last executing test programs:

1m6.141034755s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

55.720742425s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

43.878257042s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

33.142619957s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

21.194074635s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

9.598304126s ago: executing program 2 (id=438):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x20, 0x13, 0x20, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x48000}}, 0x20}}, 0x0)

2.576051225s ago: executing program 0 (id=1409):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000200000000000000020000008500000028000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x800002c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x1a)
r2 = socket(0x10, 0x803, 0x0) (async)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f00000012c0)={0x1, 0x7}, 0x8) (async)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_FLUSHABLE(r8, 0x112, 0x8, 0x0, 0xfe44) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r7}, 0x10) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000080)=ANY=[], 0x10448) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0) (async)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r7, r9}, 0xc) (async)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@ipv6_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r5}, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x54, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r10, {0xc, 0x4}, {}, {0x3}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x6000, 0x8, 0x9}, {0x1, 0x2, 0x5}}}]}, @TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x54}}, 0x20040054)
r11 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000200)={@broadcast, @random="156307be2ebb", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "9d0080", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @ipv4}}}}}}, 0x0) (async)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=@newtaction={0x14, 0x1e, 0x2, 0x4}, 0x14}, 0x1, 0x2b1e, 0x0, 0x4000}, 0x30004080)

2.409122574s ago: executing program 1 (id=1410):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f00000007c0)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000000740)=[@rdma_args={0x48, 0x114, 0x1, {{0x2, 0x5}, {&(0x7f00000003c0)=""/95, 0x5f}, &(0x7f0000000500)=[{&(0x7f0000000440)=""/172, 0xac}], 0x1, 0x2, 0x1}}], 0x48, 0x40080}, 0x8004)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xa, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611262000000000061134c0000000000bf2000000000000015000500511b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendto$inet(r2, &(0x7f0000000000)='o', 0x1, 0x8041, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000023c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000000c0)={<r3=>0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x8000, 0x9}, &(0x7f00000001c0)=0x90)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={<r4=>r3, @in={{0x2, 0x4e23, @rand_addr=0x64010101}}, 0x1, 0xd924, 0x2, 0xe, 0x8, 0x4, 0x4}, &(0x7f0000000340)=0x9c)
r5 = socket$kcm(0x2, 0x2, 0x73)
sendmmsg$inet(r5, &(0x7f0000002840)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f0000000700)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x24000000)
r6 = socket(0x10, 0x80003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x15, 0x3a, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000ffffffff00000000000100001839000003000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095000000000000001d9900011000000018400000000000000000000000000000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYRES32, @ANYRES64=r4, @ANYRES32, @ANYBLOB="0000000000000000b7030000008c3335b7f0855fd9000000b70000000000000018100000001750d24588a869c09ff2c3bbe78ce800000000ddbb28583a5c5241709509fc242e9dd11fc2f079249b8fddfbaffb8e87b8ebf8cd7bcaa914c87283ae865bec0474c14041124ff842ef351eea21d19271abaf409dd371e2559f68dbe4350a38289fe478d79d4f05010b2b13f15cf0f47b7f12ce0fa1c81dc42090", @ANYRES32, @ANYBLOB="00000000ac61244418110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000950000000000000085000000bb0000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8946, &(0x7f0000000900)={'geneve1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000010101030000000000000000020000000c00196b08000100ad040000240001800c000280050001003a0000001400018008000100e000000208000200ac1e0101"], 0x44}}, 0x0)
r9 = socket(0x2b, 0x80801, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000380)=@filter={'filter\x00', 0xe, 0x4, 0x278, 0xffffffff, 0x0, 0xe8, 0xe8, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x8000000, 0x0, {[{{@ip={@broadcast, @remote, 0xffffff00, 0x0, 'veth0_to_hsr\x00', 'wg0\x00', {0xff}, {0xff}, 0x62}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@ip={@remote, @private=0xa010101, 0xff000000, 0xff000000, 'ip6gre0\x00', '\x00', {0xff}, {}, 0x5e, 0x2, 0x49}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x2, 0x1, 0x6}, {0x1, 0x3, 0x2}, {0xffffffffffffffff}, 0x8, 0x10}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x6, 0x4}, {0x0, 0x0, 0x5}, 0x6, 0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800000016000119"], 0x78}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
close(0x3)
recvmmsg(r6, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)

2.408439622s ago: executing program 0 (id=1412):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000400000000a34000000090a000000000000000000000000000008000a40000000000900020000797a310000000100"], 0x5c}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340"], 0xec}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x5, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0x10, 0xfffff020}, {0x6}]}, 0x10)

2.155753141s ago: executing program 4 (id=1414):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000010c0)="961fdadf9dc47c7fbaedaf5ba72a4d9473715b23122421ad72be5188b3cbe8c3738d0b4282c540648c5f8cf23d987a7fb344abaff4e5bb6d020007722225fbbc53662adb86c71e639f7637", 0x4b}, {&(0x7f0000001140)="0939bf288b2c972bfbc2e5e907f1f1f0c15020f10f2d8727743d6892b66ca0503406de6b9b08dfc4f460c46b22d7225d0b7518d112", 0x35}, {&(0x7f0000000080)="17", 0x1}], 0x3}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003880)={0x34, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x2}, [@typed={0x4, 0x11f}, @nested={0x1c, 0x1, 0x0, 0x1, [@nested={0x4, 0x1f}, @nested={0x14, 0x131, 0x0, 0x1, [@typed={0x8, 0x78, 0x0, 0x0, @pid}, @nested={0x8, 0xe5, 0x0, 0x1, [@nested={0x4, 0x120}]}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "083ff2", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x4, 0x0, 0x0, {[@window={0x3, 0x3, 0x8}]}}}}}}}}, 0x0)

1.981692983s ago: executing program 0 (id=1415):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
shutdown(r2, 0x1)
setsockopt$sock_int(r3, 0x1, 0x22, &(0x7f0000000040)=0x7, 0x4)
recvmmsg(r3, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=""/12, 0xc}}], 0x1, 0x2302, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
sendfile(r1, r4, 0x0, 0xffffffff000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100), 0x20)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
close(0xffffffffffffffff)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, &(0x7f0000000200), 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000440)=""/251, 0xfb}], 0x1}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1.901177556s ago: executing program 1 (id=1416):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) (async)
r1 = socket(0x2, 0x3, 0xff)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000300)={0x9, 0xffffffff, 0x9}, 0xc) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="180200000000000000000000000000008500000022000000180100002020702500000000002020207b1a"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20008804}, 0x40043) (async)
socket$inet6_sctp(0xa, 0x801, 0x84) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x3, 0x220104, 0xb, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, 0x0}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, 0x0, &(0x7f0000000140)=""/75}, 0x20)
unshare(0x20000400)
socket$packet(0x11, 0x2, 0x300) (async)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000030c0), 0x82200, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000003100)=0x3) (async)
ioctl$PPPIOCGNPMODE(r3, 0x4004743c, &(0x7f0000003540)={0x57, 0x1})

1.758693567s ago: executing program 1 (id=1419):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000747cea5c0000000000000000"], 0x48)
unshare(0x22020400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000140)={&(0x7f00000009c0)="c55d383a3b0404929ed22444624e21edf5b9c55b1ce75fd202de63b51af81d0f211b567a3b846d5a8edffe45fea8d3ac2e1013492c4a320843309d73eb1d38097b074b2ee1b3852440e27239f0a99ad80bee334b55053057f8d87b121347105d061df69508f58252dde90a5d0c43874a0079b508474a9a5020c7008afc607014bba1f2b2ee264869909d5763e11ed0d124d1a0678545a17b0aa0fe80ce8e7b94a3bb4f3805313fa535b358f8f558e6201f5ad33fcb258657dbacf4aaf97903d76c39", &(0x7f0000000040)=""/24, &(0x7f0000000dc0)="d01b94d3a14d6aa6f5bf82a82b1b23ba9e182f52d9e54522f1b3dff4d56a067e37a64fb352cb8a42d02292745286de2c5208926b57bb210accd3f6193650d79f8045e78edb5db385d8a6d1635252867551e7e47b2dd8c9deeedb33739c5afdadf5e84e1094a9a0837801d7acb507e09624386cf2163a9b41c93b51d92c4c474ea93675fbfe3b1e6daa20cae277ab6179083a7d83957c99b75f0ce6dd9a07c600732b8c1091244e78dc928246152004591793aa2fa82acee24326231501e5e7043d220757994d05fbd23ecbc4f6147fa11696cfc3b7dbdd9889942accafb37ece52c79b77110df768f894340f0c1aec71ff07a8817379040cb08ff6dd5fdecf6462430d5ddc3cc0a01245285566b5b12f5575861ad1411c789f35ea3b5dc16185d6c801b9060829329513d4c605d31f2a8a8e49f47f3a5696c3cf21b212d72ab0ca1593553f1e5a4f9ad8a13fe2e7af1c895da71aec585166b27975ae228a068913591e1915b1ca94ba045e63ac36d6a578c5c19b1851eb1296aad34015512fae9aee11a417a2ba48492a8166c6c46d265935b84af99dfde4cae35b05e67b3e004b2d7ee0d2b76a8f71246702c5f9d9c8ded7e1a709af336f94330dbecb837a923915d9a8d87cd6fcf2576f505f33ee2b34db95f375d15681021e6cad787c38c08489d0bf6c51b3e886bce080d2e00b77a7ced9afbf216bfe86ef293d048e6dca5a0964b4c5fac3058666973e28f92ff02b62cd09bd4c517c4104f8177baf1e42ccadd86838a112414a409c7080fe3c6c25d449d047829dcceee54bdaf7457955dee3873f4d665b75f0970eecd7982e065cbfbf8cce42f6c78840d8b992be5180371e31486857fe47263421a1ca4645a5a143abf8fe5bd4bc479af834cdb3b40d4bc8781366a394bb35291f25c6f37d81b62d5a686038ac861b4043b7b79e63ed6c41c494a8ad22d68b9c46ad586df090e730a8acb89b95596aa497045dc3a6cfb02de87551a932ac716ce0c3c5ac199fcba508efe273bda03744319b9ca6829862a9d6932f943f01a2cc00e358d9f541fa010c653c060913f56c997a8798e17ea334de6ad30e9a479108363f5e08e8845e04380ddf93dc072ba97b992410fd6c1233ba6756c24724ba0dc9ee2bfa5035d99c70904315399cd5740c4c24ffcd8f33c14c5ade3feb956123f458f4e4b6785c8664fab852730b04e6756ecba7fc91496a1c9cc98fe2080db1953f6e43eda7f5be38028a84d09d7c10707f622ccb1b6da3fcb100288d69cf1c60fd07eddd3f9c95bcf84ebc39578b56db31fdf1a448974a839987bb88475fbc80269f66baed4b145bb1ecf914d450004a68375ff604e90549bd5d8230505dc907443a33681f9472c800c63cbbc95745acf515f45ab38edc4a1f929dbb06cab8abf8600acddbcd1bf4d0312d780ae4fdd2e75f97da406e79e1df1da7957a375d6f5e736160c05584dce719077d2e7b9fc602c2d99b219a37ad1189b58fcf5e9af9dbcc133c3247a7273039ad444a4227bb416b64bbd4bfa95cdce2f6fec058b6f4de2d2f76745d0c700b7c493d71858b60f8e761ae1081c03b29f57c57f9719c259d67fa9728f41773d9e81a0b240d05c810ee8d86ba54ce2671a49dc51ade1981f17d9f98f1efb67344349df57c4e1af758428042bb2223d40a5ea9322aef9a43b3c92cf7010857d652db7d821088387512e4f1e7f20b7c5cc308eb413a0971a215af7d04984894fe4718323e77ea55fdd5f7ef41b4e70c852fa45af8f1f2776a73e9937611e0e845aa583f24d7470e706296c4f83a1c92af9c7e540303a62baa2a544f27c27016259a7ab200001fcf61cd211a3011ed3df92d914cb3ef9a5b628baedc7866c7a2278f844656c7138f3696814eab9edb1e3b56c478aee616420b131b60a5b6d6cb0f99e2eb0af42cf2307c770ead19a93c7743191691cf79bccabe00d0e60d15bacd1abdd28483a3ed3549ad6567a95baf7eca9c303fc632d6f4f40b3fc35f57c55e6987de399b8fea65a5f04a2fccb23c1052841f33569f4273ec3cf8f89e42871e8d5cd2b5371064080e5bc5bd416b24f3a0e1be868fc21d77e455d299dcb0447ee748d989bd4b7af105417a98713b4446fe70a69b0e944b5205c2d42ede49a404d3ecddb28347cea868658ddb0e5b6381cd65e0878393c73410c950b1434e77439c9693295304f194e2894b5410c7b9d4831dab035ec927149c008a3ac483b53ec06a4d150b3547517780098f064311c2ba2d404d2180be8797a04f2a78b9d0ee6c833c8293e3e82a6aaaf5a01330b8aa2c40786642519c50a4ded7ce039d8524914a97440d6e40be8c979cf28044c2cb57d04da1e21d9cc8025ce997af5183dfb778e07a81eeed175f58c6138209b3a14060869e915184c993d566bf8cd922478d9cc290b8e1ff3b5a4eeb097a5f7db11309b3cb26d336017009f3eeb258dffedcbbede393958b2d6672dc8dedaad6b623840ef367d6cd6b6ea4da6c8828af897a9b6522ea288ba39586049051011eaf637d1e07a11e8a8272945d8ee36631b65c4be7f10fbc09d91901b043bdbfab3b4c87d7ce33c5a606435f8de39ca5c601edb55b22eeb3c7fd0b8b423e22d108e5e21b623e07829fbb3a0af71a70ee88bb1bf95117952ff1201e5b9889460b696c6dc1874029be8e127fb9d2b7112a555225df41788611b26972bf0ee9bc4197b3b5ddfe87df69d1cb6d681002b9236c52509e2614b47254324a51078873cd8cdaa33027c691c4f90132c0fe7dea4e184d842c6a7acb83820040a1838069c8516561a32e910a75abbe3c2a34f81e342c976ee58d366e13097fafd6719d4a61d7a99b0dfab41569897f39a5353be4b209403e01bea983523c735bb9d4a71ec439020d99cfbbc12c9c77e08e7fa3d2d820ab0b35325518052699dd37529ef90859d2971bd177b32c33ee2fec9a8cf3023e928325109419adb6ab47bdf8ff1fe1ecc471945169b73906cdbfe0ba2088c7d6dcd1c0cee686d52a0820c7e60575d46f5520fb80d5ab5c6401ea6f0ddbd7be4f050300eada451a53719cca0ee27fcbffd96fd1e39f42ae264e6afdf9d36c7280571e03f209bc27ba484c77f81645cae6267f91ec479572faebd3997c804244bcf95de0b3baaa79ee63ac286012ada2f9458efc92accc67d426df1870861defece2b0f9e83b004a333856d81cb53de1008467bb8670540bdc0cdb996e20eecd418f227b877ca20281e9d800b9b745985449a1c5a04ffb071bcf48c2796080410cc69ecf2a879cc168f7c5cc97f902508a33b5bf0159294e0796a3d12605f7d906368d84fe640c3e5a99600b798836cab962179219786be718255022298027cf6a6760d6b63b9242dd9c53c4710c22a7763959f0c76f0411579c9d7d56ca6ba78acca108ec9091b4357d039ab2ca9b83fa9c8ddace1ea0ec2096d02aaeaa8845ccec8fcbf3d1530aab31daac3c1ba5755763738141fa8c5ce2f45343916905ce85011fd0a98177869318476b23c38bacb129bae520dc79388c6d1d7ee0723d03f41f25cf7519be7ed147e5ed012dc8b5a3a2c0ae80c8a4d116a1a066dad6d8aa3351228ed03be2a93e265ee221e1ed7ba7e4bf494219409b03b3a9d77da3065ee6d9760c3f6bd37d085c71cb42e229d1a76d69cc6134fd4880a422fac5b62e2fe7f81943f6706c33cdb76c146e7066ce82a143873813ce96be943f96475e3b400bf763d53b9ccaa75a73df24c9484460d178012f9278682fb9be2ad26844e54253816f8c46e0752baa35d4ef1b50d2c57922e8727f9fbdc4a3646a9d27a6cdda157ec19e6fe8cb56976853c829ce8b750a3e80e035ab0b5ad76a1294cdc4e27b5229234167c7cfb76402bc3a49073e7424a6fca0a554dddb877d875447fb82dbb2b42aa5bf66f6cca929382b61603d3cdd64f0086fb8c7e4cd3b44dfc16d9f480dc1a5b3b83def5f1a6218997d20a0bfd0b2e20ed565addd9411bfda626426aa7405c47303ed932fffafdc0ae92b45ffa374d609b90cd3a8a4e775e25260d216b457675208617e3080d67c3eaf02972eb34fb3a0b44a7b493fa850da345c3da75ea41dcb03db164f7f9794f84e8cf7908aacbc042537a4e677a23658854989512770482bb72e3ad0267f8ac1cb6a946f75084070e56f2e7dc24e06fbf41229d9fb06a7e6d78cde175e0370e4265e70863c2d10db16dacfe37ce88a7d49519df6dc6a14371bc7ede9f62a2f83a1ef6b59b5ab19ebb16cd82653017f1304b5aec941c5aee930370913588a18391fe37e7c773f8ef8c35f5217627a53e7d5e9a50a286c2fe4dac2c27216a7e880fa66e3f7ab8042e7ad4499d1536da5aa0282ee26c0f0838b8f4dec41f5dc7de39dee10d7d32feae54f7d251f9d1c2ebc7c262e3a1ec8434b22788aa4ef89d5760f1a1575b87405e81aad3294d2213d571588acca7fd5de84db96f4ba6f9e8b72bc22d7e58c1eee60e444761a03296e129b54eadd6900b9fc6ff8b4ac43e86e783bae1b30be903ca960b476ba7448794f77f9997c678f4c36e052a3fc342e62746b5be1ac7b3f8ee0faa6229dac9d9ab742629e7b7da0024c77e0822a575b0d53c58eb26f6ede9aa6b084f7a7a720fd97c78631beda24375fcb2798835c28f19b63d67a27eb29372e88edfbac78c3283fdfecbd94fb39defee18fb6ea7fb6437db5615eb048a94c648fe61c99dd283cb545dde23520cec2aaaf7cfbfed310a7efb141f712ccbd9129e06d2874bf7d30c4de1fc9c28bfdd5aa4c464acf49d5478f1cba630c9e0ed1b304e95c58e0346896e4af6222365e27be25090c4df7ebbaba77b5477d7d61e4b4ea897489cc2f78edd7e3cc4ceb5191f24d777375cadf33583de1538e513f09720843a05894b8cac0d80dc4cf8726e3450adee5f791f18729520f284dcc1b2f00815c9be3a5850997d1a9034051980b92bb10f5a1344096e8443af228283aa427831bc7f9cc8db4929d4edfd9dfb60951d5eb541d2732e2c8025bf5a7c71b941ccffaa45ad26223e6ad8db0762e92100fba67055ab0e8a74f9d5072fac10b14f4d8b17333d209338cce53573b1b5de1682c7ccf13c40dabdea5b13697e13ab9731688a34fff5223aca45f0a38d77ba6c260e98081ffd7b74fa75c9c41021af6980a9e5dad4a9cbc1d78c2c48c78cdf2ab76c65b7300c9b463fdc8a60da37846d402beda60ba9d95bd3d65db086e00ed7301d6ca6965491216dce7baa07bd636e16f73971092f89cb07f6c1b7157958b2cea93e890e2692fdadaee827d448d0efdf33d73b718cf489cb1ffd9a723aa9f0a9775160a8130f8c6baa98e8f5e3ff9f0d6322bf9cba353313c2f175c28e136142038c80ae13a06ef40b97f9e6a1c5f6a054ca6c965a08259c29cd75d361352746f72f6d98934d68f418f392bb6bc720ab5dc05b1f84ba0e9b13bccf09ac4578cd55adbca8edf5df91b80c2c519b50492ed23247733c1a47364d77011bb199a859aaf0cff78f1ed86821f87f5620faa2faf5c96f8442716973c65f1977ae019d728c188dd648d19727ed7730c36c53281919360399b3c7efa41dffdc7dc6523f651fdbcad70628c46ff3478a8c5ff2acde1294a89e6950ef035a5aa469e50808227ba43e1e6da87b86ae278b97f29488f1547ebc8c44b0014893c11b9dc6c4b3306ff8a6aa2d38ac051f87d5709075e89930bfee239f91dcfa986f579e0ef3147674aa8f5d9fefc90128fbe699c32543f57c0915cc2acfbdffd058907c44d616a49eb4437baecc9d469eae9", &(0x7f00000007c0)="13d3d10a569b5e92cca83845cf8bc3c14f2e1bab7e3af28e33e424a464f52a3febdba89c54a7584372fb48fa5aa17c2306d97e41404baa158aa7ce5a7e382c5036697f3f09de619bd89b133296b588721f6597b5b747e1eb77b4e7ae5fb3a28fd5f1899bf4", 0x8, r0, 0x4}, 0x38)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r1, 0x0, 0x0}, 0x10)
socket$inet_dccp(0x2, 0x6, 0x0)
unshare(0x4000400)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f00000005c0)=[{0x2, 0x3, {0x1}, {0x2, 0xff, 0x7}, 0x0, 0x2}, {0x2, 0x3, {0x2, 0xff, 0x3}, {0x0, 0xff}, 0x1}, {0x3, 0x2, {0x2, 0xf0, 0x7}, {0x2}, 0xff, 0x1}, {0x1, 0x3, {0x1, 0x1, 0x4}, {0x1, 0x1, 0x1}, 0xfd, 0x1}, {0x1, 0x2, {0x0, 0x0, 0x2}, {0x2, 0xf0, 0x1}, 0xfd, 0xff}, {0x1, 0x2, {0x2}, {0x1, 0xf0}, 0x1, 0x2}, {0x1, 0x1, {0x2, 0x1}, {0x1, 0x1, 0x2}, 0x2, 0xfe}], 0xe0)
ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f00000001c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_opts(r7, 0x0, 0x12, &(0x7f0000000500)="e5e6f27308f029f639e960ee35bddb88d92985930974c0056e4f31cf563960f15befaf8b5762ebb5ad4cec0e24196a25e376e1d4e600948326f5861a958320d3ad42f1f7bb96395a6525fd91aae2bc307102b05264dbdb30f80b57db4cb6e046a5f53a3087114bd5916c290ce49a72525640323294db0760b400ce3f1f63ae3807fd983fd4f8688b9241d32039e432aa7a55289ca421e96e0c89fb6f4da25a05875c0e99503333491c3111bfa75a10c0235ae27dfb", 0xb5)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000080001000000000014000000460000400000000000849078c7b770592b472e392dd685833f69ed63f179bfd314bb3159d2f4287b83ab258f709b092013aade0b6761683243479c3ad9efaf669c5f53eba46b86fda0cfcd03cad938248c80ad0860450df83f2bb9b59546611b29e989b42e44ed722121e711fdb5230c57a3a5cce88a0b80fefe209d85a4d29ec38ac2d3c79f2e900ccd48c9b15e44eadc61325d7cf4b22da1ceddbf37b4029e0737349a83f1cadc15822f399a7ba7cbcfd84d07bc41711331d1", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba000000907800090b6f00050200000000000000000002d58838068b91000000"], 0x4e)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000020850000002d000000850000000f00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r11}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0x0, 0x8000}, [@IFLA_ADDRESS={0xa}]}, 0x2c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000400002000000000022cc0100950000000000000018f93118", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.681128582s ago: executing program 4 (id=1420):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0x1f]}}, 0x5c)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x9, 0x7, 0x8, 0x9, 0x5, 0x8, 0x2, 0x1ff}})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1b0000001a0069ae00000000000000001c"], 0x1c}}, 0x0)
ioctl$SIOCX25CALLACCPTAPPRV(r3, 0x89e8)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'wg2\x00', 0x84aebfbd6349b7f2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000180)={@empty, @empty, @val, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x0, 0x0, @link_local, "", @remote}}}}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[], 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x45310, 0x2000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0xc}]}}}]}, 0x44}}, 0x8080)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
unshare(0x68000380)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1004}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MTU={0x8, 0x4, 0x100}]}, 0x4c}}, 0x0)

