/0x250
[  171.624048][ T8827]  ? __pfx_ksys_write+0x10/0x10
[  171.624069][ T8827]  ? rcu_is_watching+0x15/0xb0
[  171.624100][ T8827]  __x64_sys_sendto+0xde/0x100
[  171.624125][ T8827]  do_syscall_64+0xfa/0x3b0
[  171.624144][ T8827]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.624162][ T8827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.624179][ T8827]  ? clear_bhb_loop+0x60/0xb0
[  171.624201][ T8827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.624218][ T8827] RIP: 0033:0x7f6c8c78e929
[  171.624234][ T8827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.624249][ T8827] RSP: 002b:00007f6c8d655038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  171.624268][ T8827] RAX: ffffffffffffffda RBX: 00007f6c8c9b5fa0 RCX: 00007f6c8c78e929
[  171.624281][ T8827] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[  171.624293][ T8827] RBP: 00007f6c8d655090 R08: 0000200000000000 R09: 0000000000000010
[  171.624304][ T8827] R10: e61e2840a554b0d0 R11: 0000000000000246 R12: 0000000000000001
[  171.624316][ T8827] R13: 0000000000000000 R14: 00007f6c8c9b5fa0 R15: 00007fff5bdd49e8
[  171.624346][ T8827]  </TASK>
[  172.119358][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  172.146532][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  172.173876][ T8817] syzkaller1: entered promiscuous mode
[  172.179518][ T8817] syzkaller1: entered allmulticast mode
[  172.356185][   T30] audit: type=1800 audit(1751036369.975:77): pid=8835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.773" name="memory.events" dev="tmpfs" ino=896 res=0 errno=0
[  172.384592][   T30] audit: type=1804 audit(1751036369.975:78): pid=8835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.773" name="/newroot/171/memory.events" dev="tmpfs" ino=896 res=1 errno=0
[  172.444449][ T6316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  172.462341][ T6316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  172.665936][ T8843] netlink: 'syz.3.776': attribute type 10 has an invalid length.
[  172.763375][ T8590] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI
[  172.775300][ T8590] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  172.783708][ T8590] CPU: 1 UID: 0 PID: 8590 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  172.795841][ T8590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.805881][ T8590] RIP: 0010:klist_remove+0x14a/0x340
[  172.811158][ T8590] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 39 c7 c5 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 1a c7 c5 f6 49 8b 44 24 58 48 89 44 24 08
[  172.830747][ T8590] RSP: 0018:ffffc90003d1f840 EFLAGS: 00010202
[  172.836802][ T8590] RAX: 000000000000000b RBX: ffff888025603c00 RCX: 0000000000000000
[  172.844756][ T8590] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
[  172.852712][ T8590] RBP: ffffc90003d1f928 R08: ffffffff8f87bf43 R09: 1ffffffff1f0f7e8
[  172.860678][ T8590] R10: dffffc0000000000 R11: fffffbfff1f0f7e9 R12: 0000000000000000
[  172.868635][ T8590] R13: 1ffff1100b2bdd8c R14: ffff8880595eec60 R15: dffffc0000000000
[  172.876591][ T8590] FS:  0000000000000000(0000) GS:ffff888125d48000(0000) knlGS:0000000000000000
[  172.885557][ T8590] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  172.892122][ T8590] CR2: 0000001b2fe13ff8 CR3: 0000000032dd4000 CR4: 00000000003526f0
[  172.900077][ T8590] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  172.908030][ T8590] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  172.915983][ T8590] Call Trace:
[  172.919249][ T8590]  <TASK>
[  172.922167][ T8590]  ? __pfx_klist_remove+0x10/0x10
[  172.927186][ T8590]  ? __pfx_kobject_move+0x10/0x10
[  172.932197][ T8590]  ? get_device_parent+0x366/0x3a0
