last executing test programs:

1m43.410966608s ago: executing program 2 (id=1223):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0xfdef}], 0x1}}], 0x1, 0x800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@cred={{0x1c}}], 0x20}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000006d0001000000000000000000003c0000", @ANYRES32=r3, @ANYBLOB="000000000000000018003480140035"], 0x38}}, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000001280)={0x0, 0x4, 0x1, [0x1, 0x9, 0x5, 0x79, 0x4], [0x100000001, 0x8000000000000000, 0x2, 0x9, 0x7, 0x1, 0x40, 0x2e8f, 0x4, 0xfffffffffffffffb, 0x4, 0x740b, 0x5ed7, 0x4, 0x1ff, 0x1a9, 0xe, 0x4, 0x9, 0xb, 0x3, 0x2, 0x4, 0x6, 0xffff, 0x12, 0x2, 0x2, 0x2b, 0x1, 0x8, 0x90, 0x5, 0x7, 0xfffffffffffffffa, 0x3, 0x10, 0x4, 0x2, 0x5, 0x2, 0x4, 0x6, 0x1, 0xeec6, 0x3, 0x6, 0x2, 0x7, 0x9, 0x8, 0xffffffffffffffff, 0x9e2d, 0x5e42f3a0, 0x5, 0x4, 0x1, 0x9, 0x8, 0x9, 0x6, 0x1f3, 0x8000, 0x8, 0x1, 0x2, 0x3, 0x400, 0x6d01, 0x65, 0x360f, 0x2, 0x8d7d, 0xfff, 0x56e9, 0x1, 0x3e7, 0x1, 0x8a7, 0x2c, 0x100, 0x7, 0x0, 0xa, 0x3ff, 0x3, 0xfffffffffffffff8, 0xfffffffffffffffa, 0xffffffffffffffbb, 0x3, 0x4, 0x1, 0xff4d, 0x3e08, 0xd12, 0xfffffffffffffffd, 0x6, 0x6, 0x0, 0x2, 0x7fffffffffffffff, 0x5, 0x6, 0xffffffffffffffff, 0x24, 0xb9a, 0x6, 0x46d7, 0x657d, 0x7fffffffffffffff, 0x8001, 0x7, 0x200, 0x9, 0x9, 0x10001, 0x7fff, 0x8, 0x100000000, 0x0, 0x2]})

1m43.334382616s ago: executing program 2 (id=1227):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x6, [@func_proto, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @ptr, @func={0x4, 0x0, 0x0, 0xf, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000440)={0x0, 0x10, "68e6f0bbe5d2b8d8546827e3ed38f613"}, &(0x7f0000000540)=0x18) (async)
r1 = socket(0x10, 0x80002, 0x0) (async)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0x7d, 0x0, &(0x7f0000000300)=0x9b)
sendmsg$nl_route_sched(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newtaction={0x48, 0x30, 0x51b, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbmod={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x48}}, 0x0)

1m43.254090079s ago: executing program 2 (id=1228):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140))
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000080)={@dev, @remote, @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r2})
getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000004dc0), &(0x7f0000004e00)=0x8)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f0000000640)={@loopback={0xfc000000}, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r6})

1m43.137013381s ago: executing program 2 (id=1233):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x3f}, {0xfff1, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x6c, r4, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x400d050}, 0x4c000)
accept(r2, 0x0, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newtaction={0x68, 0x30, 0x51b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbmod={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0xf}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="d94c8f9e9390"}, @TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x68}}, 0x0)

1m43.079483017s ago: executing program 2 (id=1234):
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80803, 0x87) (async)
r1 = socket$inet6(0xa, 0x80803, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x547b31180522e14c}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast}, 0x0, @in6=@private1}}, 0xe4)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(authencesn(streebog256-generic,xchacha12-generic))\x00'}, 0x58)
close(r2)
connect$inet6(r1, &(0x7f00000000c0), 0x1c)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xfffffffffffffd39)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x202}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vti={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @broadcast}, @vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r4}]]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x840}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x202}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vti={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @broadcast}, @vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r4}]]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x840}, 0x0)

1m42.961756985s ago: executing program 2 (id=1237):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x0, 0x9, [@broadcast, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @multicast, @multicast, @empty, @broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]})
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0xee, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000100)=[{0x3, 0x3, {0x2, 0xf0, 0x2}, {0x0, 0xff, 0x4}, 0xff, 0x2}, {0x0, 0x1, {0x2, 0xff, 0x4}, {0x2, 0x62e061e93d064d32, 0xc0c31c18c98c2631}, 0x2}, {0x1, 0x2, {0x0, 0xf0, 0x2}, {0x2, 0x0, 0x1}, 0x1, 0x1}, {0x1, 0x2, {0x1, 0xf0, 0x3}, {0x2, 0xf, 0x1}, 0xfd, 0xfe}, {0x2, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x0, 0x2}, 0x2, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x2, 0xf0, 0x4}, 0xfe, 0xff}, {0x0, 0x2, {0x2}, {0x2, 0xff, 0x1}, 0xfe, 0x2}], 0xe0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711206000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x609, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x0, 0x9, [@broadcast, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @multicast, @multicast, @empty, @broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]}) (async)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0xee, 0x1) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000100)=[{0x3, 0x3, {0x2, 0xf0, 0x2}, {0x0, 0xff, 0x4}, 0xff, 0x2}, {0x0, 0x1, {0x2, 0xff, 0x4}, {0x2, 0x62e061e93d064d32, 0xc0c31c18c98c2631}, 0x2}, {0x1, 0x2, {0x0, 0xf0, 0x2}, {0x2, 0x0, 0x1}, 0x1, 0x1}, {0x1, 0x2, {0x1, 0xf0, 0x3}, {0x2, 0xf, 0x1}, 0xfd, 0xfe}, {0x2, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x0, 0x2}, 0x2, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x2, 0xf0, 0x4}, 0xfe, 0xff}, {0x0, 0x2, {0x2}, {0x2, 0xff, 0x1}, 0xfe, 0x2}], 0xe0) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711206000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x609, @void, @value}, 0x94) (async)

1m27.807983691s ago: executing program 32 (id=1237):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x0, 0x9, [@broadcast, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @multicast, @multicast, @empty, @broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]})
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0xee, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000100)=[{0x3, 0x3, {0x2, 0xf0, 0x2}, {0x0, 0xff, 0x4}, 0xff, 0x2}, {0x0, 0x1, {0x2, 0xff, 0x4}, {0x2, 0x62e061e93d064d32, 0xc0c31c18c98c2631}, 0x2}, {0x1, 0x2, {0x0, 0xf0, 0x2}, {0x2, 0x0, 0x1}, 0x1, 0x1}, {0x1, 0x2, {0x1, 0xf0, 0x3}, {0x2, 0xf, 0x1}, 0xfd, 0xfe}, {0x2, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x0, 0x2}, 0x2, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x2, 0xf0, 0x4}, 0xfe, 0xff}, {0x0, 0x2, {0x2}, {0x2, 0xff, 0x1}, 0xfe, 0x2}], 0xe0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711206000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x609, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x0, 0x9, [@broadcast, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @multicast, @multicast, @empty, @broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]}) (async)
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0xee, 0x1) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000100)=[{0x3, 0x3, {0x2, 0xf0, 0x2}, {0x0, 0xff, 0x4}, 0xff, 0x2}, {0x0, 0x1, {0x2, 0xff, 0x4}, {0x2, 0x62e061e93d064d32, 0xc0c31c18c98c2631}, 0x2}, {0x1, 0x2, {0x0, 0xf0, 0x2}, {0x2, 0x0, 0x1}, 0x1, 0x1}, {0x1, 0x2, {0x1, 0xf0, 0x3}, {0x2, 0xf, 0x1}, 0xfd, 0xfe}, {0x2, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x0, 0x2}, 0x2, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x2, 0xf0, 0x4}, 0xfe, 0xff}, {0x0, 0x2, {0x2}, {0x2, 0xff, 0x1}, 0xfe, 0x2}], 0xe0) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711206000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x609, @void, @value}, 0x94) (async)

50.434581738s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

42.164090288s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

32.276718007s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

24.892164073s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

16.049151765s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

7.960684715s ago: executing program 0 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000040000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x4050}, 0x0)

2.187142914s ago: executing program 1 (id=2694):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000171102a00000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x21}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x2, 0x3, 0x1, 0x0, 0x9f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write(r1, &(0x7f0000000340)="18000000010005", 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x848000000015, 0x80000, 0xfffffffa)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)

2.126725784s ago: executing program 5 (id=2695):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000e0000002000000000000000000000b0200"/58], 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x10001, 0x10}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000016c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x12)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x92, &(0x7f00000000c0)={@local, @random="618e38850ee1", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x5c, 0x6, 0xff, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0x2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @timestamp={0x8, 0xa, 0x0, 0xa}, @timestamp={0x8, 0xa}, @mptcp=@capable={0x1e, 0x14, 0x5, 0x8, 0xa, 0x4800000000, [0x2]}, @md5sig={0x13, 0x12, "c800"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0)
r5 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$802154_dgram(r5, &(0x7f0000000180)={0x27, @short}, 0x14)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000640)={r0, 0xffffff59, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="880000004800200029bd7000fddbdf250a007800", @ANYRES32=r6, @ANYBLOB="ff07000014000100fc020000000000000000000000000000140001000000000000009aad12329381cb8f00000000ffff0a01010114000100fe800000000000000000000000000035ad4f3909be21434341aa080002000400000014000100fe80000008000000000000000000000114000100fc0200001200"/130], 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x4c, &(0x7f0000000000), 0x4)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="4000000003080500000000000000000000000000060002400000000005000300210000117fb2e711f3dcdb400000000008000440000000000800024000000000"], 0x40}}, 0x0)
pipe(&(0x7f0000000500)={<r12=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='snd_soc_jack_report\x00', r12}, 0x18)
sendmsg$NL80211_CMD_SET_STATION(r9, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, r10, 0x400, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_STA_WME={0x4c, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x1}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x2}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x63}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x1}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xd}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x6}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x8001}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r9, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r10, 0x600, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r13}, @val={0xc, 0x99, {0xfffffff8, 0x7a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)

2.004266517s ago: executing program 4 (id=2697):
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x14, 0x80, 0x0, 0xff, 0x4, 0xfd, 0x2, 0x900}, [@RTA_OIF={0x8, 0x4, r2}]}, 0x24}}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
listen(r1, 0xfffffffc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a00009a3ef9710129bd7000fbdbdf251c802001ff040007"], 0x1c}, 0x1, 0x0, 0x0, 0xc40c5}, 0x20008011)
r6 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x38, 0x3d, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x18, 0x1, 0x0, 0x1, [@typed={0x6, 0x20, 0x0, 0x0, @str='\x05G'}, @typed={0xc, 0x20, 0x0, 0x0, @u64=0x6}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x38}}, 0x0)
write$cgroup_subtree(r6, &(0x7f00000001c0)={[{0x2b, 'net'}, {0x0, 'io'}]}, 0x9)

1.968815773s ago: executing program 1 (id=2699):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="38e6ff00", @ANYRES16, @ANYBLOB="01000000000000000000050000000c"], 0x38}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0xf0, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0x100}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x7}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xb}, {0x6, 0x11, 0xe66c}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000380)=@generic={0x0, 0x767, 0x5})
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000012002102000000000000000007"], 0x38}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000000000007111b600000000008510000002000000850000002a00000095000000000000009500a505000000008d8d72a4d2b0e866647a5563580154525990a711faae6b5efa82c515c097c645d4a49869490531e6fc004371de6a0e2aeb39db28a841fee433ca770c6799b28945ba973ff15b71d81a48f65b229efa31eb19c4d6945c8db59bf97ce0d74761c6ededcdebebfcd90759bd2cfe8b4253a9468fe5b0759b99a37a189ddd91f7bf447837"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x2a, 0xb, 0x0, 0x0, {0x5}, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x10004}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x88H'}]}]}, 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="38e6ff00", @ANYRES16, @ANYBLOB="01000000000000000000050000000c"], 0x38}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0xf0, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0x100}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x7}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xb}, {0x6, 0x11, 0xe66c}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40}, 0x80) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000380)=@generic={0x0, 0x767, 0x5}) (async)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10) (async)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000012002102000000000000000007"], 0x38}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000000000007111b600000000008510000002000000850000002a00000095000000000000009500a505000000008d8d72a4d2b0e866647a5563580154525990a711faae6b5efa82c515c097c645d4a49869490531e6fc004371de6a0e2aeb39db28a841fee433ca770c6799b28945ba973ff15b71d81a48f65b229efa31eb19c4d6945c8db59bf97ce0d74761c6ededcdebebfcd90759bd2cfe8b4253a9468fe5b0759b99a37a189ddd91f7bf447837"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x2a, 0xb, 0x0, 0x0, {0x5}, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x10004}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x88H'}]}]}, 0x28}}, 0x0) (async)

1.911138941s ago: executing program 5 (id=2700):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f00000015c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

1.831298263s ago: executing program 5 (id=2701):
r0 = socket(0x11, 0x800000003, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x88}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x260}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001200)=@newqdisc={0x8c, 0x24, 0xf0b, 0xffffffff, 0x1000000, {0x0, 0x0, 0x12, r3, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x1000, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}]}}]}, 0x8c}, 0x1, 0x7a00}, 0x0)

1.445972243s ago: executing program 1 (id=2702):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000024c0)=0x80)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x7, 0xd, 0xfffffffd, 0x1, 0x8, 0x8}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=@newtfilter={0x34, 0x2c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', <r7=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r9)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718", @ANYRES16=r9], 0x398}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={<r12=>0xffffffffffffffff})
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r13, <r14=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r12}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r14, &(0x7f00000007c0), 0x0}, 0x20)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r14, @ANYBLOB="0637330400"/20, @ANYRES32=r7, @ANYRES32, @ANYBLOB="7e0fc7eb0100"/19], 0x50)
sendmsg$NL80211_CMD_AUTHENTICATE(r9, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
sendmsg$sock(r3, &(0x7f0000000100)={&(0x7f00000001c0)=@ethernet={0x306, @local}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000340)=[@mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x2ea}}, @timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x80000000}}], 0x90}, 0x4004814)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r15, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x3c, r16, 0x1, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}]}, 0x3c}}, 0x22000000)
r17 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r17, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x2, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2}]}, 0x20}}, 0x0)