1.563817248s ago: executing program 3 (id=1422):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="b40500000000000071107d000000000006000000000000009500000000000000bf05cb3365216e102d4b7fc0ac0ed689e2972d0eb396a8a344d9ae27530dc662d9d6d827446a56438f9d6c3dd23e3bc55ffe2d895233787cb77633c6f08d76cc3f4cfb47f085c3289b9531cdb90fb9aa4d3c87d2b8673550826ccb06c9fa2b8b19c4ad6e87f7cbef472ca08b1ebc334341e03e736370c1902313dc4e9d6a69fd8dec336afa43b311189545c919a31d6af14cf2769d20e8fb5ffea826cc2ac96e559bf940a45081428b0b3701e9fbdfa53cab7d5a50fcbee7fd6c899cf58ecdc44557145bb64f8024a1a2ee8beac920b0460e3b170e4e38b8a507ec1e99200145081d1d3b7511059d3bedfd04aea8de79ea37f82f10fe382a42550baad380c0e5f078614aaed0b6879dd8731805b52e79880d5782bfb434a34200ad"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x34, 0x3b, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0x8, 0x7, 0x0, 0x0, @fd=r0}]}, 0x34}}, 0xc000)

1.490109815s ago: executing program 1 (id=1423):
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async)
recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x4}], 0x1, 0x40000169, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000f5ff000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_cong_state_set\x00', r1}, 0x10) (async)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) (async, rerun: 32)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB="0000000000000000120000000000000080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
read(r6, &(0x7f0000005f40)=""/175, 0xaf) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r7=>0x0}) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00', <r9=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newlink={0x40, 0x10, 0xd8a88b3807bbf5cf, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r7}, @IFLA_HSR_SLAVE1={0x8, 0x1, r9}]}}}]}, 0x40}}, 0x0)
r10 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', <r11=>0x0}) (async)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x74, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10000}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x20044045}, 0x800)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)={0x58, r10, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r11}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.301386225s ago: executing program 3 (id=1424):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a8001600050001400300", 0x3a}], 0x1}, 0x10)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4)

1.245996797s ago: executing program 1 (id=1425):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$inet6_int(r0, 0x29, 0x18, 0x0, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), r6)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="0107000000000000000003000000c235999c07e0f0f8d460633e5ec3892196290db8dd53b08aa636bcd04094717c"], 0x14}, 0x1, 0x0, 0x0, 0xf0ffff}, 0x4000000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e4000000000000000005000100060000000500020073797a31000051d0a8400000050005d914550b70183993c86f971c92db7b000200000012"], 0x4c}}, 0x2)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000640)='virtio_transport_alloc_pkt\x00', r9}, 0x18)
r11 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r11, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYRES8=r0, @ANYRES16=r4, @ANYRES8=r10, @ANYRESOCT=r10, @ANYRES64=r10], 0x54}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040080)
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f0000000000)=""/240, &(0x7f0000000100)=0xf0)

1.180755504s ago: executing program 3 (id=1426):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000010000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

1.128745295s ago: executing program 4 (id=1427):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x304}, '\x00', "376a31a11e8e279cec092f071cc80f218d360356a936a7e3971a8c35c47e5804", '\x00', "fffffffffffffffd"}, 0x38)
writev(r0, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x304}, "6a655069ade22ce4", "0d35db0d4af1cbcce779bbc24b53fc4988c215118dd14cb837de56339a336a19", 'FY\\;', "8891ea13f18ef0be"}, 0x38)
r1 = socket$kcm(0x2, 0x2, 0x73)
sendmmsg$inet(r1, &(0x7f0000002840)=[{{&(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10, 0x0}}, {{&(0x7f0000000700)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x24000000)

903.762798ms ago: executing program 1 (id=1428):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r4=>0x0})
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
unshare(0x20000400)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r2, 0x21, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x400}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000044}, 0x40000)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r6)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x14, r7, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c1}, 0x4040010)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2f8db0", 0x1b}, {&(0x7f0000000100)="08f2bf2aab", 0x5}, {&(0x7f0000000200)="6bdcf27c", 0x4}], 0x3)
r9 = openat$ppp(0xffffffffffffff9c, 0x0, 0x202, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xf2}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffff8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004040}, 0x200008d2)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000000), 0x4)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r10, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
writev(r10, &(0x7f0000000280)=[{&(0x7f0000000240)="b1", 0x1}], 0x1)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x304}, "00000100ebffffff", "2607080d7f4fcf00fd4ef6dece6c7c58", '\x00', "006e34fb00"}, 0x28)
sendto$inet6(r10, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
close(r10)
ioctl$PPPIOCATTACH(r9, 0x4004743d, &(0x7f00000002c0)=0x3)

885.718468ms ago: executing program 4 (id=1429):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14142b080004000500000030001a"], 0x78}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="19000000040000000400000001"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0xfffffffffffffeb0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x9c, 0x30, 0x1, 0x0, 0x0, {}, [{0x88, 0x1, [@m_ct={0x84, 0x1, 0x0, 0x0, {{0x7}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private2={0xfc, 0x2, '\x00', 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x9c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000003b80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001a00020000000800170003000000080013000000020008000300030000000800140000000000080002"], 0x5c}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r3, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)

851.727314ms ago: executing program 0 (id=1430):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x1e, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit, @printk={@x={0x18, 0x0}, {0x3, 0x0, 0x6}, {0x7, 0x1, 0xb, 0x1, 0xa, 0xffff}, {}, {}, {0x5, 0x0, 0xb, 0x2}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

667.155726ms ago: executing program 3 (id=1431):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000092}, 0x800)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
writev(r3, &(0x7f0000000240)=[{&(0x7f00000001c0)="c053424f13d514a4b2c36fb98b4b2d1854ff24008abc6ddde724fecda639f31fd2995bd88045f74d42a686dc21ae9307f40b2c447b76b3b2f8f1bda90235946b8dd53b54e380a1cf5fd7ee9549cd5118940b1dc1a2ec2d8e4aa4b5574cc546a1763fe7091b425bc3737453bab04894", 0x6f}], 0x1)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x9, 0x17, &(0x7f00000002c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200000}}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x8}, @ringbuf_query, @btf_id={0x18, 0xe, 0x3, 0x0, 0x80}, @cb_func={0x18, 0x2, 0x4, 0x0, 0x2}], &(0x7f0000000380)='GPL\x00', 0x1, 0x1000, &(0x7f00000003c0)=""/4096, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000013c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000001400)={0x0, 0xc, 0xfff, 0x17}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001440)=[0x1, 0xffffffffffffffff], &(0x7f0000001480)=[{0x2, 0x3}, {0x1, 0x1, 0x7, 0x8}, {0x3, 0x2, 0x4, 0xc}, {0x3, 0x2, 0x8, 0x4}], 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000280)='qrtr_ns_server_add\x00', r5, 0x0, 0xfffffffffffffffb}, 0x18)
setsockopt$inet6_int(r4, 0x29, 0x31, &(0x7f00000015c0)=0xe, 0x4)
clock_gettime(0x0, &(0x7f00000016c0)={<r6=>0x0, <r7=>0x0})
pselect6(0x40, &(0x7f0000001600)={0x2, 0x9, 0x5, 0x2, 0x7, 0xe, 0x2, 0xfffffffffffffffa}, &(0x7f0000001640)={0x5, 0xc, 0x5, 0xa, 0x5, 0x8000000000000000, 0x4, 0x5}, &(0x7f0000001680)={0x2, 0x5, 0x5, 0x1, 0x4cb, 0x2ed, 0x100000001, 0x9}, &(0x7f0000001700)={r6, r7+10000000}, &(0x7f0000001780)={&(0x7f0000001740)={[0x43f]}, 0x8})
r8 = socket$caif_seqpacket(0x25, 0x5, 0x3)
sendmsg$inet(r8, &(0x7f0000002a00)={&(0x7f00000017c0)={0x2, 0x4e24, @private=0xa010101}, 0x10, &(0x7f00000029c0)=[{&(0x7f0000001800)="56a9f64f9afd734b2bd2b635ead0c5967b0cbf1426c30d0ca328eaf48fafea439248f6a52caa2dc24e3d646cbf67a8d783a35e1ff441b267f94740e73f9ac0e6f166f968ce9ec0430fea4db1ae84373cbf05565961a32fe98847570e900b940896959edba5b9ec075ac7d121235c0e404dd085bc7c6565de4a8aa4a77049766c26f44ff9aa190c3e06a726cbd3e0a1bbcfd21eae7b1cde12bf685be778608ed8e69de7a9cfe3d9a364e97bcb4dd5dddda33f506208131ca208183792a48d0ac4d489e7c2a97d37e24526", 0xca}, {&(0x7f0000001900)="14a994909b7d1d5a49baf66f5bd86d7435f9979f581da416939f65721e0a7ca2da726235668c4a0ca5d92482bf7d395ebf670024f94c650cc523918bfe7b9297adc0b0158a9a46c0bb01e82bd79c0d2ccbacac953d223b70d6478ac96ec4463e90135a64d828123136a0a1c9a236c321ce2fab04a33702fc397e0f45760bb12d34dcc62b7d903e4fce9b7aa544b11dec88926713af2d4dc034533701e37b2f788fa68fbc953b6de7ba752277bc5bf34f842bffa77b081e", 0xb7}, {&(0x7f00000019c0)="40905c8dea84d6990c05b6d4577020d6def7ac38ea60227318c7847d6a919f5e83f38e115e603e9a61044ef0e6e48ea95e72aa8c78ad3f18a838debe78d0064fab4b1d2e6733a3589afa5c182ecab7bb49887d91c41620b3ff0f5fae757915d24837a5b4a11947dfe59f4fd6432ef69142a333e2821fcd7f445e83a48678f75cc5d37bed0852b221395de208b3e68c83d0b2eb3553da0c4335426df4d41434c733aa8b1a096cd2f7ac9c68981ccd3592993dfaad5f48ececb8ed1a55b1641c75037e8aa62c826088585cad33013ea20549dce246117187fe337022cc2a3bc219c74d5c7a9beeb21e0e73d3c45410ce40f75febd70ade63d238d8b23a6717147cc45fdb291b5bf75bafa3069bfc5f1f16c387d143cc8545bd8a73ff1ea3f63163e6c9455de66e985f331e1eddde0dc188e7ca4b9da269f44731f7a22995a0d096042643ccb0d4bc806678be9a3add36e59a35efc49eb0aa0f7e8f4a56c248d6f6c1f1af4864a5b7db82d12d0d2992582891b1938d2d01a71fc68287f8a6260899f52b1fff3057fdab2383aee6ad99949a65dd0a0d91955c77f6c344a5b1311e6ec8f7c1d4ec6783a1d4d1c08a4f1ece2a378f83f88e3e66699604ba0caeb06d9a05b747765039bb4f221f7a6561573d41f7c2fbc305ece960ad51a81240c7613491475874debe323713bd0a688de53daa459ee96aa6679a5fb44b960e342b58580a662432169bf2bd361001c46c9eb7b64666969f4ae98aa35f52da089736de2f5b3a93827101620be808033d6e7191ab092a7a634a6f01ff73e24c6c9e1261f889ca457a1631108404c6330f104f16f20dc182371b3400bc27e281dc07e9a87676f6c3da497549b7153564a2c7e31fb5ee6d2999a98718d0a3074f989ec8f0db1c20c3f1ed6c9c092314726ddd34d0670ba0b897ac706fa5e4014126b7b4e93fe5820b714135eef77253db726f69ec67f7458886eb0c1b82b0337f350464f01762dc442411d61e4b09e6dbfd3ba541b03e389ac9961eb9ffada5c300de59b4021472af0416b70e23bd90595cf8cc4a32e67c7dab4feb02677a81b2df7dc2ad7155d0b8f3d7795e46fb1ce4b3dc6abdf1950413837a0288abab5166b3298914ba35d10dc321aa72e2ff0c86dc463a3b270b3e80a4f3f8ff957b0ad42e79308a59f865a41652fc8d107346a6a07c6c53595874a150597904485cb6019b2725ccda52e8ea9d921390af5f2d7e7d3c27ff6cfe473a8f608e32d42a14540798f846057f34cb100842e64beec2e42da66051d7a567be655be2b3cd01c63e080eaecad58d4e6c686b68f0d61ea29c7b04ed998375d547aa22eb456c87bca99ebb465fae59a68eed2ba2e89d54de41a9c75c8d82c8f66a7226b9f6e5ce91de8123433e36db5d37cb2194c9dd835c8c709a72f319df1f804099732f04e601350b8e173b132aa8516a13d28cd7383a0b01fd4cede500d9c847323de3f44bb62993634905c3a9dd7b63bd3652aaca25b7c80a66ca0c7d319513af0b0b2034a81fc7a4a86fcc6f63b35e632630135385736214b6dbcff8e2cf4b7ded5b425b0a54dbcbd5c55dbf7ca7b7eb4b373b595e7b6d39dedc1341e88834861cb7f002393515b41b565aa691caac91c2991adc2e51c2782aa4502ff997157f0a41592e3a2e83400759daa2ebe2d5976b67b79434d64e5825a1d8960f86889d6b2417b89f7fa464ac640f7a38b0901f6ba35aa2eb5e7181dafb4d1c8240387543728ba5a376e072b837a9a38ce758dec2c21af941febcb6f3aa4ad694f4e43b9039addec483432583b2d99ceb91c176876aa158c274a4747a7f3258b22e3c762e543c0bb8700f66ee6350c245feda1e5088eddb26b36538a5fa44fc44a711817736ff508e269521bf69df7f2c35abcabe2fc8b08e051894eedb5648ec0f0249668dab940565f124c12731a0b1d6a6c4db34575f40bd304688c75a61d30022ba74f7e28cbf11a5f64e9911e44faca9dff9feb6fc89167c50ef4262992636bea490581525b15ccbf303839db5d410ea120d1ab59fd5daabef9361b14f443b3b4e9bb4c36e95cffe7425fff3c080ad189c2d1b8444361dbccb64186256b4c8101e5240ce6ff6f2f669c8df7b81e792487a5b8f614d8ad11c40c390dd1161f1433a928fc4e1374a0d6a81c8389943fc5f4c2b6758507a408731be0727aee396b3adbbf4f15d01602fead428d8d9e7a05ade5fcca91a4c61386cf4702c462cb724931435577ebaa8d7a877dcd5a1340fc8a54b55b95bdcffc10815d848feff6dce1ef9c316cae599932fd00105ff995622d4d63dc6e6a006623d11a6280a68f908e3a7d07f0d88d3217a4c4c7037dd37be580c1ec10843881c0bc15a164279625cb5ea19335f1c51ba24c0bcb2c54c8599e4d5a4ab9b99147081ced37b7f85208ed76e4f76bff4b0a580b4f1202ef6fc278786d60d21ea0209dc503841dc48b53335531d1dbd7a4cd1d721bfbff4206159d2b86c1cfcc1b86b200e180f7519fd1153bcb5bd9b7c0d1224999e33c8f33689aea14a24f8b786a2320b595f481fcc99cb71421ff7d01ea53495cd81605e74b61f511596ddbc72e209e621455a1a20159e51ea714d912dd4f0a49d14b82e8495e6562e2f987d765ecb53c1b26a95184a59dff9337ddf202444baee75348fc0e356899b1bd83e8a0d0eae035ab82dd5cd512913497f56b06d51a161696d084317586c94aba6c1ed0bc6749048b5dfeeb8368f0c6f502ed8a9db74a0d94377252d1ae4b3c9c16534e5a9ff17049fd54ecf00728139b0008a3832a900732d552ce5690bc6aeb67d25f72e470f53f42f18b69b7e6863cd338ff95776621c9188f2952c330a1aa7d4f69cc11a8458e62adf06e92acd92ce598cab6ea4abcee38503101f6d7155927627fca6854bed77042f85246365b9b9c8b5fbc732fe1adff53868c7e7f58755148cea094df72436286e92085f1f858cd0b3dcaae961a32ced639a712db238fc1fae6d978181af76aa71bf28761a0f67e28ae0e0948c5bf666f56576c0374aaebe6651e24be29c59cb436e9f4a7bf81d396e75e13786dc425888b42c1ed22e95e18f1c61c2cda895242cd62b8ec313654e989682a24a327cc4a794048b48684b4fefe1beb4bd9fd8b0464327ddfa7daf5af964b5ab05169ef6f822a53d3867d9b763c74ad9d10adc265d0f8c3a8bd337899ea0447ab847302bee71c3ba4071a6554f9bbab28da596f4e4a87f46676a36f88e1b5d7dcd4aa46bc4c3db8ed6682be2ca0e7a41202b530413db7e6ee4314a431ca7b197a679e4732bb60cfb7187a4bcd2924c0074db6395296dbbe404b301a1e6640cc80cec459781414a757c1c46453bd3eac3f8d6bc2affb65727ea4eb40931d20736b44aa3ad342061739a13c7ee85bdeb39f3d47ac200c1d6b9df2f1acd639be6b0cd42fbcd8162bfb5e158b5901c785b037ce1f7626e2606179020bfc2b580c0ffd686d61aba122d5abd5c90dbad63ea4455b4c8940f0074fdbfc6476c73349bad29f22e99949dcdc2f9d3bc39680712b806bd4374c3494cb986b8be8a25b469ac423f131f3db67c21e5329424956515d5c26e261fe32500cf2990a07fff2a105b8bd01cbb21ff8c330f28cf6bde381b74826c1ff23bc4355cc78768b61bfdb77ab44d817fe97de7441d9aae6f3b4aefc1eb9aa9fd2ac735745e3eba34b52a08ae1d0663562a56a1c5ffac87f83ea87e9020f216249d6b6c17074a75d2f0aa779591dc5cc03a1e24c97c7dc4dc05d75752232b4ed2325883c72c53dc7de94df0ea54d3cab22ac8a8cc403543a7b76ce8ded4036b6a5f8ac1de3a6e29686cc661bda6a9ce5afddf53b9508c3f6d304d0142af4c3148d9e388476a253f1abc8df8769f4c1bbdf985c0ac476d84adbd56807e4a82be710833e748bb160c2aae4a3f99954816cb29f0681ee71c994da686763754d8643ff5694440344b802dbb17085f073e33cdb4e8b0493775df8f60bedecefa648063ff48dc87b0be82c8cf93e3208a21621715e1026ec4a13ecb7e65d689859173df8f76b7731854244d0f7fc5a8081bc5976fed8175e6059409d070dc9653b3fa48feaa9c083035a516139c254bdac45edbe879f94280332d40e16bec98c1e4e0709cb88c08fac6c0e084b76ffecc089f79893e53f44ed110ae0f354d65c5b768f320e6acad8042d62a0bc334f4ca1a9becacaaff3efb81b3653c578a599463d3cd1054063e080595703f3783b68c52f965683a56225b3213c4d8a7c7eb4b1a0e1c7fd03ea0db623be748a4074dc1454f3fd4c7e8c9a170a628a30a4dbc7a8cab84f23008f83ea6df4ecd67864cbe2bf21e5222c4029cc4262e91a55c5e14cfd342ce28e6700f7ee153c4fc6b08c129fe1500cc0ad65a6df8ead0e14ce9dece962660619a8826822c647fe71219c898b0b1950c979ca5ad79b9b3245588162e3ba9bc6fbdaa0586859334e0cb6866706e1b478addab30ffa1834e2e10a8b8f9b7999f1dd6c1c9e8ea483d98e5a1e54264c9ed83fdaaa3a936fb2b73785b987506c940beb3b2330905c6d818e46a6b290d924ac1acab59073a15d28a5355e6e13e385718c207887053a40fb3ed1b35f0240deb341d83bbcde19b489789a7e2da242cbeec02837637affd11c8921cbe15cd39e4279d7fd51f09f2533183dc512cb0afc995a62237cad913ef04c7f46548e6a86445e959847e140f9bcfa93599ef73cb02da6a2f28dbdfe2bc891bfbaa308dcdc88fd52ede932c9fa9457bb58b7f9a0748e815c6ed6798a735107ae231f49abf17c88081a5bfd0d3eaf61e66f12cd7a51bda4ccce825da35d1bb845cc749fbef916db8f51fe416e65113afc6cde7d46d6424128e6ab2c87017314f9bc91a10cc7aa18b9a6308b368ae14216b325921f340a4f615ffc7f6467bf11c80765d0d75b7c2339ab7c713d536b5ae371e65710b3ce6c9dce1fe1e4db1f8d52e1a44bc26b1515b423bb6b0350ffc4cae001561c0c6783d174a7bae6553b89556af8154ae6b12e1505486e5bf335f2e57d32709ed2091d41dc1ac4915b588254ef6ec185c5ac9d3a1a3ea2f156b7a5d5c583816f7fc6b83f15e1aee54461e8535879355dc0658fdc6613ca0b88a84756716b94c0c9d072fb090197a7544b0923dfbdabf6fcf31b2b63694903bb182ccf56fdc798cef1fc1bf28840e9d3a7143dc92e44b29c8dfdde9910e546bda2d19992c9a8cca1877dec7730037dae2bd1b71efcbfcd43a6ffa6dfb639d9952631a2d695f41712d152ab21c8f6c334fc02dea03e20ab7ffd8419bc27881a96bd07933afb106cae5746c38203c5a47b6021d15a88d80b8961a92f9dc82826c7cc2a08e27d1dd5c448712252b25feedcdf59e31f164df4e44c422e0c18177d9d9cb132eccb64b956c1fc5145a594cbed817ca9981e1b953aecc3d2e25fbc21c9f09dd0b2f352470751cd05c12f78e3fc95895934d7d46012c19ef3ebf3fb537ebd0c56710acc014c808dc74fd1039b1811ca0347de3f331333b8605cf9a0bcea6c78ce469ac8a88047654e98110a7803f7977313d5585ddd1d979453d3c94a96de4a6dccc05b04d04330e05c571f110f5f628c4c9b9675559eda5bc5ba0a0e11f5e73a6f089d245bd4f35e7d4940ad2a9cd464c22031f583aae96d072ec62572a6e271f17db8826914ca429c19dae5265f02d407daba198389d698c1d3622ac5a65c8eafc7cfae5dda8a8fdaca4f3999ecc5d6aa8389e58fed022762ede8dac02ef60d08a12581ff33bd921a8b7c7f3caf54c8a8bd9", 0x1000}], 0x3}, 0x82)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000002a40)=""/92, 0x5c, 0x40000020, &(0x7f0000002ac0)={0x2, 0x4e20, @broadcast}, 0x10)
r9 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
connect$llc(r9, &(0x7f0000002b00)={0x1a, 0x302, 0x7, 0x1, 0x0, 0x9}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002bc0)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000002b40), &(0x7f0000002b80)=r5}, 0x20)
r11 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000002c40), 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002cc0)={{r10}, &(0x7f0000002c00), &(0x7f0000002c80)=r11}, 0x20)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002d40), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r12, &(0x7f0000002e40)={&(0x7f0000002d00)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002e00)={&(0x7f0000002d80)={0x64, r13, 0x900, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8040}, 0x4004400)
r14 = syz_genetlink_get_family_id$net_dm(&(0x7f0000002ec0), r0)
sendmsg$NET_DM_CMD_START(r0, &(0x7f0000002f80)={&(0x7f0000002e80)={0x10, 0x0, 0x0, 0x80800000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002f00)={0x14, r14, 0x4, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000041)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000003080)={&(0x7f0000002fc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003040)={&(0x7f0000003000)={0x24, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x3}, @IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20040010)
r15 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000030c0)={<r16=>0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010100}}, 0x3, 0x30, 0x3, 0x7, 0x3}, &(0x7f0000003180)=0x98)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r15, 0x84, 0x6, &(0x7f00000031c0)={r16, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x84)