[  172.937293][ T8590]  device_move+0x193/0x700
[  172.941695][ T8590]  hci_conn_del_sysfs+0xb8/0x170
[  172.946646][ T8590]  hci_conn_del+0x8ff/0xcb0
[  172.951138][ T8590]  hci_conn_hash_flush+0x191/0x230
[  172.956239][ T8590]  hci_dev_close_sync+0xaef/0x1330
[  172.961339][ T8590]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  172.966866][ T8590]  ? up_write+0x1c4/0x420
[  172.971182][ T8590]  hci_unregister_dev+0x21a/0x510
[  172.976188][ T8590]  vhci_release+0x80/0xd0
[  172.980502][ T8590]  ? __pfx_vhci_release+0x10/0x10
[  172.985509][ T8590]  __fput+0x44c/0xa70
[  172.989485][ T8590]  task_work_run+0x1d1/0x260
[  172.994062][ T8590]  ? __pfx_task_work_run+0x10/0x10
[  172.999166][ T8590]  ? kmem_cache_free+0x18f/0x400
[  173.004085][ T8590]  do_exit+0x6b5/0x22e0
[  173.008225][ T8590]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  173.013584][ T8590]  ? __pfx_do_exit+0x10/0x10
[  173.018164][ T8590]  ? _raw_spin_unlock_irq+0x23/0x50
[  173.023345][ T8590]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.028534][ T8590]  do_group_exit+0x21c/0x2d0
[  173.033108][ T8590]  __x64_sys_exit_group+0x3f/0x40
[  173.038114][ T8590]  x64_sys_call+0x21ba/0x21c0
[  173.042773][ T8590]  do_syscall_64+0xfa/0x3b0
[  173.047259][ T8590]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.052442][ T8590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.058489][ T8590]  ? clear_bhb_loop+0x60/0xb0
[  173.063153][ T8590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.069028][ T8590] RIP: 0033:0x7fbfdcb8e929
[  173.073423][ T8590] Code: Unable to access opcode bytes at 0x7fbfdcb8e8ff.
[  173.080422][ T8590] RSP: 002b:00007fffc0b37888 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  173.088818][ T8590] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbfdcb8e929
[  173.096772][ T8590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  173.104763][ T8590] RBP: 00007fbfdcbee8f0 R08: 00007fffc0b35627 R09: 0000000000000003
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  173.112718][ T8590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.120674][ T8590] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fffc0b37a40
[  173.128635][ T8590]  </TASK>
[  173.131644][ T8590] Modules linked in:
[  173.136566][ T8590] ---[ end trace 0000000000000000 ]---
[  173.142782][ T8590] RIP: 0010:klist_remove+0x14a/0x340
[  173.148347][ T8590] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 39 c7 c5 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 1a c7 c5 f6 49 8b 44 24 58 48 89 44 24 08
[  173.162423][ T5842] Bluetooth: hci2: command tx timeout
[  173.202945][ T8590] RSP: 0018:ffffc90003d1f840 EFLAGS: 00010202
[  173.209167][ T8590] RAX: 000000000000000b RBX: ffff888025603c00 RCX: 0000000000000000
[  173.218098][ T8590] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058
[  173.226532][ T8590] RBP: ffffc90003d1f928 R08: ffffffff8f87bf43 R09: 1ffffffff1f0f7e8
[  173.234587][ T8590] R10: dffffc0000000000 R11: fffffbfff1f0f7e9 R12: 0000000000000000
[  173.244580][ T8590] R13: 1ffff1100b2bdd8c R14: ffff8880595eec60 R15: dffffc0000000000
[  173.252625][ T8590] FS:  0000000000000000(0000) GS:ffff888125d48000(0000) knlGS:0000000000000000
[  173.261571][ T8590] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  173.268276][ T8590] CR2: 00007fea70ae7d60 CR3: 0000000034dfe000 CR4: 00000000003526f0
[  173.276901][ T8590] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  173.284946][ T8590] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  173.293567][ T8590] Kernel panic - not syncing: Fatal exception
[  173.299976][ T8590] Kernel Offset: disabled
[  173.304305][ T8590] Rebooting in 86400 seconds..