1.36914704s ago: executing program 5 (id=2704):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000024c0)=0x80)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x7, 0xd, 0xfffffffd, 0x1, 0x8, 0x8}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=@newtfilter={0x34, 0x2c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', <r7=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r9)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718", @ANYRES16=r9], 0x398}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={<r12=>0xffffffffffffffff})
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r13, <r14=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r12}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r14, &(0x7f00000007c0), 0x0}, 0x20)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r14, @ANYBLOB="0637330400"/20, @ANYRES32=r7, @ANYRES32, @ANYBLOB="7e0fc7eb0100"/19], 0x50)
sendmsg$NL80211_CMD_AUTHENTICATE(r9, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
sendmsg$sock(r3, &(0x7f0000000100)={&(0x7f00000001c0)=@ethernet={0x306, @local}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000340)=[@mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x2ea}}, @timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x80000000}}], 0x90}, 0x4004814)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r15, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x3c, r16, 0x1, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}]}, 0x3c}}, 0x22000000)
r17 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r17, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x2, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2}]}, 0x20}}, 0x0)

1.318467394s ago: executing program 4 (id=2705):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1, 0x3}, 0x20)
r3 = socket(0x1e, 0x5, 0x0)
getsockname$packet(r3, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x63}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'veth1\x00', @random="423ca0a6764d"})
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r4}, 0x8)
close(r5)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r4, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

902.872423ms ago: executing program 1 (id=2707):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@ipv6_newrule={0x38, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20}, [@FRA_SRC={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e20}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_SLAVE2={0x8, 0x2, r2}]}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_EXT_MASK={0x8, 0x1d, 0xdbf3}]}, 0x50}}, 0x0)
socket$unix(0x1, 0x2, 0x0)

901.432253ms ago: executing program 5 (id=2708):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0800020009"], 0x30}}, 0x0)

811.230722ms ago: executing program 5 (id=2710):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_getaddrlabel={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2}, [@IFAL_LABEL={0x8, 0x2, 0x7}]}, 0x24}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x20, 0x3d, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4, 0x200}, @typed={0x8, 0xa, 0x0, 0x0, @u32=0xffe000}]}, 0x20}}, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68)

735.336236ms ago: executing program 4 (id=2712):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000858000/0x2000)=nil, 0x2000, 0x2000004, 0x12, r0, 0xc08ba000) (async, rerun: 64)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000006, 0x12, r0, 0xe93f6000) (async, rerun: 64)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)

607.002934ms ago: executing program 1 (id=2714):
ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x40047452, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000210280000c0012", 0x2e}], 0x1}, 0x0)

459.130437ms ago: executing program 3 (id=2715):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @empty}, 0x78})
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @loopback}, {0x2, 0x0, @broadcast}, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x8})

458.779088ms ago: executing program 4 (id=2716):
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$alg(0x26, 0x5, 0x0) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000040)=0x100000, 0x4)
bind$alg(r1, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) (async)
bind$alg(r1, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58)
r3 = accept4(r1, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x29, 0xfd, 0xf0, 0x6, 0x0, @empty, @loopback, 0x40, 0x80, 0x5, 0x400}})
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000), 0x0)

451.361354ms ago: executing program 1 (id=2717):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r0, &(0x7f0000000280)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000a40)="711f0b8d0bfa464eb50cd5279c81", 0xe}, 0x1, 0x0, 0x0, 0x80}, 0x24000840)
recvmmsg(r1, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x3b}}], 0x40000000000019e, 0x142, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000300)={'ip6tnl0\x00', <r2=>0x0, 0x29, 0x9b, 0x6, 0xc7, 0x12, @local, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x40, 0x9}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=@delqdisc={0x68, 0x25, 0x200, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xfff2, 0xfff3}, {0xb, 0xfff3}, {0xfff3, 0x8}}, [@TCA_STAB={0x34, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0xd1, 0x2, 0x6, 0x0, 0x8, 0x0, 0x7}}, {0x12, 0x2, [0xffff, 0xb1, 0x101, 0xf4, 0x9, 0xfff, 0x5]}}]}, @TCA_RATE={0x6, 0x5, {0x4, 0xa}}, @TCA_RATE={0x6, 0x5, {0xb4, 0x1}}]}, 0x68}}, 0x0)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @loopback}}}, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
sendmsg$nl_crypto(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)=@delrng={0x10, 0x14, 0x1, 0x70bd25, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x4040000}, 0x4004010)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000002030102fbaa35d10000000000000010080001000100f0ff"], 0x1c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2ccf3766, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}]}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000400)=ANY=[@ANYBLOB="5c0000001000090400edff000000000000000000204dfa56635ee9389e464357f6e8182486d0c10fb274c5ff3e033acc70c9ad3fab85243f81ea24272b9be0c46186d84ee42bca4f3d9f7c3fe887504aa11fac4f4140e6ed0a1172aa39878c46b5b80c8e0000", @ANYRES32=0x0, @ANYRESOCT=r7, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x5c}}, 0x0)

410.123445ms ago: executing program 3 (id=2718):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000024c0)=0x80)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x7, 0xd, 0xfffffffd, 0x1, 0x8, 0x8}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=@newtfilter={0x34, 0x2c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r11, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718", @ANYRES16=r10], 0x398}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={<r13=>0xffffffffffffffff})
r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r14, <r15=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r13}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r15, &(0x7f00000007c0), 0x0}, 0x20)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r15, @ANYBLOB="0637330400"/20, @ANYRES32=r7, @ANYRES32, @ANYBLOB="7e0fc7eb0100"/19], 0x50)
sendmsg$NL80211_CMD_AUTHENTICATE(r10, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
sendmsg$sock(r3, &(0x7f0000000100)={&(0x7f00000001c0)=@ethernet={0x306, @local}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000340)=[@mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x2ea}}, @timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x80000000}}], 0x90}, 0x4004814)
r16 = socket$nl_generic(0x10, 0x3, 0x10)
r17 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r16, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x3c, r17, 0x1, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}]}, 0x3c}}, 0x22000000)
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x1c, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8}, @TCA_HHF_QUANTUM={0x8, 0x2, 0x9}, @TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x48}}, 0x0)

182.888069ms ago: executing program 4 (id=2719):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$unix(r4, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
r5 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x21, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r2, &(0x7f0000000c80)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000c40)={&(0x7f0000000700)={0x418, r8, 0x20, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0xa8, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_RX_MATCH_FILTER={0x9c, 0xd, 0x0, 0x1, [{0x96, 0x0, "018c55d3a6f65c1aa70caad40acce3f5d235797acca9d8f2b3b6076eacb5465844df36df397132d2aada6bcb9b3c53219eb55d1b24be0934f64eaea0e17ec3d2fc53d30e9b08ff3feba46afe7936733b0259048f2502863a9f4a8a3c9eac66a665c75433f3bbcbfa30591e0e2b323efd3b58530e5a77cc2001ae3534beb3a21ebe1bd8992afcc03ffe56a5f55252e552e36c"}]}, @NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x2}]}, @NL80211_ATTR_NAN_FUNC={0x34c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x2}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x2a8, 0xd, 0x0, 0x1, [{0xdd, 0x0, "d45ae928218bed4abeff3e0e746821cff7677762e5d675967bb0f1a2aba6dba7de10bdfb4778f0c7d69adb229fe947915fba7c55c25c89fc5d7d1d0a36f8634173ff24d111cfa759c6e170d9b16d64b1010370a22c6f95db465495de19199f4b52d3794e3bf1d39e516d7a44dd2576976455a9e96c9381c7ce141c4c5a8feb0b586be575b42b94a13c3ddc9acae249597f502e6b91cab19cf9d56ee6325c3350399699ba23519d8a8eba2913a5a6bc6607ad3b59396f3d8012fc63eda562413579bdbcfcd6cabc7b942d46d678cd6b649511b55d83606d11e4"}, {0xe8, 0x0, "6f874f8493be1e35d5b16ecc377cf60e81cbdd6c9c9778a73a05865898e4dac916b9a7c137d799dc57340f0190587e8dd1d196dd8ed062301e4ebf196109a538ad11a0c1ebae46ef77f277cbb4265ed35efb0fbd8e01a9d157682220960e665e3d81d2da7892736a4b7cb9a4db2397d2945fde2a5b81d9f5e2a603634f322e0aa4642a814b95e73b63af75684a6c6eca9b08eddc70e0ab3e60ced3a825839e1c773fb08d13fadf6cdc3eb39868dfe477eafc397354791dd8995310ee86cf6ba29d7c4b867228f91ce7439e862b418d28b84ef846416ec4ef34925dc433a3e04f7eaf1abe"}, {0xb9, 0x0, "96c4f2334226179414df53288898121ddd19498a61fb36d79f5be3c0563f0124400e376ce6ac2ae3af73f4ef923755a911b3c7d0c6a2f995bc6a27f6d935250de06a4dadccd7959410ea00e04603cb1a547068549fb2f659f2d34512c38f15d23c0cdbf2fa33a2f8ed0ff767e10198d4cad6e358b6c13152d00b94084aa54a8676fcc689bbf9dcc96a96d8d39c4a2fde020b9c89a8801aac68bac8537c0cc73fa0a54272c39b4fd99bcca1e3306b5dd1df60660af5"}, {0x1d, 0x0, "abd8b7589b053668aecac56de6add7fa2de2d65768693abcd0"}]}, @NL80211_NAN_FUNC_SRF={0x84, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x4}, @NL80211_NAN_SRF_MAC_ADDRS={0x4c, 0x4, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_NAN_SRF_MAC_ADDRS={0x28, 0x4, 0x0, 0x1, [{0xa}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}]}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}]}, @NL80211_ATTR_NAN_FUNC={0x10, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TTL={0x8, 0xa, 0x7}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}]}]}, 0x418}, 0x1, 0x0, 0x0, 0x8895}, 0x8800)
sendmsg$NL80211_CMD_SET_PMKSA(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="88000000", @ANYRES16=r8, @ANYBLOB="e1528e3c9f0c000000003400000008000300", @ANYRES32=r9, @ANYBLOB="08001f01ff0100000a00060050505050505000000600fd0001000000140055"], 0x88}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="310300000000000000000900000008000300", @ANYRES32=r10, @ANYBLOB="be11e9835f887a53106a0be6c9af4d2bae5e427a19f408000607844c744413905b2f00002b433b9522d1a0b79f789b4901759abf754ebc0933e7390e9360755b62ca97c344f0d1ca8337e40aa17de14f0335bc28b71f67df7d43ad8adf785a4afc3243be543a417abd151da7eef3bc465d068c9c9cfb9cb75b5d08e413feaa9c6dc154583600787f4824440ef319", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000050000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000040c00098008000140f5"], 0x98}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r11 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14, 0x80000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000480)={'gre0\x00', <r12=>r10, 0xf57e6be062af04ef, 0x10, 0x8, 0x3, {{0x53, 0x4, 0x1, 0x2, 0x14c, 0x66, 0x0, 0x0, 0x29, 0x0, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x3a}, {[@timestamp_prespec={0x44, 0x44, 0x3e, 0x3, 0x4, [{@multicast1, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x459a}, {@rand_addr=0x64010100, 0x5}, {@broadcast, 0x3f}, {@loopback, 0xb5}, {@empty, 0x6}, {@multicast2, 0xc}, {@loopback, 0x3}]}, @timestamp_addr={0x44, 0x34, 0x9e, 0x1, 0xa, [{@loopback, 0x7}, {@multicast2, 0x60}, {@remote, 0x8}, {@rand_addr=0x64010102, 0x6}, {@broadcast, 0x1}, {@rand_addr=0x64010101}]}, @generic={0x89, 0x2}, @rr={0x7, 0x1b, 0xcb, [@local, @remote, @rand_addr=0x64010100, @remote, @multicast2, @broadcast]}, @ssrr={0x89, 0x7, 0xde, [@local]}, @timestamp_addr={0x44, 0xc, 0xc1, 0x1, 0x6, [{@loopback}]}, @cipso={0x86, 0x18, 0xffffffffffffffff, [{0x5, 0xa, "b832add8dac47e67"}, {0x2, 0x8, "7055f63d385f"}]}, @lsrr={0x83, 0x17, 0x22, [@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @local, @multicast1, @rand_addr=0x64010102]}, @cipso={0x86, 0x5e, 0xffffffffffffffff, [{0xe, 0x11, "e0ed530df1642c040b92fc14c0323f"}, {0x2, 0x11, "b6283a003658220028677a93d946d0"}, {0x7, 0xc, "c29351c445f855f5b8d1"}, {0x5, 0x11, "a70e64aaa9ee8b62f5326425d41288"}, {0x1, 0x8, "26983a9b495f"}, {0x7, 0x11, "c7259a761c381de22acf1e35037193"}]}]}}}}})
sendmsg$NL80211_CMD_ASSOCIATE(r7, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x8885}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r8, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8000, 0x71}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0x28, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @prep={0x83, 0x1f, {{}, 0x1c, 0x6, @broadcast, 0x3, @void, 0x7, 0x0, @broadcast, 0x9}}]}]}, 0x54}}, 0x80)
sendto$packet(r11, &(0x7f0000000240)="81e2083f9bf6c2ae3571a7fa", 0xc, 0x20000851, &(0x7f0000000300)={0x11, 0x1b, r12, 0x1, 0x2}, 0x14)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000100061e00000000000000000000000a64000000060a0b0400000000000000000200000038000480340001800b005432010065787468647200002400028008000740000000090800064000000001050002000000000008000340000000040900020073797a32000000000900010073797a3000000000140000001100010000000000000000000000000a"], 0x8c}}, 0x0)

182.744769ms ago: executing program 3 (id=2720):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0800020009"], 0x30}}, 0x0)

158.112735ms ago: executing program 3 (id=2721):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000b80)={0x0, 0x0, 0x0}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000280)=<r2=>0x0, &(0x7f00000002c0)=0x4)
sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r1, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x7ff}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x3}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x84}, 0x1, 0x0, 0x0, 0x5}, 0x0)

78.608258ms ago: executing program 4 (id=2722):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1, 0x3}, 0x20)
r3 = socket(0x1e, 0x5, 0x0)
getsockname$packet(r3, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x63}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'veth1\x00', @random="423ca0a6764d"})
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r4}, 0x8)
close(r5)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r4, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