549.285138ms ago: executing program 0 (id=1432):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000010000000000000", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r3, 0x0, 0x23, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, 0x0, 0x0)

528.751245ms ago: executing program 4 (id=1433):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@updsa={0x11c, 0x1a, 0x4, 0x70bd27, 0x25dfdbff, {{@in=@remote, @in6=@local, 0x4e21, 0x2, 0x4e21, 0x4, 0x2, 0x20, 0x10, 0xc}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x3, 0x8000000000000001, 0x6c2, 0x8, 0x9, 0x6, 0x6, 0x32}, {0x4, 0x7ff, 0x7, 0x4}, {0xff, 0xfffffeff, 0x8}, 0x70bd2a, 0xe, 0xa, 0x1, 0x80}, [@user_kmaddress={0x2c, 0x13, {@in6=@rand_addr=' \x01\x00', @in=@private=0xa010102, 0x0, 0x2}}]}, 0x11c}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x32}}}, 0xb8}}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000840)={<r3=>r0, 0x6, 0x2, 0xfffffffffffffff2})
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={0x0}}, 0x4000)
unshare(0x2a020480)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x8014)
r5 = accept4(r4, 0x0, 0x0, 0x0)
recvmmsg$unix(r5, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500, 0xffffff8d}}], 0x600, 0x0, 0x0) (fail_nth: 16)

453.109076ms ago: executing program 3 (id=1434):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x3, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r1, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000b40), &(0x7f0000000180)=@tcp=r1}, 0x20) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000400)={r0, &(0x7f0000000340)}, 0x20) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) (async)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'sed\x00', 0x1, 0x7, 0x400006a}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000001000000000000008d080000711214000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa, @void, @value}, 0x94)

49.114582ms ago: executing program 4 (id=1435):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='.'], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0) (async)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_DYNSET_SREG_KEY={0x8}]}}}]}]}], {0x14}}, 0x68}}, 0x0) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r3], 0x44}}, 0x0) (async)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r4, 0x400452c8, &(0x7f0000000100))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x1}, @NL80211_ATTR_VENDOR_DATA={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40002}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000001580)={{{@in6=@remote, @in6=@private2, 0x4e21, 0xfffb, 0x4e22, 0xfffd, 0xa, 0x80, 0xc0, 0x3c}, {0x34, 0x7fff, 0x7fff, 0x9, 0x6, 0xd, 0x0, 0x12000000000}, {0xf, 0xa0f, 0xe, 0x1}, 0x83b, 0x6e6bb7, 0x1, 0x1, 0x1, 0x6f23e161ad6863d5}, {{@in6=@mcast1, 0x4d6, 0x33}, 0xa, @in6=@loopback, 0x3504, 0x4, 0x3, 0x78, 0x3, 0x7fffffff, 0x755f}}, 0xe8) (async)
r9 = socket(0x1, 0x803, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r10)
sendmsg$TIPC_NL_MON_PEER_GET(r10, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0d030000000000000000130000000c00098005000200"], 0x20}}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x24}}, 0x0) (async)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x0) (async)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e000000001800", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

48.952112ms ago: executing program 3 (id=1436):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a8001600050001400300", 0x3a}], 0x1}, 0x10)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4)

0s ago: executing program 0 (id=1437):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x15}}, @printk={@x}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/157, 0x9d}], 0x1, &(0x7f0000000240)=""/15, 0xf}, 0x40) (async)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r4, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008010)

kernel console output (not intermixed with test programs):

acks suppressed
[  147.150809][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.820'.
[  147.247104][ T8883] macvlan3: entered promiscuous mode
[  147.252959][ T8883] macvlan3: entered allmulticast mode
[  147.260560][ T8883] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  147.291998][ T8889] netlink: 'syz.3.821': attribute type 66 has an invalid length.
[  147.345796][ T8730] veth0_vlan: entered promiscuous mode
[  147.391869][ T8730] veth1_vlan: entered promiscuous mode
[  147.417609][ T8892] netlink: 36 bytes leftover after parsing attributes in process `syz.4.822'.
[  147.481947][ T8730] veth0_macvtap: entered promiscuous mode
[  147.560294][ T8730] veth1_macvtap: entered promiscuous mode
[  147.581533][ T8730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.600541][ T8730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.613430][ T8730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.624656][ T8730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.644209][ T8730] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.688220][ T8730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.714378][ T8908] netlink: 104 bytes leftover after parsing attributes in process `syz.4.828'.
[  147.719425][ T8730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.750560][ T8730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.763096][ T8730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.791959][ T8730] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.823550][ T8730] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.862756][ T8730] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.893227][ T8730] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.915842][ T8730] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.943752][ T8913] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  147.963109][ T8918] netlink: 'syz.0.832': attribute type 1 has an invalid length.
[  147.992415][ T8918] netlink: 'syz.0.832': attribute type 2 has an invalid length.
[  148.029066][ T8916] netlink: 'syz.1.831': attribute type 32 has an invalid length.
[  148.071806][ T8916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.831'.
[  148.104973][ T6561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.113065][ T6561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.298064][ T6561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.351497][ T6561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.526938][ T8930] sctp: [Deprecated]: syz.0.835 (pid 8930) Use of struct sctp_assoc_value in delayed_ack socket option.
[  148.526938][ T8930] Use struct sctp_sack_info instead
[  148.572778][   T54] Bluetooth: hci2: command tx timeout
[  148.849462][ T8948] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.839'.
[  149.139882][ T8976] netlink: 'syz.4.846': attribute type 7 has an invalid length.
[  149.179482][ T8979] bridge0: port 4(veth0_to_bridge) entered blocking state
[  149.197809][ T8979] bridge0: port 4(veth0_to_bridge) entered disabled state
[  149.227999][ T8979] veth0_to_bridge: entered allmulticast mode
[  149.266857][ T8979] veth0_to_bridge: entered promiscuous mode
[  149.408034][ T8996] hsr_slave_0: left promiscuous mode
[  149.448874][ T8996] hsr_slave_1: left promiscuous mode
[  149.488787][ T8998] netlink: 4 bytes leftover after parsing attributes in process `syz.4.851'.
[  149.683079][ T9010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.854'.
[  150.094745][ T6565] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.329774][ T9022] netlink: 'syz.0.858': attribute type 1 has an invalid length.
[  150.601896][ T6565] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.667853][ T6565] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.728101][ T6565] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.820712][ T6565] bridge_slave_1: left allmulticast mode
[  150.832761][ T6565] bridge_slave_1: left promiscuous mode
[  150.839111][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.854289][ T6565] bridge_slave_0: left allmulticast mode
[  150.861185][ T6565] bridge_slave_0: left promiscuous mode
[  150.873046][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.147284][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  151.182425][ T9027] netlink: 'syz.4.860': attribute type 10 has an invalid length.
[  151.192633][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  151.217229][ T9039] xt_TCPMSS: Only works on TCP SYN packets
[  151.223149][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  151.272054][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  151.291049][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  151.309938][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  151.623788][ T6565] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.637039][ T6565] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.648758][ T6565] bond0 (unregistering): Released all slaves
[  151.670258][ T9032] bridge1: entered promiscuous mode
[  151.676527][ T9032] bridge1: entered allmulticast mode
[  151.722065][ T9038] vlan2: entered promiscuous mode
[  151.793205][ T9027] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  151.813883][ T9036] bridge0: port 3(ip6gretap0) entered blocking state
[  151.835535][ T9044] ieee802154 phy0 wpan0: encryption failed: -22
[  151.845655][ T9036] bridge0: port 3(ip6gretap0) entered disabled state
[  151.860108][ T9045] ieee802154 phy0 wpan0: encryption failed: -22
[  151.867922][ T9036] ip6gretap0: entered allmulticast mode
[  151.897585][ T9036] ip6gretap0: entered promiscuous mode
[  151.903658][ T9036] bridge0: port 3(ip6gretap0) entered blocking state
[  151.910488][ T9036] bridge0: port 3(ip6gretap0) entered forwarding state
[  152.036617][ T9033] vxcan1 speed is unknown, defaulting to 1000
[  152.515533][ T6565] hsr_slave_0: left promiscuous mode
[  152.521563][ T6565] hsr_slave_1: left promiscuous mode
[  152.527519][ T6565] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.535294][ T6565] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.548431][ T6565] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.558510][ T6565] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.584464][ T6565] veth1_macvtap: left promiscuous mode
[  152.591049][ T6565] veth0_macvtap: left promiscuous mode
[  152.597483][ T6565] veth1_vlan: left promiscuous mode
[  152.602802][ T6565] veth0_vlan: left promiscuous mode
[  152.912578][ T9067] ax25_connect(): syz.0.868 uses autobind, please contact jreuter@yaina.de
[  153.199061][ T9076] unsupported nla_type 33050
[  153.343914][ T6565] team0 (unregistering): Port device team_slave_1 removed
[  153.351406][ T5838] Bluetooth: hci2: command tx timeout
[  153.421794][ T6565] team0 (unregistering): Port device team_slave_0 removed
[  154.034438][ T9076] tap0: tun_chr_ioctl cmd 1074025677
[  154.050222][ T9076] tap0: linktype set to 768
[  154.249379][ T9085] netlink: 256 bytes leftover after parsing attributes in process `syz.0.874'.
[  154.300967][ T9033] chnl_net:caif_netlink_parms(): no params data found
[  154.573571][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.877'.
[  154.594215][ T9033] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.623499][ T9033] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.672215][ T9033] bridge_slave_0: entered allmulticast mode
[  154.695901][ T9103] netlink: 48 bytes leftover after parsing attributes in process `syz.0.877'.
[  154.711222][ T9105] x_tables: duplicate underflow at hook 1
[  154.717251][ T9033] bridge_slave_0: entered promiscuous mode
[  154.718913][ T9033] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.746333][ T9033] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.753759][ T9033] bridge_slave_1: entered allmulticast mode
[  154.784636][ T9033] bridge_slave_1: entered promiscuous mode
[  154.869806][ T9033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.892566][ T9033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.958846][ T9033] team0: Port device team_slave_0 added
[  154.969984][ T9114] netlink: 'syz.3.880': attribute type 21 has an invalid length.
[  154.984729][ T9033] team0: Port device team_slave_1 added
[  155.052007][ T9033] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.065716][ T9033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.096725][ T9033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.111346][ T9033] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.120052][ T9033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.147173][ T9033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.216401][ T9033] hsr_slave_0: entered promiscuous mode
[  155.230191][ T9033] hsr_slave_1: entered promiscuous mode
[  155.246127][ T9033] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  155.262822][ T9033] Cannot create hsr debugfs directory
[  155.435460][ T5838] Bluetooth: hci2: command tx timeout
[  155.503615][ T9125] FAULT_INJECTION: forcing a failure.
[  155.503615][ T9125] name failslab, interval 1, probability 0, space 0, times 0
[  155.523360][ T9125] CPU: 0 UID: 0 PID: 9125 Comm: syz.0.884 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  155.533990][ T9125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  155.544063][ T9125] Call Trace:
[  155.547355][ T9125]  <TASK>
[  155.550297][ T9125]  dump_stack_lvl+0x241/0x360
[  155.555004][ T9125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.560224][ T9125]  ? __pfx__printk+0x10/0x10
[  155.564844][ T9125]  should_fail_ex+0x3b0/0x4e0
[  155.569542][ T9125]  should_failslab+0xac/0x100
[  155.574240][ T9125]  ? skb_clone+0x20c/0x390
[  155.578684][ T9125]  kmem_cache_alloc_noprof+0x70/0x380
[  155.584082][ T9125]  skb_clone+0x20c/0x390
[  155.588354][ T9125]  __netlink_deliver_tap+0x3cc/0x7f0
[  155.593670][ T9125]  ? netlink_deliver_tap+0x2e/0x1b0
[  155.598883][ T9125]  netlink_deliver_tap+0x19d/0x1b0
[  155.604016][ T9125]  netlink_unicast+0x7c4/0x990
[  155.608803][ T9125]  ? __pfx_netlink_unicast+0x10/0x10
[  155.614106][ T9125]  ? __virt_addr_valid+0x45f/0x530
[  155.619235][ T9125]  ? __phys_addr_symbol+0x2f/0x70
[  155.624276][ T9125]  ? __check_object_size+0x47a/0x730
[  155.629585][ T9125]  netlink_sendmsg+0x8e4/0xcb0
[  155.634382][ T9125]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.639687][ T9125]  ? aa_sock_msg_perm+0x91/0x160
[  155.644649][ T9125]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.649954][ T9125]  __sock_sendmsg+0x221/0x270
[  155.654656][ T9125]  ____sys_sendmsg+0x52a/0x7e0
[  155.659454][ T9125]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.664763][ T9125]  ? __fget_files+0x2a/0x410
[  155.669379][ T9125]  ? __fget_files+0x2a/0x410
[  155.673996][ T9125]  __sys_sendmsg+0x269/0x350
[  155.678605][ T9125]  ? __pfx_lock_release+0x10/0x10
[  155.683650][ T9125]  ? __pfx___sys_sendmsg+0x10/0x10
[  155.688792][ T9125]  ? __pfx_vfs_write+0x10/0x10
[  155.693600][ T9125]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  155.699951][ T9125]  ? do_syscall_64+0x100/0x230
[  155.704736][ T9125]  ? do_syscall_64+0xb6/0x230
[  155.709433][ T9125]  do_syscall_64+0xf3/0x230
[  155.713953][ T9125]  ? clear_bhb_loop+0x35/0x90
[  155.718653][ T9125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.724565][ T9125] RIP: 0033:0x7f0eb2d85d29
[  155.728996][ T9125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.748616][ T9125] RSP: 002b:00007f0eb3bba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.757055][ T9125] RAX: ffffffffffffffda RBX: 00007f0eb2f75fa0 RCX: 00007f0eb2d85d29
[  155.765043][ T9125] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  155.773030][ T9125] RBP: 00007f0eb3bba090 R08: 0000000000000000 R09: 0000000000000000
[  155.781015][ T9125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.789005][ T9125] R13: 0000000000000000 R14: 00007f0eb2f75fa0 R15: 00007ffceea74188
[  155.797014][ T9125]  </TASK>
[  156.010383][ T9132] netlink: 'syz.4.887': attribute type 1 has an invalid length.
[  156.092181][ T9132] 8021q: adding VLAN 0 to HW filter on device bond2
[  156.139741][ T9134] 8021q: adding VLAN 0 to HW filter on device bond2
[  156.161834][ T9134] bond2: (slave vcan0): The slave device specified does not support setting the MAC address
[  156.176774][ T9130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.886'.
[  156.216627][ T9134] bond2: (slave vcan0): Error -95 calling set_mac_address
[  156.264801][ T9132] 8021q: adding VLAN 0 to HW filter on device batadv1
[  156.283668][ T9132] bond2: (slave batadv1): making interface the new active one
[  156.316339][ T9132] bond2: (slave batadv1): Enslaving as an active interface with an up link
[  156.340879][ T9138] 8021q: adding VLAN 0 to HW filter on device batadv2
[  156.381657][ T9138] bond2: (slave batadv2): Enslaving as an active interface with an up link
[  156.533347][ T9033] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  156.564809][ T9033] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  156.586951][ T9145] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  156.615783][ T9033] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  156.640271][ T9033] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  156.689459][ T9152] netlink: 'syz.0.892': attribute type 21 has an invalid length.
[  156.721278][ T9145] vlan3: entered promiscuous mode
[  156.744419][ T9145] vlan3: entered allmulticast mode
[  156.760554][ T9145] vlan0: entered allmulticast mode
[  156.770113][ T9145] veth0_vlan: entered allmulticast mode
[  156.781646][ T9145] vlan0: entered promiscuous mode
[  156.810243][ T9145] team0: Port device vlan3 added
[  156.823543][ T9156] netlink: 'syz.3.889': attribute type 1 has an invalid length.
[  156.845208][ T9156] netlink: 224 bytes leftover after parsing attributes in process `syz.3.889'.
[  156.967652][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.893'.
[  157.060704][ T9033] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.086692][ T9033] 8021q: adding VLAN 0 to HW filter on device team0
[  157.102469][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.109629][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.128956][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.136135][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.183681][ T9164] SET target dimension over the limit!
[  157.198624][ T9165] bridge0: port 5(gretap0) entered blocking state
[  157.213076][ T9165] bridge0: port 5(gretap0) entered disabled state
[  157.220901][ T9165] gretap0: entered allmulticast mode
[  157.237934][ T9165] gretap0: entered promiscuous mode
[  157.505521][ T5838] Bluetooth: hci2: command tx timeout
[  157.565909][ T9033] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.618041][ T9033] veth0_vlan: entered promiscuous mode
[  157.645330][ T9033] veth1_vlan: entered promiscuous mode
[  157.711032][ T9033] veth0_macvtap: entered promiscuous mode
[  157.728112][ T9033] veth1_macvtap: entered promiscuous mode
[  157.774098][ T9160] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  157.777701][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.800338][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.814355][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.841349][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.890646][ T9033] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.914057][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.944996][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.965402][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.005668][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.024427][ T9033] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.043251][ T9175] netlink: 72 bytes leftover after parsing attributes in process `syz.0.896'.
[  158.056315][ T9175] netlink: 72 bytes leftover after parsing attributes in process `syz.0.896'.
[  158.104304][ T9176] vxcan1 speed is unknown, defaulting to 1000
[  158.105858][ T9033] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.128056][ T9033] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.141637][ T9033] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.155046][ T9033] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.176049][ T9180] syz.4.897 (9180) used greatest stack depth: 15760 bytes left
[  158.194743][ T9181] netlink: 44 bytes leftover after parsing attributes in process `syz.3.898'.
[  158.235709][ T9181] netlink: 35 bytes leftover after parsing attributes in process `syz.3.898'.
[  158.244623][ T9181] netlink: 'syz.3.898': attribute type 6 has an invalid length.
[  158.295400][ T9181] netlink: 'syz.3.898': attribute type 5 has an invalid length.
[  158.380411][ T6564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.425663][ T6564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.507731][ T6565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.538550][ T6565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.036601][ T9197] netlink: 'syz.0.903': attribute type 21 has an invalid length.
[  159.105879][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  159.439637][ T9214] vxcan1 speed is unknown, defaulting to 1000
[  159.844607][ T9214] syzkaller1: entered allmulticast mode
[  159.852602][ T9214] netlink: 'syz.3.908': attribute type 5 has an invalid length.
[  159.919078][ T6563] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.822920][ T9231] __nla_validate_parse: 1 callbacks suppressed
[  160.822939][ T9231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.911'.
[  160.828719][ T9235] netlink: 20 bytes leftover after parsing attributes in process `syz.4.914'.
[  160.855852][ T9231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.911'.
[  160.862399][ T9239] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  161.112021][ T9247] netlink: 'syz.0.915': attribute type 21 has an invalid length.
[  161.440847][ T6563] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.453321][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  161.464114][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  161.472663][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  161.481868][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  161.490176][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  161.503270][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  161.555921][ T9262] vxcan1 speed is unknown, defaulting to 1000
[  161.602947][ T6563] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.698866][ T6563] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.829425][ T9279] FAULT_INJECTION: forcing a failure.
[  161.829425][ T9279] name failslab, interval 1, probability 0, space 0, times 0
[  161.843952][ T9279] CPU: 1 UID: 0 PID: 9279 Comm: syz.4.924 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  161.854585][ T9279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  161.864663][ T9279] Call Trace:
[  161.867964][ T9279]  <TASK>
[  161.870922][ T9279]  dump_stack_lvl+0x241/0x360
[  161.875630][ T9279]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.880865][ T9279]  ? __pfx__printk+0x10/0x10
[  161.885484][ T9279]  ? __kmalloc_cache_noprof+0x48/0x390
[  161.890971][ T9279]  ? __pfx___might_resched+0x10/0x10
[  161.896290][ T9279]  should_fail_ex+0x3b0/0x4e0
[  161.900993][ T9279]  should_failslab+0xac/0x100
[  161.905701][ T9279]  __kmalloc_cache_noprof+0x70/0x390
[  161.911007][ T9279]  ? call_usermodehelper_setup+0x8e/0x270
[  161.916729][ T9279]  ? trace_kmalloc+0x1f/0xd0
[  161.921322][ T9279]  call_usermodehelper_setup+0x8e/0x270
[  161.926870][ T9279]  ? __pfx_free_modprobe_argv+0x10/0x10
[  161.932415][ T9279]  __request_module+0x3cd/0x640
[  161.937267][ T9279]  ? __pfx_lock_acquire+0x10/0x10
[  161.942292][ T9279]  ? __pfx___request_module+0x10/0x10
[  161.947680][ T9279]  ? rtnl_link_ops_get+0x22/0x250
[  161.952706][ T9279]  ? rtnl_link_ops_get+0x21d/0x250
[  161.957821][ T9279]  rtnl_newlink+0x622/0x2210
[  161.962416][ T9279]  ? kasan_save_track+0x51/0x80
[  161.967264][ T9279]  ? kasan_save_free_info+0x40/0x50
[  161.972462][ T9279]  ? __kasan_slab_free+0x59/0x70
[  161.977393][ T9279]  ? kmem_cache_free+0x195/0x410
[  161.982328][ T9279]  ? __pfx_rtnl_newlink+0x10/0x10
[  161.987352][ T9279]  ? __netlink_deliver_tap+0x56b/0x7f0
[  161.992809][ T9279]  ? __pfx_validate_chain+0x10/0x10
[  161.998011][ T9279]  ? __sock_sendmsg+0x221/0x270
[  162.002863][ T9279]  ? ____sys_sendmsg+0x52a/0x7e0
[  162.007796][ T9279]  ? __sys_sendmsg+0x269/0x350
[  162.012554][ T9279]  ? do_syscall_64+0xf3/0x230
[  162.017228][ T9279]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.023307][ T9279]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  162.029286][ T9279]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  162.035614][ T9279]  ? mark_lock+0x9a/0x360
[  162.039942][ T9279]  ? __lock_acquire+0x1397/0x2100
[  162.044995][ T9279]  ? rcu_read_unlock+0x87/0xa0
[  162.049765][ T9279]  ? __dev_queue_xmit+0x1775/0x3f50
[  162.054974][ T9279]  ? __pfx_lock_release+0x10/0x10
[  162.060023][ T9279]  ? __pfx_rtnl_newlink+0x10/0x10
[  162.065054][ T9279]  rtnetlink_rcv_msg+0x791/0xcf0
[  162.070007][ T9279]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  162.075132][ T9279]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.080628][ T9279]  ? ref_tracker_free+0x643/0x7e0
[  162.085674][ T9279]  netlink_rcv_skb+0x1e3/0x430
[  162.090456][ T9279]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.095928][ T9279]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  162.101232][ T9279]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.106438][ T9279]  netlink_unicast+0x7f6/0x990
[  162.111211][ T9279]  ? __pfx_netlink_unicast+0x10/0x10
[  162.116499][ T9279]  ? __virt_addr_valid+0x45f/0x530
[  162.121614][ T9279]  ? __phys_addr_symbol+0x2f/0x70
[  162.126640][ T9279]  ? __check_object_size+0x47a/0x730
[  162.131929][ T9279]  netlink_sendmsg+0x8e4/0xcb0
[  162.136702][ T9279]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.141986][ T9279]  ? aa_sock_msg_perm+0x91/0x160
[  162.146929][ T9279]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.152214][ T9279]  __sock_sendmsg+0x221/0x270
[  162.156904][ T9279]  ____sys_sendmsg+0x52a/0x7e0
[  162.161675][ T9279]  ? __pfx_____sys_sendmsg+0x10/0x10
[  162.166955][ T9279]  ? __fget_files+0x2a/0x410
[  162.171550][ T9279]  ? __fget_files+0x2a/0x410
[  162.176146][ T9279]  __sys_sendmsg+0x269/0x350
[  162.180736][ T9279]  ? __pfx_lock_release+0x10/0x10
[  162.185760][ T9279]  ? __pfx___sys_sendmsg+0x10/0x10
[  162.190880][ T9279]  ? __pfx_vfs_write+0x10/0x10
[  162.195659][ T9279]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  162.201984][ T9279]  ? do_syscall_64+0x100/0x230
[  162.206748][ T9279]  ? do_syscall_64+0xb6/0x230
[  162.211448][ T9279]  do_syscall_64+0xf3/0x230
[  162.215976][ T9279]  ? clear_bhb_loop+0x35/0x90
[  162.220672][ T9279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.226573][ T9279] RIP: 0033:0x7f68d2585d29
[  162.230989][ T9279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.250603][ T9279] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  162.259023][ T9279] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  162.266996][ T9279] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  162.274972][ T9279] RBP: 00007f68d33c6090 R08: 0000000000000000 R09: 0000000000000000
[  162.282947][ T9279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.290914][ T9279] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  162.298893][ T9279]  </TASK>
[  162.413098][ T6563] bridge_slave_1: left allmulticast mode
[  162.426545][ T6563] bridge_slave_1: left promiscuous mode
[  162.432298][ T6563] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.454756][ T6563] bridge_slave_0: left allmulticast mode
[  162.476042][ T6563] bridge_slave_0: left promiscuous mode
[  162.481820][ T6563] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.742837][ T9300] netlink: 24 bytes leftover after parsing attributes in process `syz.3.929'.
[  162.981258][ T6563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  162.991861][ T6563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  163.002601][ T6563] bond0 (unregistering): Released all slaves
[  163.017947][ T9288] netlink: 'syz.1.928': attribute type 21 has an invalid length.
[  163.083586][ T9304] hsr0: entered allmulticast mode
[  163.104353][ T9304] hsr_slave_0: entered allmulticast mode
[  163.114434][ T9304] hsr_slave_1: entered allmulticast mode
[  163.150374][ T9262] chnl_net:caif_netlink_parms(): no params data found
[  163.361055][ T9318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.933'.
[  163.386059][   T46] IPVS: starting estimator thread 0...
[  163.492218][ T9325] IPVS: using max 26 ests per chain, 62400 per kthread
[  163.605519][   T54] Bluetooth: hci2: command tx timeout
[  163.642243][ T9335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.936'.
[  163.690147][ T6563] hsr_slave_0: left promiscuous mode
[  163.711003][ T6563] hsr_slave_1: left promiscuous mode
[  163.725637][ T6563] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  163.743303][ T6563] batman_adv: batadv0: Removing interface: batadv_slave_0