27.03174ms ago: executing program 3 (id=2723):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000a40)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000000000000000002c"], 0x2c}}, 0x0) (async)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x8, 0x3, 0x380, 0x218, 0xffffffff, 0xffffffff, 0x218, 0xffffffff, 0x2e8, 0xffffffff, 0xffffffff, 0x2e8, 0xffffffff, 0x3, 0x0, {[{{@ip={@multicast1, @local, 0x0, 0x0, 'team0\x00', 'wg1\x00'}, 0x0, 0x1f0, 0x218, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'vcan0\x00', {0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0xfe5}}}, @common=@ah={{0x30}, {[0x9, 0xcef1], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0)

0s ago: executing program 3 (id=2724):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20268600}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x40, 0x2, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xa63}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x60}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002ec0)={0x18, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0xd7}]}, 0x18}, 0x1, 0x0, 0x0, 0x4040}, 0xc000)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
sendmsg$NFT_BATCH(r0, &(0x7f0000003dc0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000003d80)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}}, @NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x9}}, @NFT_MSG_NEWFLOWTABLE={0xac, 0x16, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_FLOWTABLE_HOOK={0x98, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wg1\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wlan1\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'syzkaller0\x00'}, {0x14, 0x1, 'bond0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x4}}, @NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x15c}, 0x1, 0x0, 0x0, 0x54}, 0x0)

kernel console output (not intermixed with test programs):