[  163.762102][ T6563] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  163.779202][ T6563] batman_adv: batadv0: Removing interface: batadv_slave_1
[  163.832576][ T6563] veth1_macvtap: left promiscuous mode
[  163.842823][ T6563] veth0_macvtap: left promiscuous mode
[  163.853778][ T6563] veth1_vlan: left promiscuous mode
[  163.863604][ T6563] veth0_vlan: left promiscuous mode
[  164.322533][ T6563] team0 (unregistering): Port device team_slave_1 removed
[  164.361848][ T6563] team0 (unregistering): Port device team_slave_0 removed
[  164.749391][ T9262] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.757683][ T9262] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.764908][ T9262] bridge_slave_0: entered allmulticast mode
[  164.771649][ T9262] bridge_slave_0: entered promiscuous mode
[  164.782932][ T9262] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.787039][ T9333] vxcan1 speed is unknown, defaulting to 1000
[  164.790204][ T9262] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.814251][ T9262] bridge_slave_1: entered allmulticast mode
[  164.821590][ T9262] bridge_slave_1: entered promiscuous mode
[  164.828627][ T9328] tap0: tun_chr_ioctl cmd 1074025673
[  164.997877][ T9262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.068655][ T9262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.097972][ T9350] netlink: 'syz.4.940': attribute type 21 has an invalid length.
[  165.189623][ T9262] team0: Port device team_slave_0 added
[  165.297295][ T9262] team0: Port device team_slave_1 added
[  165.415982][ T9262] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.423089][ T9262] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.487998][ T9262] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.533325][ T9262] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.545592][ T9262] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.572930][ T9371] netlink: 'syz.1.946': attribute type 4 has an invalid length.
[  165.584636][ T9262] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.665820][   T54] Bluetooth: hci2: command tx timeout
[  165.687001][ T9365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.945'.
[  165.843307][ T9262] hsr_slave_0: entered promiscuous mode
[  165.852990][ T9262] hsr_slave_1: entered promiscuous mode
[  165.859935][ T9262] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.868820][ T9262] Cannot create hsr debugfs directory
[  165.881796][   T29] audit: type=1107 audit(1736820728.674:2): pid=9388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='
[  165.881796][   T29] '
[  166.150826][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.4.952'.
[  166.422721][ T9404] netlink: 'syz.0.955': attribute type 12 has an invalid length.
[  166.431320][ T9404] netlink: 'syz.0.955': attribute type 29 has an invalid length.
[  166.440112][ T9404] netlink: 148 bytes leftover after parsing attributes in process `syz.0.955'.
[  166.450495][ T9404] netlink: 'syz.0.955': attribute type 2 has an invalid length.
[  166.458755][ T9404] netlink: 43 bytes leftover after parsing attributes in process `syz.0.955'.
[  166.679220][ T9410] ip6tnl1: entered allmulticast mode
[  166.801088][ T9262] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  166.829677][ T9414] netlink: 'syz.3.959': attribute type 1 has an invalid length.
[  166.839962][ T9262] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  166.858968][ T9262] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  166.868594][ T9414] netlink: 72 bytes leftover after parsing attributes in process `syz.3.959'.
[  166.894022][ T9262] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  167.092388][ T9420] netlink: 'syz.1.960': attribute type 29 has an invalid length.
[  167.122976][ T9420] netlink: 'syz.1.960': attribute type 29 has an invalid length.
[  167.142210][ T9420] netlink: 500 bytes leftover after parsing attributes in process `syz.1.960'.
[  167.156420][ T9262] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.168404][ T9420] netlink: 28 bytes leftover after parsing attributes in process `syz.1.960'.
[  167.207593][ T9262] 8021q: adding VLAN 0 to HW filter on device team0
[  167.227942][ T6565] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.235118][ T6565] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.280655][ T6559] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.287837][ T6559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.747213][   T54] Bluetooth: hci2: command tx timeout
[  167.811420][ T9449] veth1_to_bridge: entered promiscuous mode
[  167.845264][ T9449] veth1_to_bridge: left promiscuous mode
[  167.975139][ T9452] netlink: 'syz.0.967': attribute type 12 has an invalid length.
[  167.983183][ T9452] netlink: 'syz.0.967': attribute type 29 has an invalid length.
[  167.992677][ T9452] netlink: 148 bytes leftover after parsing attributes in process `syz.0.967'.
[  168.003088][ T9452] netlink: 'syz.0.967': attribute type 2 has an invalid length.
[  168.041219][ T9452] netlink: 43 bytes leftover after parsing attributes in process `syz.0.967'.
[  168.099757][ T9262] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.132757][ T9262] veth0_vlan: entered promiscuous mode
[  168.143942][ T9262] veth1_vlan: entered promiscuous mode
[  168.182825][ T9262] veth0_macvtap: entered promiscuous mode
[  168.194517][ T9262] veth1_macvtap: entered promiscuous mode
[  168.209559][ T9262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  168.220081][ T9262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.231006][ T9262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  168.241478][ T9262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.252578][ T9262] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.257065][ T9462] netlink: 16 bytes leftover after parsing attributes in process `syz.3.971'.
[  168.262517][ T9262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.279372][ T9262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.290194][ T9262] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.300715][ T9262] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.311833][ T9262] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.365803][ T9262] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.374647][ T9262] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.384765][ T9262] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.414904][ T9262] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.564194][ T9478] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96
[  168.579335][ T9488] x_tables: duplicate underflow at hook 3
[  168.621556][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.975'.
[  168.775705][ T6560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.783899][ T6560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.880700][ T6557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.896327][ T6557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.950689][ T9498] vxcan1 speed is unknown, defaulting to 1000
[  169.487907][ T9510] netlink: 'syz.4.983': attribute type 12 has an invalid length.
[  169.778563][ T9516] syzkaller1: entered promiscuous mode
[  169.813001][ T9516] syzkaller1: entered allmulticast mode
[  169.959780][ T9529] FAULT_INJECTION: forcing a failure.
[  169.959780][ T9529] name failslab, interval 1, probability 0, space 0, times 0
[  169.974420][ T9529] CPU: 1 UID: 0 PID: 9529 Comm: syz.4.989 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  169.985055][ T9529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  169.995139][ T9529] Call Trace:
[  169.998442][ T9529]  <TASK>
[  170.001392][ T9529]  dump_stack_lvl+0x241/0x360
[  170.006099][ T9529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.011322][ T9529]  ? __pfx__printk+0x10/0x10
[  170.015935][ T9529]  ? __pfx_fib_rules_lookup+0x10/0x10
[  170.021332][ T9529]  ? l3mdev_update_flow+0x29/0x5f0
[  170.026457][ T9529]  should_fail_ex+0x3b0/0x4e0
[  170.031139][ T9529]  should_failslab+0xac/0x100
[  170.035822][ T9529]  ? dst_alloc+0x12b/0x190
[  170.040237][ T9529]  kmem_cache_alloc_noprof+0x70/0x380
[  170.045615][ T9529]  dst_alloc+0x12b/0x190
[  170.049863][ T9529]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[  170.055944][ T9529]  ip_route_output_key_hash+0x193/0x2b0
[  170.061491][ T9529]  ? ip_route_output_key_hash+0xdf/0x2b0
[  170.067124][ T9529]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  170.073193][ T9529]  ? __pfx_lock_release+0x10/0x10
[  170.078224][ T9529]  ? __local_bh_enable_ip+0x168/0x200
[  170.083621][ T9529]  ip_route_output_flow+0x29/0x140
[  170.088750][ T9529]  l2tp_ip_sendmsg+0xdd3/0x1680
[  170.093608][ T9529]  ? l2tp_ip_sendmsg+0x444/0x1680
[  170.098647][ T9529]  __sock_sendmsg+0x1a6/0x270
[  170.103342][ T9529]  ____sys_sendmsg+0x52a/0x7e0
[  170.108124][ T9529]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.113411][ T9529]  ? __fget_files+0x2a/0x410
[  170.118008][ T9529]  ? __fget_files+0x2a/0x410
[  170.122605][ T9529]  __sys_sendmmsg+0x36a/0x720
[  170.127300][ T9529]  ? __pfx___sys_sendmmsg+0x10/0x10
[  170.132512][ T9529]  ? __pfx_lock_release+0x10/0x10
[  170.137534][ T9529]  ? kstrtouint_from_user+0x128/0x190
[  170.142923][ T9529]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  170.148823][ T9529]  ? ksys_write+0x22a/0x2b0
[  170.153329][ T9529]  ? __pfx_lock_release+0x10/0x10
[  170.158356][ T9529]  ? vfs_write+0x730/0xd30
[  170.162773][ T9529]  ? __mutex_unlock_slowpath+0x21e/0x790
[  170.168428][ T9529]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  170.174412][ T9529]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  170.180737][ T9529]  ? do_syscall_64+0x100/0x230
[  170.185505][ T9529]  __x64_sys_sendmmsg+0xa0/0xb0
[  170.190361][ T9529]  do_syscall_64+0xf3/0x230
[  170.194866][ T9529]  ? clear_bhb_loop+0x35/0x90
[  170.199554][ T9529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.205450][ T9529] RIP: 0033:0x7f68d2585d29
[  170.209866][ T9529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.229472][ T9529] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  170.237892][ T9529] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  170.245862][ T9529] RDX: 0000000000000003 RSI: 0000000020002840 RDI: 0000000000000003
[  170.253835][ T9529] RBP: 00007f68d33c6090 R08: 0000000000000000 R09: 0000000000000000
[  170.261804][ T9529] R10: 0000000024000000 R11: 0000000000000246 R12: 0000000000000001
[  170.269771][ T9529] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  170.277766][ T9529]  </TASK>
[  170.480776][ T6559] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.983843][ T6559] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.354340][ T9532] syzkaller0: entered promiscuous mode
[  171.372836][ T9532] syzkaller0: entered allmulticast mode
[  171.397027][ T9532] __nla_validate_parse: 4 callbacks suppressed
[  171.397046][ T9532] netlink: 28 bytes leftover after parsing attributes in process `syz.1.991'.
[  171.551003][ T6559] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.668552][ T6559] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.709835][ T9546] vxcan1 speed is unknown, defaulting to 1000
[  171.776100][ T9550] validate_nla: 2 callbacks suppressed
[  171.776118][ T9550] netlink: 'syz.1.997': attribute type 178 has an invalid length.
[  171.889716][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  171.908676][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  171.916790][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  171.945750][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  171.962141][ T6559] bridge_slave_1: left allmulticast mode
[  171.984616][ T6559] bridge_slave_1: left promiscuous mode
[  171.991063][ T6559] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.041622][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  172.050677][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  172.062327][ T6559] bridge_slave_0: left allmulticast mode
[  172.073119][ T6559] bridge_slave_0: left promiscuous mode
[  172.080729][ T6559] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.166294][ T9570] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  172.810344][ T6559] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.831053][ T6559] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.859170][ T6559] bond0 (unregistering): Released all slaves
[  173.015724][ T9564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.999'.
[  173.038635][ T9567] tap0: tun_chr_ioctl cmd 2184212994
[  173.207728][ T9580] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  173.319851][ T9582] tipc: Enabling <eth:lo> not permitted
[  173.331398][ T9582] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  173.355741][ T9558] vxcan1 speed is unknown, defaulting to 1000
[  173.667516][ T9587] bridge0: left allmulticast mode
[  173.786683][ T9587] infiniband syz0: set down
[  174.037337][ T9587] vlan0: left promiscuous mode
[  174.042413][ T9587] vlan0: left allmulticast mode
[  174.072215][ T9587] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  174.091788][ T9587] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  174.115454][ T9587] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  174.124635][ T9587] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  174.146097][   T54] Bluetooth: hci2: command tx timeout
[  174.255878][ T9587] macvlan3: left promiscuous mode
[  174.273837][ T9587] macvlan3: left allmulticast mode
[  174.302404][ T9587] ip6tnl1: left allmulticast mode
[  174.497727][ T6067] vxcan1 speed is unknown, defaulting to 1000
[  174.505436][ T9597] netlink: 'syz.1.1007': attribute type 6 has an invalid length.
[  174.693018][ T6067] vxcan1 speed is unknown, defaulting to 1000
[  174.842955][ T6559] hsr_slave_0: left promiscuous mode
[  174.866812][ T6559] hsr_slave_1: left promiscuous mode
[  174.877033][ T6559] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.884493][ T6559] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.895378][ T6559] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.902824][ T6559] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.988905][ T6559] veth1_macvtap: left promiscuous mode
[  174.994481][ T6559] veth0_macvtap: left promiscuous mode
[  175.000241][ T6559] veth1_vlan: left promiscuous mode
[  175.006340][ T6559] veth0_vlan: left promiscuous mode
[  175.014081][ T9605] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1010'.
[  175.505542][   T54] Bluetooth: hci0: command 0x0401 tx timeout
[  175.511739][ T5838] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  175.603240][ T9613] netlink: 'syz.1.1014': attribute type 2 has an invalid length.
[  175.698836][ T9614] netlink: 'syz.1.1014': attribute type 2 has an invalid length.
[  175.746816][ T6559] team0 (unregistering): Port device team_slave_1 removed
[  175.789543][ T6559] team0 (unregistering): Port device team_slave_0 removed
[  176.230773][ T5838] Bluetooth: hci2: command tx timeout
[  176.275867][ T9613] fþ: entered promiscuous mode
[  176.548239][ T9558] chnl_net:caif_netlink_parms(): no params data found
[  176.580017][ T9623] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode
[  176.879846][ T9558] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.892764][ T9558] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.910476][ T9558] bridge_slave_0: entered allmulticast mode
[  176.931054][ T9558] bridge_slave_0: entered promiscuous mode
[  176.966432][ T9558] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.036443][ T9558] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.043693][ T9558] bridge_slave_1: entered allmulticast mode
[  177.059609][ T9558] bridge_slave_1: entered promiscuous mode
[  177.107199][ T9558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.119212][ T9558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.148471][ T9644] netlink: 'syz.1.1021': attribute type 2 has an invalid length.
[  177.167283][ T9558] team0: Port device team_slave_0 added
[  177.176960][ T9558] team0: Port device team_slave_1 added
[  177.221668][ T9558] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.232651][ T9558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.281495][ T9558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  177.294112][ T9618] mac80211_hwsim hwsim11 syzkaller0: left allmulticast mode
[  177.304105][ T9558] batman_adv: batadv0: Adding interface: batadv_slave_1
[  177.325329][ T9558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.395352][ T9558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  177.531418][ T9558] hsr_slave_0: entered promiscuous mode
[  177.605572][ T9558] hsr_slave_1: entered promiscuous mode
[  177.611690][ T9558] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  177.629627][ T9558] Cannot create hsr debugfs directory
[  177.660701][ T9656] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1026'.
[  177.671607][ T9655] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1026'.
[  178.072684][ T9688] netlink: 'syz.0.1033': attribute type 9 has an invalid length.
[  178.227784][ T9696] netlink: 160 bytes leftover after parsing attributes in process `syz.4.1035'.
[  178.255031][ T9696] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  178.305680][ T5838] Bluetooth: hci2: command tx timeout
[  178.461379][ T9703] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1038'.
[  178.506235][ T9706] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  178.507831][ T9558] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  178.548340][ T9558] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  178.563548][ T9558] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  178.589032][ T9558] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  178.744632][ T9558] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.761870][ T9558] 8021q: adding VLAN 0 to HW filter on device team0
[  178.821722][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.828907][ T6564] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.863885][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.871115][ T6564] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.929511][ T9558] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.951234][ T9558] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  179.032640][ T9718] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0
[  179.190070][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  179.336973][ T9737] SET target dimension over the limit!
[  179.404492][ T9739] bridge0: entered allmulticast mode
[  179.412723][ T9739] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  179.458032][ T9743] netlink: 'syz.0.1050': attribute type 12 has an invalid length.
[  179.466723][ T9743] netlink: 'syz.0.1050': attribute type 29 has an invalid length.
[  179.474563][ T9743] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1050'.
[  179.483955][ T9743] netlink: 59 bytes leftover after parsing attributes in process `syz.0.1050'.
[  179.544193][ T9558] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.597707][ T9747] tipc: Started in network mode
[  179.602636][ T9747] tipc: Node identity 2d40517b90889848002e, cluster identity 4711
[  179.626708][ T9745] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1051'.
[  179.637083][ T9747] ieee802154 phy0 wpan0: encryption failed: -22
[  179.644602][ T9558] veth0_vlan: entered promiscuous mode
[  179.652200][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'.
[  179.673177][ T9558] veth1_vlan: entered promiscuous mode
[  179.674955][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'.
[  179.732158][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'.
[  179.773228][ T9558] veth0_macvtap: entered promiscuous mode
[  179.808895][ T9558] veth1_macvtap: entered promiscuous mode
[  179.840025][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.861842][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.880994][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.899722][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.921061][ T9558] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.941700][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.962989][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.983326][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.004323][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.026064][ T9558] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.055697][ T9558] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.064431][ T9558] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.105354][ T9558] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.114108][ T9558] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.294276][ T9764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.329985][ T6559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.354494][ T9770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.360989][ T6559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.375594][ T6563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.385475][ T5841] Bluetooth: hci2: command tx timeout
[  180.413419][ T6563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.813541][ T9787] netlink: 'syz.0.1062': attribute type 12 has an invalid length.
[  180.845601][ T9787] netlink: 'syz.0.1062': attribute type 29 has an invalid length.
[  180.910655][ T9791] vxcan1 speed is unknown, defaulting to 1000
[  181.045609][ T9795] geneve0: entered allmulticast mode
[  181.306136][ T9777] infiniband syz1: set down
[  181.310809][ T9777] infiniband syz1: added bond_slave_1
[  181.317939][ T9777] syz1: rxe_create_cq: returned err = -12
[  181.323734][ T9777] infiniband syz1: Couldn't create ib_mad CQ
[  181.330265][ T9777] infiniband syz1: Couldn't open port 1
[  181.347476][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  181.353521][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  181.359930][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[  181.377861][ T9777] RDS/IB: syz1: added
[  181.381936][ T9777] smc: adding ib device syz1 with port count 1
[  181.389243][ T9777] smc:    ib device syz1 port 1 has pnetid 
[  181.743428][ T9819] pim6reg: entered allmulticast mode
[  181.866045][ T9826] netlink: 'syz.4.1075': attribute type 12 has an invalid length.
[  181.887337][ T9826] netlink: 'syz.4.1075': attribute type 29 has an invalid length.
[  182.039797][ T9832] sit0: entered promiscuous mode
[  182.068137][ T9832] netlink: 'syz.4.1077': attribute type 1 has an invalid length.
[  182.089480][ T9833] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  182.331106][ T9838] syz_tun: entered promiscuous mode
[  182.357084][ T9838] batadv_slave_1: entered promiscuous mode
[  182.363459][ T9838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  182.405926][ T9838] Cannot create hsr debugfs directory
[  183.142001][ T6567] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.228656][ T6567] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.292022][ T6567] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.362013][ T6567] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.479010][ T9847] netlink: 'syz.1.1080': attribute type 1 has an invalid length.
[  183.618645][ T9847] bond4: entered allmulticast mode
[  183.624093][ T9847] 8021q: adding VLAN 0 to HW filter on device bond4
[  183.695054][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  183.704335][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  183.713106][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  183.759742][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  183.769499][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  183.778143][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  183.797061][ T9850] bond4: (slave ip6gretap1): making interface the new active one
[  183.823596][ T9850] ip6gretap1: entered allmulticast mode
[  183.830883][ T9850] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link
[  183.847488][ T9851] __nla_validate_parse: 17 callbacks suppressed
[  183.847506][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1080'.
[  183.946318][ T9859] netlink: 336 bytes leftover after parsing attributes in process `syz.4.1083'.
[  183.967498][ T6567] bridge_slave_1: left allmulticast mode
[  183.973189][ T6567] bridge_slave_1: left promiscuous mode
[  183.995612][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.031790][ T6567] bridge_slave_0: left allmulticast mode
[  184.038401][ T6567] bridge_slave_0: left promiscuous mode
[  184.057021][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.713974][ T6567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.724804][ T6567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.735181][ T6567] bond0 (unregistering): Released all slaves
[  184.759050][ T9867] netlink: 'syz.0.1087': attribute type 12 has an invalid length.
[  184.768258][ T9867] netlink: 'syz.0.1087': attribute type 29 has an invalid length.
[  184.784407][ T9867] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1087'.
[  184.804113][ T9867] netlink: 59 bytes leftover after parsing attributes in process `syz.0.1087'.
[  184.866579][ T9879] unknown channel width for channel at 909000KHz?
[  184.911205][ T9879] unknown channel width for channel at 909000KHz?
[  184.927663][ T9852] vxcan1 speed is unknown, defaulting to 1000
[  184.932360][ T9888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1093'.
[  184.934376][ T9879] unknown channel width for channel at 909000KHz?
[  185.050642][ T9890] netlink: 134788 bytes leftover after parsing attributes in process `syz.1.1094'.
[  185.232820][ T9897] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1095'.
[  185.416846][ T9905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  185.530624][ T9908] ipvlan2: entered promiscuous mode
[  185.538241][ T9908] bridge0: port 3(ipvlan2) entered blocking state
[  185.549860][ T9908] bridge0: port 3(ipvlan2) entered disabled state
[  185.560209][ T9908] ipvlan2: entered allmulticast mode
[  185.579787][ T9908] bridge0: entered allmulticast mode
[  185.590035][ T9908] ipvlan2: left allmulticast mode
[  185.599644][ T9908] bridge0: left allmulticast mode
[  185.649743][ T9913] netlink: 'syz.1.1103': attribute type 12 has an invalid length.
[  185.659007][ T9913] netlink: 'syz.1.1103': attribute type 29 has an invalid length.
[  185.668239][ T9913] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1103'.
[  185.685051][ T9913] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1103'.
[  185.702893][ T9915] netlink: 'syz.4.1104': attribute type 11 has an invalid length.
[  185.723049][ T9915] netlink: 140 bytes leftover after parsing attributes in process `syz.4.1104'.
[  185.828785][ T5838] Bluetooth: hci2: command tx timeout
[  186.110230][ T6567] hsr_slave_0: left promiscuous mode
[  186.134800][ T6567] hsr_slave_1: left promiscuous mode
[  186.141792][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.182496][ T6567] batman_adv: batadv0: Removing interface: batadv_slave_0
[  186.212704][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.247825][ T6567] batman_adv: batadv0: Removing interface: batadv_slave_1
[  186.292922][ T6567] veth1_macvtap: left promiscuous mode
[  186.305885][ T6567] veth0_macvtap: left promiscuous mode
[  186.311513][ T6567] veth1_vlan: left promiscuous mode
[  186.324989][ T6567] veth0_vlan: left promiscuous mode
[  186.521957][ T9951] sctp: [Deprecated]: syz.3.1112 (pid 9951) Use of int in max_burst socket option deprecated.
[  186.521957][ T9951] Use struct sctp_assoc_value instead
[  186.789363][ T6567] team0 (unregistering): Port device team_slave_1 removed
[  186.831171][ T6567] team0 (unregistering): Port device team_slave_0 removed
[  187.345714][ T9852] chnl_net:caif_netlink_parms(): no params data found
[  187.448096][ T9962] netlink: 'syz.3.1116': attribute type 12 has an invalid length.
[  187.465727][ T9962] netlink: 'syz.3.1116': attribute type 29 has an invalid length.
[  187.574460][ T9852] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.596362][ T9852] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.630404][ T9852] bridge_slave_0: entered allmulticast mode
[  187.642995][ T9852] bridge_slave_0: entered promiscuous mode
[  187.684066][ T9852] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.702117][ T9852] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.723190][ T9852] bridge_slave_1: entered allmulticast mode
[  187.731898][ T9852] bridge_slave_1: entered promiscuous mode
[  187.905328][ T5845] Bluetooth: hci2: command tx timeout
[  187.998626][ T9852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.015973][ T9852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.140886][ T9852] team0: Port device team_slave_0 added
[  188.170013][ T9852] team0: Port device team_slave_1 added
[  188.180840][ T9999] netlink: 'syz.4.1127': attribute type 30 has an invalid length.
[  188.232872][ T9852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.240582][ T9999] netlink: 'syz.4.1127': attribute type 4 has an invalid length.
[  188.257566][ T9852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.316875][ T9852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.365491][ T9852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.385825][ T9852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.464498][ T9852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.581204][ T9852] hsr_slave_0: entered promiscuous mode
[  188.593939][ T9852] hsr_slave_1: entered promiscuous mode
[  188.603317][ T9852] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.622013][ T9852] Cannot create hsr debugfs directory
[  188.631437][T10010] netlink: 'syz.4.1128': attribute type 12 has an invalid length.
[  188.650387][T10010] netlink: 'syz.4.1128': attribute type 29 has an invalid length.
[  188.921427][T10021] __nla_validate_parse: 12 callbacks suppressed
[  188.921447][T10021] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1132'.
[  189.077129][T10026] netlink: 'syz.4.1134': attribute type 7 has an invalid length.
[  189.125183][T10026] netlink: 'syz.4.1134': attribute type 8 has an invalid length.
[  189.132980][T10026] netlink: 'syz.4.1134': attribute type 7 has an invalid length.
[  189.163948][T10032] ieee802154 phy0 wpan0: encryption failed: -22
[  189.195801][T10026] netlink: 208184 bytes leftover after parsing attributes in process `syz.4.1134'.
[  189.230806][T10034] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1135'.
[  189.246116][T10034] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1135'.
[  189.267028][T10034] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1135'.
[  189.312291][T10034] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1135'.
[  189.407773][T10040] netlink: 'syz.4.1138': attribute type 3 has an invalid length.
[  189.424515][T10040] netlink: 'syz.4.1138': attribute type 1 has an invalid length.
[  189.521232][ T9852] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  189.547477][ T9852] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  189.573844][ T9852] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  189.586509][ T9852] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  189.603698][T10045] netlink: 'syz.1.1140': attribute type 12 has an invalid length.
[  189.612162][T10045] netlink: 'syz.1.1140': attribute type 29 has an invalid length.
[  189.630772][T10045] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1140'.
[  189.673729][T10045] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1140'.
[  189.780393][T10054] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1143'.
[  189.831512][T10057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.873670][T10057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.894122][T10057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  189.916905][T10057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  189.946661][T10057] batadv_slave_0: entered promiscuous mode
[  189.956560][T10057] macsec1: entered allmulticast mode
[  189.969400][T10057] batadv_slave_0: entered allmulticast mode
[  189.981280][T10064] netlink: 'syz.4.1146': attribute type 10 has an invalid length.
[  189.989272][ T5845] Bluetooth: hci2: command 0x040f tx timeout
[  190.025062][T10057] batadv_slave_0: left allmulticast mode
[  190.039737][T10057] batadv_slave_0: left promiscuous mode
[  190.097386][T10059] bridge_slave_0: left allmulticast mode
[  190.103216][T10059] bridge_slave_0: left promiscuous mode
[  190.111176][T10059] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.119702][T10059] bridge_slave_1: left allmulticast mode
[  190.126705][T10059] bridge_slave_1: left promiscuous mode
[  190.132369][T10059] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.144580][T10059] bond0: (slave bond_slave_0): Releasing backup interface
[  190.164968][T10059] bond0: (slave bond_slave_1): Releasing backup interface
[  190.186644][T10059] team_slave_0: left promiscuous mode
[  190.198147][T10059] team0: Port device team_slave_0 removed
[  190.204759][T10059] team_slave_1: left promiscuous mode
[  190.213766][T10059] team0: Port device team_slave_1 removed
[  190.221102][T10059] bond1: (slave veth3): Releasing backup interface
[  190.248749][T10059] bond3: (slave batadv0): Releasing active interface
[  190.278533][T10059] bond4: (slave ip6gretap1): Releasing active interface
[  190.287261][T10059] ip6gretap1: left allmulticast mode
[  190.411103][ T9852] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.490425][ T9852] 8021q: adding VLAN 0 to HW filter on device team0
[  190.553352][ T6560] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.560530][ T6560] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.579080][T10094] tipc: Started in network mode
[  190.584650][T10094] tipc: Node identity 1af1f2e0f1a1, cluster identity 4711
[  190.605147][T10094] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.616863][ T6559] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.623972][ T6559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.647456][T10094] tipc: Resetting bearer <eth:syzkaller0>
[  190.748834][ T9852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  190.877806][T10111] 8021q: adding VLAN 0 to HW filter on device bond3
[  190.907211][T10112] bond3: (slave gretap1): making interface the new active one
[  190.918211][T10112] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  190.928846][T10114] sctp: [Deprecated]: syz.1.1155 (pid 10114) Use of int in max_burst socket option.
[  190.928846][T10114] Use struct sctp_assoc_value instead
[  190.985531][T10112] syz.4.1156 (10112) used greatest stack depth: 15736 bytes left
[  191.118713][ T9852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.120543][T10128] openvswitch: netlink: Actions may not be safe on all matching packets
[  191.213740][ T9852] veth0_vlan: entered promiscuous mode
[  191.240636][ T9852] veth1_vlan: entered promiscuous mode
[  191.311799][ T9852] veth0_macvtap: entered promiscuous mode
[  191.335973][T10134] macsec2: entered allmulticast mode
[  191.341422][T10134] macvlan0: entered allmulticast mode
[  191.347127][T10134] veth1_vlan: entered allmulticast mode
[  191.354561][T10134] macvlan0: left allmulticast mode
[  191.360515][T10134] veth1_vlan: left allmulticast mode
[  191.391453][T10131] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.409581][ T9852] veth1_macvtap: entered promiscuous mode
[  191.442956][ T9852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.454409][ T9852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.464284][ T9852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.475783][ T9852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.488160][ T9852] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.497870][ T9852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.509463][ T9852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.519760][ T9852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.530406][ T9852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.543554][ T9852] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.555367][ T9852] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.564075][ T9852] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.573342][ T9852] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.582338][ T9852] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.625798][ T6081] tipc: Node number set to 3947950816
[  191.694415][ T6557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.723265][ T6557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.789031][ T6557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.800438][ T6557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.102072][T10163] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1170'.
[  192.315765][T10173] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  192.425943][T10183] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  192.586822][T10196] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  192.749701][T10200] vxcan1 speed is unknown, defaulting to 1000
[  192.938563][T10204] bond0: Unable to set up delay as MII monitoring is disabled
[  193.066900][ T6557] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.685304][ T6557] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.050816][ T6557] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.110883][ T6557] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.176518][ T6557] bridge_slave_1: left allmulticast mode
[  194.182207][ T6557] bridge_slave_1: left promiscuous mode
[  194.189285][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.198767][ T6557] bridge_slave_0: left allmulticast mode
[  194.204448][ T6557] bridge_slave_0: left promiscuous mode
[  194.210938][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.550941][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  194.557879][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  194.615529][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  194.633129][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  194.643521][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  194.653013][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  194.661436][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  194.670020][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  195.002612][ T6557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  195.013635][ T6557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  195.025550][ T6557] bond0 (unregistering): Released all slaves
[  195.035431][T10216] validate_nla: 6 callbacks suppressed
[  195.035448][T10216] netlink: 'syz.0.1184': attribute type 12 has an invalid length.
[  195.049175][T10216] netlink: 'syz.0.1184': attribute type 29 has an invalid length.
[  195.060865][T10216] __nla_validate_parse: 2 callbacks suppressed
[  195.060877][T10216] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1184'.
[  195.081013][T10216] netlink: 59 bytes leftover after parsing attributes in process `syz.0.1184'.
[  195.297241][T10247] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1194'.
[  195.315503][T10228] vxcan1 speed is unknown, defaulting to 1000
[  195.324763][T10247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1194'.
[  195.613472][T10263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1199'.
[  195.658775][T10261] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1198'.
[  195.670862][T10261] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1198'.
[  195.753731][T10261] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1198'.
[  195.787085][T10261] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1198'.
[  195.830210][T10261] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1198'.
[  196.139006][ T6557] hsr_slave_0: left promiscuous mode
[  196.158788][ T6557] hsr_slave_1: left promiscuous mode
[  196.164730][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.172813][ T6557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.182152][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.193702][ T6557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.222971][ T6557] veth1_macvtap: left promiscuous mode
[  196.241998][ T6557] veth0_macvtap: left promiscuous mode
[  196.253756][ T6557] veth1_vlan: left promiscuous mode
[  196.265707][ T6557] veth0_vlan: left promiscuous mode
[  196.710291][ T5838] Bluetooth: hci2: command tx timeout
[  196.883114][ T6557] team0 (unregistering): Port device team_slave_1 removed
[  196.924371][ T6557] team0 (unregistering): Port device team_slave_0 removed
[  197.310864][T10273] netlink: 'syz.4.1202': attribute type 12 has an invalid length.
[  197.323465][T10273] netlink: 'syz.4.1202': attribute type 29 has an invalid length.
[  197.519951][T10298] vxcan1 speed is unknown, defaulting to 1000
[  197.546316][T10300] veth0_virt_wifi: entered promiscuous mode
[  197.613168][T10300] veth0_virt_wifi: left promiscuous mode
[  197.695804][T10228] chnl_net:caif_netlink_parms(): no params data found
[  197.746907][T10313] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  198.106638][T10228] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.128731][T10228] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.141241][T10228] bridge_slave_0: entered allmulticast mode
[  198.156364][T10228] bridge_slave_0: entered promiscuous mode
[  198.164317][T10228] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.182783][T10228] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.200683][T10228] bridge_slave_1: entered allmulticast mode
[  198.220220][T10228] bridge_slave_1: entered promiscuous mode
[  198.431334][T10228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.491975][T10228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.733042][T10228] team0: Port device team_slave_0 added
[  198.755612][T10347] netlink: 'syz.3.1219': attribute type 12 has an invalid length.
[  198.763591][T10347] netlink: 'syz.3.1219': attribute type 29 has an invalid length.
[  198.774719][T10228] team0: Port device team_slave_1 added
[  198.785614][ T5838] Bluetooth: hci2: command tx timeout
[  198.793838][T10338] lo speed is unknown, defaulting to 1000
[  199.031372][T10338] lo speed is unknown, defaulting to 1000
[  199.071774][T10228] batman_adv: batadv0: Adding interface: batadv_slave_0
[  199.081208][T10228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.192960][T10228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.271527][T10338] lo speed is unknown, defaulting to 1000
[  199.281559][T10228] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.290292][T10228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.302807][T10338] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  199.319681][T10228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.376533][T10338] lo speed is unknown, defaulting to 1000
[  199.469961][T10338] lo speed is unknown, defaulting to 1000
[  199.480043][T10228] hsr_slave_0: entered promiscuous mode
[  199.493514][T10228] hsr_slave_1: entered promiscuous mode
[  199.500336][T10228] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  199.509203][T10228] Cannot create hsr debugfs directory
[  199.525135][T10338] lo speed is unknown, defaulting to 1000
[  199.559370][T10338] lo speed is unknown, defaulting to 1000
[  199.560928][T10372] netlink: 'syz.4.1230': attribute type 12 has an invalid length.
[  199.585626][T10372] netlink: 'syz.4.1230': attribute type 29 has an invalid length.
[  199.636697][T10338] lo speed is unknown, defaulting to 1000
[  199.746252][T10338] lo speed is unknown, defaulting to 1000
[  199.788769][T10338] lo speed is unknown, defaulting to 1000
[  199.810222][T10384] netlink: 'syz.3.1234': attribute type 10 has an invalid length.
[  199.960083][T10383] bridge2: entered promiscuous mode
[  200.045930][T10383] bridge2: entered allmulticast mode
[  200.073503][T10383] team0: Port device bridge2 added
[  200.269133][T10384] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  200.340693][T10393] x_tables: duplicate underflow at hook 2
[  200.865048][ T5838] Bluetooth: hci2: command tx timeout
[  200.871354][T10408] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  201.030666][T10416] vlan4: entered promiscuous mode
[  201.076007][T10418] xt_TCPMSS: Only works on TCP SYN packets
[  201.113345][T10418] __nla_validate_parse: 71 callbacks suppressed
[  201.113364][T10418] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1246'.
[  201.173569][T10418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1246'.
[  201.236374][T10424] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1247'.
[  201.285521][T10428] vlan4: entered promiscuous mode
[  201.374482][T10228] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  201.436408][T10228] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  201.464532][T10228] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  201.472554][T10432] tls_set_device_offload_rx: netdev not found
[  201.527213][T10228] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  201.564328][T10440] FAULT_INJECTION: forcing a failure.
[  201.564328][T10440] name failslab, interval 1, probability 0, space 0, times 0
[  201.600466][T10440] CPU: 1 UID: 0 PID: 10440 Comm: syz.0.1251 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  201.611289][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  201.621366][T10440] Call Trace:
[  201.624667][T10440]  <TASK>
[  201.627618][T10440]  dump_stack_lvl+0x241/0x360
[  201.632327][T10440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.637559][T10440]  ? __pfx__printk+0x10/0x10
[  201.642182][T10440]  ? __kmalloc_noprof+0xb5/0x4c0
[  201.647147][T10440]  ? __pfx___might_resched+0x10/0x10
[  201.652458][T10440]  should_fail_ex+0x3b0/0x4e0
[  201.657168][T10440]  should_failslab+0xac/0x100
[  201.661880][T10440]  __kmalloc_noprof+0xdd/0x4c0
[  201.666676][T10440]  ? bpf_test_init+0xe1/0x180
[  201.671390][T10440]  bpf_test_init+0xe1/0x180
[  201.675923][T10440]  bpf_prog_test_run_skb+0x2bb/0x1820
[  201.681320][T10440]  ? __pfx_lock_release+0x10/0x10
[  201.686377][T10440]  ? __pfx___might_resched+0x10/0x10
[  201.691693][T10440]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  201.697527][T10440]  ? __fget_files+0x2a/0x410
[  201.702150][T10440]  ? fput+0x21b/0x290
[  201.706158][T10440]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  201.711993][T10440]  bpf_prog_test_run+0x2e4/0x360
[  201.716957][T10440]  __sys_bpf+0x48d/0x810
[  201.721223][T10440]  ? __pfx___sys_bpf+0x10/0x10
[  201.726020][T10440]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  201.732028][T10440]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  201.738381][T10440]  ? do_syscall_64+0x100/0x230
[  201.742402][T10228] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.743154][T10440]  __x64_sys_bpf+0x7c/0x90
[  201.754163][T10440]  do_syscall_64+0xf3/0x230
[  201.758692][T10440]  ? clear_bhb_loop+0x35/0x90
[  201.763399][T10440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.769322][T10440] RIP: 0033:0x7f0eb2d85d29
[  201.773758][T10440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.793388][T10440] RSP: 002b:00007f0eb3bba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  201.796860][T10228] 8021q: adding VLAN 0 to HW filter on device team0
[  201.801822][T10440] RAX: ffffffffffffffda RBX: 00007f0eb2f75fa0 RCX: 00007f0eb2d85d29
[  201.801841][T10440] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[  201.801855][T10440] RBP: 00007f0eb3bba090 R08: 0000000000000000 R09: 0000000000000000
[  201.801868][T10440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.801881][T10440] R13: 0000000000000000 R14: 00007f0eb2f75fa0 R15: 00007ffceea74188
[  201.848326][T10440]  </TASK>
[  201.862146][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.869370][ T6557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.905449][T10445] raw_sendmsg: syz.3.1250 forgot to set AF_INET. Fix it!
[  201.933872][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.941021][ T6567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.976361][T10448] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1253'.
[  202.029003][T10448] bond0: entered promiscuous mode
[  202.042235][T10448] bond_slave_0: entered promiscuous mode
[  202.106165][T10448] bond_slave_1: entered promiscuous mode
[  202.135113][T10448] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  202.162366][T10448] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  202.179697][T10448] batman_adv: batadv0: Adding interface: macvlan2
[  202.192545][T10448] batman_adv: batadv0: Interface activated: macvlan2
[  202.223852][T10228] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  202.250870][T10228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  202.446328][T10465] vxcan1 speed is unknown, defaulting to 1000
[  202.596526][T10228] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.660883][T10470] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1259'.
[  202.681037][T10470] netlink: 1268 bytes leftover after parsing attributes in process `syz.4.1259'.
[  202.687604][T10228] veth0_vlan: entered promiscuous mode
[  202.695819][T10470] openvswitch: netlink: Flow key attribute not present in set flow.
[  202.723013][T10228] veth1_vlan: entered promiscuous mode
[  202.779121][T10228] veth0_macvtap: entered promiscuous mode
[  202.809095][T10228] veth1_macvtap: entered promiscuous mode
[  202.837721][T10228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.858338][T10228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.880329][T10228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.900535][T10228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.922460][T10228] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.945849][ T5838] Bluetooth: hci2: command tx timeout
[  202.955895][T10228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.976407][T10228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.998465][T10228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.033325][T10228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.060437][T10228] batman_adv: batadv0: Interface activated: batadv_slave_1