ave_0: entered promiscuous mode
[  157.487804][T10873] hsr_slave_1: entered promiscuous mode
[  157.494357][T10873] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.501943][T10873] Cannot create hsr debugfs directory
[  157.743738][ T5840] Bluetooth: hci0: command tx timeout
[  157.778306][T10975] netlink: 'syz.1.1881': attribute type 4 has an invalid length.
[  157.805623][T10873] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.918960][T10873] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.027029][T10873] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.133320][T10873] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.381263][T10873] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  158.414405][T10873] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  158.455900][T10873] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.467398][T10873] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.469100][T11011] Bluetooth: MGMT ver 1.23
[  158.504808][T11011] __nla_validate_parse: 63 callbacks suppressed
[  158.504830][T11011] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1894'.
[  158.593895][T10873] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.623762][T10873] 8021q: adding VLAN 0 to HW filter on device team0
[  158.664229][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.671381][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.699466][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.706639][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.853656][T11026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1898'.
[  158.871832][T11026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1898'.
[  158.981878][T11029] 8021q: adding VLAN 0 to HW filter on device bond3
[  158.994158][T11029] bond0: (slave bond3): Enslaving as an active interface with a down link
[  159.018232][T11033] xt_cluster: node mask cannot exceed total number of nodes
[  159.042790][T11034] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1897'.
[  159.088371][T10873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.149907][T10873] veth0_vlan: entered promiscuous mode
[  159.170745][T10873] veth1_vlan: entered promiscuous mode
[  159.207028][T10873] veth0_macvtap: entered promiscuous mode
[  159.219784][T10873] veth1_macvtap: entered promiscuous mode
[  159.238010][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.249804][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.259944][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.270618][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.280513][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.291123][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.303721][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.314256][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.324261][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.335194][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.348448][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.360255][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.371570][T10873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.407257][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.439842][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.457568][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.459453][T11043] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1903'.
[  159.470407][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.488289][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.498828][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.509812][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.520855][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.531992][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.542986][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.553873][T10873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.565720][T10873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.577325][T10873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  159.591346][T10873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.617303][T10873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.652342][T10873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.669102][T10873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.673084][T11048] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1904'.
[  159.696303][T11048] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1904'.
[  159.822510][ T5843] Bluetooth: hci0: command tx timeout
[  159.863962][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.871801][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.908667][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.923069][T11056] netlink: 'syz.5.1908': attribute type 29 has an invalid length.
[  159.940884][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.007555][T11056] netlink: 'syz.5.1908': attribute type 29 has an invalid length.
[  160.047286][T11060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1910'.
[  160.175649][T11069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1912'.
[  160.257434][T11072] 8021q: adding VLAN 0 to HW filter on device bond1
[  160.266411][T11072] bond0: (slave bond1): Enslaving as an active interface with a down link
[  160.292060][T11080] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1913'.
[  160.438330][T11089] 8021q: adding VLAN 0 to HW filter on device bond2
[  160.446468][T11089] bond0: (slave bond2): Enslaving as an active interface with a down link
[  160.548386][ T5840] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  160.835791][T11113] netlink: 'syz.5.1926': attribute type 9 has an invalid length.
[  161.287956][T11150] RDS: rds_bind could not find a transport for fe88::6, load rds_tcp or rds_rdma?
[  162.608318][T11195] FAULT_INJECTION: forcing a failure.
[  162.608318][T11195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.630571][T11195] CPU: 0 UID: 0 PID: 11195 Comm: syz.5.1954 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  162.630596][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.630607][T11195] Call Trace:
[  162.630613][T11195]  <TASK>
[  162.630620][T11195]  dump_stack_lvl+0x241/0x360
[  162.630654][T11195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.630675][T11195]  ? __pfx__printk+0x10/0x10
[  162.630702][T11195]  should_fail_ex+0x424/0x570
[  162.630727][T11195]  _copy_to_user+0x31/0xb0
[  162.630748][T11195]  simple_read_from_buffer+0xc4/0x170
[  162.630771][T11195]  proc_fail_nth_read+0x1ef/0x260
[  162.630796][T11195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  162.630819][T11195]  ? rw_verify_area+0x246/0x630
[  162.630835][T11195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  162.630858][T11195]  vfs_read+0x21f/0xb90
[  162.630877][T11195]  ? __pfx___mutex_lock+0x10/0x10
[  162.630899][T11195]  ? __pfx_vfs_read+0x10/0x10
[  162.630917][T11195]  ? __fget_files+0x2a/0x420
[  162.630939][T11195]  ? __fget_files+0x39d/0x420
[  162.630959][T11195]  ? __fget_files+0x2a/0x420
[  162.630985][T11195]  ksys_read+0x19d/0x2d0
[  162.631003][T11195]  ? __pfx_ksys_read+0x10/0x10
[  162.631043][T11195]  ? do_syscall_64+0xb6/0x230
[  162.631069][T11195]  do_syscall_64+0xf3/0x230
[  162.631093][T11195]  ? clear_bhb_loop+0x45/0xa0
[  162.631111][T11195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.631127][T11195] RIP: 0033:0x7f036338bb7c
[  162.631141][T11195] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  162.631156][T11195] RSP: 002b:00007f036422b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  162.631175][T11195] RAX: ffffffffffffffda RBX: 00007f03635a5fa0 RCX: 00007f036338bb7c
[  162.631188][T11195] RDX: 000000000000000f RSI: 00007f036422b0a0 RDI: 0000000000000003
[  162.631199][T11195] RBP: 00007f036422b090 R08: 0000000000000000 R09: 0000000000000000
[  162.631209][T11195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.631219][T11195] R13: 0000000000000000 R14: 00007f03635a5fa0 R15: 00007fff55302a08
[  162.631242][T11195]  </TASK>
[  162.883802][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  162.892539][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  162.901554][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  162.927324][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  162.953860][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  163.044547][T11204] lo speed is unknown, defaulting to 1000
[  163.536115][T11204] chnl_net:caif_netlink_parms(): no params data found
[  163.566500][T11244] netlink: 'syz.5.1971': attribute type 9 has an invalid length.
[  163.761524][T11204] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.776576][T11204] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.787824][T11204] bridge_slave_0: entered allmulticast mode
[  163.809043][T11204] bridge_slave_0: entered promiscuous mode
[  163.812559][T11250] xt_CT: No such helper "snmp_trap"
[  163.820817][T11204] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.839117][T11204] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.854397][T11204] bridge_slave_1: entered allmulticast mode
[  163.869848][T11204] bridge_slave_1: entered promiscuous mode
[  163.966372][T11204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.991102][T11204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.066330][T11204] team0: Port device team_slave_0 added
[  164.084859][T11204] team0: Port device team_slave_1 added
[  164.131167][T11204] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.134640][T11277] netdevsim netdevsim3: Direct firmware load for .
[  164.134640][T11277]  failed with error -2
[  164.139344][T11204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.181875][T11277] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  164.181875][T11277] 
[  164.210864][T11204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.238178][T11278] netlink: 'syz.3.1980': attribute type 4 has an invalid length.
[  164.255592][T11204] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.267724][T11285] __nla_validate_parse: 19 callbacks suppressed
[  164.267742][T11285] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1981'.
[  164.273020][T11204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.326021][T11204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.412701][T11204] hsr_slave_0: entered promiscuous mode
[  164.424027][T11204] hsr_slave_1: entered promiscuous mode
[  164.430152][T11204] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.468459][T11204] Cannot create hsr debugfs directory
[  164.561687][T11293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1983'.
[  164.642769][T11300] netlink: 'syz.4.1984': attribute type 9 has an invalid length.
[  164.899076][T11303] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  164.964257][T11204] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.978118][T11305] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1986'.
[  165.023027][ T5840] Bluetooth: hci0: command tx timeout
[  165.116382][T11315] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  165.151633][T11204] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.228112][T11320] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1993'.
[  165.244719][T11204] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.336505][T11328] netlink: 'syz.3.1995': attribute type 9 has an invalid length.
[  165.408373][T11204] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.438822][T11330] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1996'.
[  165.458500][T11330] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1996'.
[  165.519310][T11330] lo speed is unknown, defaulting to 1000
[  165.555776][T11339] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1999'.
[  165.648736][T11341] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2000'.
[  165.720808][T11345] netlink: 'syz.3.2002': attribute type 21 has an invalid length.
[  165.754582][T11345] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode broadcast(3)
[  165.809647][T11204] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  165.864707][T11204] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  165.866917][T11351] netlink: 'syz.1.2003': attribute type 4 has an invalid length.
[  165.903173][T11204] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  165.926945][T11356] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2005'.
[  165.943845][T11204] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  166.153247][T11204] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.258733][T11204] 8021q: adding VLAN 0 to HW filter on device team0
[  166.300667][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.307836][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.357171][T11372] vlan2: entered allmulticast mode
[  166.370244][T11372] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  166.430008][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.437260][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.458931][T11375] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  166.463334][T11204] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  166.481633][T11204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  166.598124][T11384] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2014'.
[  166.813144][T11397] netlink: 'syz.5.2018': attribute type 9 has an invalid length.
[  166.815281][T11204] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.882588][T11204] veth0_vlan: entered promiscuous mode
[  166.907773][T11204] veth1_vlan: entered promiscuous mode
[  166.978217][T11204] veth0_macvtap: entered promiscuous mode
[  166.988197][T11204] veth1_macvtap: entered promiscuous mode
[  167.043106][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.062637][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.079781][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.091706][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.102570][ T5840] Bluetooth: hci0: command tx timeout
[  167.120669][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.131896][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.143718][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.154473][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.164658][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.175847][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.199400][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.212100][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.230276][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.247000][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.258514][T11204] batman_adv: batadv0: Interface activated: batadv_slave_0
[  167.314142][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.331020][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.351058][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.363895][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.375334][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.387619][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.398205][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.409096][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.419798][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.422304][T11428] netlink: 'syz.4.2029': attribute type 1 has an invalid length.
[  167.431169][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.450234][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.460976][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.471267][T11204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.481786][T11204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.495065][T11204] batman_adv: batadv0: Interface activated: batadv_slave_1
[  167.505931][T11204] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  167.514771][T11204] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  167.526781][T11204] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  167.541680][T11204] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  167.773100][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.780965][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.855162][T11438] bridge0: port 3(vlan2) entered blocking state
[  167.869974][T11438] bridge0: port 3(vlan2) entered disabled state
[  167.876927][T11438] vlan2: entered allmulticast mode
[  167.889726][T11438] bridge0: entered allmulticast mode
[  167.897147][T11438] vlan2: left allmulticast mode
[  167.907785][T11438] bridge0: left allmulticast mode
[  167.944244][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.963428][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.050759][T11453] netlink: 'syz.4.2041': attribute type 9 has an invalid length.
[  168.174678][T11457] xt_socket: unknown flags 0x2
[  168.193157][T11459] xt_socket: unknown flags 0x2
[  168.343501][T11465] netlink: 'syz.1.2047': attribute type 9 has an invalid length.
[  168.353631][T11472] FAULT_INJECTION: forcing a failure.
[  168.353631][T11472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.392667][T11472] CPU: 1 UID: 0 PID: 11472 Comm: syz.5.2049 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  168.392692][T11472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  168.392702][T11472] Call Trace:
[  168.392708][T11472]  <TASK>
[  168.392715][T11472]  dump_stack_lvl+0x241/0x360
[  168.392749][T11472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.392769][T11472]  ? __pfx__printk+0x10/0x10
[  168.392795][T11472]  should_fail_ex+0x424/0x570
[  168.392819][T11472]  _copy_to_user+0x31/0xb0
[  168.392840][T11472]  simple_read_from_buffer+0xc4/0x170
[  168.392863][T11472]  proc_fail_nth_read+0x1ef/0x260
[  168.392887][T11472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  168.392910][T11472]  ? rw_verify_area+0x246/0x630
[  168.392926][T11472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  168.392948][T11472]  vfs_read+0x21f/0xb90
[  168.392968][T11472]  ? __pfx___mutex_lock+0x10/0x10
[  168.392988][T11472]  ? __pfx_vfs_read+0x10/0x10
[  168.393006][T11472]  ? __fget_files+0x2a/0x420
[  168.393027][T11472]  ? __fget_files+0x39d/0x420
[  168.393046][T11472]  ? __fget_files+0x2a/0x420
[  168.393073][T11472]  ksys_read+0x19d/0x2d0
[  168.393090][T11472]  ? __pfx_ksys_read+0x10/0x10
[  168.393110][T11472]  ? do_syscall_64+0xb6/0x230
[  168.393133][T11472]  do_syscall_64+0xf3/0x230
[  168.393153][T11472]  ? clear_bhb_loop+0x45/0xa0
[  168.393171][T11472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.393186][T11472] RIP: 0033:0x7f036338bb7c
[  168.393200][T11472] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  168.393214][T11472] RSP: 002b:00007f036422b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  168.393232][T11472] RAX: ffffffffffffffda RBX: 00007f03635a5fa0 RCX: 00007f036338bb7c
[  168.393244][T11472] RDX: 000000000000000f RSI: 00007f036422b0a0 RDI: 0000000000000004
[  168.393254][T11472] RBP: 00007f036422b090 R08: 0000000000000000 R09: 0000000000000000
[  168.393265][T11472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.393275][T11472] R13: 0000000000000000 R14: 00007f03635a5fa0 R15: 00007fff55302a08
[  168.393297][T11472]  </TASK>
[  169.087326][T11494] netlink: 'syz.4.2059': attribute type 1 has an invalid length.
[  169.267759][T11515] delete_channel: no stack
[  169.286414][T11515] sctp: [Deprecated]: syz.3.2066 (pid 11515) Use of int in maxseg socket option.
[  169.286414][T11515] Use struct sctp_assoc_value instead
[  169.354242][T11520] __nla_validate_parse: 53 callbacks suppressed
[  169.354263][T11520] netlink: 196 bytes leftover after parsing attributes in process `syz.4.2070'.
[  169.379484][T11520] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2070'.
[  169.418511][T11520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2070'.
[  170.199307][T11530] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2072'.
[  170.337710][T11533] veth5: entered allmulticast mode
[  170.380447][T11539] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2076'.
[  170.512914][T11548] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2078'.
[  170.575665][T11548] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2078'.
[  170.697439][T11562] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2081'.
[  170.704289][T11566] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2083'.
[  170.759151][T11562] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2081'.
[  170.815788][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  170.829511][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  170.840190][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  170.849106][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  170.857334][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  171.014548][T11567] lo speed is unknown, defaulting to 1000
[  171.020579][T11582] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4)
[  171.440204][T11567] chnl_net:caif_netlink_parms(): no params data found
[  171.609929][T11567] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.622910][T11567] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.632639][T11567] bridge_slave_0: entered allmulticast mode
[  171.643341][T11567] bridge_slave_0: entered promiscuous mode
[  171.652105][T11567] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.659865][T11567] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.667991][T11567] bridge_slave_1: entered allmulticast mode
[  171.683536][T11567] bridge_slave_1: entered promiscuous mode
[  171.737731][T11567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.760652][T11567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.808799][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888078f4e400: rx timeout, send abort
[  171.815271][T11567] team0: Port device team_slave_0 added
[  171.818429][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888078f4e400: 0x3ff01: (3) A timeout occurred and this is the connection abort to close the session.
[  171.841080][T11567] team0: Port device team_slave_1 added
[  171.965737][T11567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.973890][T11567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.004083][T11567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.021761][T11640] geneve2: entered promiscuous mode
[  172.027709][T11640] geneve2: entered allmulticast mode
[  172.035735][T11567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.043357][T11567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.071813][T11567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.143178][T11567] hsr_slave_0: entered promiscuous mode
[  172.153044][T11567] hsr_slave_1: entered promiscuous mode