[  203.084658][T10228] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.102238][T10228] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.148918][T10228] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.173662][T10228] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.188981][T10465] lo speed is unknown, defaulting to 1000
[  203.277851][T10479] vlan2: entered promiscuous mode
[  203.282955][T10479] vlan0: entered promiscuous mode
[  203.292790][T10479] vlan0: left promiscuous mode
[  203.362959][T10482] netlink: 'syz.1.1262': attribute type 2 has an invalid length.
[  203.395358][ T6567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.403193][ T6567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.518749][T10486] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1263'.
[  203.546214][T10486] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1263'.
[  203.575446][ T6564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.587370][T10486] ipvlan1: entered promiscuous mode
[  203.604347][ T6564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.614336][T10491] FAULT_INJECTION: forcing a failure.
[  203.614336][T10491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  203.629718][T10486] ipvlan1: left promiscuous mode
[  203.651167][T10491] CPU: 1 UID: 0 PID: 10491 Comm: syz.4.1265 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  203.661962][T10491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  203.672021][T10491] Call Trace:
[  203.675304][T10491]  <TASK>
[  203.678230][T10491]  dump_stack_lvl+0x241/0x360
[  203.682916][T10491]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.688115][T10491]  ? __pfx__printk+0x10/0x10
[  203.692713][T10491]  should_fail_ex+0x3b0/0x4e0
[  203.697390][T10491]  _copy_from_user+0x2f/0xc0
[  203.701983][T10491]  bpf_test_init+0x11f/0x180
[  203.706579][T10491]  bpf_prog_test_run_skb+0x2bb/0x1820
[  203.711951][T10491]  ? __pfx_lock_release+0x10/0x10
[  203.716985][T10491]  ? __pfx___might_resched+0x10/0x10
[  203.722277][T10491]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  203.728078][T10491]  ? __fget_files+0x2a/0x410
[  203.732670][T10491]  ? fput+0x21b/0x290
[  203.736653][T10491]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  203.742457][T10491]  bpf_prog_test_run+0x2e4/0x360
[  203.747399][T10491]  __sys_bpf+0x48d/0x810
[  203.751641][T10491]  ? __pfx___sys_bpf+0x10/0x10
[  203.756411][T10491]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  203.762390][T10491]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  203.768716][T10491]  ? do_syscall_64+0x100/0x230
[  203.773483][T10491]  __x64_sys_bpf+0x7c/0x90
[  203.777899][T10491]  do_syscall_64+0xf3/0x230
[  203.782398][T10491]  ? clear_bhb_loop+0x35/0x90
[  203.787081][T10491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.792970][T10491] RIP: 0033:0x7f68d2585d29
[  203.797383][T10491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.816989][T10491] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  203.825414][T10491] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  203.833392][T10491] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[  203.841359][T10491] RBP: 00007f68d33c6090 R08: 0000000000000000 R09: 0000000000000000
[  203.849326][T10491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.857292][T10491] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  203.865279][T10491]  </TASK>
[  204.442022][T10514] syzkaller1: entered promiscuous mode
[  204.451944][T10514] syzkaller1: entered allmulticast mode
[  204.498560][T10516] vlan2: entered promiscuous mode
[  204.503633][T10516] vlan0: entered promiscuous mode
[  204.532697][T10516] vlan0: left promiscuous mode
[  204.893547][T10536] xt_hashlimit: size too large, truncated to 1048576
[  204.912122][ T6559] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.927054][T10536] xt_hashlimit: max too large, truncated to 1048576
[  204.952234][T10536] xt_hashlimit: overflow, try lower: 0/0
[  205.503437][ T6559] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.696227][ T6559] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.744511][ T6559] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.824177][ T6559] bridge_slave_1: left allmulticast mode
[  205.830837][ T6559] bridge_slave_1: left promiscuous mode
[  205.836653][ T6559] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.846975][ T6559] bridge_slave_0: left allmulticast mode
[  205.852618][ T6559] bridge_slave_0: left promiscuous mode
[  205.858479][ T6559] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.173518][ T6559] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.215530][ T6559] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.286875][ T6559] bond0 (unregistering): Released all slaves
[  206.311557][T10551] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1281'.
[  206.321194][T10545] lo: entered promiscuous mode
[  206.327834][T10545] lo: left allmulticast mode
[  206.332577][T10545] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  206.351498][T10551] FAULT_INJECTION: forcing a failure.
[  206.351498][T10551] name failslab, interval 1, probability 0, space 0, times 0
[  206.371298][T10551] CPU: 0 UID: 0 PID: 10551 Comm: syz.1.1281 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  206.382093][T10551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  206.392161][T10551] Call Trace:
[  206.395439][T10551]  <TASK>
[  206.398363][T10551]  dump_stack_lvl+0x241/0x360
[  206.403047][T10551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.408243][T10551]  ? __pfx__printk+0x10/0x10
[  206.412836][T10551]  ? __kmalloc_noprof+0xb5/0x4c0
[  206.417776][T10551]  ? __pfx___might_resched+0x10/0x10
[  206.423062][T10551]  should_fail_ex+0x3b0/0x4e0
[  206.427737][T10551]  should_failslab+0xac/0x100
[  206.432412][T10551]  __kmalloc_noprof+0xdd/0x4c0
[  206.437172][T10551]  ? sock_kmalloc+0xd7/0x160
[  206.441759][T10551]  ? do_raw_spin_unlock+0x13c/0x8b0
[  206.446959][T10551]  sock_kmalloc+0xd7/0x160
[  206.451377][T10551]  hash_recvmsg+0x287/0x7d0
[  206.455879][T10551]  ? __pfx_hash_recvmsg+0x10/0x10
[  206.460898][T10551]  sock_recvmsg_nosec+0x18e/0x1d0
[  206.465930][T10551]  ____sys_recvmsg+0x3cd/0x480
[  206.470709][T10551]  ? __pfx_____sys_recvmsg+0x10/0x10
[  206.476004][T10551]  ? do_recvmmsg+0x44e/0xab0
[  206.480598][T10551]  ? __might_fault+0xaa/0x120
[  206.485277][T10551]  do_recvmmsg+0x426/0xab0
[  206.489703][T10551]  ? __pfx_do_recvmmsg+0x10/0x10
[  206.494651][T10551]  ? rcu_read_lock_any_held+0xb7/0x160
[  206.500115][T10551]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  206.506011][T10551]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  206.511642][T10551]  ? sb_end_write+0xe9/0x1c0
[  206.516235][T10551]  ? vfs_write+0x730/0xd30
[  206.520651][T10551]  ? do_sys_openat2+0x17a/0x1d0
[  206.525506][T10551]  ? __pfx_do_sys_openat2+0x10/0x10
[  206.530718][T10551]  __x64_sys_recvmmsg+0x199/0x250
[  206.535744][T10551]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  206.541288][T10551]  ? do_syscall_64+0x100/0x230
[  206.546054][T10551]  ? do_syscall_64+0xb6/0x230
[  206.550731][T10551]  do_syscall_64+0xf3/0x230
[  206.555230][T10551]  ? clear_bhb_loop+0x35/0x90
[  206.559906][T10551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.565802][T10551] RIP: 0033:0x7f7c89b85d29
[  206.570214][T10551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.589817][T10551] RSP: 002b:00007f7c8a8f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  206.598235][T10551] RAX: ffffffffffffffda RBX: 00007f7c89d75fa0 RCX: 00007f7c89b85d29
[  206.606203][T10551] RDX: 0000000000000600 RSI: 0000000020003700 RDI: 0000000000000009
[  206.614166][T10551] RBP: 00007f7c8a8f8090 R08: 0000000000000000 R09: 0000000000000000
[  206.622131][T10551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.630097][T10551] R13: 0000000000000000 R14: 00007f7c89d75fa0 R15: 00007ffec56b5008
[  206.638076][T10551]  </TASK>
[  206.812255][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  206.849164][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  206.857987][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  206.886012][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  206.940147][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  206.949028][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  207.006856][T10560] vlan2: entered promiscuous mode
[  207.012222][T10560] vlan0: entered promiscuous mode
[  207.032308][T10560] vlan0: left promiscuous mode
[  207.093418][T10569] vxcan1 speed is unknown, defaulting to 1000
[  207.300167][T10557] vxcan1 speed is unknown, defaulting to 1000
[  207.307421][T10578] sctp: [Deprecated]: syz.4.1291 (pid 10578) Use of int in max_burst socket option.
[  207.307421][T10578] Use struct sctp_assoc_value instead
[  207.674169][T10569] lo speed is unknown, defaulting to 1000
[  208.188550][T10557] lo speed is unknown, defaulting to 1000
[  208.341508][ T6559] hsr_slave_0: left promiscuous mode
[  208.361860][ T6559] hsr_slave_1: left promiscuous mode
[  208.400589][ T6559] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.444150][ T6559] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.471544][T10602] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1297'.
[  208.481460][ T6559] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.490255][ T6559] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.520841][T10600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1296'.
[  208.568726][ T6559] veth1_macvtap: left promiscuous mode
[  208.574309][ T6559] veth0_macvtap: left promiscuous mode
[  208.580749][ T6559] veth1_vlan: left promiscuous mode
[  208.586266][ T6559] veth0_vlan: left promiscuous mode
[  208.821999][T10609] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1300'.
[  208.840847][T10614] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1300'.
[  209.040512][ T5845] Bluetooth: hci2: command tx timeout
[  209.276333][ T6559] team0 (unregistering): Port device team_slave_1 removed
[  209.323951][ T6559] team0 (unregistering): Port device team_slave_0 removed
[  209.873995][T10604] erspan2: entered promiscuous mode
[  209.880489][T10604] erspan2: entered allmulticast mode
[  209.899516][T10611] netlink: 'syz.3.1299': attribute type 21 has an invalid length.
[  209.925658][T10611] netlink: 'syz.3.1299': attribute type 6 has an invalid length.
[  209.945807][T10611] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1299'.
[  209.980564][T10621] vlan2: entered promiscuous mode
[  209.999547][T10621] vlan0: entered promiscuous mode
[  210.012439][T10621] vlan0: left promiscuous mode
[  210.185346][T10631] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1305'.
[  210.201868][T10631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1305'.
[  210.319767][T10557] chnl_net:caif_netlink_parms(): no params data found
[  210.349532][T10640] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1307'.
[  210.407153][T10642] 8021q: VLANs not supported on lo
[  210.423857][T10642] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.444788][T10642] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1308'.
[  210.603513][T10557] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.643808][T10557] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.668206][T10557] bridge_slave_0: entered allmulticast mode
[  210.690508][T10557] bridge_slave_0: entered promiscuous mode
[  210.699096][T10557] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.706283][T10557] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.713470][T10557] bridge_slave_1: entered allmulticast mode
[  210.720663][T10557] bridge_slave_1: entered promiscuous mode
[  210.764758][T10557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.797789][T10557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.876557][T10659] FAULT_INJECTION: forcing a failure.
[  210.876557][T10659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.892814][T10557] team0: Port device team_slave_0 added
[  210.906402][T10659] CPU: 1 UID: 0 PID: 10659 Comm: syz.3.1314 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  210.917194][T10659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  210.927271][T10659] Call Trace:
[  210.930563][T10659]  <TASK>
[  210.933516][T10659]  dump_stack_lvl+0x241/0x360
[  210.938215][T10659]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.943423][T10659]  ? __pfx__printk+0x10/0x10
[  210.948015][T10659]  ? __pfx_lock_release+0x10/0x10
[  210.953041][T10659]  should_fail_ex+0x3b0/0x4e0
[  210.957715][T10659]  _copy_from_user+0x2f/0xc0
[  210.962304][T10659]  copy_msghdr_from_user+0xae/0x680
[  210.967506][T10659]  ? __pfx___might_resched+0x10/0x10
[  210.972788][T10659]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  210.978600][T10659]  ? do_recvmmsg+0x44e/0xab0
[  210.983188][T10659]  ? __might_fault+0xaa/0x120
[  210.987865][T10659]  do_recvmmsg+0x3bd/0xab0
[  210.992286][T10659]  ? __pfx_do_recvmmsg+0x10/0x10
[  210.997232][T10659]  ? rcu_read_lock_any_held+0xb7/0x160
[  211.002693][T10659]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  211.008586][T10659]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  211.014219][T10659]  ? sb_end_write+0xe9/0x1c0
[  211.018815][T10659]  ? vfs_write+0x730/0xd30
[  211.023228][T10659]  ? do_sys_openat2+0x17a/0x1d0
[  211.028085][T10659]  ? __pfx_do_sys_openat2+0x10/0x10
[  211.033295][T10659]  __x64_sys_recvmmsg+0x199/0x250
[  211.038318][T10659]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  211.043863][T10659]  ? do_syscall_64+0x100/0x230
[  211.048625][T10659]  ? do_syscall_64+0xb6/0x230
[  211.053302][T10659]  do_syscall_64+0xf3/0x230
[  211.057806][T10659]  ? clear_bhb_loop+0x35/0x90
[  211.062483][T10659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.068372][T10659] RIP: 0033:0x7f9aad185d29
[  211.072783][T10659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.092381][T10659] RSP: 002b:00007f9aae000038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  211.100795][T10659] RAX: ffffffffffffffda RBX: 00007f9aad375fa0 RCX: 00007f9aad185d29
[  211.108767][T10659] RDX: 0000000000000600 RSI: 0000000020003700 RDI: 0000000000000009
[  211.116733][T10659] RBP: 00007f9aae000090 R08: 0000000000000000 R09: 0000000000000000
[  211.124698][T10659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.132659][T10659] R13: 0000000000000000 R14: 00007f9aad375fa0 R15: 00007ffcb12f7118
[  211.140646][T10659]  </TASK>
[  211.155541][ T5845] Bluetooth: hci2: command 0x041b tx timeout
[  211.427390][T10682] sctp: [Deprecated]: syz.3.1318 (pid 10682) Use of struct sctp_assoc_value in delayed_ack socket option.
[  211.427390][T10682] Use struct sctp_sack_info instead
[  211.457259][T10557] team0: Port device team_slave_1 added
[  211.468257][T10675] vlan2: entered promiscuous mode
[  211.473514][T10685] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  211.487138][T10675] vlan0: entered promiscuous mode
[  211.508494][T10685] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  211.524455][T10675] vlan0: left promiscuous mode
[  211.609931][T10557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.623843][T10557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.662352][T10557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.769803][T10699] __nla_validate_parse: 3 callbacks suppressed
[  211.769823][T10699] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1321'.
[  211.786749][T10557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.814877][T10557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.866641][T10701] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1324'.
[  211.925192][T10557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.963730][T10693] netlink: 'syz.3.1321': attribute type 11 has an invalid length.
[  212.249204][T10557] hsr_slave_0: entered promiscuous mode
[  212.267546][T10557] hsr_slave_1: entered promiscuous mode
[  212.273635][T10557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.304867][T10557] Cannot create hsr debugfs directory
[  212.430780][T10716] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1327'.
[  212.467284][T10716] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1327'.
[  212.868791][T10737] vlan4: entered promiscuous mode
[  213.187253][ T5838] Bluetooth: hci2: command 0x041b tx timeout
[  213.257088][T10557] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  213.318983][T10557] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  213.329958][T10757] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1335'.
[  213.343051][T10557] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  213.375866][T10557] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  213.420253][T10757] vxcan1 speed is unknown, defaulting to 1000
[  213.581734][T10557] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.667647][T10763] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  213.730068][T10557] 8021q: adding VLAN 0 to HW filter on device team0
[  213.756741][T10770] C: renamed from team_slave_0
[  213.782603][T10770] netlink: 'syz.1.1339': attribute type 1 has an invalid length.
[  213.787911][T10767] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1339'.
[  213.800609][T10770] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  213.847672][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.851860][T10776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1340'.
[  213.854854][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.900625][T10777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1341'.
[  214.006028][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.013128][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.176382][T10757] lo speed is unknown, defaulting to 1000
[  214.266000][T10790] vlan2: entered promiscuous mode
[  214.271090][T10790] vlan0: entered promiscuous mode
[  214.287217][T10790] vlan0: left promiscuous mode
[  214.393640][T10557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.581091][T10557] veth0_vlan: entered promiscuous mode
[  214.681561][T10557] veth1_vlan: entered promiscuous mode
[  214.763735][T10557] veth0_macvtap: entered promiscuous mode
[  214.786895][T10557] veth1_macvtap: entered promiscuous mode
[  214.812317][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.836016][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.867295][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.881683][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.881729][T10817] can: request_module (can-proto-0) failed.
[  214.892653][T10557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  214.910577][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.921892][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.932380][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.943149][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.963802][T10557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.005299][T10557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.014020][T10557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.035249][T10557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.043974][T10557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.135662][ T6560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.155806][ T6560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.196628][ T6567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.216297][ T6567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.265877][ T5838] Bluetooth: hci2: command 0x041b tx timeout
[  215.340359][T10833] netlink: 'syz.3.1353': attribute type 29 has an invalid length.
[  215.353947][T10833] netlink: 'syz.3.1353': attribute type 29 has an invalid length.
[  215.608951][T10843] vlan2: entered promiscuous mode
[  215.614167][T10843] vlan0: entered promiscuous mode
[  215.652095][T10843] vlan0: left promiscuous mode
[  215.916439][T10859] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1360'.
[  215.970641][T10864] FAULT_INJECTION: forcing a failure.
[  215.970641][T10864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.001981][T10863] netlink: 'syz.0.1361': attribute type 5 has an invalid length.
[  216.017262][T10863] ip6erspan0: entered promiscuous mode
[  216.023200][T10864] CPU: 0 UID: 0 PID: 10864 Comm: syz.4.1360 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  216.033982][T10864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  216.044046][T10864] Call Trace:
[  216.047344][T10864]  <TASK>
[  216.050308][T10864]  dump_stack_lvl+0x241/0x360
[  216.054998][T10864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.060211][T10864]  ? __pfx__printk+0x10/0x10
[  216.064812][T10864]  ? __pfx_lock_release+0x10/0x10
[  216.069868][T10864]  should_fail_ex+0x3b0/0x4e0
[  216.070537][T10866] bond0: Unable to set down delay as MII monitoring is disabled
[  216.074550][T10864]  _copy_from_user+0x2f/0xc0
[  216.074584][T10864]  copy_msghdr_from_user+0xae/0x680
[  216.092005][T10864]  ? __pfx___might_resched+0x10/0x10
[  216.097321][T10864]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  216.103164][T10864]  ? do_recvmmsg+0x44e/0xab0
[  216.107787][T10864]  ? __might_fault+0xaa/0x120
[  216.112491][T10864]  do_recvmmsg+0x3bd/0xab0
[  216.116947][T10864]  ? __pfx_do_recvmmsg+0x10/0x10
[  216.121925][T10864]  ? rcu_read_lock_any_held+0xb7/0x160
[  216.127417][T10864]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  216.133341][T10864]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  216.139000][T10864]  ? sb_end_write+0xe9/0x1c0
[  216.143613][T10864]  ? vfs_write+0x730/0xd30
[  216.148047][T10864]  ? do_sys_openat2+0x17a/0x1d0
[  216.152934][T10864]  ? __pfx_do_sys_openat2+0x10/0x10
[  216.158170][T10864]  __x64_sys_recvmmsg+0x199/0x250
[  216.163217][T10864]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  216.168795][T10864]  ? do_syscall_64+0x100/0x230
[  216.173584][T10864]  ? do_syscall_64+0xb6/0x230
[  216.178286][T10864]  do_syscall_64+0xf3/0x230
[  216.180547][T10871] netlink: 'syz.1.1365': attribute type 8 has an invalid length.
[  216.182792][T10864]  ? clear_bhb_loop+0x35/0x90
[  216.182825][T10864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.192047][T10871] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  216.195172][T10864] RIP: 0033:0x7f68d2585d29
[  216.195195][T10864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.195211][T10864] RSP: 002b:00007f68d33a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  216.195234][T10864] RAX: ffffffffffffffda RBX: 00007f68d2776080 RCX: 00007f68d2585d29
[  216.256539][T10864] RDX: 0000000000000600 RSI: 0000000020003700 RDI: 0000000000000009
[  216.264509][T10864] RBP: 00007f68d33a5090 R08: 0000000000000000 R09: 0000000000000000
[  216.272476][T10864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.280440][T10864] R13: 0000000000000000 R14: 00007f68d2776080 R15: 00007ffe7f098e18
[  216.288413][T10864]  </TASK>
[  216.660153][ T6567] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.689510][T10882] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1369'.
[  217.167530][ T6567] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.640764][ T6567] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.699895][ T6567] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.865210][ T6567] bridge_slave_1: left allmulticast mode
[  217.873276][ T6567] bridge_slave_1: left promiscuous mode
[  217.879613][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.914554][ T6567] bridge_slave_0: left allmulticast mode
[  217.935310][ T6567] bridge_slave_0: left promiscuous mode
[  217.956119][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.280573][T10914] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  218.292120][T10916] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1378'.
[  218.329129][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  218.346152][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  218.363655][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  218.391803][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  218.399737][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  218.437278][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  218.731470][ T6567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.742742][ T6567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.753220][ T6567] bond0 (unregistering): Released all slaves
[  218.772197][T10899] vlan2: entered promiscuous mode
[  218.778556][T10899] vlan0: entered promiscuous mode
[  218.785449][T10899] vlan0: left promiscuous mode
[  219.030614][T10917] vxcan1 speed is unknown, defaulting to 1000
[  219.432723][T10917] lo speed is unknown, defaulting to 1000
[  219.529765][T10944] vxcan1 speed is unknown, defaulting to 1000
[  219.775937][ T6567] hsr_slave_0: left promiscuous mode
[  219.811425][T10960] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1389'.
[  219.815818][ T6567] hsr_slave_1: left promiscuous mode
[  219.826788][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.834189][ T6567] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.853887][ T6567] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.861601][ T6567] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.897628][T10962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1390'.
[  219.907450][ T6567] veth1_macvtap: left promiscuous mode
[  219.907514][ T6567] veth0_macvtap: left promiscuous mode
[  219.907636][ T6567] veth1_vlan: left promiscuous mode
[  219.924396][ T6567] veth0_vlan: left promiscuous mode
[  220.410960][ T6567] team0 (unregistering): Port device team_slave_1 removed
[  220.456306][ T6567] team0 (unregistering): Port device team_slave_0 removed
[  220.555555][ T5838] Bluetooth: hci2: command tx timeout
[  221.175879][T10978] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1392'.
[  221.206680][T10976] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1394'.
[  221.210475][T10917] chnl_net:caif_netlink_parms(): no params data found
[  221.278895][T10944] lo speed is unknown, defaulting to 1000
[  221.480327][T10917] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.509876][T10917] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.522430][T10917] bridge_slave_0: entered allmulticast mode
[  221.533458][T10917] bridge_slave_0: entered promiscuous mode
[  221.576333][T10917] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.583807][T10917] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.604206][T10917] bridge_slave_1: entered allmulticast mode
[  221.647748][T10917] bridge_slave_1: entered promiscuous mode
[  221.719937][T10987] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1405'.
[  221.898406][T10991] netlink: 'syz.1.1397': attribute type 1 has an invalid length.
[  221.928127][T10917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.966418][T10917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.157279][T10917] team0: Port device team_slave_0 added
[  222.184056][T10917] team0: Port device team_slave_1 added
[  222.295735][T10917] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.303988][T10917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.342297][T10917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.382869][T10917] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.390711][T10917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.456760][T10917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  222.557929][T10917] hsr_slave_0: entered promiscuous mode
[  222.570977][T10917] hsr_slave_1: entered promiscuous mode
[  222.572605][T11015] netlink: 'syz.1.1403': attribute type 3 has an invalid length.
[  222.581253][T10917] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  222.584521][T11015] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1403'.
[  222.601496][T10917] Cannot create hsr debugfs directory
[  222.625290][ T5838] Bluetooth: hci2: command tx timeout
[  222.747368][T11019] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1404'.
[  222.977739][T11025] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1407'.
[  222.994580][T11025] FAULT_INJECTION: forcing a failure.
[  222.994580][T11025] name failslab, interval 1, probability 0, space 0, times 0
[  223.010311][T11025] CPU: 1 UID: 0 PID: 11025 Comm: syz.0.1407 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  223.021112][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  223.031170][T11025] Call Trace:
[  223.034452][T11025]  <TASK>
[  223.037387][T11025]  dump_stack_lvl+0x241/0x360
[  223.042076][T11025]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.047286][T11025]  ? __pfx__printk+0x10/0x10
[  223.051884][T11025]  ? __kmalloc_noprof+0xb5/0x4c0
[  223.056821][T11025]  ? __pfx___might_resched+0x10/0x10
[  223.062112][T11025]  should_fail_ex+0x3b0/0x4e0
[  223.066807][T11025]  should_failslab+0xac/0x100
[  223.071499][T11025]  __kmalloc_noprof+0xdd/0x4c0
[  223.076280][T11025]  ? sock_kmalloc+0xd7/0x160
[  223.080887][T11025]  ? do_raw_spin_unlock+0x13c/0x8b0
[  223.086090][T11025]  sock_kmalloc+0xd7/0x160
[  223.090512][T11025]  hash_recvmsg+0x287/0x7d0
[  223.095021][T11025]  ? __pfx_hash_recvmsg+0x10/0x10
[  223.100051][T11025]  sock_recvmsg_nosec+0x18e/0x1d0
[  223.105092][T11025]  ____sys_recvmsg+0x3cd/0x480
[  223.109871][T11025]  ? __pfx_____sys_recvmsg+0x10/0x10
[  223.115171][T11025]  ? do_recvmmsg+0x44e/0xab0
[  223.119769][T11025]  ? __might_fault+0xaa/0x120
[  223.124444][T11025]  do_recvmmsg+0x426/0xab0
[  223.128869][T11025]  ? __pfx_do_recvmmsg+0x10/0x10
[  223.133819][T11025]  ? rcu_read_lock_any_held+0xb7/0x160
[  223.139278][T11025]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  223.145183][T11025]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  223.150817][T11025]  ? sb_end_write+0xe9/0x1c0
[  223.155409][T11025]  ? vfs_write+0x730/0xd30
[  223.159824][T11025]  ? do_sys_openat2+0x17a/0x1d0
[  223.164681][T11025]  ? __pfx_do_sys_openat2+0x10/0x10
[  223.169891][T11025]  __x64_sys_recvmmsg+0x199/0x250
[  223.174927][T11025]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  223.180490][T11025]  ? do_syscall_64+0x100/0x230
[  223.185262][T11025]  ? do_syscall_64+0xb6/0x230
[  223.189956][T11025]  do_syscall_64+0xf3/0x230
[  223.194459][T11025]  ? clear_bhb_loop+0x35/0x90
[  223.199140][T11025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.205041][T11025] RIP: 0033:0x7f0eb2d85d29
[  223.209462][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.229072][T11025] RSP: 002b:00007f0eb3bba038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  223.237489][T11025] RAX: ffffffffffffffda RBX: 00007f0eb2f75fa0 RCX: 00007f0eb2d85d29
[  223.245460][T11025] RDX: 0000000000000600 RSI: 0000000020003700 RDI: 0000000000000009
[  223.253425][T11025] RBP: 00007f0eb3bba090 R08: 0000000000000000 R09: 0000000000000000
[  223.261406][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  223.269391][T11025] R13: 0000000000000000 R14: 00007f0eb2f75fa0 R15: 00007ffceea74188
[  223.277382][T11025]  </TASK>
[  223.357578][T11027] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  223.371925][T11027] team0: entered promiscuous mode
[  223.389129][T11027] team_slave_0: entered promiscuous mode
[  223.401173][T11027] team_slave_1: entered promiscuous mode
[  223.413585][T11027] team0: left promiscuous mode
[  223.426054][T11027] team_slave_0: left promiscuous mode
[  223.439920][T11028] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  223.440317][T11027] team_slave_1: left promiscuous mode
[  223.491475][T10917] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  223.503346][T10917] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  223.515790][T10917] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  223.564298][T10917] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  223.870748][T11047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1412'.
[  223.901497][T10917] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.920055][T10917] 8021q: adding VLAN 0 to HW filter on device team0
[  223.934693][T11047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1412'.
[  223.945680][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.952790][ T6567] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.978607][ T6563] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.985789][ T6563] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.011020][T11052] netlink: zone id is out of range
[  224.491158][T10917] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.549408][T11077] : entered promiscuous mode
[  224.606217][T11075] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1420'.
[  224.687187][T10917] veth0_vlan: entered promiscuous mode
[  224.716220][ T5838] Bluetooth: hci2: command tx timeout
[  224.723606][T10917] veth1_vlan: entered promiscuous mode
[  224.833860][T11090] syzkaller0: left promiscuous mode
[  224.846318][T11090] syzkaller0: left allmulticast mode
[  224.877690][T10917] veth0_macvtap: entered promiscuous mode
[  224.899696][T10917] veth1_macvtap: entered promiscuous mode
[  224.951814][T10917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.988554][T10917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.999219][T10917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.011751][T10917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.038248][T10917] batman_adv: batadv0: Interface activated: batadv_slave_0
[  225.083914][T10917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.115079][T10917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.134108][T10917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.151450][T10917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.171610][T10917] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.209892][T10917] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.230830][T10917] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.242189][T10917] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.263806][T10917] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.351483][ T5838] Bluetooth: hci0: command 0x0401 tx timeout
[  225.439575][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.459940][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  225.509562][ T6557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.526576][ T6557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  225.526814][T11107] vlan2: entered promiscuous mode
[  225.554560][T11107] vlan0: entered promiscuous mode
[  225.559602][T11109] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1433'.
[  225.563043][T11109] FAULT_INJECTION: forcing a failure.
[  225.563043][T11109] name failslab, interval 1, probability 0, space 0, times 0
[  225.584336][T11109] CPU: 0 UID: 0 PID: 11109 Comm: syz.4.1433 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  225.595128][T11109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  225.605180][T11109] Call Trace:
[  225.608454][T11109]  <TASK>
[  225.611377][T11109]  dump_stack_lvl+0x241/0x360
[  225.616066][T11109]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.621264][T11109]  ? __pfx__printk+0x10/0x10
[  225.625876][T11109]  ? __kmalloc_noprof+0xb5/0x4c0
[  225.630858][T11109]  ? __pfx___might_resched+0x10/0x10
[  225.636149][T11109]  should_fail_ex+0x3b0/0x4e0
[  225.640826][T11109]  should_failslab+0xac/0x100
[  225.645511][T11109]  __kmalloc_noprof+0xdd/0x4c0
[  225.650272][T11109]  ? sock_kmalloc+0xd7/0x160
[  225.654860][T11109]  ? do_raw_spin_unlock+0x13c/0x8b0
[  225.660054][T11109]  sock_kmalloc+0xd7/0x160
[  225.664470][T11109]  hash_recvmsg+0x287/0x7d0
[  225.668973][T11109]  ? __pfx_hash_recvmsg+0x10/0x10
[  225.673994][T11109]  sock_recvmsg_nosec+0x18e/0x1d0
[  225.679027][T11109]  ____sys_recvmsg+0x3cd/0x480
[  225.683800][T11109]  ? __pfx_____sys_recvmsg+0x10/0x10
[  225.689101][T11109]  ? do_recvmmsg+0x44e/0xab0
[  225.693689][T11109]  ? __might_fault+0xaa/0x120
[  225.698366][T11109]  do_recvmmsg+0x426/0xab0
[  225.702788][T11109]  ? __pfx_do_recvmmsg+0x10/0x10
[  225.707741][T11109]  ? rcu_read_lock_any_held+0xb7/0x160
[  225.713196][T11109]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  225.719092][T11109]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  225.724746][T11109]  ? sb_end_write+0xe9/0x1c0
[  225.729340][T11109]  ? vfs_write+0x730/0xd30
[  225.733753][T11109]  ? do_sys_openat2+0x17a/0x1d0
[  225.738609][T11109]  ? __pfx_do_sys_openat2+0x10/0x10
[  225.743817][T11109]  __x64_sys_recvmmsg+0x199/0x250
[  225.748852][T11109]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  225.754394][T11109]  ? do_syscall_64+0x100/0x230
[  225.759157][T11109]  ? do_syscall_64+0xb6/0x230
[  225.763838][T11109]  do_syscall_64+0xf3/0x230
[  225.768339][T11109]  ? clear_bhb_loop+0x35/0x90
[  225.773017][T11109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.778908][T11109] RIP: 0033:0x7f68d2585d29
[  225.783319][T11109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.802927][T11109] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  225.811342][T11109] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  225.819311][T11109] RDX: 0000000000000600 RSI: 0000000020003700 RDI: 0000000000000009
[  225.827278][T11109] RBP: 00007f68d33c6090 R08: 0000000000000000 R09: 0000000000000000
[  225.835256][T11109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  225.843240][T11109] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  225.851226][T11109]  </TASK>
[  225.875944][T11107] vlan0: left promiscuous mode
[  226.014637][T11118] ==================================================================
[  226.022746][T11118] BUG: KASAN: slab-use-after-free in hci_sock_get_cookie+0x49/0x50
[  226.030661][T11118] Read of size 4 at addr ffff8880593275b8 by task syz.4.1435/11118
[  226.038573][T11118] 
[  226.040912][T11118] CPU: 0 UID: 0 PID: 11118 Comm: syz.4.1435 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  226.051686][T11118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  226.061781][T11118] Call Trace:
[  226.065080][T11118]  <TASK>
[  226.068021][T11118]  dump_stack_lvl+0x241/0x360
[  226.072731][T11118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.077959][T11118]  ? __pfx__printk+0x10/0x10
[  226.082570][T11118]  ? _printk+0xd5/0x120
[  226.086741][T11118]  ? __virt_addr_valid+0x183/0x530
[  226.091846][T11118]  ? __virt_addr_valid+0x183/0x530
[  226.096948][T11118]  print_report+0x169/0x550
[  226.101444][T11118]  ? __virt_addr_valid+0x183/0x530
[  226.106558][T11118]  ? __virt_addr_valid+0x183/0x530
[  226.111688][T11118]  ? __virt_addr_valid+0x45f/0x530
[  226.116811][T11118]  ? __phys_addr+0xba/0x170
[  226.121314][T11118]  ? hci_sock_get_cookie+0x49/0x50
[  226.126420][T11118]  kasan_report+0x143/0x180
[  226.130920][T11118]  ? hci_sock_get_cookie+0x49/0x50
[  226.136037][T11118]  hci_sock_get_cookie+0x49/0x50
[  226.140978][T11118]  mgmt_cmd_status+0x1be/0x4d0
[  226.145749][T11118]  cmd_complete_rsp+0x114/0x180
[  226.150598][T11118]  mgmt_pending_foreach+0xd1/0x130
[  226.155708][T11118]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  226.161086][T11118]  __mgmt_power_off+0x183/0x430
[  226.165938][T11118]  ? __pfx___mgmt_power_off+0x10/0x10
[  226.171307][T11118]  ? __mutex_trylock_common+0x183/0x2e0
[  226.176850][T11118]  ? __pfx___might_resched+0x10/0x10
[  226.182129][T11118]  ? __pfx___mutex_trylock_common+0x10/0x10
[  226.188107][T11118]  ? rcu_is_watching+0x15/0xb0
[  226.192870][T11118]  ? trace_contention_end+0x3c/0x120
[  226.198152][T11118]  ? __mutex_lock+0x37f/0xee0
[  226.202941][T11118]  ? mark_lock+0x9a/0x360
[  226.207278][T11118]  ? hci_dev_close_sync+0x5c8/0x11c0
[  226.212573][T11118]  ? __pfx___mutex_lock+0x10/0x10
[  226.217613][T11118]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  226.223605][T11118]  ? lockdep_hardirqs_on+0x99/0x150
[  226.228808][T11118]  ? _raw_spin_unlock_irq+0x2e/0x50
[  226.234085][T11118]  ? drain_workqueue+0x2d3/0x3a0
[  226.239020][T11118]  ? hci_discovery_set_state+0x57/0x180
[  226.244574][T11118]  hci_dev_close_sync+0x6c4/0x11c0
[  226.249691][T11118]  hci_dev_close+0x112/0x210
[  226.254279][T11118]  sock_do_ioctl+0x158/0x460
[  226.258874][T11118]  ? __pfx_sock_do_ioctl+0x10/0x10
[  226.263988][T11118]  sock_ioctl+0x626/0x8e0
[  226.268315][T11118]  ? __pfx_sock_ioctl+0x10/0x10
[  226.273158][T11118]  ? __fget_files+0x2a/0x410
[  226.277752][T11118]  ? __fget_files+0x2a/0x410
[  226.282339][T11118]  ? __pfx_sock_ioctl+0x10/0x10
[  226.287185][T11118]  __se_sys_ioctl+0xf5/0x170
[  226.291770][T11118]  do_syscall_64+0xf3/0x230
[  226.296274][T11118]  ? clear_bhb_loop+0x35/0x90
[  226.300946][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.306838][T11118] RIP: 0033:0x7f68d2585d29
[  226.311247][T11118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.330867][T11118] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  226.339294][T11118] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  226.347272][T11118] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000005
[  226.355244][T11118] RBP: 00007f68d2601b08 R08: 0000000000000000 R09: 0000000000000000
[  226.363217][T11118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  226.371184][T11118] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  226.379173][T11118]  </TASK>
[  226.382199][T11118] 
[  226.384521][T11118] Allocated by task 6446:
[  226.388840][T11118]  kasan_save_track+0x3f/0x80
[  226.393518][T11118]  __kasan_kmalloc+0x98/0xb0
[  226.398099][T11118]  __kmalloc_noprof+0x285/0x4c0
[  226.402938][T11118]  sk_prot_alloc+0xe0/0x210
[  226.407432][T11118]  sk_alloc+0x38/0x370
[  226.411492][T11118]  bt_sock_alloc+0x3c/0x340
[  226.415989][T11118]  hci_sock_create+0xa1/0x190
[  226.420656][T11118]  bt_sock_create+0x161/0x230
[  226.425323][T11118]  __sock_create+0x4c0/0xa30
[  226.429899][T11118]  __sys_socket+0x150/0x3c0
[  226.434388][T11118]  __x64_sys_socket+0x7a/0x90
[  226.439061][T11118]  do_syscall_64+0xf3/0x230
[  226.443555][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.449454][T11118] 
[  226.451769][T11118] Freed by task 11120:
[  226.455834][T11118]  kasan_save_track+0x3f/0x80
[  226.460507][T11118]  kasan_save_free_info+0x40/0x50
[  226.465527][T11118]  __kasan_slab_free+0x59/0x70
[  226.470279][T11118]  kfree+0x196/0x430
[  226.474160][T11118]  __sk_destruct+0x479/0x5f0
[  226.478740][T11118]  mgmt_pending_remove+0x13e/0x1a0
[  226.483847][T11118]  mgmt_pending_foreach+0xd1/0x130
[  226.488951][T11118]  mgmt_index_removed+0x133/0x390
[  226.493967][T11118]  hci_sock_bind+0xcce/0x1150
[  226.498640][T11118]  __sys_bind+0x1e4/0x290
[  226.502961][T11118]  __x64_sys_bind+0x7a/0x90
[  226.507470][T11118]  do_syscall_64+0xf3/0x230
[  226.511982][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.517882][T11118] 
[  226.520200][T11118] The buggy address belongs to the object at ffff888059327000
[  226.520200][T11118]  which belongs to the cache kmalloc-2k of size 2048
[  226.534247][T11118] The buggy address is located 1464 bytes inside of
[  226.534247][T11118]  freed 2048-byte region [ffff888059327000, ffff888059327800)
[  226.548212][T11118] 
[  226.550527][T11118] The buggy address belongs to the physical page:
[  226.556938][T11118] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59320
[  226.565690][T11118] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  226.574174][T11118] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  226.581713][T11118] page_type: f5(slab)
[  226.585683][T11118] raw: 00fff00000000040 ffff88801ac42000 ffffea0001f2c800 dead000000000002
[  226.594255][T11118] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[  226.602829][T11118] head: 00fff00000000040 ffff88801ac42000 ffffea0001f2c800 dead000000000002
[  226.611488][T11118] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[  226.620147][T11118] head: 00fff00000000003 ffffea000164c801 ffffffffffffffff 0000000000000000
[  226.628804][T11118] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  226.637456][T11118] page dumped because: kasan: bad access detected
[  226.643861][T11118] page_owner tracks the page as allocated
[  226.649567][T11118] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 46, tgid 46 (kworker/1:1), ts 61310877517, free_ts 61288852513
[  226.670503][T11118]  post_alloc_hook+0x1f3/0x230
[  226.675272][T11118]  get_page_from_freelist+0x365c/0x37a0
[  226.680808][T11118]  __alloc_pages_noprof+0x292/0x710
[  226.685993][T11118]  alloc_pages_mpol_noprof+0x3e8/0x680
[  226.691442][T11118]  alloc_slab_page+0x6a/0x110
[  226.696107][T11118]  allocate_slab+0x5a/0x2b0
[  226.700600][T11118]  ___slab_alloc+0xc27/0x14a0
[  226.705273][T11118]  __slab_alloc+0x58/0xa0
[  226.709607][T11118]  __kmalloc_cache_noprof+0x27b/0x390
[  226.714971][T11118]  wg_noise_handshake_begin_session+0xc4/0xb80
[  226.721119][T11118]  wg_packet_send_handshake_response+0x120/0x2e0
[  226.727439][T11118]  wg_packet_handshake_receive_worker+0x5e6/0xf50
[  226.733848][T11118]  process_scheduled_works+0xa66/0x1840
[  226.739387][T11118]  worker_thread+0x870/0xd30
[  226.743964][T11118]  kthread+0x2f0/0x390
[  226.748025][T11118]  ret_from_fork+0x4b/0x80
[  226.752433][T11118] page last free pid 5923 tgid 5923 stack trace:
[  226.758751][T11118]  free_unref_page+0xd3f/0x1010
[  226.763591][T11118]  __slab_free+0x2c2/0x380
[  226.768006][T11118]  qlist_free_all+0x9a/0x140
[  226.772585][T11118]  kasan_quarantine_reduce+0x14f/0x170
[  226.778035][T11118]  __kasan_slab_alloc+0x23/0x80
[  226.782873][T11118]  kmem_cache_alloc_noprof+0x1d9/0x380
[  226.788323][T11118]  __se_sys_getcwd+0xb3/0x890
[  226.792987][T11118]  do_syscall_64+0xf3/0x230
[  226.797481][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.803366][T11118] 
[  226.805677][T11118] Memory state around the buggy address:
[  226.811294][T11118]  ffff888059327480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.819346][T11118]  ffff888059327500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.827393][T11118] >ffff888059327580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.835445][T11118]                                         ^
[  226.841319][T11118]  ffff888059327600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.849371][T11118]  ffff888059327680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.857428][T11118] ==================================================================
[  226.885663][T11118] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  226.892914][T11118] CPU: 1 UID: 0 PID: 11118 Comm: syz.4.1435 Not tainted 6.13.0-rc6-syzkaller-00970-g7d0da8f86234 #0
[  226.903704][T11118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  226.913780][T11118] Call Trace:
[  226.917081][T11118]  <TASK>
[  226.920023][T11118]  dump_stack_lvl+0x241/0x360
[  226.924728][T11118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.929953][T11118]  ? __pfx__printk+0x10/0x10
[  226.934554][T11118]  ? preempt_schedule+0xe1/0xf0
[  226.939409][T11118]  ? vscnprintf+0x5d/0x90
[  226.943733][T11118]  panic+0x349/0x880
[  226.947638][T11118]  ? check_panic_on_warn+0x21/0xb0
[  226.952752][T11118]  ? __pfx_panic+0x10/0x10
[  226.957170][T11118]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  226.963149][T11118]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  226.969474][T11118]  ? print_report+0x502/0x550
[  226.974151][T11118]  check_panic_on_warn+0x86/0xb0
[  226.979093][T11118]  ? hci_sock_get_cookie+0x49/0x50
[  226.984211][T11118]  end_report+0x77/0x160
[  226.988455][T11118]  kasan_report+0x154/0x180
[  226.992964][T11118]  ? hci_sock_get_cookie+0x49/0x50
[  226.998078][T11118]  hci_sock_get_cookie+0x49/0x50
[  227.003013][T11118]  mgmt_cmd_status+0x1be/0x4d0
[  227.007778][T11118]  cmd_complete_rsp+0x114/0x180
[  227.012629][T11118]  mgmt_pending_foreach+0xd1/0x130
[  227.017736][T11118]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  227.023105][T11118]  __mgmt_power_off+0x183/0x430
[  227.027960][T11118]  ? __pfx___mgmt_power_off+0x10/0x10
[  227.033335][T11118]  ? __mutex_trylock_common+0x183/0x2e0
[  227.038884][T11118]  ? __pfx___might_resched+0x10/0x10
[  227.044160][T11118]  ? __pfx___mutex_trylock_common+0x10/0x10
[  227.050097][T11118]  ? rcu_is_watching+0x15/0xb0
[  227.054867][T11118]  ? trace_contention_end+0x3c/0x120
[  227.060160][T11118]  ? __mutex_lock+0x37f/0xee0
[  227.064838][T11118]  ? mark_lock+0x9a/0x360
[  227.069171][T11118]  ? hci_dev_close_sync+0x5c8/0x11c0
[  227.074453][T11118]  ? __pfx___mutex_lock+0x10/0x10
[  227.079471][T11118]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  227.085447][T11118]  ? lockdep_hardirqs_on+0x99/0x150
[  227.090641][T11118]  ? _raw_spin_unlock_irq+0x2e/0x50
[  227.095832][T11118]  ? drain_workqueue+0x2d3/0x3a0
[  227.100851][T11118]  ? hci_discovery_set_state+0x57/0x180
[  227.106399][T11118]  hci_dev_close_sync+0x6c4/0x11c0
[  227.111513][T11118]  hci_dev_close+0x112/0x210
[  227.116105][T11118]  sock_do_ioctl+0x158/0x460
[  227.120697][T11118]  ? __pfx_sock_do_ioctl+0x10/0x10
[  227.125814][T11118]  sock_ioctl+0x626/0x8e0
[  227.130141][T11118]  ? __pfx_sock_ioctl+0x10/0x10
[  227.134998][T11118]  ? __fget_files+0x2a/0x410
[  227.139596][T11118]  ? __fget_files+0x2a/0x410
[  227.144184][T11118]  ? __pfx_sock_ioctl+0x10/0x10
[  227.149033][T11118]  __se_sys_ioctl+0xf5/0x170
[  227.153619][T11118]  do_syscall_64+0xf3/0x230
[  227.158204][T11118]  ? clear_bhb_loop+0x35/0x90
[  227.162883][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.168774][T11118] RIP: 0033:0x7f68d2585d29
[  227.173180][T11118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.192785][T11118] RSP: 002b:00007f68d33c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  227.201196][T11118] RAX: ffffffffffffffda RBX: 00007f68d2775fa0 RCX: 00007f68d2585d29
[  227.209163][T11118] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000005
[  227.217128][T11118] RBP: 00007f68d2601b08 R08: 0000000000000000 R09: 0000000000000000
[  227.225112][T11118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.233106][T11118] R13: 0000000000000000 R14: 00007f68d2775fa0 R15: 00007ffe7f098e18
[  227.241091][T11118]  </TASK>
[  227.244238][T11118] Kernel Offset: disabled
[  227.248561][T11118] Rebooting in 86400 seconds..