[  172.159467][T11567] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.167445][T11567] Cannot create hsr debugfs directory
[  172.344969][T11654] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  172.378225][T11654] netlink: 'syz.5.2114': attribute type 7 has an invalid length.
[  172.396489][T11654] netlink: 'syz.5.2114': attribute type 8 has an invalid length.
[  172.417255][T11567] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.439561][T11654] netlink: 'syz.5.2114': attribute type 21 has an invalid length.
[  172.453081][T11654] IPv6: NLM_F_CREATE should be specified when creating new route
[  172.545664][T11567] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.574358][T11654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.592095][T11654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.641645][T11567] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.744581][T11567] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.789468][T11676] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  172.901098][T11567] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  172.926765][T11567] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  172.946175][ T5840] Bluetooth: hci0: command tx timeout
[  172.971784][T11567] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  172.999577][T11567] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  173.155761][T11567] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.261735][T11567] 8021q: adding VLAN 0 to HW filter on device team0
[  173.333815][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.340976][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.400645][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.407949][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.471517][T11567] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  173.495765][T11567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  173.585239][T11724] FAULT_INJECTION: forcing a failure.
[  173.585239][T11724] name failslab, interval 1, probability 0, space 0, times 0
[  173.643658][T11724] CPU: 0 UID: 0 PID: 11724 Comm: syz.1.2140 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  173.643686][T11724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  173.643696][T11724] Call Trace:
[  173.643702][T11724]  <TASK>
[  173.643709][T11724]  dump_stack_lvl+0x241/0x360
[  173.643737][T11724]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.643757][T11724]  ? __pfx__printk+0x10/0x10
[  173.643779][T11724]  ? __pfx___might_resched+0x10/0x10
[  173.643799][T11724]  should_fail_ex+0x424/0x570
[  173.643824][T11724]  should_failslab+0xac/0x100
[  173.643846][T11724]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  173.643868][T11724]  ? __alloc_skb+0x1c2/0x480
[  173.643889][T11724]  __alloc_skb+0x1c2/0x480
[  173.643911][T11724]  ? __pfx___alloc_skb+0x10/0x10
[  173.643930][T11724]  ? netlink_autobind+0xd6/0x2f0
[  173.643946][T11724]  ? netlink_autobind+0x2b0/0x2f0
[  173.643966][T11724]  netlink_sendmsg+0x638/0xcd0
[  173.643994][T11724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.644014][T11724]  ? aa_sock_msg_perm+0x91/0x160
[  173.644038][T11724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.644053][T11724]  __sock_sendmsg+0x221/0x270
[  173.644071][T11724]  ____sys_sendmsg+0x523/0x860
[  173.644096][T11724]  ? __pfx_____sys_sendmsg+0x10/0x10
[  173.644114][T11724]  ? __fget_files+0x2a/0x420
[  173.644136][T11724]  ? __fget_files+0x2a/0x420
[  173.644163][T11724]  __sys_sendmsg+0x271/0x360
[  173.644193][T11724]  ? __pfx___sys_sendmsg+0x10/0x10
[  173.644248][T11724]  ? do_syscall_64+0xb6/0x230
[  173.644270][T11724]  do_syscall_64+0xf3/0x230
[  173.644290][T11724]  ? clear_bhb_loop+0x45/0xa0
[  173.644309][T11724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.644324][T11724] RIP: 0033:0x7fd32398d169
[  173.644338][T11724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.644352][T11724] RSP: 002b:00007fd3248a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.644370][T11724] RAX: ffffffffffffffda RBX: 00007fd323ba5fa0 RCX: 00007fd32398d169
[  173.644382][T11724] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  173.644393][T11724] RBP: 00007fd3248a9090 R08: 0000000000000000 R09: 0000000000000000
[  173.644403][T11724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.644413][T11724] R13: 0000000000000000 R14: 00007fd323ba5fa0 R15: 00007ffe29441418
[  173.644435][T11724]  </TASK>
[  174.121713][T11567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.156782][T11567] veth0_vlan: entered promiscuous mode
[  174.186379][T11567] veth1_vlan: entered promiscuous mode
[  174.268485][T11567] veth0_macvtap: entered promiscuous mode
[  174.287150][T11567] veth1_macvtap: entered promiscuous mode
[  174.346749][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.368933][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.385031][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.409626][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.439111][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.454916][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.466439][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.477505][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.488762][T11763] netlink: 'syz.5.2151': attribute type 8 has an invalid length.
[  174.488904][T11761] netlink: 'syz.4.2154': attribute type 21 has an invalid length.
[  174.507139][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.509980][T11761] __nla_validate_parse: 54 callbacks suppressed
[  174.509994][T11761] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2154'.
[  174.519132][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.544684][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.557486][T11767] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2151'.
[  174.571462][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.582843][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.593546][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.619599][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.642572][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.655595][T11567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  174.678656][T11761] netlink: 'syz.4.2154': attribute type 4 has an invalid length.
[  174.688559][T11761] netlink: 'syz.4.2154': attribute type 5 has an invalid length.
[  174.697886][T11761] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2154'.
[  174.758911][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.780175][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.803042][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.828677][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.839455][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.850242][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.863597][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.874634][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.884563][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.895245][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.905943][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.917681][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.927847][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.938919][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.949447][T11567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.960239][T11567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.971373][T11567] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.001102][T11567] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.023433][ T5840] Bluetooth: hci0: command tx timeout
[  175.089321][T11567] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.118463][T11567] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.129319][T11567] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.154477][T11791] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2160'.
[  175.154776][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.184773][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.201672][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.211829][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.230602][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.240783][T11790] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2159'.
[  175.282634][T11796] bridge_slave_1: left allmulticast mode
[  175.297181][T11796] bridge_slave_1: left promiscuous mode
[  175.307468][T11796] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.326436][T11796] bridge_slave_0: left allmulticast mode
[  175.352358][T11796] bridge_slave_0: left promiscuous mode
[  175.358129][T11796] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.579270][T11812] No such timeout policy "syz0"
[  175.634024][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.641963][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.753667][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.785261][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.487739][T11849] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  177.616439][T11856] x_tables: duplicate underflow at hook 3
[  177.635244][T11854] 8021q: adding VLAN 0 to HW filter on device bond3
[  177.645488][T11854] bond0: (slave bond3): Enslaving as an active interface with a down link
[  178.624105][T11867] netlink: 'syz.4.2192': attribute type 15 has an invalid length.
[  179.019936][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  179.035774][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  179.046788][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  179.057015][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  179.065831][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  179.089978][T11894] 8021q: adding VLAN 0 to HW filter on device bond3
[  179.114631][T11894] bond0: (slave bond3): Enslaving as an active interface with a down link
[  179.190709][T11892] lo speed is unknown, defaulting to 1000
[  179.397088][T11892] chnl_net:caif_netlink_parms(): no params data found
[  179.509623][T11915] netlink: 'syz.4.2207': attribute type 1 has an invalid length.
[  179.530855][T11892] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.550491][T11915] netlink: 'syz.4.2207': attribute type 4 has an invalid length.
[  179.550951][T11892] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.567452][T11892] bridge_slave_0: entered allmulticast mode
[  179.575210][T11892] bridge_slave_0: entered promiscuous mode
[  179.584491][T11915] __nla_validate_parse: 218 callbacks suppressed
[  179.584506][T11915] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.2207'.
[  179.606452][T11892] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.614442][T11892] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.622044][T11892] bridge_slave_1: entered allmulticast mode
[  179.647302][T11892] bridge_slave_1: entered promiscuous mode
[  179.766974][T11892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.800134][T11892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.983245][T11933] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2213'.
[  179.993045][T11933] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2213'.
[  179.994371][T11937] No such timeout policy "syz0"
[  180.032357][T11941] netlink: 'syz.5.2217': attribute type 9 has an invalid length.
[  180.034019][T11892] team0: Port device team_slave_0 added
[  180.066164][T11892] team0: Port device team_slave_1 added
[  180.184649][T11952] FAULT_INJECTION: forcing a failure.
[  180.184649][T11952] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.198684][T11952] CPU: 1 UID: 0 PID: 11952 Comm: syz.1.2221 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  180.198709][T11952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  180.198723][T11952] Call Trace:
[  180.198729][T11952]  <TASK>
[  180.198736][T11952]  dump_stack_lvl+0x241/0x360
[  180.198772][T11952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.198792][T11952]  ? __pfx__printk+0x10/0x10
[  180.198820][T11952]  should_fail_ex+0x424/0x570
[  180.198852][T11952]  _copy_from_user+0x2d/0xb0
[  180.198872][T11952]  copy_msghdr_from_user+0xb3/0x580
[  180.198893][T11952]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  180.198907][T11952]  ? __fget_files+0x2a/0x420
[  180.198928][T11952]  ? __fget_files+0x2a/0x420
[  180.198954][T11952]  __sys_sendmsg+0x20a/0x360
[  180.198975][T11952]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.199026][T11952]  ? do_syscall_64+0xb6/0x230
[  180.199049][T11952]  do_syscall_64+0xf3/0x230
[  180.199069][T11952]  ? clear_bhb_loop+0x45/0xa0
[  180.199086][T11952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.199101][T11952] RIP: 0033:0x7fd32398d169
[  180.199120][T11952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.199134][T11952] RSP: 002b:00007fd3248a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.199156][T11952] RAX: ffffffffffffffda RBX: 00007fd323ba5fa0 RCX: 00007fd32398d169
[  180.199168][T11952] RDX: 0000000000000180 RSI: 0000200000000040 RDI: 0000000000000004
[  180.199178][T11952] RBP: 00007fd3248a9090 R08: 0000000000000000 R09: 0000000000000000
[  180.199188][T11952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.199198][T11952] R13: 0000000000000000 R14: 00007fd323ba5fa0 R15: 00007ffe29441418
[  180.199221][T11952]  </TASK>
[  180.273865][T11945] xt_CT: No such helper "snmp_trap"
[  180.411999][T11892] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.434319][T11892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.473743][T11892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.498961][T11892] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.506408][T11892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.533675][T11892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.580350][T11964] 8021q: adding VLAN 0 to HW filter on device bond4
[  180.591393][T11964] bond0: (slave bond4): Enslaving as an active interface with a down link
[  180.603607][T11968] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2223'.
[  180.717181][T11892] hsr_slave_0: entered promiscuous mode
[  180.731611][T11892] hsr_slave_1: entered promiscuous mode
[  180.740058][T11892] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  180.754325][T11892] Cannot create hsr debugfs directory
[  180.951825][ T5846] Bluetooth: hci1: command 0x0406 tx timeout
[  180.959665][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  180.961427][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  180.992999][T11892] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.068735][T11980] netlink: 'syz.4.2230': attribute type 9 has an invalid length.
[  181.098755][T11984] netlink: 13 bytes leftover after parsing attributes in process `syz.1.2231'.
[  181.108273][ T5843] Bluetooth: hci0: command tx timeout
[  181.133326][T11892] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.180267][T11983] netlink: 'syz.5.2229': attribute type 25 has an invalid length.
[  181.193212][T11983] netlink: 'syz.5.2229': attribute type 7 has an invalid length.
[  181.215422][T11989] netlink: 'syz.1.2232': attribute type 1 has an invalid length.
[  181.270745][T11983] ipt_ECN: cannot use operation on non-tcp rule
[  181.283974][T11892] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.311293][T11996] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2235'.
[  181.324913][T11996] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2235'.
[  181.333986][T11996] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2235'.
[  181.351687][T11996] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2235'.
[  181.368109][T11996] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2235'.
[  181.378281][T11996] FAULT_INJECTION: forcing a failure.
[  181.378281][T11996] name failslab, interval 1, probability 0, space 0, times 0
[  181.391452][T11996] CPU: 1 UID: 0 PID: 11996 Comm: syz.1.2235 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  181.391475][T11996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  181.391485][T11996] Call Trace:
[  181.391490][T11996]  <TASK>
[  181.391496][T11996]  dump_stack_lvl+0x241/0x360
[  181.391524][T11996]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.391543][T11996]  ? __pfx__printk+0x10/0x10
[  181.391565][T11996]  ? __pfx___might_resched+0x10/0x10
[  181.391583][T11996]  should_fail_ex+0x424/0x570
[  181.391602][T11996]  should_failslab+0xac/0x100
[  181.391619][T11996]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  181.391637][T11996]  ? __alloc_skb+0x1c2/0x480
[  181.391654][T11996]  __alloc_skb+0x1c2/0x480
[  181.391666][T11996]  ? rtnl_prop_list_size+0x1e/0x1e0
[  181.391680][T11996]  ? __pfx___alloc_skb+0x10/0x10
[  181.391695][T11996]  ? if_nlmsg_size+0x5b9/0x820
[  181.391712][T11996]  ? if_nlmsg_size+0x5b9/0x820
[  181.391730][T11996]  rtmsg_ifinfo_build_skb+0x84/0x260
[  181.391748][T11996]  ? notifier_call_chain+0x15a/0x3f0
[  181.391763][T11996]  rtmsg_ifinfo+0x91/0x1b0
[  181.391782][T11996]  netdev_state_change+0x13d/0x1a0
[  181.391795][T11996]  ? __pfx_netdev_state_change+0x10/0x10
[  181.391810][T11996]  ? do_setlink+0x33bc/0x4370
[  181.391826][T11996]  do_setlink+0xaf6/0x4370
[  181.391848][T11996]  ? __lock_acquire+0xad5/0xd80
[  181.391867][T11996]  ? do_raw_spin_lock+0x151/0x370
[  181.391881][T11996]  ? __pfx_do_setlink+0x10/0x10
[  181.391900][T11996]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  181.391915][T11996]  ? lockdep_hardirqs_on+0x9d/0x150
[  181.391931][T11996]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  181.391945][T11996]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  181.391962][T11996]  ? rcu_is_watching+0x15/0xb0
[  181.391977][T11996]  ? __mutex_lock+0xb8b/0x1000
[  181.391994][T11996]  ? __mutex_lock+0x5ed/0x1000
[  181.392012][T11996]  ? rtnl_newlink+0xd68/0x1fe0
[  181.392025][T11996]  ? __pfx___mutex_lock+0x10/0x10
[  181.392046][T11996]  ? ns_capable+0x8a/0xf0
[  181.392064][T11996]  ? rtnl_link_get_net_capable+0x168/0x340
[  181.392080][T11996]  rtnl_newlink+0x1619/0x1fe0
[  181.392092][T11996]  ? stack_depot_save_flags+0x3a/0x970
[  181.392116][T11996]  ? __pfx_rtnl_newlink+0x10/0x10
[  181.392128][T11996]  ? __netlink_deliver_tap+0x561/0x7f0
[  181.392146][T11996]  ? netlink_deliver_tap+0x19d/0x1b0
[  181.392159][T11996]  ? netlink_unicast+0x7c6/0x9a0
[  181.392177][T11996]  ? netlink_sendmsg+0x8c3/0xcd0
[  181.392189][T11996]  ? __sock_sendmsg+0x221/0x270
[  181.392202][T11996]  ? ____sys_sendmsg+0x523/0x860
[  181.392220][T11996]  ? __sys_sendmsg+0x271/0x360
[  181.392237][T11996]  ? do_syscall_64+0xf3/0x230
[  181.392255][T11996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.392293][T11996]  ? kasan_quarantine_put+0xdc/0x230
[  181.392309][T11996]  ? lockdep_hardirqs_on+0x9d/0x150
[  181.392328][T11996]  ? nlmon_xmit+0xaf/0x100
[  181.392352][T11996]  ? __local_bh_enable_ip+0x168/0x200
[  181.392371][T11996]  ? lockdep_hardirqs_on+0x9d/0x150
[  181.392396][T11996]  ? aa_get_newest_label+0x101/0x6f0
[  181.392416][T11996]  ? __lock_acquire+0xad5/0xd80
[  181.392443][T11996]  ? __pfx_rtnl_newlink+0x10/0x10
[  181.392456][T11996]  rtnetlink_rcv_msg+0x80f/0xd70
[  181.392468][T11996]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  181.392482][T11996]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  181.392499][T11996]  ? ref_tracker_free+0x63e/0x7e0
[  181.392520][T11996]  netlink_rcv_skb+0x208/0x480
[  181.392532][T11996]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  181.392546][T11996]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  181.392567][T11996]  ? netlink_deliver_tap+0x2e/0x1b0
[  181.392581][T11996]  ? netlink_deliver_tap+0x2e/0x1b0
[  181.392594][T11996]  netlink_unicast+0x7f8/0x9a0
[  181.392616][T11996]  ? __pfx_netlink_unicast+0x10/0x10
[  181.392635][T11996]  ? skb_put+0x114/0x1f0
[  181.392651][T11996]  netlink_sendmsg+0x8c3/0xcd0
[  181.392670][T11996]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.392685][T11996]  ? aa_sock_msg_perm+0x91/0x160
[  181.392703][T11996]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.392714][T11996]  __sock_sendmsg+0x221/0x270
[  181.392728][T11996]  ____sys_sendmsg+0x523/0x860
[  181.392751][T11996]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.392767][T11996]  ? __fget_files+0x2a/0x420
[  181.392786][T11996]  ? __fget_files+0x2a/0x420
[  181.392810][T11996]  __sys_sendmsg+0x271/0x360
[  181.392828][T11996]  ? __pfx___sys_sendmsg+0x10/0x10
[  181.392871][T11996]  ? do_syscall_64+0xb6/0x230
[  181.392888][T11996]  do_syscall_64+0xf3/0x230
[  181.392904][T11996]  ? clear_bhb_loop+0x45/0xa0
[  181.392917][T11996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.392929][T11996] RIP: 0033:0x7fd32398d169
[  181.392941][T11996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.392952][T11996] RSP: 002b:00007fd3248a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.392967][T11996] RAX: ffffffffffffffda RBX: 00007fd323ba5fa0 RCX: 00007fd32398d169
[  181.392976][T11996] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  181.392984][T11996] RBP: 00007fd3248a9090 R08: 0000000000000000 R09: 0000000000000000
[  181.392992][T11996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  181.392999][T11996] R13: 0000000000000000 R14: 00007fd323ba5fa0 R15: 00007ffe29441418
[  181.393016][T11996]  </TASK>
[  182.097601][T11892] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.156577][T11999] lo speed is unknown, defaulting to 1000
[  182.162818][T12008] FAULT_INJECTION: forcing a failure.
[  182.162818][T12008] name failslab, interval 1, probability 0, space 0, times 0
[  182.193144][T12008] CPU: 0 UID: 0 PID: 12008 Comm: syz.5.2240 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  182.193169][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  182.193179][T12008] Call Trace:
[  182.193186][T12008]  <TASK>
[  182.193193][T12008]  dump_stack_lvl+0x241/0x360
[  182.193218][T12008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.193236][T12008]  ? __pfx__printk+0x10/0x10
[  182.193253][T12008]  ? __mutex_unlock_slowpath+0x229/0x800
[  182.193275][T12008]  ? __pfx___might_resched+0x10/0x10
[  182.193294][T12008]  should_fail_ex+0x424/0x570
[  182.193318][T12008]  should_failslab+0xac/0x100
[  182.193338][T12008]  __kmalloc_noprof+0xdf/0x4d0
[  182.193356][T12008]  ? tcf_idr_create+0x63/0x6c0
[  182.193377][T12008]  tcf_idr_create+0x63/0x6c0
[  182.193400][T12008]  tcf_idr_create_from_flags+0x63/0x80
[  182.193423][T12008]  tcf_pedit_init+0x36b/0x1150
[  182.193450][T12008]  ? __pfx_tcf_pedit_init+0x10/0x10
[  182.193473][T12008]  ? nla_memcpy+0x5a/0xb0
[  182.193491][T12008]  ? __pfx_tcf_pedit_init+0x10/0x10
[  182.193507][T12008]  tcf_action_init_1+0x5d9/0x900
[  182.193533][T12008]  ? __pfx_tcf_action_init_1+0x10/0x10
[  182.193551][T12008]  ? _raw_read_unlock+0x28/0x50
[  182.193567][T12008]  ? tc_action_load_ops+0x247/0x530
[  182.193598][T12008]  ? __nla_parse+0x40/0x60
[  182.193614][T12008]  tcf_action_init+0x2e9/0xae0
[  182.193648][T12008]  ? __pfx_tcf_action_init+0x10/0x10
[  182.193706][T12008]  ? apparmor_capable+0x13b/0x1b0
[  182.193727][T12008]  tc_ctl_action+0x47f/0xcf0
[  182.193754][T12008]  ? __pfx_tc_ctl_action+0x10/0x10
[  182.193793][T12008]  ? __mutex_lock+0x5ed/0x1000
[  182.193829][T12008]  ? __pfx_tc_ctl_action+0x10/0x10
[  182.193850][T12008]  rtnetlink_rcv_msg+0x7c2/0xd70
[  182.193865][T12008]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  182.193883][T12008]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.193903][T12008]  ? ref_tracker_free+0x63e/0x7e0
[  182.193927][T12008]  netlink_rcv_skb+0x208/0x480
[  182.193944][T12008]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.193960][T12008]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  182.193987][T12008]  ? netlink_deliver_tap+0x2e/0x1b0
[  182.194004][T12008]  ? netlink_deliver_tap+0x2e/0x1b0
[  182.194020][T12008]  netlink_unicast+0x7f8/0x9a0
[  182.194046][T12008]  ? __pfx_netlink_unicast+0x10/0x10
[  182.194067][T12008]  ? skb_put+0x114/0x1f0
[  182.194086][T12008]  netlink_sendmsg+0x8c3/0xcd0
[  182.194110][T12008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.194128][T12008]  ? aa_sock_msg_perm+0x91/0x160
[  182.194149][T12008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.194163][T12008]  __sock_sendmsg+0x221/0x270
[  182.194184][T12008]  ____sys_sendmsg+0x523/0x860
[  182.194207][T12008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.194224][T12008]  ? __fget_files+0x2a/0x420
[  182.194245][T12008]  ? __fget_files+0x2a/0x420
[  182.194269][T12008]  __sys_sendmsg+0x271/0x360
[  182.194309][T12008]  ? __pfx___sys_sendmsg+0x10/0x10
[  182.194360][T12008]  ? do_syscall_64+0xb6/0x230
[  182.194381][T12008]  do_syscall_64+0xf3/0x230
[  182.194400][T12008]  ? clear_bhb_loop+0x45/0xa0
[  182.194417][T12008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.194431][T12008] RIP: 0033:0x7f036338d169
[  182.194445][T12008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.194457][T12008] RSP: 002b:00007f036422b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.194474][T12008] RAX: ffffffffffffffda RBX: 00007f03635a5fa0 RCX: 00007f036338d169
[  182.194486][T12008] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  182.194496][T12008] RBP: 00007f036422b090 R08: 0000000000000000 R09: 0000000000000000
[  182.194505][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  182.194515][T12008] R13: 0000000000000000 R14: 00007f03635a5fa0 R15: 00007fff55302a08
[  182.194535][T12008]  </TASK>
[  182.781937][T11892] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  182.809419][T11892] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  182.827302][T12024] netlink: 'syz.3.2244': attribute type 9 has an invalid length.
[  182.852481][T11892] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  182.907874][T11892] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  183.011649][T12037] 8021q: adding VLAN 0 to HW filter on device bond5
[  183.020891][T12037] bond0: (slave bond5): Enslaving as an active interface with a down link
[  183.162951][T11892] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.183720][ T5843] Bluetooth: hci0: command tx timeout
[  183.188209][T11892] 8021q: adding VLAN 0 to HW filter on device team0
[  183.239495][T10002] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.246696][T10002] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.279281][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.286447][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.339626][T11892] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  183.355351][T11892] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  183.391690][T12053] lo speed is unknown, defaulting to 1000
[  183.534280][T12060] IPVS: set_ctl: invalid protocol: 22 10.1.1.2:20003
[  183.617207][T11892] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.674099][T11892] veth0_vlan: entered promiscuous mode
[  183.690619][T11892] veth1_vlan: entered promiscuous mode
[  183.768756][T11892] veth0_macvtap: entered promiscuous mode
[  183.800085][T11892] veth1_macvtap: entered promiscuous mode
[  183.867655][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.888480][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.901480][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.932388][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.961234][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.988803][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.011097][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.026712][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.038160][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.048873][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.059135][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.071945][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.090574][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.102081][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.117811][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.128511][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.145318][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.158168][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.169449][T11892] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.256638][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.277738][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.299641][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.330907][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.343969][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.371833][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.382400][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.394104][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.404447][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.415443][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.427413][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.442019][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.452682][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.463768][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.474175][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.485171][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.495487][T11892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.506649][T11892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.518561][T11892] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.583182][T11892] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.596808][T11892] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.606040][T11892] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.615066][T11892] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.795764][T12100] __nla_validate_parse: 86 callbacks suppressed
[  184.795781][T12100] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2266'.
[  184.890649][T12110] lo speed is unknown, defaulting to 1000
[  184.917775][T12108] IPv6: Can't replace route, no match found
[  184.924291][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.943311][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.060712][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.091835][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.239487][T12125] Bluetooth: MGMT ver 1.23
[  185.263342][ T5148] Bluetooth: hci0: command tx timeout
[  185.319164][T12110] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2270'.
[  185.398703][T12134] netlink: 'syz.3.2275': attribute type 9 has an invalid length.
[  185.469835][T12137] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2277'.
[  185.472428][T12138] netlink: 'syz.4.2276': attribute type 1 has an invalid length.
[  185.497092][T12137] tc_dump_action: action bad kind
[  185.524595][T12138] netlink: 180 bytes leftover after parsing attributes in process `syz.4.2276'.
[  185.651476][T12146] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2281'.
[  185.989565][T12172] 8021q: adding VLAN 0 to HW filter on device bond5
[  186.004621][T12172] bond0: (slave bond5): Enslaving as an active interface with a down link
[  186.027146][T12172] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2289'.
[  186.109704][T12182] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2290'.
[  186.139680][T12185] netlink: 'syz.3.2293': attribute type 10 has an invalid length.
[  186.140073][T12186] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2294'.
[  186.188672][T12185] lo: left promiscuous mode
[  186.245229][T12191] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2296'.
[  186.395778][T12199] netlink: 'syz.5.2299': attribute type 1 has an invalid length.
[  186.663558][T12215] netlink: 'syz.5.2306': attribute type 10 has an invalid length.
[  186.726025][T12215] team0: Cannot enslave team device to itself
[  186.803430][T12224] FAULT_INJECTION: forcing a failure.
[  186.803430][T12224] name failslab, interval 1, probability 0, space 0, times 0
[  186.816622][T12224] CPU: 0 UID: 0 PID: 12224 Comm: syz.1.2310 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  186.816645][T12224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  186.816654][T12224] Call Trace:
[  186.816660][T12224]  <TASK>
[  186.816666][T12224]  dump_stack_lvl+0x241/0x360
[  186.816691][T12224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.816708][T12224]  ? __pfx__printk+0x10/0x10
[  186.816724][T12224]  ? stack_trace_save+0x11a/0x1d0
[  186.816744][T12224]  ? __pfx___might_resched+0x10/0x10
[  186.816762][T12224]  should_fail_ex+0x424/0x570
[  186.816787][T12224]  should_failslab+0xac/0x100
[  186.816808][T12224]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  186.816827][T12224]  ? __alloc_skb+0x1c2/0x480
[  186.816844][T12224]  ? __mutex_trylock_common+0x184/0x2e0
[  186.816865][T12224]  __alloc_skb+0x1c2/0x480
[  186.816882][T12224]  ? __pfx___mutex_trylock_common+0x10/0x10
[  186.816903][T12224]  ? __pfx___alloc_skb+0x10/0x10
[  186.816928][T12224]  netlink_dump+0x237/0xeb0
[  186.816945][T12224]  ? __mutex_unlock_slowpath+0x229/0x800
[  186.816973][T12224]  ? __pfx_netlink_dump+0x10/0x10
[  186.817001][T12224]  ? genl_start+0x59d/0x6d0
[  186.817026][T12224]  __netlink_dump_start+0x5a2/0x790
[  186.817049][T12224]  genl_rcv_msg+0x8a4/0xf00
[  186.817085][T12224]  ? __pfx_genl_rcv_msg+0x10/0x10
[  186.817103][T12224]  ? stack_trace_save+0x11a/0x1d0
[  186.817126][T12224]  ? __pfx_genl_start+0x10/0x10
[  186.817143][T12224]  ? __pfx_genl_dumpit+0x10/0x10
[  186.817160][T12224]  ? __pfx_genl_done+0x10/0x10
[  186.817190][T12224]  ? __lock_acquire+0xad5/0xd80
[  186.817211][T12224]  ? __pfx_smc_pnet_dump_start+0x10/0x10
[  186.817227][T12224]  ? __pfx_smc_pnet_dump+0x10/0x10
[  186.817254][T12224]  netlink_rcv_skb+0x208/0x480
[  186.817270][T12224]  ? __pfx_genl_rcv_msg+0x10/0x10
[  186.817290][T12224]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  186.817322][T12224]  ? netlink_deliver_tap+0x2e/0x1b0
[  186.817342][T12224]  genl_rcv+0x28/0x40
[  186.817360][T12224]  netlink_unicast+0x7f8/0x9a0
[  186.817387][T12224]  ? __pfx_netlink_unicast+0x10/0x10
[  186.817410][T12224]  ? skb_put+0x114/0x1f0
[  186.817431][T12224]  netlink_sendmsg+0x8c3/0xcd0
[  186.817456][T12224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.817476][T12224]  ? aa_sock_msg_perm+0x91/0x160
[  186.817501][T12224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.817515][T12224]  __sock_sendmsg+0x221/0x270
[  186.817534][T12224]  ____sys_sendmsg+0x523/0x860
[  186.817561][T12224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  186.817579][T12224]  ? __fget_files+0x2a/0x420
[  186.817601][T12224]  ? __fget_files+0x2a/0x420
[  186.817629][T12224]  __sys_sendmsg+0x271/0x360
[  186.817652][T12224]  ? __pfx___sys_sendmsg+0x10/0x10
[  186.817710][T12224]  ? do_syscall_64+0xb6/0x230
[  186.817733][T12224]  do_syscall_64+0xf3/0x230
[  186.817752][T12224]  ? clear_bhb_loop+0x45/0xa0
[  186.817771][T12224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.817786][T12224] RIP: 0033:0x7fd32398d169
[  186.817801][T12224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.817813][T12224] RSP: 002b:00007fd3248a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.817831][T12224] RAX: ffffffffffffffda RBX: 00007fd323ba5fa0 RCX: 00007fd32398d169
[  186.817842][T12224] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  186.817853][T12224] RBP: 00007fd3248a9090 R08: 0000000000000000 R09: 0000000000000000
[  186.817863][T12224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.817873][T12224] R13: 0000000000000000 R14: 00007fd323ba5fa0 R15: 00007ffe29441418
[  186.817897][T12224]  </TASK>
[  187.263135][ T5843] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  187.511204][T12247] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2317'.
[  187.579411][T12249] netlink: 'syz.1.2319': attribute type 1 has an invalid length.
[  187.630687][T12251] 8021q: adding VLAN 0 to HW filter on device bond4
[  187.654295][T12251] bond0: (slave bond4): Enslaving as an active interface with a down link
[  188.650440][T12258] netlink: 'syz.5.2322': attribute type 2 has an invalid length.
[  188.951951][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  188.968476][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  188.976574][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  189.004771][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  189.021288][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  189.820001][T12266] lo speed is unknown, defaulting to 1000
[  190.090096][T12266] chnl_net:caif_netlink_parms(): no params data found
[  190.308667][T12298] 8021q: adding VLAN 0 to HW filter on device bond4
[  190.318708][T12302] __nla_validate_parse: 4 callbacks suppressed
[  190.318726][T12302] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2332'.
[  190.328866][T12298] bond0: (slave bond4): Enslaving as an active interface with a down link
[  190.346966][T12303] netlink: 200 bytes leftover after parsing attributes in process `syz.5.2333'.
[  190.368975][T12266] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.376208][T12266] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.389119][T12266] bridge_slave_0: entered allmulticast mode
[  190.396471][T12266] bridge_slave_0: entered promiscuous mode
[  190.404260][T12266] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.411384][T12266] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.419147][T12266] bridge_slave_1: entered allmulticast mode
[  190.426482][T12266] bridge_slave_1: entered promiscuous mode
[  190.485528][T12266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.518967][T12266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.616852][T12266] team0: Port device team_slave_0 added
[  190.647735][T12266] team0: Port device team_slave_1 added
[  190.744318][T12266] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.751302][T12266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.785653][T12266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.799796][T12266] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.814693][T12266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.841887][T12266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.929996][T12266] hsr_slave_0: entered promiscuous mode
[  190.943391][T12266] hsr_slave_1: entered promiscuous mode
[  190.957749][T12325] Bluetooth: MGMT ver 1.23
[  190.959444][T12266] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.982373][T12266] Cannot create hsr debugfs directory
[  191.108468][ T5148] Bluetooth: hci0: command tx timeout
[  191.184816][T12335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2349'.
[  191.286797][T12266] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.331173][T12346] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2351'.
[  191.346866][T12343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2352'.
[  191.356391][T12346] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2351'.
[  191.370245][T12343] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2352'.
[  191.397736][T12266] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.419153][T12343] 8021q: VLANs not supported on tunl0
[  191.456325][T12350] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2353'.
[  191.540038][T12266] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.596061][T12356] xt_ecn: cannot match TCP bits for non-tcp packets
[  191.615460][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2355'.
[  191.652769][T12266] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.816125][T12366] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2360'.
[  191.916437][T12266] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  191.957843][T12266] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  191.995028][T12266] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  192.012710][T12266] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  192.179146][T12266] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.244874][T12266] 8021q: adding VLAN 0 to HW filter on device team0
[  192.277709][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.284890][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.336366][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.343548][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.761519][T12266] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.809075][T12423] netlink: 'syz.1.2377': attribute type 10 has an invalid length.
[  192.854284][T12266] veth0_vlan: entered promiscuous mode
[  192.877973][T12266] veth1_vlan: entered promiscuous mode
[  192.974705][T12266] veth0_macvtap: entered promiscuous mode
[  193.007000][T12266] veth1_macvtap: entered promiscuous mode
[  193.009867][T12427] netlink: 'syz.1.2379': attribute type 1 has an invalid length.
[  193.022828][ T5843] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  193.078859][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.090164][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.100412][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.111805][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.122209][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.133132][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.166763][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.182899][ T5843] Bluetooth: hci0: command 0x041b tx timeout
[  193.190552][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.201100][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.212398][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.222963][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.234106][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.245706][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.256557][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.267395][T12439] netlink: 'syz.1.2382': attribute type 10 has an invalid length.
[  193.275670][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.287272][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.298135][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.309018][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.319261][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.330341][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.349792][T12266] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.364371][T12435] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  193.463081][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.492643][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.532602][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.572815][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.601256][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.616387][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.627614][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.638755][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.649054][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.671121][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.681418][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.692869][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.712391][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.724167][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.734567][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.745824][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.756149][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.769629][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.791153][T12266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.811668][T12266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.833937][T12266] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.890433][T12266] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.910857][T12266] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.933931][T12266] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.944280][T12266] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.110273][ T5904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.140637][ T5904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.207524][T10002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.226725][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.235702][T10002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.475783][T12488] lo speed is unknown, defaulting to 1000
[  196.114316][T12519] __nla_validate_parse: 18 callbacks suppressed
[  196.114335][T12519] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2412'.
[  196.306511][T12531] netlink: 164 bytes leftover after parsing attributes in process `syz.4.2416'.
[  196.464328][T12540] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2418'.
[  196.511661][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  196.530726][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  196.546571][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  196.556957][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  196.565403][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  196.637750][T12541] lo speed is unknown, defaulting to 1000
[  196.718212][T12549] lo speed is unknown, defaulting to 1000
[  196.899400][T12558] netlink: 'syz.5.2424': attribute type 1 has an invalid length.
[  196.908084][T12558] netlink: 180 bytes leftover after parsing attributes in process `syz.5.2424'.
[  196.950697][T12541] chnl_net:caif_netlink_parms(): no params data found
[  196.997942][T12565] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2425'.
[  197.186375][T12577] netlink: 'syz.3.2428': attribute type 10 has an invalid length.
[  197.202808][T12553] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2421'.
[  197.216507][T12577] team0: Device hsr_slave_0 failed to register rx_handler
[  197.236251][T12541] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.244916][T12541] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.254479][T12541] bridge_slave_0: entered allmulticast mode
[  197.255062][T12549] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2421'.
[  197.261693][T12541] bridge_slave_0: entered promiscuous mode
[  197.284264][T12541] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.301698][T12541] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.322637][T12541] bridge_slave_1: entered allmulticast mode
[  197.334598][T12541] bridge_slave_1: entered promiscuous mode
[  197.447444][T12590] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2431'.
[  197.493314][T12541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.588636][T12541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.646478][T12596] netlink: 'syz.4.2434': attribute type 1 has an invalid length.
[  197.673164][T12596] netlink: 180 bytes leftover after parsing attributes in process `syz.4.2434'.
[  197.710587][T12597] syzkaller1: entered promiscuous mode
[  197.719204][T12597] syzkaller1: entered allmulticast mode
[  197.801164][T12541] team0: Port device team_slave_0 added
[  197.831935][T12541] team0: Port device team_slave_1 added
[  197.948497][T12541] batman_adv: batadv0: Adding interface: batadv_slave_0
[  197.967435][T12541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.004968][T12541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.019345][T12541] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.026970][T12541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.069485][T12624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2439'.
[  198.092379][T12541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  198.250324][T12541] hsr_slave_0: entered promiscuous mode
[  198.259254][T12541] hsr_slave_1: entered promiscuous mode
[  198.323151][T12541] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  198.337599][T12541] Cannot create hsr debugfs directory
[  198.453684][T12631] lo speed is unknown, defaulting to 1000
[  198.624372][ T5148] Bluetooth: hci0: command tx timeout
[  198.640125][T12645] vxcan3: entered promiscuous mode
[  198.654235][T12646] syzkaller1: entered promiscuous mode
[  198.666516][T12646] syzkaller1: entered allmulticast mode
[  198.869023][T12541] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.964688][T12541] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.150755][T12541] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.201798][T12664] xt_CT: You must specify a L4 protocol and not use inversions on it
[  199.454860][T12541] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.516694][T12690] syzkaller1: entered promiscuous mode
[  199.532426][T12690] syzkaller1: entered allmulticast mode
[  199.816678][T12541] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  199.865325][T12702] lo speed is unknown, defaulting to 1000
[  199.865633][T12541] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  199.930995][T12541] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  199.998263][T12541] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  200.294934][T12724] openvswitch: netlink: Flow key attr not present in new flow.
[  200.325022][T12541] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.343238][T12541] 8021q: adding VLAN 0 to HW filter on device team0
[  200.355162][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.362316][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.506104][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.513273][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.627835][T12736] syzkaller1: entered promiscuous mode
[  200.653721][T12736] syzkaller1: entered allmulticast mode
[  200.702715][ T5148] Bluetooth: hci0: command tx timeout
[  200.965896][T12541] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.121320][T12541] veth0_vlan: entered promiscuous mode
[  201.161852][T12541] veth1_vlan: entered promiscuous mode
[  201.257946][T12767] __nla_validate_parse: 13 callbacks suppressed
[  201.257965][T12767] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2488'.
[  201.305979][T12767] openvswitch: netlink: Missing key (keys=40, expected=80)
[  201.311645][T12541] veth0_macvtap: entered promiscuous mode
[  201.324984][T12541] veth1_macvtap: entered promiscuous mode
[  201.330755][T12770] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2490'.
[  201.356868][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.418184][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.432665][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.445164][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.455821][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.466489][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.477234][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.498403][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.508921][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.519798][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.546510][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.562551][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.582950][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.595207][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.605601][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.616920][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.627108][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.637808][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.649282][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.660254][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.670247][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.680922][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.699817][T12541] batman_adv: batadv0: Interface activated: batadv_slave_0
[  201.729814][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.760622][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.801188][T12793] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2496'.
[  201.811695][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.849840][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.861419][T12793] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2496'.
[  201.879980][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.910993][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.933878][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.950591][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.962274][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.973377][T12800] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2498'.
[  201.982186][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.994950][T12802] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  202.004250][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.017032][T12802] netlink: 39 bytes leftover after parsing attributes in process `syz.3.2499'.
[  202.026190][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.037135][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.048604][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.080537][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.093747][T12803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2499'.
[  202.098687][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.122186][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.142190][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.155164][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.172380][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.192184][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.212183][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.229162][T12541] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.428065][T12794] pimreg: entered allmulticast mode
[  202.475414][T12798] 8021q: adding VLAN 0 to HW filter on device bond5
[  202.484185][T12798] bond0: (slave bond5): Enslaving as an active interface with a down link
[  202.527816][T12541] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.543739][T12541] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.552792][T12541] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.561512][T12541] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.719507][T12815] Bluetooth: MGMT ver 1.23
[  202.748243][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.777142][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.792793][ T5148] Bluetooth: hci0: command tx timeout
[  202.835844][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.886801][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.140468][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2509'.
[  203.185061][T10002] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  203.356047][T12857] netlink: 'syz.4.2515': attribute type 16 has an invalid length.
[  203.365368][T12857] netlink: 'syz.4.2515': attribute type 3 has an invalid length.
[  203.373361][T12857] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2515'.
[  203.538158][T12863] netlink: 'syz.1.2519': attribute type 3 has an invalid length.
[  203.564276][T12865] netlink: 'syz.5.2518': attribute type 9 has an invalid length.
[  203.585333][T12863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2519'.
[  203.595327][T12863] bridge_slave_1: left allmulticast mode
[  203.601784][T12863] bridge_slave_1: left promiscuous mode
[  203.611962][T12863] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.630966][T12863] bridge_slave_0: left allmulticast mode
[  203.642419][T12863] bridge_slave_0: left promiscuous mode
[  203.648404][T12863] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.833750][T12881] veth1_macvtap: left promiscuous mode
[  203.862832][T12881] macsec0: entered promiscuous mode
[  203.893633][T12878] veth1_macvtap: entered promiscuous mode
[  203.912416][T12878] macsec0: left promiscuous mode
[  203.941249][T12883] netlink: 'syz.3.2524': attribute type 9 has an invalid length.
[  205.235346][T12898] netlink: 'syz.3.2530': attribute type 10 has an invalid length.
[  205.284917][T12898] team0: Device veth1_macvtap failed to register rx_handler
[  205.427493][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  205.439788][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  205.449339][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  205.457517][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  205.468912][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  205.536396][T12906] lo speed is unknown, defaulting to 1000
[  205.725715][T12906] chnl_net:caif_netlink_parms(): no params data found
[  205.824142][T12930] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  205.833310][T12930] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1)
[  205.884291][T12906] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.891692][T12906] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.899594][T12906] bridge_slave_0: entered allmulticast mode
[  205.908249][T12906] bridge_slave_0: entered promiscuous mode
[  205.917127][T12906] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.924652][T12906] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.948062][T12906] bridge_slave_1: entered allmulticast mode
[  205.955420][T12906] bridge_slave_1: entered promiscuous mode
[  205.989246][T12906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.035137][T12898] syz.3.2530 (12898) used greatest stack depth: 17600 bytes left
[  206.035660][T12906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.130186][T12943] netlink: 'syz.1.2545': attribute type 1 has an invalid length.
[  206.164876][T12948] netlink: 'syz.5.2546': attribute type 1 has an invalid length.
[  206.183034][T12906] team0: Port device team_slave_0 added
[  206.207121][T12906] team0: Port device team_slave_1 added
[  206.271296][T12948] lo speed is unknown, defaulting to 1000
[  206.306367][T12954] Bluetooth: MGMT ver 1.23
[  206.323808][T12906] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.355175][T12906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.391765][T12958] __nla_validate_parse: 4 callbacks suppressed
[  206.391784][T12958] netlink: 424 bytes leftover after parsing attributes in process `syz.5.2550'.
[  206.421174][T12906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.449666][T12962] team0: Port device team_slave_0 removed
[  206.466471][T12962] team0: Port device team_slave_1 removed
[  206.473769][T12962] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.481768][T12962] batman_adv: batadv0: Removing interface: batadv_slave_1
[  206.490452][T12962] bond0: (slave bond2): Releasing active interface
[  206.498026][T12962] bond0: (slave bond2): the permanent HWaddr of slave - 12:bf:75:52:86:04 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  206.521857][T12962] bond0: (slave bond3): Releasing active interface
[  206.539334][T12962] bond0: (slave bond4): Releasing active interface
[  206.556278][T12962] bond0: (slave bond5): Releasing active interface
[  206.571723][T12906] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.579540][T12906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.607368][T12906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.627823][T12955] dvmrp0: entered allmulticast mode
[  206.769748][T12906] hsr_slave_0: entered promiscuous mode
[  206.793489][T12906] hsr_slave_1: entered promiscuous mode
[  206.823316][T12906] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  206.830927][T12906] Cannot create hsr debugfs directory
[  206.870806][T12982] SET target dimension over the limit!
[  206.918081][T12972] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2552'.
[  206.937727][T12975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2553'.
[  207.049512][T12987] netlink: 'syz.1.2555': attribute type 24 has an invalid length.
[  207.134844][T12987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2555'.
[  207.211957][T12906] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.338576][T12906] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.349932][ T5148] Bluetooth: hci5: command 0x0c20 tx timeout
[  207.446975][T12906] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.448643][T13006] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2562'.
[  207.503022][ T5148] Bluetooth: hci0: command tx timeout
[  207.542036][T13011] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2564'.
[  207.556670][T12906] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.603579][T13009] bond6: entered promiscuous mode
[  207.608837][T13009] bond6: entered allmulticast mode
[  207.614724][T13009] 8021q: adding VLAN 0 to HW filter on device bond6
[  207.769443][T13009] bond6 (unregistering): Released all slaves
[  207.871465][T12906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  207.886844][T12906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  207.900761][T12906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  207.931805][T12906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  208.084827][T12906] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.107925][T12906] 8021q: adding VLAN 0 to HW filter on device team0
[  208.125265][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.132400][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.146334][T13025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2570'.
[  208.160604][T13025] xfrm1: entered promiscuous mode
[  208.166382][T13025] xfrm1: entered allmulticast mode
[  208.184176][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.191295][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.293433][T13031] syzkaller0: entered promiscuous mode
[  208.301919][T13031] syzkaller0: entered allmulticast mode
[  208.320433][T13031] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2573'.
[  208.354089][T13038] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2574'.
[  208.491373][T13044] netlink: 'syz.3.2577': attribute type 1 has an invalid length.
[  208.510911][T13046] nft_compat: unsupported protocol 0
[  208.516305][T13044] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2577'.
[  208.533835][T13046] openvswitch: netlink: Unknown nsh attribute 0
[  208.537077][T12906] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.540272][T13046] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.696483][T13054] lo speed is unknown, defaulting to 1000
[  208.704244][T12906] veth0_vlan: entered promiscuous mode
[  208.730044][T13051] sch_tbf: burst 0 is lower than device team_slave_0 mtu (1514) !
[  208.766918][T13051] openvswitch: netlink: EtherType 50a is less than min 600
[  208.788139][T12906] veth1_vlan: entered promiscuous mode
[  208.972031][T12906] veth0_macvtap: entered promiscuous mode
[  208.986429][T12906] veth1_macvtap: entered promiscuous mode
[  209.046770][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.070108][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.085741][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.098486][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.109298][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.121468][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.138099][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.149283][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.168435][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.180330][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.199196][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.209960][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.224670][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.235191][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.245221][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.255877][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.266669][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.281589][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.298279][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.310032][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.320235][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.333237][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.344556][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.355138][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.379190][T12906] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.431020][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.462328][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.475539][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.500112][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.548038][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.576479][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.602046][ T5148] Bluetooth: hci0: command tx timeout
[  209.618400][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.642228][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.659860][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.671442][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.681845][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.692705][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.715374][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.752464][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.768689][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.780001][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.790680][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.803316][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.813618][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.838661][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.852672][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.865624][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.876066][T12906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  209.876379][T13094] xt_cgroup: path and classid specified
[  209.886728][T12906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.888157][T12906] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.916093][T13095] netlink: 'syz.4.2594': attribute type 21 has an invalid length.
[  209.949872][T12906] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.965173][T12906] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.975821][T12906] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.989339][T12906] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.029580][T13095] netlink: 'syz.4.2594': attribute type 5 has an invalid length.
[  210.200410][T13106] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input6
[  210.267255][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.280094][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.407889][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.416408][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.499464][T13118] lo speed is unknown, defaulting to 1000
[  210.527977][T13121] netlink: 'syz.1.2605': attribute type 9 has an invalid length.
[  210.561816][T13123] netlink: 'syz.3.2604': attribute type 4 has an invalid length.
[  211.201740][T13153] netlink: 'syz.5.2615': attribute type 2 has an invalid length.
[  211.210324][T13153] netlink: 'syz.5.2615': attribute type 9 has an invalid length.
[  211.245651][T13156] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  211.255177][T13156] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  211.264972][T13156] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  211.274225][T13156] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  211.293409][T13156] vxlan1: entered promiscuous mode
[  211.303226][T13156] vxlan1: entered allmulticast mode
[  211.394964][T13162] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  211.497491][T13169] __nla_validate_parse: 18 callbacks suppressed
[  211.497511][T13169] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2619'.
[  211.648527][T13174] lo speed is unknown, defaulting to 1000
[  211.668595][T13176] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2620'.
[  211.812513][T13185] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2623'.
[  211.821979][T13187] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2624'.
[  212.076302][T13174] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2621'.
[  212.096177][T13174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2621'.
[  212.106556][T13174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2621'.
[  213.263209][T13204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2629'.
[  213.296724][T13208] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2631'.
[  213.492466][T13214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2633'.
[  213.524552][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  213.534243][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  213.542746][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  213.550874][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  213.558494][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  213.633279][T13219] lo speed is unknown, defaulting to 1000
[  213.684365][T13216] lo speed is unknown, defaulting to 1000
[  213.952637][T13232] netlink: 'syz.3.2639': attribute type 9 has an invalid length.
[  214.257750][T13216] chnl_net:caif_netlink_parms(): no params data found
[  214.613274][T13262] vlan3: entered promiscuous mode
[  214.629729][T13262] vlan3: entered allmulticast mode
[  214.636525][T13262] hsr_slave_1: entered allmulticast mode
[  214.673635][T13216] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.693417][T13216] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.711366][T13216] bridge_slave_0: entered allmulticast mode
[  214.729807][T13216] bridge_slave_0: entered promiscuous mode
[  214.774679][T13216] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.803794][T13216] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.826113][T13216] bridge_slave_1: entered allmulticast mode
[  214.845371][T13216] bridge_slave_1: entered promiscuous mode
[  215.020039][T13216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  215.098623][T13216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.384451][T13216] team0: Port device team_slave_0 added
[  215.408402][T13216] team0: Port device team_slave_1 added
[  215.434418][T13294] IPVS: Unknown mcast interface: vcan0
[  215.441620][T13294] veth0: entered promiscuous mode
[  215.522066][T13216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  215.533264][T13216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.560495][T13216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  215.574547][T13289] veth0: left promiscuous mode
[  215.582797][ T5148] Bluetooth: hci0: command tx timeout
[  215.595341][T13216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  215.616638][T13216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.646956][T13216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.661790][T13308] Set syz1 is full, maxelem 65536 reached
[  215.767024][T13216] hsr_slave_0: entered promiscuous mode
[  215.783987][T13216] hsr_slave_1: entered promiscuous mode
[  215.797892][T13216] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  215.821970][T13216] Cannot create hsr debugfs directory
[  216.170385][T13216] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.296229][T13343] IPVS: set_ctl: invalid protocol: 50 224.0.0.2:20002
[  216.356482][T13216] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.458232][T13352] netlink: 'syz.5.2675': attribute type 9 has an invalid length.
[  216.506599][T13216] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.567883][T13356] __nla_validate_parse: 13 callbacks suppressed
[  216.567903][T13356] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2677'.
[  216.627565][T13216] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.739315][T13370] Bluetooth: MGMT ver 1.23
[  216.834197][T13216] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  216.883792][T13216] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  216.926630][T13216] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  216.959844][T13216] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  217.007851][T13384] sch_tbf: burst 0 is lower than device bridge_slave_0 mtu (1514) !
[  217.046490][T13387] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2686'.
[  217.105575][T13216] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.151430][T13216] 8021q: adding VLAN 0 to HW filter on device team0
[  217.176827][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.184044][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.199447][ T3504] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.206607][ T3504] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.257325][T13216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  217.420028][T13399] netlink: 'syz.4.2690': attribute type 1 has an invalid length.
[  217.442491][T13399] netlink: 'syz.4.2690': attribute type 1 has an invalid length.
[  217.499977][T13402] netlink: 'syz.5.2691': attribute type 1 has an invalid length.
[  217.517861][T13216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.535921][T13402] netlink: 180 bytes leftover after parsing attributes in process `syz.5.2691'.
[  217.619514][T13216] veth0_vlan: entered promiscuous mode
[  217.644933][T13406] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode
[  217.662473][ T5148] Bluetooth: hci0: command 0x041b tx timeout
[  217.681255][T13216] veth1_vlan: entered promiscuous mode
[  217.761984][T13216] veth0_macvtap: entered promiscuous mode
[  217.813152][T13216] veth1_macvtap: entered promiscuous mode
[  217.875686][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.913014][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.925585][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.937247][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.952034][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.973429][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.002635][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.013825][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.029373][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.040356][T13426] netlink: 'syz.1.2699': attribute type 1 has an invalid length.
[  218.048603][T13426] netlink: 'syz.1.2699': attribute type 1 has an invalid length.
[  218.056692][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.058144][T13428] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2701'.
[  218.069664][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.087924][T13430] openvswitch: netlink: Duplicate key (type 32).
[  218.095476][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.105518][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.116385][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.126707][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.138773][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.148824][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.159728][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.176908][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.189612][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.199809][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.218146][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.233648][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.244452][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.254347][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  218.264844][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.276261][T13216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.286976][T13418] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  218.294305][T13418] IPv6: NLM_F_CREATE should be set when creating new route
[  218.301537][T13418] IPv6: NLM_F_CREATE should be set when creating new route
[  218.308783][T13418] IPv6: NLM_F_CREATE should be set when creating new route
[  218.327611][T13423] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  218.432000][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.445601][T13437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2702'.
[  218.472177][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.492243][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.512638][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.532408][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.552303][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.568256][T13446] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2704'.
[  218.572458][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.587965][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.598105][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.609350][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.621978][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.634023][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.646058][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.660729][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.674109][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.684994][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.696617][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.712251][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.722101][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.733258][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.746166][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.756980][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.769273][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.779838][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.791005][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.801662][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.815244][T13216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  218.829991][T13451] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2706'.
[  218.884257][T13216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  218.912332][T13216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  218.931286][T13216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.970432][T13216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.027466][T13455] bond0: entered promiscuous mode
[  219.043451][T13455] bond0: left promiscuous mode
[  219.140163][T13465] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  219.246890][T13472] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2714'.
[  219.259916][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.299198][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.382089][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.414696][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.494825][T13483] 8021q: adding VLAN 0 to HW filter on device bond6
[  219.509937][T13483] bond0: (slave bond6): Enslaving as an active interface with a down link
[  219.512824][T13481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2718'.
[  219.530106][T13485] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2717'.
[  219.742769][ T5843] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  219.751151][ T5843] Bluetooth: hci0: command 0x041b tx timeout
[  219.787018][T13459] ==================================================================
[  219.795124][T13459] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0xbb/0x510
[  219.803381][T13459] Read of size 8 at addr ffff88807d5fd858 by task syz.5.2710/13459
[  219.811283][T13459] 
[  219.813627][T13459] CPU: 0 UID: 0 PID: 13459 Comm: syz.5.2710 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  219.813681][T13459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.813708][T13459] Call Trace:
[  219.813718][T13459]  <TASK>
[  219.813726][T13459]  dump_stack_lvl+0x241/0x360
[  219.813754][T13459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.813775][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813795][T13459]  ? rcu_is_watching+0x15/0xb0
[  219.813812][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813829][T13459]  ? lock_release+0x4e/0x3e0
[  219.813853][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813870][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813890][T13459]  print_report+0x16e/0x5b0
[  219.813909][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813925][T13459]  ? __virt_addr_valid+0x183/0x530
[  219.813941][T13459]  ? __virt_addr_valid+0x45f/0x530
[  219.813958][T13459]  ? __phys_addr+0xba/0x170
[  219.813975][T13459]  ? skb_queue_purge_reason+0xbb/0x510
[  219.813992][T13459]  kasan_report+0x143/0x180
[  219.814012][T13459]  ? skb_queue_purge_reason+0xbb/0x510
[  219.814030][T13459]  skb_queue_purge_reason+0xbb/0x510
[  219.814047][T13459]  ? hci_dev_reset+0x3f7/0x5d0
[  219.814070][T13459]  ? __mutex_unlock_slowpath+0x229/0x800
[  219.814093][T13459]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  219.814116][T13459]  ? drain_workqueue+0x2d3/0x3a0
[  219.814134][T13459]  ? hci_conn_hash_flush+0x1da/0x240
[  219.814150][T13459]  vhci_flush+0x44/0x50
[  219.814166][T13459]  ? __pfx_vhci_flush+0x10/0x10
[  219.814180][T13459]  hci_dev_reset+0x42a/0x5d0
[  219.814203][T13459]  sock_do_ioctl+0x15a/0x490
[  219.814220][T13459]  ? __pfx_sock_do_ioctl+0x10/0x10
[  219.814237][T13459]  ? __lock_acquire+0xad5/0xd80
[  219.814261][T13459]  sock_ioctl+0x644/0x900
[  219.814283][T13459]  ? __pfx_sock_ioctl+0x10/0x10
[  219.814304][T13459]  ? __fget_files+0x2a/0x420
[  219.814325][T13459]  ? __fget_files+0x2a/0x420
[  219.814347][T13459]  ? __fget_files+0x2a/0x420
[  219.814370][T13459]  ? __pfx_sock_ioctl+0x10/0x10
[  219.814392][T13459]  __se_sys_ioctl+0xf1/0x160
[  219.814411][T13459]  do_syscall_64+0xf3/0x230
[  219.814432][T13459]  ? clear_bhb_loop+0x45/0xa0
[  219.814450][T13459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.814476][T13459] RIP: 0033:0x7f036338d169
[  219.814492][T13459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.814508][T13459] RSP: 002b:00007f036422b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  219.814528][T13459] RAX: ffffffffffffffda RBX: 00007f03635a5fa0 RCX: 00007f036338d169
[  219.814541][T13459] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004
[  219.814552][T13459] RBP: 00007f036340e2a0 R08: 0000000000000000 R09: 0000000000000000
[  219.814564][T13459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  219.814574][T13459] R13: 0000000000000000 R14: 00007f03635a5fa0 R15: 00007fff55302a08
[  219.814593][T13459]  </TASK>
[  219.814600][T13459] 
[  220.105871][T13459] Allocated by task 13216:
[  220.110270][T13459]  kasan_save_track+0x3f/0x80
[  220.114938][T13459]  __kasan_kmalloc+0x9d/0xb0
[  220.119515][T13459]  __kmalloc_cache_noprof+0x236/0x370
[  220.124880][T13459]  vhci_open+0x57/0x360
[  220.129026][T13459]  misc_open+0x2cc/0x340
[  220.133261][T13459]  chrdev_open+0x514/0x600
[  220.137665][T13459]  do_dentry_open+0xdec/0x1960
[  220.142418][T13459]  vfs_open+0x3b/0x370
[  220.146474][T13459]  path_openat+0x2caf/0x35d0
[  220.151070][T13459]  do_filp_open+0x284/0x4e0
[  220.155571][T13459]  do_sys_openat2+0x12b/0x1d0
[  220.160249][T13459]  __x64_sys_openat+0x249/0x2a0
[  220.165095][T13459]  do_syscall_64+0xf3/0x230
[  220.169593][T13459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.175502][T13459] 
[  220.177832][T13459] Freed by task 13216:
[  220.181904][T13459]  kasan_save_track+0x3f/0x80
[  220.186588][T13459]  kasan_save_free_info+0x40/0x50
[  220.191624][T13459]  __kasan_slab_free+0x59/0x70
[  220.196398][T13459]  kfree+0x198/0x430
[  220.200292][T13459]  vhci_release+0xbc/0xd0
[  220.204613][T13459]  __fput+0x3e9/0x9f0
[  220.208591][T13459]  task_work_run+0x251/0x310
[  220.213174][T13459]  do_exit+0xa2a/0x2940
[  220.217325][T13459]  do_group_exit+0x207/0x2c0
[  220.221901][T13459]  __x64_sys_exit_group+0x3f/0x40
[  220.226918][T13459]  x64_sys_call+0x26c3/0x26d0
[  220.231580][T13459]  do_syscall_64+0xf3/0x230
[  220.236073][T13459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.241974][T13459] 
[  220.244296][T13459] The buggy address belongs to the object at ffff88807d5fd800
[  220.244296][T13459]  which belongs to the cache kmalloc-1k of size 1024
[  220.258347][T13459] The buggy address is located 88 bytes inside of
[  220.258347][T13459]  freed 1024-byte region [ffff88807d5fd800, ffff88807d5fdc00)
[  220.272137][T13459] 
[  220.274456][T13459] The buggy address belongs to the physical page:
[  220.280865][T13459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d5f8
[  220.289639][T13459] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  220.298157][T13459] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  220.305714][T13459] page_type: f5(slab)
[  220.309691][T13459] raw: 00fff00000000040 ffff88801b041dc0 dead000000000122 0000000000000000
[  220.318261][T13459] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  220.326836][T13459] head: 00fff00000000040 ffff88801b041dc0 dead000000000122 0000000000000000
[  220.335493][T13459] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  220.344149][T13459] head: 00fff00000000003 ffffea0001f57e01 ffffffffffffffff 0000000000000000
[  220.352804][T13459] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  220.361453][T13459] page dumped because: kasan: bad access detected
[  220.367859][T13459] page_owner tracks the page as allocated
[  220.373563][T13459] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5904, tgid 5904 (kworker/u8:8), ts 213426208892, free_ts 211901276616
[  220.393097][T13459]  post_alloc_hook+0x1f4/0x240
[  220.397858][T13459]  get_page_from_freelist+0x3695/0x37e0
[  220.403390][T13459]  __alloc_frozen_pages_noprof+0x2c5/0x7b0
[  220.409180][T13459]  alloc_pages_mpol+0x339/0x690
[  220.414016][T13459]  allocate_slab+0x8f/0x3a0
[  220.418502][T13459]  ___slab_alloc+0xc3b/0x1500
[  220.423163][T13459]  __slab_alloc+0x58/0xa0
[  220.427472][T13459]  __kmalloc_noprof+0x2ea/0x4d0
[  220.432312][T13459]  ieee802_11_parse_elems_full+0x16d/0x2f10
[  220.438201][T13459]  ieee80211_ibss_rx_queued_mgmt+0x4e6/0x2e20
[  220.444252][T13459]  ieee80211_iface_work+0x933/0x1100
[  220.449526][T13459]  cfg80211_wiphy_work+0x2f0/0x490
[  220.454624][T13459]  process_scheduled_works+0xac3/0x18e0
[  220.460154][T13459]  worker_thread+0x870/0xd30
[  220.464736][T13459]  kthread+0x7a9/0x920
[  220.468794][T13459]  ret_from_fork+0x4b/0x80
[  220.473195][T13459] page last free pid 12885 tgid 12885 stack trace:
[  220.479676][T13459]  free_frozen_pages+0xe16/0x10f0
[  220.484690][T13459]  vfree+0x1c3/0x360
[  220.488569][T13459]  kcov_close+0x28/0x50
[  220.492724][T13459]  __fput+0x3e9/0x9f0
[  220.496706][T13459]  task_work_run+0x251/0x310
[  220.501282][T13459]  do_exit+0xa2a/0x2940
[  220.505426][T13459]  do_group_exit+0x207/0x2c0
[  220.510002][T13459]  __x64_sys_exit_group+0x3f/0x40
[  220.515014][T13459]  x64_sys_call+0x26c3/0x26d0
[  220.519672][T13459]  do_syscall_64+0xf3/0x230
[  220.524163][T13459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.530039][T13459] 
[  220.532350][T13459] Memory state around the buggy address:
[  220.537964][T13459]  ffff88807d5fd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  220.546010][T13459]  ffff88807d5fd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  220.554055][T13459] >ffff88807d5fd800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.562095][T13459]                                                     ^
[  220.569010][T13459]  ffff88807d5fd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.577057][T13459]  ffff88807d5fd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.585099][T13459] ==================================================================
[  220.637358][T13459] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  220.644596][T13459] CPU: 1 UID: 0 PID: 13459 Comm: syz.5.2710 Not tainted 6.14.0-syzkaller-05901-gf278b6d5bb46 #0 PREEMPT(full) 
[  220.656323][T13459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  220.666393][T13459] Call Trace:
[  220.669663][T13459]  <TASK>
[  220.672582][T13459]  dump_stack_lvl+0x241/0x360
[  220.677258][T13459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.682443][T13459]  ? __pfx__printk+0x10/0x10
[  220.687022][T13459]  ? vscnprintf+0x5d/0x90
[  220.691346][T13459]  panic+0x349/0x880
[  220.695240][T13459]  ? check_panic_on_warn+0x21/0xb0
[  220.700346][T13459]  ? __pfx_panic+0x10/0x10
[  220.704751][T13459]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[  220.710723][T13459]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  220.717035][T13459]  ? print_report+0x519/0x5b0
[  220.721703][T13459]  check_panic_on_warn+0x86/0xb0
[  220.726628][T13459]  ? skb_queue_purge_reason+0xbb/0x510
[  220.732072][T13459]  end_report+0x77/0x160
[  220.736303][T13459]  kasan_report+0x154/0x180
[  220.740796][T13459]  ? skb_queue_purge_reason+0xbb/0x510
[  220.746245][T13459]  skb_queue_purge_reason+0xbb/0x510
[  220.751524][T13459]  ? hci_dev_reset+0x3f7/0x5d0
[  220.756284][T13459]  ? __mutex_unlock_slowpath+0x229/0x800
[  220.761911][T13459]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  220.767793][T13459]  ? drain_workqueue+0x2d3/0x3a0
[  220.772717][T13459]  ? hci_conn_hash_flush+0x1da/0x240
[  220.777986][T13459]  vhci_flush+0x44/0x50
[  220.782127][T13459]  ? __pfx_vhci_flush+0x10/0x10
[  220.786962][T13459]  hci_dev_reset+0x42a/0x5d0
[  220.791545][T13459]  sock_do_ioctl+0x15a/0x490
[  220.796131][T13459]  ? __pfx_sock_do_ioctl+0x10/0x10
[  220.801232][T13459]  ? __lock_acquire+0xad5/0xd80
[  220.806077][T13459]  sock_ioctl+0x644/0x900
[  220.810396][T13459]  ? __pfx_sock_ioctl+0x10/0x10
[  220.815235][T13459]  ? __fget_files+0x2a/0x420
[  220.819813][T13459]  ? __fget_files+0x2a/0x420
[  220.824393][T13459]  ? __fget_files+0x2a/0x420
[  220.828973][T13459]  ? __pfx_sock_ioctl+0x10/0x10
[  220.833813][T13459]  __se_sys_ioctl+0xf1/0x160
[  220.838391][T13459]  do_syscall_64+0xf3/0x230
[  220.842887][T13459]  ? clear_bhb_loop+0x45/0xa0
[  220.847552][T13459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.853429][T13459] RIP: 0033:0x7f036338d169
[  220.857833][T13459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.877423][T13459] RSP: 002b:00007f036422b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  220.885826][T13459] RAX: ffffffffffffffda RBX: 00007f03635a5fa0 RCX: 00007f036338d169
[  220.893788][T13459] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004
[  220.901748][T13459] RBP: 00007f036340e2a0 R08: 0000000000000000 R09: 0000000000000000
[  220.909708][T13459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  220.917667][T13459] R13: 0000000000000000 R14: 00007f03635a5fa0 R15: 00007fff55302a08
[  220.925636][T13459]  </TASK>
[  220.928886][T13459] Kernel Offset: disabled
[  220.933204][T13459] Rebooting in 86400 seconds..